Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2021 Ran by Joe (administrator) on DESKTOPTOWER (Gigabyte Technology Co., Ltd. X58A-UD5) (08-02-2021 23:04:50) Running from C:\Program Files\Farbar Loaded Profiles: Joe Platform: Microsoft Windows 10 Pro Version 20H2 19042.746 (X86) Language: English (United States) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe () [File not signed] C:\Program Files\Kleptomania\KMania.exe (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files\Actual Window Manager\ActualWindowManagerCenter.exe (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files\Actual Window Manager\ActualWindowManagerShellCenter.exe (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files\Actual Window Manager\LogonScreenService.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4> (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\protectedservice.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (BitTorrent Inc -> BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe (Code Sector) [File not signed] C:\Program Files\TeraCopy\TeraCopyService.exe (Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe (Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE (Google LLC -> Google LLC) C:\Program Files\Google\Update\1.3.36.72\GoogleCrashHandler.exe (Insight Software Solutions, Inc.) [File not signed] C:\Program Files\Macro Express Pro\MacExp.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ntvdm.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Nitro PDF Software -> Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe (Openphone Inc. -> MightyText) C:\Users\Joe\AppData\Local\MightyText\app-5.3.1\MightyText.exe <8> (PushBullet Inc -> Pushbullet Inc) C:\Users\Joe\AppData\Local\Pushbullet\bin\pushbullet_client.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (SOFTPERFECT PTY. LTD. -> SoftPerfect) C:\Program Files\NetWorx\networx.exe (Sony Mobile Communications AB -> Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\Joe\AppData\Roaming\Telegram Desktop\Telegram.exe (Up to Eleven Digital Solutions GmbH) C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.2.0.0_x86__c9d6r4qvva5x8\mysms.exe (XemiComputers ltd.) [File not signed] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [5219656 2016-09-28] (SOFTPERFECT PTY. LTD. -> SoftPerfect) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [104552 2020-12-30] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Run: [MalTray] => C:\Program Files\Glarysoft\Malware Hunter\mhtray.exe [982448 2020-12-20] (Glarysoft LTD -> Glarysoft Ltd) HKLM\...\Policies\Explorer: [Nodrive Autorun] 0 HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [Active Desktop Calendar] => C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [7608832 2011-11-23] (XemiComputers ltd.) [File not signed] HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [Kleptomania] => C:\Program Files\Kleptomania\KMania.exe [973312 2017-10-16] () [File not signed] HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-08] (Ruiware, LLC -> Ruiware) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Joe\AppData\Local\Microsoft\Teams\Update.exe [2350752 2020-06-11] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [Pushbullet] => C:\Program Files\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc) [File not signed] HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [44344 2021-01-04] (Glarysoft LTD -> Glarysoft Ltd) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [10076592 2021-01-06] (Support.com Inc -> SUPERAntiSpyware) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [399736 2019-04-18] (BitTorrent Inc -> BitTorrent, Inc.) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-07] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [Actual Window Manager] => C:\Program Files\Actual Window Manager\ActualWindowManagerCenter.exe [2193152 2020-10-11] (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [GarminExpress] => C:\Program Files\Garmin\Express\express.exe [31164320 2021-01-26] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\RunOnce: [Application Restart #0] => C:\Program Files\Google\Chrome\Application\chrome.exe --profile-directory=Default --app-id=phnjmiobjppgfeicepedmfnpjjmfjlha --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox -- (the data entry has 67 more characters). HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Policies\system: [DisableLockWorkstation] 1 HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Policies\Explorer: [NoCookiesForDCFMC] 81<0 HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\Policies\system: [DisableLockWorkstation] 1 HKLM\...