Solved HackTool:Wind32/Mailpassview found

wired4tech

Posts: 137   +1
Hi there,

Appreciate any help/advice to determine if my computer is infected.

Windows Security identified this a few minutes ago.
HackTool:Win32/Mailpassview

I have since removed it using Windows Security's options.

I'm posting my Addition.txt logs for review.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2020
Ran by JPDELL (06-12-2020 18:17:51)
Running from C:\Users\JPDELL\Desktop
Windows 10 Pro Version 1909 18363.1198 (X64) (2019-10-05 21:10:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1826214958-772042235-2865425336-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1826214958-772042235-2865425336-503 - Limited - Disabled)
Guest (S-1-5-21-1826214958-772042235-2865425336-501 - Limited - Disabled)
JPDELL (S-1-5-21-1826214958-772042235-2865425336-1001 - Administrator - Enabled) => C:\Users\JPDELL
WDAGUtilityAccount (S-1-5-21-1826214958-772042235-2865425336-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat 2017 (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E1108756300}) (Version: 17.011.30180 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: - )
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{569f9640-fd0a-4a52-97f2-11277f65a3f0}) (Version: 4.4.0.33 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{FE65E525-8FCA-43BE-8D7F-0C4665FAE1A5}) (Version: 4.4.0.33 - Brother Industries, Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{3CE8B8E8-B33B-453C-BB7A-821ED6E18A24}) (Version: 1.0.27 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{DFDF4BFA-1551-47EC-93BF-EBC1C305CD47}) (Version: 1.6.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{49F15DD6-D83B-4756-BB57-66E00570C186}) (Version: 1.0.22.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
ControlCenter4 (HKLM-x32\...\{9091B952-8719-49C3-9CC7-6E20EC61081F}) (Version: 4.6.6.1 - Brother Industries, Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.3201.101.215 - ALPSALPINE CO., LTD.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 111.4.472 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.377.1 - Dropbox, Inc.) Hidden
Evernote v. 6.25.1 (HKLM-x32\...\{CA92FF58-B652-11EA-A23A-42010A401FD0}) (Version: 6.25.1.9091 - Evernote Corp.)
FileZilla Client 3.46.3 (HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\FileZilla Client) (Version: 3.46.3 - Tim Kosse)
FileZilla Client 3.46.3 (HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.46.3 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 44.0.12.0 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{4B3C56AB-963E-4F48-9747-05297683DB3B}) (Version: 16.8.3.1003 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Kobo (HKLM-x32\...\Kobo) (Version: 4.24.13786 - Rakuten Kobo Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.55 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Office Standard 2019 - en-us (HKLM\...\Standard2019Volume - en-us) (Version: 16.0.10368.20035 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Teams) (Version: 1.3.00.30866 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 68.9.0 - Mozilla)
Mozilla Thunderbird 68.9.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 68.9.0 (x86 en-US)) (Version: 68.9.0 - Mozilla)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
Node.js (HKLM\...\{F62C0E94-FBB4-4009-9941-6271BD2EBCEF}) (Version: 12.13.0 - Node.js Foundation)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.8.6 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10368.20035 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10368.20035 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10368.20035 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10368.20035 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PicPick (HKLM-x32\...\PicPick) (Version: 5.0.6c - NGWIN)
PowerENGAGE (HKLM-x32\...\{400A01BF-E908-4393-BD39-31E386377BDA}) (Version: 3.2.16 - Aviata, Inc.) Hidden
ProtonVPN (HKLM-x32\...\{074CACAD-CAB4-42A5-9C13-D1245FA9D6D6}) (Version: 1.17.4 - Proton Technologies AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.17.4) (Version: 1.17.4 - Proton Technologies AG)
ProtonVPNTap (HKLM-x32\...\{BCB82CD9-F514-4F93-A6D9-F898494DC927}) (Version: 1.1.0 - Proton Technologies AG)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6105 - Realtek Semiconductor Corp.)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Slack (HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\slack) (Version: 4.11.3 - Slack Technologies Inc.)
Slack (HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\slack) (Version: 4.11.3 - Slack Technologies Inc.)
SoftwareUpdateNotification (HKLM-x32\...\{34F12379-C924-41E6-921D-51C71217F58C}) (Version: 1.0.9.0 - Brother Industries, Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TurboTax 2019 (HKLM-x32\...\{176AF9FD-3AF6-4C10-9F68-A3AA455B3D51}) (Version: 1.00.0000 - Intuit Canada)
UFile 2019 (HKLM-x32\...\{D910E42E-320F-45DE-A3F1-BAB394C07133}) (Version: 23.21.0000 - Thomson Reuters DT Tax and Accounting Inc.)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
