Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05-2021 Ran by Douglas Martin (administrator) on DESKTOP-7O86CE7 (Dell Inc. Inspiron 3585) (16-05-2021 07:04:26) Running from C:\Users\Douglas Martin\OneDrive\Desktop Loaded Profiles: Douglas Martin Platform: Windows 10 Home Version 20H2 19042.985 (X64) Language: English (United States) Default browser: Brave Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10027.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe (Advanced Micro Devices Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10027.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0354673.inf_amd64_6bcae015e5e81137\B354608\atieclxx.exe (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0354673.inf_amd64_6bcae015e5e81137\B354608\atiesrxx.exe (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <18> (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe (Dell Inc -> ) C:\Windows\Dell\DPS\ServiceShell.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Douglas Martin\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\FileCoAuth.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Douglas Martin\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdlogsr.exe (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3> (Thalonet, Inc. -> Thalonet, Inc. (dba Haste)) C:\Program Files\Haste\UserEdgeService.exe (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_9384fc4d30af89c3\WavesSvc64.exe (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_9384fc4d30af89c3\WavesSysSvc64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1081136 2020-04-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_9384fc4d30af89c3\WavesSvc64.exe [1645664 2020-04-24] (Waves Inc -> Waves Audio Ltd.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.) HKU\S-1-5-21-4004721749-99239411-667192755-1001\...\Run: [ProtonVPN] => C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe [7529720 2021-01-29] (Proton Technologies AG -> ) HKU\S-1-5-21-4004721749-99239411-667192755-1001\...\Run: [Haste] => C:\Program Files\Haste\Haste.exe [5492880 2021-03-26] (Thalonet, Inc. -> Thalonet, Inc. dba Haste) HKU\S-1-5-21-4004721749-99239411-667192755-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33698888 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-4004721749-99239411-667192755-1001\...\RunOnce: [Application Restart #1] => C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe [2209224 2021-05-13] (Brave Software, Inc. -> Brave Software, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\90.1.24.85\Installer\chrmstp.exe [2021-05-13] (Brave Software, Inc. -> Brave Software, Inc.) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02A7EE30-1CEE-47DA-8BCA-5D3090CCAD85} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-28] (Microsoft Corporation -> Microsoft Corporation) Task: {08A7D13C-7D42-4166-A4ED-EA040F8787BF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {09EC3D4C-4E16-47A9-AE4D-69CAA152370C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform) Task: {0DE2C2BA-C24E-4D01-86CD-6705C96198F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1C54D4D2-1824-416C-890E-6B48CC34D4C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4805E2B5-EAE0-4449-AB0D-D7306BA78F87} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-28] (Microsoft Corporation -> Microsoft Corporation) Task: {4FD7CB19-7E31-484E-9C2E-7FB96E15AB79} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {618F6963-1734-402D-82C1-130A7711775C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7891D51A-E94A-43D3-B9FE-03E7811FED68} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd) Task: {91DC9A16-9307-422B-9D91-F0201955E975} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141152 2021-05-15] (Microsoft Corporation -> Microsoft Corporation) Task: {954D2E6D-B5BD-460A-B427-5B5318709E3B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141152 2021-05-15] (Microsoft Corporation -> Microsoft Corporation) Task: {98A57A4A-C78E-4C05-B0E4-7E15B5CB48CF} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {F4B2B7B9-20BE-41BA-824B-E3B7229E3110} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{4f9d7ffd-8f73-46cf-95f0-61f3acd75560}: [DhcpNameServer] 71.10.216.1 71.10.216.2 Tcpip\..