\Print\Monitors\Nitro PDF Port 13 Monitor: C:\WINDOWS\system32\NxPrinterMonitor13.dll [273160 2020-07-30] (Nitro Software, Inc. -> Nitro Software, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.146\Installer\chrmstp.exe [2021-02-04] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autohotkey.lnk [2019-01-19] ShortcutTarget: autohotkey.lnk -> C:\Data\Batch Files\Autohotkey\autohotkey.bat () [File not signed] Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty_Recycle_Bin.lnk [2020-06-29] ShortcutTarget: Empty_Recycle_Bin.lnk -> C:\Data\Batch Files\VBS\Empty_Recycle_Bin.vbs () [File not signed] Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefox.lnk [2020-07-16] ShortcutTarget: Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MightyText.lnk [2019-07-09] ShortcutTarget: MightyText.lnk -> C:\Users\Joe\AppData\Local\MightyText\MightyText.exe (Openphone Inc. -> MightyText) Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mysms.lnk [2019-12-22] ShortcutTarget: mysms.lnk -> (No File) Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pushbullet.lnk [2020-07-02] ShortcutTarget: Pushbullet.lnk -> C:\Program Files\Pushbullet\pushbullet.exe (Pushbullet inc) [File not signed] Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2021-01-26] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter) Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2021-01-14] ShortcutTarget: Telegram.lnk -> C:\Users\Joe\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WLM.lnk [2015-10-09] ShortcutTarget: WLM.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation -> Microsoft Corporation) BootExecute: autocheck autochk * NDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\AOMEI Backupper;C:\Users\Joe\AppData\Local\Microsoft\WindowsApps;C:\Users\Joe\AppData\Local\Programs\EmEditorPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 6 Model 44 Stepping 2, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=2c02PROG27B48B2C051=1ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesPSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PUBLIC=C:\Users\PublicSAN_DIR=C:\Program Files\SiSoftware\SiSoftware Sandra Business 2016.SP1SystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\Users\Joe\AppData\Local\TempTMP=C:\Users\Joe\AppData\Local\TempUSERDOMAIN=DESKTOPTOWERUSERDOMAIN_ROAMINGPROFILE=DESKTOPTOWERUSERNAME=JoeUSERPROFILE=C:\Users\Joewindir=C:\WINDOWS__COMPAT_LAYER=DetectorsAppHealth GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {006E622B-6E41-4398-8D4E-FB6B7F93B7BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-03] (Adobe Inc. -> Adobe) Task: {0688FFBC-B15F-407E-A6A8-F0673292A145} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40864 2021-01-26] (Garmin International, Inc. -> ) Task: {0F99FD47-2D75-4BB1-A3F4-C3207724203F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {1AA84EE5-ED74-4508-AB04-800F817C5524} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1696976 2014-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {223F6883-C780-495D-B9FF-51D91FAF956E} - \SidebarExecute -> No File <==== ATTENTION Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {258AA677-86CB-4D4F-9D77-CED823D0705B} - System32\Tasks\GMHSkipUAC => C:\Program Files\Glarysoft\Malware Hunter\MalwareHunter.exe [2441136 2020-12-20] (Glarysoft LTD -> Glarysoft Ltd) Task: {28384190-8375-4F91-AE91-CFEDEBAF6387} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {2A4BB477-D5D2-4159-A391-79CFC1D3D814} - System32\Tasks\{EB3B1F34-37CE-4AAC-9491-1B51A99EF057} => C:\Windows\system32\pcalua.exe -a "C:\Users\Joe\Downloads\Utilities\Voice & Video chat\GoogleVoiceAndVideoSetup.exe" -d "C:\Users\Joe\Downloads\Utilities\Voice & Video chat" Task: {2A6AAE0A-529B-4CF7-82E1-51C962140A40} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-07] (Piriform Software Ltd -> Piriform Software Ltd) Task: {2CE46AF6-52D6-4865-800C-F1EBA1BA51D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {41B4479B-CE79-4E00-88A6-5910895E7BFC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1696976 2014-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {4819EA1D-C6B2-4A48-8554-E3257C37D1A6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft) Task: {48920FDE-4F57-4B1A-9581-2C84E84CF16B} - System32\Tasks\{79B648AB-D2C7-4CB6-B481-8750BB0C9223} => C:\Windows\system32\pcalua.exe -a "U:\Drivers\Brother Laser\SETUP.EXE" -d "U:\Drivers\Brother Laser" Task: {495F7F3D-F249-42FF-AF62-5CEA8A3945EE} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin\InstallManagerApp.exe [9431240 2016-03-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {49735B1A-80CC-4353-8325-461135C141AC} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {4D1B8669-469B-4A21-AE33-428EF5B56156} - System32\Tasks\{5D2BF198-67A0-47E7-8C5F-A3524EDD536B} => C:\Windows\system32\pcalua.exe -a "U:\Utilities\WP51+\Tame v6\tame60.exe" -d "U:\Utilities\WP51+\Tame v6" Task: {549E1291-F375-4588-A43C-75FAF3831ECC} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {567898A3-E18B-4BA0-A82E-3DC699F351F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {62798434-2842-41A5-922E-E479E405DC6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {661F045A-1B72-4EA0-B1D5-DC8C21046604} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {66721EE1-1FB2-4949-A560-39C2A12A0248} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_371_Plugin.exe [1458232 2020-06-03] (Adobe Inc. -> Adobe) Task: {6792A8D5-540F-44C9-BBF1-14AA10131497} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {69402868-C889-4D08-AE0B-CECF4D6AFD3F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION Task: {80BA2A26-808F-4A36-99BF-6E00DF762174} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {895936EB-17D5-4A65-AD01-861BF8E4DCD3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1106128 