Vistaprint.ca Photo Books (HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\{083552E6-919F-4871-A642-BEBC2544C246}_is1) (Version: 20.1.2.5553 - Vistaprint)
Vistaprint.ca Photo Books (HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{083552E6-919F-4871-A642-BEBC2544C246}_is1) (Version: 20.1.2.5553 - Vistaprint)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.11 - VideoLAN)
VSee (HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\VSee) (Version: 4.8.1.41094 - VSee Lab Inc)
VSee (HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\VSee) (Version: 4.8.1.41094 - VSee Lab Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - )
YNAB 4 version 4.3.543 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.543 - YouNeedABudget.com)
Zoom (HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\ZoomUMX) (Version: 5.3.1 (52879.0927) - Zoom Video Communications, Inc.)
Zoom (HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ZoomUMX) (Version: 5.3.1 (52879.0927) - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-10] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1826214958-772042235-2865425336-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\JPDELL\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20275.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1826214958-772042235-2865425336-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\JPDELL\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1826214958-772042235-2865425336-1001_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> C:\Users\JPDELL\AppData\Local\Apps\Evernote\Evernote\EvernoteCCx64.dll (Evernote Corporation -> Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
CustomCLSID: HKU\S-1-5-21-1826214958-772042235-2865425336-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\JPDELL\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1826214958-772042235-2865425336-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\JPDELL\AppData\Local\Microsoft\OneDrive\19.232.1124.0012\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1826214958-772042235-2865425336-1001_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> C:\Users\JPDELL\AppData\Local\Apps\Evernote\Evernote\EvernoteIEx64.dll (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-1826214958-772042235-2865425336-1001_Classes\CLSID\{93c503ec-b307-4339-bca2-37fe3b4836e8}\InprocServer32 -> C:\Users\JPDELL\AppData\Local\Apps\Evernote\Evernote\EvernoteOLShim64.dll (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-1826214958-772042235-2865425336-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\JPDELL\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-1826214958-772042235-2865425336-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\JPDELL\Dropbox [2019-10-07 20:56]
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\44.0.12.0\drivefsext.dll [2020-11-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\44.0.12.0\drivefsext.dll [2020-11-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\44.0.12.0\drivefsext.dll [2020-11-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\44.0.12.0\drivefsext.dll [2020-11-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat Elements\ContextMenuShim64.dll [2017-04-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2020-04-21] (Notepad++ -> )
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\44.0.12.0\drivefsext.dll [2020-11-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-07-15] () [File not signed] [File is in use]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\44.0.12.0\drivefsext.dll [2020-11-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\44.0.12.0\drivefsext.dll [2020-11-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat Elements\ContextMenuShim64.dll [2017-04-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\JPDELL\Desktop\Chungi.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4"
ShortcutWithArgument: C:\Users\JPDELL\Desktop\JP @ infoloud.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6"
ShortcutWithArgument: C:\Users\JPDELL\Desktop\JP @ SC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\JPDELL\Desktop\JphilipSC.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 5"
ShortcutWithArgument: C:\Users\JPDELL\Desktop\JPTech250.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\JPDELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoom (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 6" --app-id=hmbjbjdpkobdjplfobhljndfdfdipjhg
ShortcutWithArgument: C:\Users\JPDELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Zoom.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory="Profile 3" --app-id=hmbjbjdpkobdjplfobhljndfdfdipjhg
ShortcutWithArgument: C:\Users\JPDELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\JPDELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d842922bcf93161\TiddlyDesktop.lnk -> C:\Users\JPDELL\Documents\TiddlyDesktop\TiddlyDesktop-win64-v0.0.13\nw.exe (The NWJS Community) -> --user-data-dir="C:\Users\JPDELL\AppData\Local\TiddlyDesktop\User Data" --profile-directory=Default --app-id=bpdeplafbjkfabcdjdbibppeobkefplc