\Interfaces\{92f8a4cc-d706-4643-9774-1d90312496eb}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Douglas Martin\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-15] Edge Notifications: Default -> hxxps://www.youtube.com Edge HomePage: Default -> hxxp://www.msn.com/?pc=DCTE FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-03] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-05] (Microsoft Corporation -> Microsoft Corporation) Brave: ======= BRA Profile: C:\Users\Douglas Martin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-05-16] BRA Notifications: Default -> hxxps://dlive.tv; hxxps://gab.com; hxxps://populist.press; hxxps://rightwirereport.com; hxxps://thegreggjarrett.com; hxxps://www.bandlab.com; hxxps://www.breitbart.com; hxxps://www.cbsnews.com; hxxps://www.churchmilitant.com; hxxps://www.thinkspot.com; hxxps://www.westernjournal.com; hxxps://www.youtube.com BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave BRA DefaultSearchKeyword: Default -> :d BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list BRA Extension: (Google Translate) - C:\Users\Douglas Martin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-04-21] BRA Extension: (Brave Local Data Files Updater) - C:\Users\Douglas Martin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-01-28] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Douglas Martin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-05-16] BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Douglas Martin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2021-03-13] BRA Extension: (Brave Ads Resources) - C:\Users\Douglas Martin\AppData\Local\BraveSoftware\Brave-Browser\User Data\emgmepnebbddgnkhfmhdhmjifkglkamo [2021-05-08] BRA Extension: (Brave NTP sponsored images) - C:\Users\Douglas Martin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2021-05-15] BRA Extension: (Brave SpeedReader Updater) - C:\Users\Douglas Martin\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-05-04] BRA Extension: (Brave Ads Resources) - C:\Users\Douglas Martin\AppData\Local\BraveSoftware\Brave-Browser\User Data\kkjipiepeooghlclkedllogndmohhnhi [2021-05-08] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Douglas Martin\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-05-12] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [163528 2020-10-19] (Brave Software, Inc. -> BraveSoftware Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798600 2021-04-28] (Microsoft Corporation -> Microsoft Corporation) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-25] (Dell Technologies Inc. -> Dell Technologies Inc.) R2 Dell Platform Service; C:\WINDOWS\Dell\DPS\ServiceShell.exe [74016 2019-07-05] (Dell Inc -> ) R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> ) S2 DellSupportAssistGatewaySvc; C:\WINDOWS\Dell\SupportAssist\SupportAssistGatewayService.exe [54120 2020-09-10] (Dell Inc. -> Dell Inc.) R2 HasteUEService; C:\Program Files\Haste\UserEdgeService.exe [1594000 2021-03-26] (Thalonet, Inc. -> Thalonet, Inc. (dba Haste)) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-15] (Malwarebytes Inc -> Malwarebytes) S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [102648 2021-01-29] (Proton Technologies AG -> ) S3 ProtonVPN Update Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe [62712 2021-01-29] (Proton Technologies AG -> ) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation) S2 Dell Hardware Support; "C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [27896 2021-03-25] (WDKTestCert Amit_K_Tiwari,132158070448517957 -> ) S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.) R3 DDDriver64Dcsa; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.) R3 DellDPSDrv; C:\WINDOWS\System32\drivers\DellDPS.sys [36632 2019-07-05] (Dell