2014-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {89C980E2-68AC-4FDE-B713-F7E7086CF301} - System32\Tasks\{1C8C8445-3AF3-4DD6-8C02-6694F42FDBE6} => C:\Windows\system32\pcalua.exe -a C:\Utilities\GTalk\GoogleVoiceAndVideoSetup.exe -d C:\Utilities\GTalk Task: {8D1AB70C-325A-4323-97A3-E717D2E87FFC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {8F919ED4-806D-4EE1-B4FA-F65D9D44C5ED} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1499240 2020-09-18] (Avast Software s.r.o. -> Avast Software) Task: {92DBC411-9B90-4298-9EFB-831154BE45E0} - System32\Tasks\{F5737DFE-F1CC-479D-8E20-6148EA378C88} => C:\Windows\system32\pcalua.exe -a "C:\Users\Joe\Downloads\Utilities\Security\Zone Alarm\zaSuiteSetup_91_008_000_en.exe" -d "C:\Users\Joe\Downloads\Utilities\Security\Zone Alarm" Task: {94DD9B89-C8A6-4CFF-870B-1F5CBDB84971} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {A0BABFE1-F03C-4C2B-B95E-BCDA5FFC882E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {A77A79C8-76B2-4FE2-9D78-ADFF1885DEED} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {B1DD86FA-33A6-4AA1-9C97-52253034296B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-07] (Piriform Software Ltd -> Piriform Software Ltd) Task: {B3D42D62-B36A-43BB-833A-E08CFBF72626} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-198903158-1304534811-4163729061-1007 => C:\Users\Joe\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {B47BF8F2-207F-414D-B278-3640571BDBD8} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 8.0\CASPER.EXE [12154288 2014-04-30] (Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.) Task: {BE0D60AF-DB66-4573-894B-AC9389FA6F96} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe Task: {BFB5A266-26A0-43EF-A87C-D1E321ECCEB1} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION Task: {BFF1007A-F986-4F4A-A540-C0ADDA5E4C56} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4052072 2020-12-30] (Avast Software s.r.o. -> AVAST Software) Task: {C29C0A7B-324D-47E4-BA07-FA6EF99D1262} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [192704 2014-03-31] (Microsoft Corporation -> Microsoft Corporation) Task: {C3CBC979-B3E1-478B-BAA1-EC871F99A0D0} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files\Spybot Anti-Beacon\SDAntiBeacon.exe [5584920 2015-10-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.) [File not signed] Task: {C44EB20B-C9B1-4DC4-8625-B83CE2CDE70C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {CE030FC7-013B-490A-83E2-F9FFBD8D7D59} - System32\Tasks\{25E6CB6D-8992-43FF-9440-629929607D3D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Joe\Desktop\Brother Driver\eng\inst\setup.exe" -d "C:\Users\Joe\Desktop\Brother Driver\eng\inst" Task: {CFC16982-A32D-4423-89AF-7921ED8D3E74} - \FreeDownloadManagerNetworkMonitor -> No File <==== ATTENTION Task: {D128094B-B79B-4F43-BEAA-AC5ECCE2DEF9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {D4C73E75-416B-421A-838D-3E8BA54D2C43} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION Task: {D5E9F6F6-1413-44E5-9AEA-F365EC9C04D9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {DCD08411-7FD4-4DF6-B2F8-61CEDEA01EE9} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {EAA584A5-9C1E-4646-BD93-296671026395} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {EB2AAF32-3750-40DE-A8DD-0958306BD2FD} - System32\Tasks\GU5SkipUAC => C:\Program Files\Glary Utilities 5\Integrator.exe [917816 2021-01-04] (Glarysoft LTD -> Glarysoft Ltd) Task: {EC546FC1-8235-4E97-8B77-D2F6E056B8E3} - System32\Tasks\{F45CE27F-5014-49C7-9C3D-D02C23C9DF8A} => "c:\program files\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?source=lightinstaller&page=tsInstall Task: {EE4DCCBB-07C0-46BC-98D8-1D8C3D9DBEAD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {F20713DE-957F-41A0-9DC0-D0FEBE841BA7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1106128 2014-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {F8B04807-6587-4A16-9D1F-BDB7CDC1FE63} - System32\Tasks\Avira_Security_Update => C:\Program Files\Avira\Security\Avira.Spotlight.Common.Updater.exe Task: {FC25CF3C-3BF5-4FE5-9477-651B844DADD1} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {FE923EC4-094C-45A0-9265-B2AD53E38FFD} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{ac4dbacb-ac43-4c15-845b-e2e36b51b764}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default [2021-02-06] CHR Notifications: Default -> hxxps://app.mysms.com; hxxps://seemendy.club; hxxps://sendleap.com CHR DefaultSearchURL: Default -> hxxps://static.xx.fbcdn.net/rsrc.php/yg/r/4_vfHVmZ5XD.ico CHR Extension: (Messenger) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikmbkiaomfbeknnagjbfgfckhlbnjnj [2020-08-18] CHR Extension: (Google Docs Offline) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-22] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30] CHR Extension: (Sendleap) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\phnjmiobjppgfeicepedmfnpjjmfjlha [2020-09-13] CHR Extension: (Chrome Media Router) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-27] CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM\...