==================== Loaded Modules (Whitelisted) =============

2020-06-16 12:31 - 2020-05-07 20:34 - 000278528 _____ () [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\vseeCryptoppEnc.DLL
2019-10-28 05:33 - 2005-04-22 12:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2019-10-28 05:33 - 2016-11-01 10:27 - 000090112 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2019-12-08 12:57 - 2019-02-21 11:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-07-15 09:20 - 2019-07-15 09:20 - 000126976 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\imageformats\qgif.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 000034304 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\imageformats\qicns.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\imageformats\qico.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 000365056 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\imageformats\qjpeg.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 000021504 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\imageformats\qsvg.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 000020480 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\imageformats\qtga.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 000333824 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\imageformats\qtiff.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 000019456 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\imageformats\qwbmp.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 000418816 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\imageformats\qwebp.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 001172992 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\platforms\qwindows.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 005138944 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\Qt5Core.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 005322240 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\Qt5Gui.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 000265216 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\Qt5Svg.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 004572160 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\Qt5Widgets.dll
2020-06-16 12:31 - 2020-05-07 20:33 - 000147968 _____ (The Qt Company Ltd.) [File not signed] C:\Users\JPDELL\AppData\Roaming\VSeeInstall\Qt5Xml.dll
2013-05-10 22:47 - 2013-05-10 22:47 - 000061440 _____ (VMProtect Software) [File not signed] C:\Program Files (x86)\PicPick\ppkgr.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-11-20] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: intu-tt2019 - {F526FF07-B913-4B56-85DC-D7014178A5B4} - C:\Program Files (x86)\TurboTax 2019\ic2019pp.dll [2020-05-21] (Intuit Canada ULC -> Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-11-20] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\sharepoint.com -> hxxps://drphilip-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\sharepoint.com -> hxxps://drphilip-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-10-05 16:51 - 2019-10-05 16:50 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1826214958-772042235-2865425336-1001\Control Panel\Desktop\\Wallpaper -> c:\users\jpdell\dropbox\wallpapers\world-map-with-time-zones.jpg
HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> c:\users\jpdell\dropbox\wallpapers\world-map-with-time-zones.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "BrotherSoftwareUpdateNotification"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\StartupApproved\Run: => "PicPick Start"
HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "PicPick Start"
HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCXProcess"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{91CE00A7-1930-449C-A365-5002159DF482}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{15315D00-1EFE-47B7-8456-816E98C30F98}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A6E37DCC-117A-4C9C-BAF3-E1C07FE914B8}] => (Allow) C:\Users\JPDELL\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2EA37F03-FA2B-47C0-A340-AD58203822CD}] => (Allow) C:\Users\JPDELL\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{0802C77B-B935-402A-8C5A-90B9688FD2ED}] => (Allow) LPort=54925
FirewallRules: [{7B9E7AD0-6CEF-4D85-934C-65A63E087AAE}] => (Allow) LPort=54950
FirewallRules: [{3E27A806-3BBE-4E2B-ADF3-95453319E2D5}] => (Allow) LPort=54955
FirewallRules: [TCP Query User{2E342CA8-A46D-4D75-8480-961E8857F224}C:\users\jpdell\appdata\local\programs\beaker-browser\beaker browser.exe] => (Allow) C:\users\jpdell\appdata\local\programs\beaker-browser\beaker browser.exe => No File
FirewallRules: [UDP Query User{8F462529-872A-46D4-987A-3E4F93CADE77}C:\users\jpdell\appdata\local\programs\beaker-browser\beaker browser.exe] => (Allow) C:\users\jpdell\appdata\local\programs\beaker-browser\beaker browser.exe => No File
FirewallRules: [TCP Query User{FA683DAC-A4FC-435C-A86F-21239B5FBDF3}C:\users\jpdell\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\jpdell\appdata\roaming\vseeinstall\vsee.exe (VSee Lab, Inc -> VSee Lab, Inc.)
FirewallRules: [UDP Query User{66742814-1841-4DE0-A0C6-A929903870E0}C:\users\jpdell\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\jpdell\appdata\roaming\vseeinstall\vsee.exe (VSee Lab, Inc -> VSee Lab, Inc.)
FirewallRules: [{7E4D3C60-0A28-465D-BF5C-9AACBC11D08F}] => (Block) C:\users\jpdell\appdata\roaming\vseeinstall\vsee.exe (VSee Lab, Inc -> VSee Lab, Inc.)
FirewallRules: [{8D2AD010-9A8D-463E-9312-8DD1F8436941}] => (Block) C:\users\jpdell\appdata\roaming\vseeinstall\vsee.exe (VSee Lab, Inc -> VSee Lab, Inc.)
FirewallRules: [TCP Query User{4AF45D77-2D0D-475B-9161-5B4D57EF9A27}C:\users\jpdell\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\jpdell\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{86532533-7C64-466F-83AC-CA2497FC32B9}C:\users\jpdell\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\jpdell\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D492F470-142F-45F9-AF72-89B54AD8F48A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{835D725F-CBCA-48FA-890A-FAAFA93A70C3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

21-11-2020 23:58:12 Windows Update
27-11-2020 23:05:10 Installed Microsoft Project Professional 2013

==================== Faulty Device Manager Devices ============

Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/06/2020 05:24:57 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/05/2020 11:01:45 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/05/2020 10:59:14 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (12/05/2020 10:58:44 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...

Error: (12/05/2020 10:58:44 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (12/05/2020 10:58:44 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.

Error: (12/05/2020 10:58:44 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (12/05/2020 10:58:44 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[1]: 192.168.0.10


System errors:
=============
Error: (12/05/2020 10:58:21 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (12/05/2020 10:58:40 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:39:29 PM on ‎2020-‎12-‎04 was unexpected.

Error: (12/04/2020 09:39:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:59:34 PM on ‎2020-‎12-‎04 was unexpected.

Error: (12/04/2020 09:39:17 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (12/04/2020 06:38:55 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8PE48AC)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Error: (12/04/2020 06:38:55 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8PE48AC)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Error: (12/04/2020 06:38:55 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8PE48AC)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Error: (12/04/2020 06:38:55 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8PE48AC)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2020-12-06 18:03:20.719
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win32/Mailpassview
ID: 2147571412
Severity: High
Category: Tool
Path: file:_C:\Users\JPDELL\AppData\Local\Google\DriveFS\am9obkBpbmZvbG91ZC5jb20\content_cache\d20\d86\132211
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Google\Drive File Stream\44.0.12.0\GoogleDriveFS.exe
Security intelligence Version: AV: 1.327.2176.0, AS: 1.327.2176.0, NIS: 1.327.2176.0
Engine Version: AM: 1.1.17600.5, NIS: 1.1.17600.5

Date: 2020-12-06 12:58:43.418
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {763AEB62-4553-4F3D-8D3E-E34798CA268F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-03 23:58:26.165
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D560F124-4175-4822-A72B-A7D2419E313E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-12-02 21:58:26.195
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A309CA5E-AC0D-4C62-B8A7-D6A9EFEF0DA1}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-11-30 19:26:57.697
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {84D7C6A2-645B-45F7-934B-9F24EBE47EE3}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2020-12-05 10:58:46.706
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2020-12-04 21:39:35.954
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2020-12-04 06:39:38.577
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2020-11-30 21:58:28.991
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2020-11-29 09:19:34.208
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2020-11-28 16:06:49.203
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2020-11-27 23:08:54.795
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2020-11-27 07:47:13.585
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. A21 05/16/2019
Motherboard: Dell Inc.
Processor: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz
Percentage of memory in use: 43%
Total physical RAM: 16256.38 MB
Available physical RAM: 9258.73 MB
Total Virtual: 18688.38 MB
Available Virtual: 10765.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:164.6 GB) (Free:63.09 GB) NTFS
Drive g: (Google Drive File Stream) (Fixed) (Total:130 GB) (Free:59.93 GB) FAT32
Drive j: () (Fixed) (Total:931.51 GB) (Free:498.51 GB) NTFS