Inc -> ) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [29776 2018-10-04] (Dell Inc -> OSR Open Systems Resources, Inc.) R3 DellSupportAssistDriver; C:\WINDOWS\System32\drivers\DellSupportAssist.sys [36608 2020-09-10] (Dell Inc. -> ) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-15] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-15] (Malwarebytes Inc -> Malwarebytes) S3 ProtonVPNCallout; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys [34176 2021-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG) R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2020-12-30] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421112 2021-05-14] (Microsoft Windows -> Microsoft Corporation) S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-14] (Microsoft Windows -> Microsoft Corporation) R4 WinDivert1.3; C:\Program Files\Haste\WinDivert64.sys [47560 2021-03-26] (Ars Nova Systems -> Basil) S3 MpKsla7d7f102; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D70D932-7945-4197-A9D6-CA010DCD8916}\MpKslDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-16 07:04 - 2021-05-16 07:06 - 000000000 ____D C:\FRST 2021-05-16 06:31 - 2021-05-16 06:44 - 000000321 _____ C:\Users\Douglas Martin\OneDrive\Documents\YouTube Subscriptions (daily must-reads).txt 2021-05-15 14:51 - 2021-05-15 14:51 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\Douglas Martin\Downloads\procexp.exe 2021-05-15 14:49 - 2021-05-15 14:49 - 008234296 _____ (Piriform Software Ltd) C:\Users\Douglas Martin\Downloads\spsetup132.exe 2021-05-15 14:32 - 2021-05-15 14:32 - 000000071 _____ C:\Users\Douglas Martin\OneDrive\Documents\geeks to go (tech supp).txt 2021-05-15 14:04 - 2021-05-15 14:04 - 1024420629 _____ C:\WINDOWS\MEMORY.DMP 2021-05-15 14:04 - 2021-05-15 14:04 - 001081292 _____ C:\WINDOWS\Minidump\051521-7796-01.dmp 2021-05-15 14:04 - 2021-05-15 14:04 - 000000000 ____D C:\WINDOWS\Minidump 2021-05-15 13:35 - 2021-05-15 13:35 - 000000000 ____D C:\Users\Douglas Martin\Downloads\gmer 2021-05-15 13:29 - 2021-05-15 13:29 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-05-15 13:29 - 2021-05-15 13:29 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-05-15 13:29 - 2021-05-15 13:29 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-05-15 13:29 - 2021-05-15 13:29 - 000002023 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-05-15 13:28 - 2021-05-15 13:28 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-05-15 13:28 - 2021-05-15 13:26 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-05-15 13:28 - 2021-05-15 13:26 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-05-15 13:26 - 2021-05-15 13:26 - 000000000 ____D C:\Program Files\Malwarebytes 2021-05-15 13:25 - 2021-05-15 13:25 - 000371282 _____ C:\Users\Douglas Martin\Downloads\gmer.zip 2021-05-14 08:43 - 2021-05-14 08:42 - 000003980 _____ C:\Users\Douglas Martin\OneDrive\Documents\2020 Federal-State Tax Return (using OLT.com).txt 2021-05-14 05:56 - 2021-05-14 05:56 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-05-14 05:56 - 2021-05-14 05:56 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-05-14 05:56 - 2021-05-14 05:56 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2021-05-14 05:56 - 2021-05-14 05:56 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-05-14 05:56 - 2021-05-14 05:56 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-05-14 05:56 - 2021-05-14 05:56 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-05-14 05:55 - 2021-05-14 05:55 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-05-14 05:55 - 2021-05-14 05:55 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-05-14 05:55 - 2021-05-14 05:55 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-05-14 05:55 - 2021-05-14 05:55 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-05-14 05:55 - 2021-05-14 05:55 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-05-14 05:55 - 2021-05-14 05:55 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-05-13 17:47 - 2021-05-14 06:17 - 