\Chrome\Extension: [jpnkpjikgipojkofgjjkfgdhfanggcdm] - C:\Program Files\Bigasoft\Video Downloader Pro\extensions\3.23.0.7627\BVDChromeExt.crx [2020-12-01] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2019-03-22] CHR HKU\S-1-5-21-198903158-1304534811-4163729061-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com) S3 AdobeFlashPlayerUpdateSvc; C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-03] (Adobe Inc. -> Adobe) R2 aim_LSService; C:\Program Files\Actual Window Manager\LogonScreenService.exe [95472 2020-10-11] (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1205960 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntivirProtectedService; C:\Program Files\Avira\Antivirus\ProtectedService.exe [537472 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [573960 2021-01-14] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7569312 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [563544 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [330848 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [58048 2020-12-30] (Avast Software s.r.o. -> AVAST Software) S3 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [483184 2019-01-22] (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) R2 caspereui; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [607976 2013-11-19] (Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.) S4 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [607976 2013-11-19] (Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [5815504 2020-11-14] (Malwarebytes Inc -> Malwarebytes) R2 nlsX86cc; C:\Windows\system32\NLSSRV32.EXE [69640 2014-05-19] (Nitro PDF Software -> Nalpeiron Ltd.) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [426792 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) S4 NvTelemetryContainer; C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460872 2018-01-24] (NVIDIA Corporation -> NVIDIA Corporation) S3 rpcapd; C:\Program Files\WinPcap\rpcapd.exe [117264 2011-02-12] (CACE Technologies, Inc. -> CACE Technologies, Inc.) S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Business 2016.SP1\RpcAgentSrv.exe [81968 2016-02-23] (SiSoftware SPC -> SiSoftware) [File not signed] R3 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S3 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3996624 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [12834584 2021-01-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [57344 2016-07-29] (Code Sector) [File not signed] S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [2250992 2019-12-31] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [85240 2019-12-31] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WsDrvInst; C:\Program Files\Wondershare\UniConverter\Transfer\DriverInstall.exe [112560 2020-04-09] (Wondershare Technology Co.,Ltd -> Wondershare) R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2013024 2019-10-22] (Sony Mobile Communications AB -> Sony) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [26424 2015-02-26] (Aomei Technology Co., Limited -> ) [File not signed] R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [129720 2015-02-26] (Aomei Technology Co., Limited -> ) [File not signed] S3 ampa; C:\WINDOWS\system32\ampa.sys [35760 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> ) R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [14392 2015-02-26] (Aomei Technology Co., Limited -> ) [File not signed] R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [File not signed] R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [34680 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [176504 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [284240 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [204880 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [90192 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16320 2020-12-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [40376 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148888 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [377984 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [93840 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [72488 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [691280 2020-12-30] (Avast Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [394616 2021-01-08] (Avast Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [161296 2021-01-08] (Avast Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [276448 2021-01-07] (Avast Software s.r.o. -> AVAST Software) R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [70056 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [19776 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176312 2020-11-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [200672 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [54440 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78808 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [43304 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed] S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [33200 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> ) R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [29496 2016-09-29] (DEV47 APPS -> Dev47Apps) R3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [225592 2016-09-29] (DEV47 APPS -> Windows (R) Win 7 DDK provider) U3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [60232 2020-01-03] (EnigmaSoft Limited -> EnigmaSoft Limited) S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [31936 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R0 EPMVolFlt; C:\WINDOWS\System32\drivers\EPMVolFlt.sys [28880 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider) S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2018-10-24] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [25864 2018-08-04] (Glarysoft LTD -> Glarysoft Ltd) S3 GUMHFilters; C:\Program Files\Glarysoft\Malware Hunter\Native\winxp_x86\GUMHFilter.sys [41104 2020-11-23] (Glarysoft LTD -> Glarysoft Ltd) R1 GUSBootStartup; C:\WINDOWS\System32\drivers\GUSBootStartup.sys [25872 2020-03-03] (Glarysoft LTD -> Glarysoft Ltd) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [17360 2020-11-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [213912 2020-12-12] (Malwarebytes Inc -> Malwarebytes) R3 mf; C:\WINDOWS\System32\drivers\mf.sys [29696 2019-12-07] (Microsoft Windows -> Microsoft Corporation) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [648552 2015-05-18] (McAfee, Inc. -> McAfee, Inc.) S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [91840 2015-05-18] (McAfee, Inc. -> McAfee, Inc.) R3 mv91cons; C:\WINDOWS\System32\drivers\mv91cons.sys [30440 2016-04-12] (Marvell Semiconductor, Inc. -> Marvell Semiconductor Inc.) R1 networx; C:\WINDOWS\System32\drivers\networx.sys [67640 2016-09-20] (SOFTPERFECT PTY. LTD. -> NetFilterSDK.com) R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2019-07-16] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_x86_9f540655d9eda3dd\nvlddmkm.sys [15367072 2018-06-13] (NVIDIA Corporation -> NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [53616 2018-01-24] (NVIDIA Corporation -> NVIDIA Corporation) S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [50248 2018-01-24] (NVIDIA Corporation -> NVIDIA Corporation) R1 PCIESER; C:\WINDOWS\system32\drivers\PCIESER.sys [67328 2014-10-09] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com) U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [70512 2021-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com) R1 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2015-11-10] (Microolap technologies -> microOLAP Technologies LTD) R1 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2015-11-10] (Microolap technologies -> microOLAP Technologies LTD) S3 RDPDISPM; C:\WINDOWS\System32\DRIVERS\rdpdispm.sys [15488 2010-09-22] (Microsoft Corporation) [File not signed] S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [33280 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group) R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [956752 2018-09-04] (Realtek Semiconductor Corp. -> Realtek) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Business 2016.SP1\WNt600x86\Sandra.sys [23112 2009-08-07] (SiSoftware Ltd -> SiSoftware) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [114304 2015-06-08] (Power Software Limited -> Power Software Ltd) S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [18368 2019-08-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider) S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [37472 2019-12-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [278456 2019-12-31] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [39368 2019-12-31] (Microsoft Windows -> Microsoft Corporation) S3 WsAudio_Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [27496 2015-02-27] (Wondershare Software Co., Ltd. -> Wondershare) R3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [213504 2019-12-07] (Microsoft Windows -> Microsoft Corporation) U1 aswbdisk; no ImagePath S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X] U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-02-08 15:43 - 2021-02-08 15:43 - 000000000 ____D C:\Program Files\Event Viewer 2021-02-08 15:39 - 2021-02-08 15:39 - 000019144 _____ C:\Users\Joe\Desktop\VEWlog2.txt 2021-02-08 15:37 - 2021-02-08 15:37 - 000016373 _____ C:\Users\Joe\Desktop\VEWlog1.txt 2021-02-08 15:36 - 2021-02-08 15:39 - 000019144 _____ C:\VEW.txt 2021-02-08 13:49 - 2021-02-08 15:52 - 000000306 _____ C:\Users\Joe\Desktop\Bishal.txt 2021-02-08 13:38 - 2021-02-06 10:28 - 000001509 _____ C:\Users\Joe\Desktop\Procmon.lnk 2021-02-08 12:45 - 2021-02-08 12:45 - 000070512 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS 2021-02-08 00:03 - 2021-02-08 00:03 - 000088006 _____ C:\-AAAJOBS.WPF 2021-02-06 22:11 - 2018-02-20 12:33 - 000001011 _____ C:\Users\Joe\Desktop\Mp3tag.lnk 2021-02-06 10:20 - 2021-02-06 10:20 - 000000000 ____D C:\Program Files\Process Monitor 2021-02-06 09:08 - 2021-02-06 09:08 - 000000000 ____D C:\Program Files\System Info 2021-02-06 01:42 - 2021-02-06 01:42 - 000000975 _____ C:\Users\Joe\Desktop\re-arrange - Shortcut.lnk 2021-02-05 15:55 - 2019-03-19 13:40 - 000001168 _____ C:\Users\Joe\Desktop\Event Viewer.lnk 2021-02-05 01:00 - 2021-02-08 18:31 - 000008192 ___SH C:\DumpStack.log.tmp 2021-02-04 22:20 - 2021-02-04 22:20 - 000000562 _____ C:\Users\Joe\Documents\starburn.txt 2021-02-04 22:13 - 2021-02-04 22:13 - 000002964 _____ C:\Users\Joe\Desktop\join with the early part - Shortcut.lnk 2021-02-04 13:12 - 2020-07-16 12:54 - 000455813 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20210204-131243.backup 2021-02-03 19:36 - 2021-02-03 19:40 - 000000000 ____D C:\Users\Joe\Documents\New folder 2021-02-03 19:24 - 2018-03-10 21:19 - 000001973 _____ C:\Users\Joe\Desktop\FreeVideoFlipAndRotate.lnk 2021-02-02 13:38 - 2021-02-05 01:00 - 2654300584 _____ C:\WINDOWS\Minidump 2021-02-02 10:41 - 2021-02-02 10:43 - 000000000 ____D C:\Program Files\Prime 95 2021-01-30 03:09 - 2021-01-30 03:09 - 000000000 ____D C:\Users\Jo\AppData\Local\PeerDistRepub 2021-01-29 18:06 - 2021-02-08 02:35 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-198903158-1304534811-4163729061-1007 2021-01-29 18:06 - 2021-01-29 18:06 - 000002400 _____ C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-01-29 18:06 - 2021-01-29 18:06 - 000000000 ____D C:\Users\Jo\Documents\Insight Software 2021-01-29 18:05 - 2021-01-29 18:06 - 000000000 ___RD C:\Users\Jo\OneDrive 2021-01-29 18:04 - 2021-01-29 18:04 - 000002298 _____ C:\Users\Jo\Desktop\Microsoft Edge.lnk 2021-01-29 18:04 - 2021-01-29 18:04 - 000002284 _____ C:\Users\Jo\Desktop\Google Chrome.lnk 2021-01-29 18:04 - 2021-01-29 18:04 - 000000020 ___SH C:\Users\Jo\ntuser.ini 2021-01-29 11:34 - 2021-02-08 02:35 - 000002690 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask 2021-01-28 23:03 - 2021-01-28 23:03 - 000000000 ____D C:\Program Files\FlashIntegro 2021-01-28 23:03 - 2021-01-20 12:06 - 000072872 _____ (Multilab LLC) C:\WINDOWS\system32\mslvddsfilter5.ax 2021-01-26 18:32 - 2021-01-26 18:32 - 000000000 ____D C:\Users\Joe\Documents\Rainmeter 2021-01-26 18:32 - 2021-01-26 18:32 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Rainmeter 2021-01-26 18:32 - 2021-01-26 18:32 - 000000000 ____D C:\Program Files\Rainmeter 2021-01-26 07:26 - 2021-01-26 07:26 - 000001218 _____ C:\Users\Joe\Desktop\Joe's Documents.lnk 2021-01-25 14:07 - 2021-01-25 14:07 - 000001318 _____ C:\Users\Joe\Desktop\excerpt.txt.lnk 2021-01-25 11:34 - 2021-01-25 11:34 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2021-01-24 04:01 - 2021-01-25 14:02 - 000000000 ____D C:\Users\Joe\Desktop\New folder 2021-01-23 10:52 - 2021-02-08 02:35 - 000002212 _____ C:\WINDOWS\system32\Tasks\GU5SkipUAC 2021-01-22 13:15 - 2021-02-08 02:35 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-01-20 23:28 - 2021-01-31 20:38 - 000000000 ____D C:\Users\Joe\Desktop\MightyText 2021-01-18 08:16 - 2019-04-18 00:59 - 000001143 _____ C:\Users\Joe\Desktop\Torrents.lnk 2021-01-13 15:26 - 2021-01-13 14:01 - 000413698 __RSH C:\bootmgr 2021-01-13 15:26 - 2019-12-07 17:07 - 000000001 ___SH C:\BOOTNXT 2021-01-13 14:03 - 2021-01-13 14:03 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2021-01-13 14:03 - 2021-01-13 14:03 - 000373760 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll 2021-01-13 14:03 - 2021-01-13 14:03 - 000131584 _____ C:\WINDOWS\system32\uwfcsp.dll 2021-01-13 14:02 - 2021-01-13 14:02 - 000940544 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-01-13 14:02 - 2021-01-13 14:02 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2021-01-13 14:02 - 2021-01-13 14:02 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2021-01-13 14:02 - 2021-01-13 14:02 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2021-01-13 14:02 - 2021-01-13 14:02 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax 2021-01-13 14:02 - 2021-01-13 14:02 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2021-01-13 14:02 - 2021-01-13 14:02 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-01-13 14:02 - 2021-01-13 14:02 - 000053760 _____ C:\WINDOWS\system32\BWContextHandler.dll 2021-01-13 14:01 - 2021-01-13 14:01 - 001797120 _____ C:\WINDOWS\system32\dwmscene.dll 2021-01-13 14:01 - 2021-01-13 14:01 - 001333760 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-01-13 14:01 - 2021-01-13 14:01 - 000455680 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-01-13 14:01 - 2021-01-13 14:01 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl 2021-01-13 14:01 - 2021-01-13 14:01 - 000235520 _____ C:\WINDOWS\system32\HeatCore.dll 2021-01-13 14:01 - 2021-01-13 14:01 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2021-01-13 14:01 - 2021-01-13 14:01 - 000162304 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2021-01-13 14:01 - 2021-01-13 14:01 - 000118784 _____ C:\WINDOWS\system32\EoAExperiences.exe 2021-01-13 14:00 - 2021-01-13 14:00 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-01-13 14:00 - 2021-01-13 14:00 - 000330752 _____ C:\WINDOWS\system32\ssdm.dll 2021-01-13 14:00 - 2021-01-13 14:00 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2021-01-13 14:00 - 2021-01-13 14:00 - 000128000 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-01-13 14:00 - 2021-01-13 14:00 - 000057344 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2021-01-12 02:02 - 2021-01-12 02:02 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Actual Tools 2021-01-12 02:02 - 2021-01-12 02:02 - 000000000 ____D C:\Program Files\Actual Window Manager 2021-01-11 20:22 - 2021-01-11 20:22 - 000000000 ____D C:\Users\Joe\Desktop\Millay ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-02-08 23:07 - 2019-04-18 00:52 - 000000000 ____D C:\Users\Joe\AppData\Roaming\uTorrent 2021-02-08 23:05 - 2020-01-05 09:58 - 000000000 ____D C:\FRST 2021-02-08 23:03 - 2020-01-06 00:06 - 000000000 ____D C:\Program Files\Farbar 2021-02-08 21:09 - 2019-12-11 10:16 - 000000000 ____D C:\WP51 2021-02-08 18:36 - 2020-11-03 12:44 - 000948146 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-02-08 18:36 - 2019-12-07 17:10 - 000000000 ____D C:\WINDOWS\INF 2021-02-08 18:34 - 2018-07-30 18:06 - 000000000 ____D C:\Users\Joe\AppData\Roaming\vlc 2021-02-08 18:33 - 2014-09-13 21:08 - 000000000 ____D C:\Program Files\CCleaner 2021-02-08 18:32 - 2020-07-02 11:59 - 000000000 ____D C:\Users\Joe\AppData\Local\Pushbullet 2021-02-08 18:32 - 2020-05-23 14:46 - 000000000 ____D C:\Users\Joe\AppData\Roaming\MightyText 2021-02-08 18:32 - 2019-02-18 12:04 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Telegram Desktop 2021-02-08 18:32 - 2017-09-02 16:17 - 000000000 ____D C:\Users\Joe\AppData\LocalLow\Mozilla 2021-02-08 18:31 - 2020-09-28 01:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-02-08 18:31 - 2020-05-02 22:57 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2021-02-08 18:31 - 2019-01-24 22:14 - 000000000 ____D C:\Program Files\TeamViewer 2021-02-08 18:30 - 2019-12-07 17:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-02-08 16:55 - 2018-02-09 21:35 - 000000000 ____D C:\Users\Joe\AppData\Local\CrashDumps 2021-02-08 15:43 - 2014-05-23 19:17 - 000000000 ____D C:\Captures 2021-02-08 15:34 - 2019-04-01 21:52 - 000000000 ____D C:\Users\Joe\AppData\Roaming\DMCache 2021-02-08 13:19 - 2020-09-28 01:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-02-08 02:35 - 2021-01-04 20:01 - 000002232 _____ C:\WINDOWS\system32\Tasks\GMHSkipUAC 2021-02-08 02:35 - 2020-11-03 12:46 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-02-08 02:35 - 2020-11-03 12:46 - 000003110 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-02-08 02:35 - 2020-11-03 12:46 - 000002234 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-02-08 02:35 - 2020-11-03 12:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software 2021-02-07 02:49 - 2013-02-01 19:24 - 000000000 ____D C:\OutputFolder 2021-02-06 22:12 - 2018-02-20 12:33 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Mp3tag 2021-02-05 09:15 - 2019-12-31 22:54 - 000001024 ____H C:\AMTAG.BIN 2021-02-05 09:15 - 2019-12-09 23:04 - 000028592 _____ C:\WINDOWS\GA_OF.dat 2021-02-02 14:20 - 2020-11-04 22:16 - 000000000 ____D C:\Program Files\Activator for Win10 & Office 2021-02-02 12:54 - 2020-11-30 18:17 - 000000000 ____D C:\Data 2021-02-02 12:36 - 2018-03-25 08:39 - 000000000 ____D C:\EEK 2021-02-01 20:56 - 2016-07-25 01:51 - 000007617 _____ C:\Users\Joe\AppData\Local\Resmon.ResmonCfg 2021-01-30 12:27 - 2018-05-18 13:26 - 000000000 ____D C:\Users\Joe\AppData\Local\D3DSCache 2021-01-30 10:51 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-01-29 18:51 - 2020-03-27 22:45 - 000000000 ____D C:\Users\Jo\AppData\Local\CrashDumps 2021-01-29 18:21 - 2020-03-27 22:45 - 000000000 ____D C:\Users\Jo\AppData\Local\Packages 2021-01-29 18:21 - 2019-12-07 17:12 - 000000000 ___HD C:\Program Files\WindowsApps 2021-01-29 18:20 - 2019-12-07 17:12 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-01-29 18:20 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-01-29 18:07 - 2020-03-27 23:23 - 000000000 ____D C:\Users\Jo\AppData\Local\PlaceholderTileLogoFolder 2021-01-29 18:05 - 2020-11-03 12:34 - 000000000 ____D C:\Users\Jo 2021-01-29 18:04 - 2020-03-27 22:45 - 000000000 ___RD C:\Users\Jo\Virtual Machines 2021-01-29 18:04 - 2020-03-27 22:45 - 000000000 ___RD C:\Users\Jo\3D Objects 2021-01-29 18:04 - 2019-12-07 17:12 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-01-29 16:52 - 2018-02-20 12:33 - 000000000 ____D C:\Program Files\Mp3tag 2021-01-29 11:35 - 2018-01-12 14:36 - 000000000 ____D C:\Program Files\Garmin 2021-01-28 23:15 - 2015-06-10 22:37 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU 2021-01-28 23:15 - 2015-06-10 22:35 - 000000000 ____D C:\Program Files\AVS4YOU 2021-01-28 23:08 - 2019-07-13 00:09 - 000000000 ____D C:\Program Files\SMPlayer 2021-01-28 23:03 - 2018-07-25 09:16 - 000000000 ____D C:\Program Files\Common Files\FlashIntegro 2021-01-28 18:40 - 2020-10-17 02:02 - 000001991 _____ C:\Users\Joe\Desktop\StartUps.lnk 2021-01-28 17:12 - 2019-04-14 02:38 - 000000000 ____D C:\Users\Joe\AppData\Local\Adobe 2021-01-28 17:07 - 2018-02-24 23:23 - 000000000 ____D C:\Users\Joe\AppData\Local\AnyMP4 Studio 2021-01-28 17:06 - 2017-10-29 18:36 - 000000000 ____D C:\Users\Joe\AppData\Local\Apps\2.0 2021-01-28 17:04 - 2019-11-03 00:58 - 000000000 ____D C:\Users\Joe\AppData\Local\cache 2021-01-28 17:02 - 2017-04-08 13:20 - 000000000 ____D C:\Users\Joe\AppData\Local\Clipboarder 2021-01-28 17:01 - 2016-07-24 16:30 - 000000000 ____D C:\Users\Joe\AppData\Local\Comms 2021-01-28 16:59 - 2017-04-25 16:03 - 000000000 ____D C:\Users\Joe\AppData\Local\ConnectedDevicesPlatform 2021-01-28 16:58 - 2018-07-08 20:25 - 000000000 ____D C:\Users\Joe\AppData\Local\ConverterAgent 2021-01-28 