\\?\Volume{1ab06779-5349-4e84-bf62-4312ecd64854}\ (Recovery) (Fixed) (Total:0.52 GB) (Free:0.11 GB) NTFS
\\?\Volume{5b89a5b0-c17a-4e75-ae60-ec4afce19a4b}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0002846E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

wired4tech

Posts: 137   +1
And a copy of my FRST.txt log.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020
Ran by JPDELL (administrator) on DESKTOP-8PE48AC (Dell Inc. Latitude E7250) (06-12-2020 18:16:17)
Running from C:\Users\JPDELL\Desktop
Loaded Profiles: JPDELL
Platform: Windows 10 Pro Version 1909 18363.1198 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(ALPS ELECTRIC CO., LTD. -> ALPSALPINE CO., LTD.) C:\Program Files\DellTPad\hidfind.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\JPDELL\AppData\Local\Apps\Evernote\Evernote\Evernote.exe
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\JPDELL\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\JPDELL\AppData\Local\Apps\Evernote\Evernote\EvernoteSubprocess.exe <6>
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\JPDELL\AppData\Local\Apps\Evernote\Evernote\EvernoteTray.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\44.0.12.0\crashpad_handler.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <19>
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\44.0.12.0\GoogleDriveFS.exe <7>
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Corporation -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation -> Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\JPDELL\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(NGWIN Software Co. -> NGWIN) C:\Program Files (x86)\PicPick\picpick.exe
(Open Source Developer, Dominik Reichl -> Dominik Reichl) G:\My Drive\Keys\KeePass.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TrueCrypt Foundation -> TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(VSee Lab, Inc -> VSee Lab, Inc.) C:\Users\JPDELL\AppData\Roaming\VSeeInstall\vsee.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [779152 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8861944 2016-07-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427704 2016-07-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992832 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [M17A] => C:\WINDOWS\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [94752 2019-08-06] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2017-04-05] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2892800 2017-03-30] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Acrotray.exe [1871920 2020-10-21] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\44.0.12.0\GoogleDriveFS.exe [53562664 2020-11-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\44.0.12.0\GoogleDriveFS.exe [53562664 2020-11-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\44.0.12.0\GoogleDriveFS.exe [53562664 2020-11-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\44.0.12.0\GoogleDriveFS.exe [53562664 2020-11-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\44.0.12.0\GoogleDriveFS.exe [53562664 2020-11-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\44.0.12.0\GoogleDriveFS.exe [53562664 2020-11-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [23993192 2019-07-30] (NGWIN Software Co. -> NGWIN)
HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\Run: [CCXProcess] => "C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\AdobeCollabSync.exe [887856 2020-10-21] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\JPDELL\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-18] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\Run: [VSee] => C:\Users\JPDELL\AppData\Roaming\VSeeInstall\vsee.exe [28495576 2020-05-07] (VSee Lab, Inc -> VSee Lab, Inc.)
HKU\S-1-5-21-1826214958-772042235-2865425336-1001\...\MountPoints2: {152f63c1-2643-11eb-886f-5ce0c59e1389} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\44.0.12.0\GoogleDriveFS.exe [53562664 2020-11-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [23993192 2019-07-30] (NGWIN Software Co. -> NGWIN)
HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCXProcess] => "C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\AdobeCollabSync.exe [887856 2020-10-21] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [com.squirrel.Teams.Teams] => C:\Users\JPDELL\AppData\Local\Microsoft\Teams\Update.exe [2453688 2020-11-18] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [VSee] => C:\Users\JPDELL\AppData\Roaming\VSeeInstall\vsee.exe [28495576 2020-05-07] (VSee Lab, Inc -> VSee Lab, Inc.)
HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {152f63c1-2643-11eb-886f-5ce0c59e1389} - "F:\LaunchU3.exe" -a
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\44.0.12.0\GoogleDriveFS.exe [53562664 2020-11-24] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65488 2020-03-05] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)
Startup: C:\Users\JPDELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2019-10-06]
ShortcutTarget: EvernoteClipper.lnk -> C:\Users\JPDELL\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07F2E6CC-435D-4B8C-BDBC-2F08C07DB974} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1445840 2020-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {1CBD0121-A35A-4460-816A-0AF92779BE8E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [748488 2020-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {30E22FDE-37A7-4D37-8171-001C5682C9AA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3AB26F9B-181E-4B25-A9E2-7A4747427F55} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {425E7A7D-2007-4DB2-B155-5587B60E9035} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-10-07] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4EB15E08-612F-4FC3-8D98-08F95D8723A3} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427704 2016-07-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {535039C8-46A4-46AD-A357-C9F7D2B2D9F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-05] (Google Inc -> Google LLC)
Task: {5757E5CB-530E-432C-8AFD-6501C98842B0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-10-07] (Dropbox, Inc -> Dropbox, Inc.)
Task: {59041BAC-096E-4FA7-B72D-8EE6316B6E0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-05] (Google Inc -> Google LLC)
Task: {5982D30E-B708-48DD-9105-9067BF56B520} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {73276E33-4564-4A73-AB1D-9B98DAE79CA3} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {400A01BF-E908-4393-BD39-31E386377BDA} /quiet /qn
Task: {73276E33-4564-4A73-AB1D-9B98DAE79CA3} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run
Task: {7D31A866-8B99-4799-B310-690A057E035D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2282920 2020-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {840CB0AB-680F-47B3-A8DB-BA29F091A508} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {86456D35-273D-4BE9-8436-1258179B0D6C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23563192 2020-10-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {8B0728B2-887C-45CD-BDDA-FB6407748F8C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1445840 2020-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {8CFEB7D3-1C0E-47F7-B030-23004F4E7763} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1E7C34A-6003-4E36-AA2E-DDE8F007F6B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2282920 2020-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB8A7396-6187-4788-8B39-F850FF3646A7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23563192 2020-10-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {B0C425CC-2D5B-4CFE-911C-D432410ABF8F} - System32\Tasks\ProtonVPN Update => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )
Task: {CC9F29B0-3CAF-4B0C-9794-F6FAE6DA3CFD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D3455059-EF2B-45BF-B12B-A4D5C27F7EF9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {E2A5714C-A158-4790-83D4-DCA657C3E1F1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{68825407-9af9-4115-b266-06f26af43511}: [DhcpNameServer] 10.17.0.1
Tcpip\..\Interfaces\{9689d053-e409-4a69-a786-d17c7bd643cf}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{edebc50a-f283-47b8-ba28-919b3df701bf}: [DhcpNameServer] 209.47.87.133 209.47.87.134