000000000 ____D C:\Users\Douglas Martin\AppData\Roaming\bandlab-assistant 2021-05-13 17:47 - 2021-05-13 17:47 - 000000000 ____D C:\Users\Douglas Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BandLab Technologies 2021-05-13 17:47 - 2021-05-13 17:47 - 000000000 ____D C:\Users\Douglas Martin\AppData\Local\bandlab-assistant-updater 2021-05-13 17:46 - 2021-05-13 17:46 - 062959840 _____ (BandLab Technologies) C:\Users\Douglas Martin\Downloads\BandLab Assistant Setup 7.2.1.exe 2021-05-10 15:27 - 2021-05-10 15:27 - 000000029 _____ C:\Users\Douglas Martin\OneDrive\Documents\Steel Storm.txt 2021-05-09 19:54 - 2021-05-09 19:54 - 000616838 _____ C:\Users\Douglas Martin\OneDrive\Documents\moses-hess.pdf 2021-05-07 06:45 - 2021-05-07 12:51 - 000000169 _____ C:\Users\Douglas Martin\OneDrive\Documents\Cal Coast.txt 2021-05-04 19:11 - 2021-05-15 19:11 - 000000000 ____D C:\Program Files\CCleaner 2021-05-04 19:11 - 2021-05-07 22:44 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-05-04 19:11 - 2021-05-04 19:11 - 000002906 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-05-04 19:11 - 2021-05-04 19:11 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2021-05-04 19:11 - 2021-05-04 19:11 - 000000865 _____ C:\ProgramData\Desktop\CCleaner.lnk 2021-05-04 19:11 - 2021-05-04 19:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2021-05-04 19:08 - 2021-05-04 19:10 - 031412280 _____ (Piriform Software Ltd) C:\Users\Douglas Martin\Downloads\ccsetup579.exe 2021-05-03 23:12 - 2021-05-14 06:36 - 102760448 _____ C:\WINDOWS\system32\config\SOFTWARE 2021-05-02 15:47 - 2021-05-02 15:47 - 000000045 _____ C:\Users\Douglas Martin\OneDrive\Documents\Hey, Sis. How are things going with you.txt 2021-04-30 09:28 - 2021-04-30 09:28 - 000000000 ____D C:\Users\Douglas Martin\AppData\Local\AWSToolkit 2021-04-30 08:46 - 2021-04-30 08:46 - 000000000 ____D C:\Users\Douglas Martin\AppData\Local\IsolatedStorage 2021-04-30 08:45 - 2021-04-30 08:45 - 000000000 ____D C:\Users\Douglas Martin\AppData\Local\Thalonet,_Inc._dba_Haste 2021-04-30 08:44 - 2021-04-30 08:44 - 000000000 ____D C:\ProgramData\Package Cache 2021-04-30 08:44 - 2021-04-30 08:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haste 2021-04-30 08:44 - 2021-04-30 08:44 - 000000000 ____D C:\Program Files\Haste 2021-04-30 08:44 - 2021-04-30 08:44 - 000000000 _____ C:\WINDOWS\system32\cd 2021-04-30 08:43 - 2021-04-30 08:45 - 000000000 ____D C:\Users\Douglas Martin\AppData\Roaming\Haste 2021-04-30 08:42 - 2021-04-30 08:43 - 027071376 _____ (Haste) C:\Users\Douglas Martin\Downloads\HasteInstaller.exe 2021-04-30 08:35 - 2021-04-30 08:35 - 000000071 _____ C:\Users\Douglas Martin\OneDrive\Documents\Haste (ping) software.txt 2021-04-25 21:21 - 2021-04-25 21:21 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d718d7d3a223f0 2021-04-16 10:59 - 2021-04-24 12:23 - 000000000 ____D C:\Users\Douglas Martin\AppData\Roaming\Telegram Desktop 2021-04-16 10:59 - 2021-04-16 10:59 - 000000000 ____D C:\Users\Douglas Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop 2021-04-16 10:58 - 2021-04-16 10:58 - 029289912 _____ (Telegram FZ-LLC ) C:\Users\Douglas Martin\Downloads\tsetup-x64.2.7.1.exe 2021-04-16 10:01 - 2021-04-16 10:01 - 000000054 _____ C:\Users\Douglas Martin\OneDrive\Documents\STEAM.txt ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-16 07:04 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF 2021-05-16 06:21 - 2020-10-09 19:52 - 000000000 ____D C:\WINDOWS\system32\AMD 2021-05-16 06:09 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-05-16 05:02 - 2021-03-14 08:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-05-16 03:37 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-05-16 03:37 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-05-15 18:07 - 2019-12-23 11:06 - 000000000 ____D C:\Program Files\Microsoft Office 2021-05-15 14:10 - 2021-03-14 08:44 - 000795738 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-05-15 14:06 - 2020-02-15 20:36 - 000000000 ___RD C:\Users\Douglas