16:55 - 2019-06-14 10:02 - 000000000 ____D C:\Users\Joe\AppData\Local\Downloaded Installations 2021-01-28 16:49 - 2012-07-31 22:06 - 000000000 ____D C:\Users\Joe\AppData\Local\GARMIN_Corp 2021-01-28 16:48 - 2015-06-01 21:35 - 000000000 ____D C:\Users\Joe\AppData\Local\Garmin_Ltd._or_its_subsid 2021-01-28 16:46 - 2019-06-02 22:39 - 000000000 ____D C:\Users\Joe\AppData\Local\Greenshot 2021-01-28 16:06 - 2011-12-11 08:28 - 000000000 ____D C:\Users\Joe\AppData\Local\Microsoft Help 2021-01-28 11:21 - 2015-03-08 19:53 - 000000000 ____D C:\Users\Joe\AppData\Local\MPlayer 2021-01-28 10:25 - 2012-02-27 21:05 - 000000000 ____D C:\Users\Joe\AppData\Roaming\dvdcss 2021-01-28 10:23 - 2015-09-01 16:11 - 000000000 ____D C:\Users\Joe\AppData\Roaming\DVDVideoSoft 2021-01-28 10:18 - 2012-08-06 01:42 - 000000000 ____D C:\Users\Joe\AppData\Roaming\FotoTagger 2021-01-28 09:26 - 2020-01-18 22:35 - 000000000 ____D C:\Users\Joe\AppData\Roaming\TeraCopy 2021-01-28 09:21 - 2016-05-13 23:18 - 000000000 ____D C:\Users\Joe\AppData\Roaming\ViberPC 2021-01-28 09:09 - 2017-10-22 16:38 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Wise Duplicate Finder 2021-01-27 12:01 - 2019-04-22 13:40 - 000000000 ____D C:\Program Files\Hard Disk Sentinel 2021-01-26 15:01 - 2020-01-01 16:17 - 000000000 ____D C:\Program Files\AOMEI Partition Assistant 2021-01-26 11:23 - 2019-01-24 22:14 - 000000000 ____D C:\Users\Joe\AppData\Roaming\TeamViewer 2021-01-26 07:26 - 2020-11-03 12:34 - 000000000 ____D C:\Users\Joe 2021-01-25 20:13 - 2018-07-18 22:27 - 000000000 ____D C:\Program Files\WinRAR 2021-01-23 10:58 - 2020-07-16 01:32 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-01-23 10:53 - 2016-01-10 10:13 - 000000000 ____D C:\Program Files\Glary Utilities 5 2021-01-23 10:24 - 2017-08-17 00:02 - 000000000 ____D C:\Users\Joe\AppData\Local\ElevatedDiagnostics 2021-01-22 13:16 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-01-20 18:34 - 2020-11-04 10:18 - 000000000 ____D C:\Program Files\Adw Cleaner 2021-01-19 21:04 - 2019-03-26 23:22 - 000000000 ____D C:\Program Files\AOMEI Backupper 2021-01-19 20:37 - 2020-09-28 01:46 - 000003456 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-01-19 20:37 - 2020-09-28 01:46 - 000003232 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-01-19 13:12 - 2019-03-26 23:24 - 000000936 _____ C:\WINDOWS\system32\AbBakConfig.dat 2021-01-19 13:12 - 2015-09-22 01:01 - 000000150 _____ C:\WINDOWS\system32\winsevr.dat 2021-01-17 15:42 - 2019-04-01 22:05 - 000000000 ____D C:\Program Files\Internet Download Manager 2021-01-17 15:42 - 2018-05-06 01:11 - 000000000 ____D C:\Program Files\Registrar Registry Manager (32-bit) 2021-01-13 15:25 - 2020-09-28 01:44 - 000482176 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-01-13 15:23 - 2020-02-20 10:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB 2021-01-13 15:23 - 2019-12-07 17:45 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-01-13 15:23 - 2019-12-07 17:45 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\SystemResources 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugins 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\setup 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\inetsrv 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\Com 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\Provisioning 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\IME 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-01-13 15:23 - 2019-12-07 17:12 - 000000000 ____D C:\Program Files\Windows Defender 2021-01-13 13:53 - 2013-08-14 21:32 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-01-13 13:45 - 2012-01-07 11:47 - 132495064 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======== 2020-03-30 12:17 - 2020-03-30 12:17 - 000000044 _____ () C:\Users\Joe\IP_Log_Data.js 2013-02-17 14:27 - 2013-02-17 14:27 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll 2014-12-03 14:31 - 2016-01-11 22:16 - 000087608 _____ () C:\Users\Joe\AppData\Roaming\inst.exe 2020-03-30 12:18 - 2020-03-30 12:18 - 000000017 _____ () C:\Users\Joe\AppData\Roaming\Network Meter_Usage.ini 2020-07-02 12:55 - 2020-07-02 12:55 - 000000114 _____ () C:\Users\Joe\AppData\Roaming\Network Monitor II_#0_Traffic.ini 2014-12-03 14:31 - 2016-01-11 22:16 - 000007887 _____ () C:\Users\Joe\AppData\Roaming\pcouffin.cat 2014-12-03 14:31 - 2016-01-11 22:16 - 000001144 _____ () C:\Users\Joe\AppData\Roaming\pcouffin.inf 2014-12-03 14:31 - 2016-01-11 22:16 - 000000033 _____ () C:\Users\Joe\AppData\Roaming\pcouffin.log 2014-12-03 14:31 - 2016-01-11 22:16 - 000047360 _____ (VSO Software) C:\Users\Joe\AppData\Roaming\pcouffin.sys 2020-05-08 01:54 - 2016-02-18 00:30 - 015384576 _____ () C:\Users\Joe\AppData\Roaming\Sandra.mdb 2020-03-30 12:19 - 2020-07-02 12:56 - 000000115 _____ () C:\Users\Joe\AppData\Roaming\System Monitor II_UptimeRecord.ini 2020-10-02 21:57 - 2020-10-02 21:57 - 000000600 _____ () C:\Users\Joe\AppData\Roaming\winscp.rnd 2019-10-06 21:45 - 2019-10-07 22:37 - 000001435 _____ () C:\Users\Joe\AppData\Local\oobelibMkey.log 2016-07-25 01:51 - 2021-02-01 20:56 - 000007617 _____ () C:\Users\Joe\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================