Edge:
======
DownloadDir: C:\Users\JPDELL\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-1826214958-772042235-2865425336-1001 -> hxxp://www.infoloud.com/
Edge Notifications: HKU\S-1-5-21-1826214958-772042235-2865425336-1001 -> hxxps://support.cloud.google.com
Edge Profile: C:\Users\JPDELL\AppData\Local\Microsoft\Edge\User Data\Default [2020-12-02]
Edge DownloadDir: C:\Users\JPDELL\Downloads
Edge Notifications: Default -> hxxps://support.cloud.google.com
Edge HomePage: Default -> hxxp://www.infoloud.com/
Edge StartupUrls: Default -> "hxxps://infoloud.com/"

FireFox:
========
FF DefaultProfile: qxi0nplu.default
FF ProfilePath: C:\Users\JPDELL\AppData\Roaming\Mozilla\Firefox\Profiles\qxi0nplu.default [2019-10-06]
FF ProfilePath: C:\Users\JPDELL\AppData\Roaming\Mozilla\Firefox\Profiles\wdvgmi27.default-release [2020-04-25]
FF Homepage: Mozilla\Firefox\Profiles\wdvgmi27.default-release -> www.securitycompass.com
FF Notifications: Mozilla\Firefox\Profiles\wdvgmi27.default-release -> hxxps://calendar.google.com; hxxps://meet.google.com
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Air\nppdf32.dll [2020-10-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1826214958-772042235-2865425336-1001: vsee.com/VSeeDetection -> C:\Users\JPDELL\AppData\Roaming\VSeeInstall\npVSeeDetection.dll [2020-05-07] (VSee Lab, Inc. -> VSee Lab)
FF Plugin HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: vsee.com/VSeeDetection -> C:\Users\JPDELL\AppData\Roaming\VSeeInstall\npVSeeDetection.dll [2020-05-07] (VSee Lab, Inc. -> VSee Lab)