Martin\OneDrive 2021-05-15 14:05 - 2021-03-14 08:38 - 000000000 ____D C:\Users\Douglas Martin 2021-05-15 14:04 - 2021-03-14 08:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-05-15 14:04 - 2021-03-14 08:33 - 000008192 ___SH C:\DumpStack.log.tmp 2021-05-15 13:56 - 2021-03-27 17:01 - 000000000 ____D C:\Users\Douglas Martin\AppData\Local\CrashDumps 2021-05-15 13:28 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-05-15 04:27 - 2020-10-09 19:58 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-05-15 04:27 - 2020-10-09 19:58 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-05-15 04:27 - 2020-10-09 19:58 - 000002278 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk 2021-05-14 16:54 - 2020-10-09 20:39 - 000000000 ____D C:\Users\Douglas Martin\AppData\Local\PlaceholderTileLogoFolder 2021-05-14 14:10 - 2020-10-12 17:26 - 000000000 ____D C:\Users\Douglas Martin\AppData\Local\PackageStaging 2021-05-14 14:10 - 2020-10-09 20:31 - 000000000 ____D C:\Users\Douglas Martin\AppData\Local\Packages 2021-05-14 08:15 - 2020-10-14 17:07 - 000000538 _____ C:\Users\Douglas Martin\OneDrive\Documents\Wifi channel change instructions.txt 2021-05-14 08:13 - 2020-09-26 19:16 - 000000735 _____ C:\Users\Douglas Martin\OneDrive\Documents\Spectrum Internet (username-password).txt 2021-05-14 06:47 - 2019-12-23 11:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-05-14 06:39 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-05-14 06:37 - 2021-03-14 08:34 - 000435352 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-05-14 06:36 - 2019-12-07 04:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2021-05-14 06:17 - 2019-12-07 04:50 - 000000000 ____D C:\WINDOWS\system32\OpenSSH 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\DiagTrack 2021-05-14 06:17 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-05-14 06:02 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-05-14 06:00 - 2019-12-07 04:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll 2021-05-14 05:31 - 2020-10-10 01:35 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-05-14 05:29 - 2020-10-10 01:35 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-05-13 17:49 - 2020-10-09 20:31 - 000000000 ____D C:\Users\Douglas Martin\AppData\Local\D3DSCache 2021-05-13 17:47 - 2020-09-05 20:33 - 000000000 ____D C:\Users\Douglas Martin\OneDrive\Documents\BandLab 2021-05-13 14:45 - 2020-10-19 09:32 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk 2021-05-13 14:45 - 2020-10-19 09:32 - 000002325 _____ C:\Users\Public\Desktop\Brave.lnk 2021-05-13 14:45 - 2020-10-19 09:32 - 000002325 _____ C:\ProgramData\Desktop\Brave.lnk 2021-05-12 17:20 - 2020-10-13 08:26 - 000000000 ____D C:\Users\Douglas Martin\AppData\Local\ElevatedDiagnostics 2021-05-10 15:21 - 2020-10-18 11:58 - 000000000 ____D C:\Users\Douglas Martin\AppData\Roaming\vlc 2021-05-10 14:49 - 2020-10-18 11:57 - 000000918 _____ C:\Users\Public\Desktop\VLC media player.lnk 2021-05-10 14:49 - 2020-10-18 11:57 - 000000918 _____ C:\ProgramData\Desktop\VLC media player.lnk 2021-05-07 18:17 - 2021-04-08 18:30 - 000000443 _____ C:\Users\Douglas Martin\OneDrive\Documents\Important phrases and expressions.txt 2021-05-05 21:21 - 2021-03-14 08:48 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4004721749-99239411-667192755-1001 2021-05-05 21:21 - 2021-03-14 08:38 - 000002388 _____ C:\Users\Douglas Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-05-04 19:15 - 2021-03-13 20:15 - 000000000 ___DC C:\WINDOWS\Panther 2021-05-04 18:47 - 2020-10-09 20:31 - 000000000 ____D C:\ProgramData\Packages 2021-05-04 07:52 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-05-03 23:12 - 2021-02-28 16:57 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2021-04-27 15:00 - 2020-12-16 17:49 - 000000000 ____D C:\Users\Douglas Martin\Desktop\Songtutor 2021-04-25 21:21 - 2021-03-14 08:48 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-04-23 05:19 - 2020-10-10 01:35 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================