Chrome:
=======
CHR DefaultProfile: Profile 6
CHR Profile: C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Default [2020-06-28]
CHR Extension: (Slides) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-28]
CHR Extension: (Docs) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-28]
CHR Extension: (Google Drive) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-06-28]
CHR Extension: (YouTube) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-06-28]
CHR Extension: (Adobe Acrobat) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-06-28]
CHR Extension: (Sheets) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-28]
CHR Extension: (Google Docs Offline) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-28]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-06-28]
CHR Extension: (Gmail) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-06-28]
CHR Extension: (Chrome Media Router) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-28]
CHR Profile: C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2 [2020-12-06]
CHR Notifications: Profile 2 -> hxxps://app.slack.com
CHR Extension: (Slides) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-03]
CHR Extension: (Docs) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-03]
CHR Extension: (Google Drive) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-03]
CHR Extension: (Adobe Acrobat) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-09]
CHR Extension: (Sheets) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-03]
CHR Extension: (Google Docs Offline) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-12]
CHR Extension: (Mailvelope) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kajibbejlbohfaggdiogboambcijhkke [2020-10-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-13]
CHR Extension: (Boomerang for Gmail) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2020-11-19]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2020-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-03]
CHR Extension: (Evernote Web Clipper) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2020-12-06]
CHR Extension: (Gmail) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-18]
CHR Profile: C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 3 [2020-12-06]
CHR Notifications: Profile 3 -> hxxps://pomofocus.io
CHR Extension: (Slides) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-09]
CHR Extension: (Docs) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-09]
CHR Extension: (Google Drive) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-09]
CHR Extension: (Adobe Acrobat) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-20]
CHR Extension: (Sheets) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-09]
CHR Extension: (Google Docs Offline) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Notion Web Clipper) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\knheggckgoiihginacbkhaalnibhilkk [2020-08-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-09]
CHR Extension: (Gmail) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-17]
CHR Profile: C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 4 [2020-11-27]
CHR Notifications: Profile 4 -> hxxps://meet.google.com
CHR Extension: (Slides) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-08-06]
CHR Extension: (Docs) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2020-08-06]
CHR Extension: (Google Drive) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-15]
CHR Extension: (YouTube) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-08-06]
CHR Extension: (Adobe Acrobat) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-18]
CHR Extension: (Sheets) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-08-06]
CHR Extension: (Google Docs Offline) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-25]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-25]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-08-06]
CHR Extension: (Gmail) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-26]
CHR Profile: C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 5 [2020-11-04]
CHR Extension: (Slides) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-28]
CHR Extension: (Docs) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-28]
CHR Extension: (Google Drive) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-03]
CHR Extension: (YouTube) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-28]
CHR Extension: (Adobe Acrobat) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-28]
CHR Extension: (Sheets) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-28]
CHR Extension: (Google Docs Offline) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-09-28]
CHR Extension: (Gmail) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-03]
CHR Extension: (Chrome Media Router) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-22]
CHR Profile: C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6 [2020-12-06]
CHR Notifications: Profile 6 -> hxxps://meet.google.com; hxxps://web.skype.com
CHR Extension: (Slides) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-11-09]
CHR Extension: (Docs) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2020-11-09]
CHR Extension: (Google Drive) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-09]
CHR Extension: (YouTube) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-11-09]
CHR Extension: (Adobe Acrobat) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-11-09]
CHR Extension: (Sheets) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-09]
CHR Extension: (Zoom) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\hmbjbjdpkobdjplfobhljndfdfdipjhg [2020-11-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-11-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-09]
CHR Extension: (Evernote Web Clipper) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2020-12-06]
CHR Extension: (Gmail) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-09]
CHR Extension: (Chrome Media Router) - C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-18]
CHR Profile: C:\Users\JPDELL\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-09]
CHR HKU\S-1-5-21-1826214958-772042235-2865425336-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-1826214958-772042235-2865425336-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [114960 2019-12-12] (ALPS ALPINE CO., LTD. -> ALPSALPINE Co., Ltd.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [298496 2017-03-22] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9482688 2020-10-27] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-10-07] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-10-07] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-12-01] (Dropbox, Inc -> Dropbox, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation -> Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation -> Malwarebytes Corporation)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [99136 2020-10-06] (ProtonVPN AG -> )
S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [61760 2020-10-06] (ProtonVPN AG -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6153048 2020-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182120 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-08-09] (Microsoft) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-08-09] (Microsoft) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2016-10-27] (WDKTestCert Andy_Chen6,131219483243550933 -> OSR Open Systems Resources, Inc.)
R1 googledrivefs3301; C:\WINDOWS\System32\DRIVERS\googledrivefs3301.sys [132456 2020-11-17] (Google LLC -> Google, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2020-12-05] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation -> Malwarebytes Corporation)
R3 MpKslcf0df56a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{645972BE-EA1F-4FC5-B789-653FA4D46151}\MpKslDrv.sys [47336 2020-12-06] (Microsoft Windows -> Microsoft Corporation)
S3 ProtonVPNSplitTunnel; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.SplitTunnelDriver.sys [31584 2020-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43368 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49008 2020-08-19] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-06 18:16 - 2020-12-06 18:17 - 000039531 _____ C:\Users\JPDELL\Desktop\FRST.txt
2020-12-06 18:16 - 2020-12-06 18:16 - 000000000 ____D C:\Users\JPDELL\Desktop\FRST-OlderVersion
2020-12-06 18:15 - 2020-12-06 18:16 - 002288640 _____ (Farbar) C:\Users\JPDELL\Desktop\FRST64.exe
2020-12-06 18:15 - 2020-12-06 18:16 - 000000000 ____D C:\FRST
2020-12-04 21:42 - 2020-12-04 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-12-04 10:00 - 2020-12-04 10:00 - 000001122 _____ C:\Users\JPDELL\Desktop\marketing_notes.txt
2020-12-04 08:38 - 2020-12-04 08:38 - 000148111 _____ C:\Users\JPDELL\Downloads\OKR_Model.xlsx
2020-12-02 11:45 - 2020-12-02 11:45 - 000795179 _____ C:\Users\JPDELL\Downloads\sd-elements-solution-brochure.pdf
2020-12-02 09:01 - 2020-12-02 09:01 - 000009848 _____ C:\Users\JPDELL\Desktop\Brainstorm_v.01.xlsx
2020-12-01 17:10 - 2020-12-01 17:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2020-12-01 17:10 - 2020-12-01 17:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2020-12-01 17:10 - 2020-12-01 17:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2020-12-01 17:10 - 2020-12-01 17:10 - 000044552 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2020-11-30 22:32 - 2020-11-30 22:32 - 000106280 _____ C:\Users\JPDELL\Downloads\report.csv
2020-11-30 01:08 - 2020-12-06 17:55 - 000000000 ____D C:\Users\JPDELL\Desktop\ONR
2020-11-25 18:41 - 2020-11-25 18:41 - 000000000 ____D C:\Users\JPDELL\AppData\Local\EvernoteNW
2020-11-24 15:09 - 2020-11-24 15:09 - 074031058 _____ C:\Users\JPDELL\Downloads\GMT20200331-133940_NPI-Worksh.m4a
2020-11-23 11:14 - 2020-11-23 21:48 - 000000000 ____D C:\Users\JPDELL\Documents\Vistaprint.ca Photo Books
2020-11-23 11:14 - 2020-11-23 21:47 - 000000000 ____D C:\Users\JPDELL\AppData\Local\Vistaprint.ca Photo Books
2020-11-23 11:14 - 2020-11-23 11:14 - 018340192 _____ (Vistaprint ) C:\Users\JPDELL\Downloads\Vistaprint_Photo_Books_CA_EN.exe
2020-11-23 11:14 - 2020-11-23 11:14 - 000000000 ____D C:\Users\JPDELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vistaprint.ca Photo Books
2020-11-20 13:32 - 2020-11-17 12:03 - 000132456 _____ (Google, Inc.) C:\WINDOWS\system32\Drivers\googledrivefs3301.sys
2020-11-20 11:36 - 2020-11-20 11:36 - 000000000 ____D C:\Users\JPDELL\Documents\My Digital Editions
2020-11-18 23:03 - 2020-11-18 23:03 - 000000000 ____D C:\Users\JPDELL\AppData\Roaming\Teams
2020-11-17 23:25 - 2020-11-17 23:25 - 000000718 _____ C:\Users\JPDELL\Downloads\company_announcements.json
2020-11-17 06:33 - 2020-11-17 06:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-11-11 08:13 - 2020-11-11 08:13 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-11-11 08:13 - 2020-11-11 08:13 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-11-11 08:13 - 2020-11-11 08:13 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-11 08:13 - 2020-11-11 08:13 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-11-11 08:13 - 2020-11-11 08:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-11-11 08:13 - 2020-11-11 08:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-11-11 08:13 - 2020-11-11 08:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-11-11 08:13 - 2020-11-11 08:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-11-11 08:13 - 2020-11-11 08:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-11-11 08:13 - 2020-11-11 08:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-11-11 08:13 - 2020-11-11 08:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-11-11 08:13 - 2020-11-11 08:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-11-11 08:13 - 2020-11-11 08:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-11-11 08:13 - 2020-11-11 08:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-11-11 08:13 - 2020-11-11 08:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-11-11 08:13 - 2020-11-11 08:13 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-11-09 18:55 - 2020-11-09 18:55 - 000002478 _____ C:\Users\JPDELL\Desktop\JP @ infoloud.lnk
2020-11-09 09:57 - 2020-11-10 04:24 - 000000000 ____D C:\Users\JPDELL\Documents\d8amatiks
2020-11-08 18:54 - 2020-11-08 18:54 - 002485320 _____ (LogMeIn, Inc.) C:\Users\JPDELL\Downloads\Support-LogMeInRescue.exe
 

wired4tech

Posts: 137   +1
Part 2 of FRST.txt log



==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-12-06 18:11 - 2019-10-05 16:51 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-06 17:41 - 2019-10-28 05:41 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE
2020-12-06 16:50 - 2020-04-29 17:57 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-12-06 16:50 - 2020-04-29 17:57 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-12-06 15:24 - 2019-10-05 16:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-06 12:58 - 2019-10-05 16:51 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-05 11:04 - 2019-10-05 16:50 - 000000000 ____D C:\WINDOWS\INF
2020-12-05 11:04 - 2019-10-05 16:14 - 000841376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-05 11:02 - 2020-07-04 23:24 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-05 10:58 - 2020-01-22 20:55 - 000122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2020-12-05 10:58 - 2019-10-05 16:15 - 000000000 __SHD C:\Users\JPDELL\IntelGraphicsProfiles
2020-12-05 10:58 - 2019-10-05 16:08 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-12-05 10:58 - 2019-10-05 16:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-04 21:42 - 2019-10-07 20:54 - 000000000 ____D C:\Program Files (x86)\Dropbox
2020-12-04 16:17 - 2019-10-15 14:32 - 000000000 ____D C:\Users\JPDELL\AppData\Roaming\Slack
2020-12-04 08:39 - 2019-10-05 16:15 - 000000000 ____D C:\Users\JPDELL\AppData\Local\Packages
2020-12-04 07:00 - 2019-10-15 12:01 - 000000000 ____D C:\Users\JPDELL\Documents\Zoom
2020-12-04 06:38 - 2019-10-05 16:47 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-04 05:30 - 2019-10-05 16:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-12-03 19:58 - 2019-10-05 16:51 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-03 19:31 - 2019-10-05 18:55 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 19:31 - 2019-10-05 18:55 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-02 17:33 - 2020-06-28 14:36 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-02 14:30 - 2019-11-02 23:24 - 000000000 ____D C:\Users\JPDELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2020-12-02 14:30 - 2019-10-15 14:33 - 000000000 ____D C:\Users\JPDELL\AppData\Local\slack
2020-12-02 14:30 - 2019-10-08 03:56 - 000000000 ____D C:\Users\JPDELL\AppData\Local\SquirrelTemp
2020-12-02 12:32 - 2019-10-07 20:52 - 000002088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drive File Stream.lnk
2020-11-28 07:19 - 2020-07-04 23:24 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-28 07:19 - 2020-07-04 23:24 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-27 23:14 - 2020-05-26 05:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2020-11-27 14:20 - 2020-07-25 21:44 - 000000000 ____D C:\Users\JPDELL\AppData\Roaming\vlc
2020-11-27 07:47 - 2019-10-05 16:14 - 000000000 ____D C:\Users\JPDELL
2020-11-24 20:38 - 2020-05-03 12:06 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-22 21:04 - 2019-10-28 09:53 - 000000000 ____D C:\Users\JPDELL\Documents\Sound recordings
2020-11-21 23:58 - 2020-09-30 07:10 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-20 11:37 - 2020-02-02 08:18 - 000000000 ____D C:\Program Files (x86)\Kobo
2020-11-18 23:03 - 2020-06-07 22:40 - 000002369 _____ C:\Users\JPDELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-11-17 06:33 - 2020-06-16 12:38 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-11-17 06:33 - 2020-06-16 12:38 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-11-17 06:33 - 2020-06-16 12:38 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-11-17 06:33 - 2020-06-16 12:38 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-11-17 06:33 - 2020-06-16 12:38 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2020-11-17 06:32 - 2019-10-12 08:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-11-15 10:47 - 2019-10-05 16:15 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-15 10:47 - 2019-10-05 16:15 - 000000000 ___RD C:\Users\JPDELL\3D Objects
2020-11-14 01:26 - 2019-10-07 20:54 - 000000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2020-11-14 01:26 - 2019-10-07 20:54 - 000000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2020-11-14 01:26 - 2019-10-05 16:07 - 000475456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-14 01:25 - 2019-10-05 16:51 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-14 01:25 - 2019-10-05 16:51 - 000000000 ____D C:\WINDOWS\TextInput
2020-11-14 01:25 - 2019-10-05 16:51 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-14 01:25 - 2019-10-05 16:51 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-14 01:25 - 2019-10-05 16:51 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-14 01:25 - 2019-10-05 16:51 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-14 01:25 - 2019-10-05 16:51 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-14 01:25 - 2019-10-05 16:51 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-14 01:25 - 2019-10-05 16:51 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-14 01:25 - 2019-10-05 16:51 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-14 01:25 - 2019-10-05 16:51 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-12 11:00 - 2020-09-30 07:10 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-11-12 10:59 - 2020-09-30 07:10 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-11-11 09:34 - 2019-10-07 20:56 - 000000000 ___RD C:\Users\JPDELL\Dropbox
2020-11-11 08:20 - 2019-10-10 07:49 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-11 08:17 - 2019-10-10 07:49 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-11 08:17 - 2019-10-05 16:47 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-11 08:13 - 2019-10-05 16:08 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-11-09 18:56 - 2020-03-13 08:04 - 000000000 ____D C:\Users\JPDELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2020-11-09 09:16 - 2020-07-25 21:32 - 000000000 ____D C:\Users\JPDELL\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories ========

2020-06-16 12:31 - 2020-12-05 10:59 - 000000225 _____ () C:\Users\JPDELL\AppData\Roaming\error.log
2020-04-29 17:55 - 2020-04-29 17:55 - 000000410 _____ () C:\Users\JPDELL\AppData\Local\oobelibMkey.log
2020-10-08 20:27 - 2020-10-08 20:29 - 000000128 _____ () C:\Users\JPDELL\AppData\Local\PUTTY.RND

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Broni

Posts: 55,718   +501
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

wired4tech

Posts: 137   +1
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/7/20
Scan Time: 2:17 AM
Log File: 3a3f66bc-385c-11eb-a755-204747b94bb9.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1122
Update Package Version: 1.0.34005
License: Premium

-System Information-
OS: Windows 10 (Build 18362.1198)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 297281
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 53 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

wired4tech

Posts: 137   +1
RogueKiller Anti-Malware V14.8.0.0 (x64) [Nov 17 2020] (Free) by Adlice Software

mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18363) 64 bits
Started in : Normal mode
User : JPDELL [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20201203_095755, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2020/12/07 11:05:09 (Duration : 00:10:58)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O87 - Firewall
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{2E342CA8-A46D-4D75-8480-961E8857F224}C:\users\jpdell\appdata\local\programs\beaker-browser\beaker browser.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\jpdell\appdata\local\programs\beaker-browser\beaker browser.exe|Name=beaker browser.exe|Desc=beaker browser.exe|Defer=User| (C:\users\jpdell\appdata\local\programs\beaker-browser\beaker browser.exe) (missing) -> Found
[Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{8F462529-872A-46D4-987A-3E4F93CADE77}C:\users\jpdell\appdata\local\programs\beaker-browser\beaker browser.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\jpdell\appdata\local\programs\beaker-browser\beaker browser.exe|Name=beaker browser.exe|Desc=beaker browser.exe|Defer=User| (C:\users\jpdell\appdata\local\programs\beaker-browser\beaker browser.exe) (missing) -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

wired4tech

Posts: 137   +1
# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-07-2020
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1405 octets] - [07/12/2020 13:18:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

wired4tech

Posts: 137   +1
Note for Adwcleaner, I didn't have a "Clean" option. Instead, I ran the "Basic Repair" option. Hope this is okay.

Please let me know about the next steps! Thanks again for your help, Broni.