Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan:Win32/Wacatac.B!ml [Solved]

Started by bg111 , Feb 01 2021 04:34 PM

  • This topic is locked This topic is locked

#1
bg111
Posted 01 February 2021 - 04:34 PM

bg111

    Member

  • Member
  • PipPipPip
  • 118 posts

Hi, I hope you can help. I downloaded and installed some software from a torrent and instantly Windows security started showing alerts. I hope I have quarantined most things using Windows Security and Malwarebytes. But one of the Windows Security remedies hasn't worked. It detected but can quarantine: Trojan:Win32/Wacatac.B!ml the file is file: C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\CXJISKJM\setup[1].exe .. I also found an exception in the scan setting for EXE's, so i'm worried there's more.

 

Scan results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
Ran by Ben (administrator) on BEN-PC (01-02-2021 22:03:04)
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben
Platform: Windows 10 Home Version 20H2 19042.746 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Amazon Services LLC -> Amazon Services LLC) C:\Users\Ben\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd) C:\Program Files (x86)\MaskVPN\mask_svc.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe <2>
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG Sp. z o.o. -> GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(GuinpinSoft inc) [File not signed] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(London Trust Media Incorporated -> ) C:\Program Files\Private Internet Access\pia-service.exe
(London Trust Media Incorporated -> Private Internet Access Incorporated) C:\Program Files\Private Internet Access\pia-client.exe
(London Trust Media Incorporated -> The OpenVPN Project) C:\Program Files\Private Internet Access\pia-openvpn.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Ben\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Mixbyte Inc -> ) C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <6>
(Nero AG -> Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302392 2020-05-20] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [76600 2020-05-06] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-04-15] (DivX, LLC) [File not signed]
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] (DivX, LLC -> )
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) [File not signed]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [241448 2020-03-17] (Mixbyte Inc -> )
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.)
HKU\S-1-5-21-3438359483-788715594-605512005-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412184 2021-01-30] (Valve -> Valve Corporation)
HKU\S-1-5-21-3438359483-788715594-605512005-1002\...\Run: [Amazon Music] => C:\Users\Ben\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-04-18] (Amazon Services LLC -> Amazon Services LLC)
HKU\S-1-5-21-3438359483-788715594-605512005-1002\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50011008 2021-01-20] (Google LLC -> )
HKU\S-1-5-21-3438359483-788715594-605512005-1002\...\Run: [Dropbox Update] => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-3438359483-788715594-605512005-1002\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [14858824 2020-12-23] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-3438359483-788715594-605512005-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32883768 2021-01-26] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3438359483-788715594-605512005-1002\...\Run: [6E17A6463ECD2F3BBE4A646F8C1ADC99735FD324._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-3438359483-788715594-605512005-1002\...\Run: [Samsung DeX] => C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe [10262696 2020-09-17] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-3438359483-788715594-605512005-1002\...\Run: [Private Internet Access] => C:\Program Files\Private Internet Access\pia-client.exe [4676064 2020-12-09] (London Trust Media Incorporated -> Private Internet Access Incorporated)
HKU\S-1-5-21-3438359483-788715594-605512005-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [581120 2021-01-30] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\Windows\system32\hpinkstsE511LM.dll [393352 2017-03-09] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\PrimoMon: C:\Windows\system32\Primomonnt.dll [95008 2011-02-28] (Nitro PDF Software -> )
HKLM\Software\...\AppCompatFlags\Custom\JK.EXE: [{2c4b52b6-7c52-4c74-89e1-7009ef16d36a}.sdb] -> GOG.com Jedi Knight: Dark Forces II
HKLM\Software\...\AppCompatFlags\Custom\JKM.EXE: [{59830886-0fcf-4baa-8698-3ce4b9b8fc3d}.sdb] -> GOG.com Jedi Knight: Mysteries of the Sith
HKLM\Software\...\AppCompatFlags\Custom\Rogue Squadron.EXE: [{ccf51e04-84ad-496b-b89f-45d15061c367}.sdb] -> GOG.com Rogue Squadron 3D
HKLM\Software\...\AppCompatFlags\Custom\Tomb2.exe: [{8d7d3a92-3d88-4564-baf4-8b19e1c317cc}.sdb] -> goggame
HKLM\Software\...\AppCompatFlags\InstalledSDB\{1ad5e1b8-205b-4742-80c3-b427c8f2c11a}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{1ad5e1b8-205b-4742-80c3-b427c8f2c11a}.sdb [2018-01-23]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{2c4b52b6-7c52-4c74-89e1-7009ef16d36a}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{2c4b52b6-7c52-4c74-89e1-7009ef16d36a}.sdb [2014-12-15]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{59830886-0fcf-4baa-8698-3ce4b9b8fc3d}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{59830886-0fcf-4baa-8698-3ce4b9b8fc3d}.sdb [2014-12-15]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{8d7d3a92-3d88-4564-baf4-8b19e1c317cc}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{8d7d3a92-3d88-4564-baf4-8b19e1c317cc}.sdb [2018-01-08]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{ccf51e04-84ad-496b-b89f-45d15061c367}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{ccf51e04-84ad-496b-b89f-45d15061c367}.sdb [2014-10-24]
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2012-11-30]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [File not signed]
Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2021-01-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03DC7730-C9F3-4E11-B157-45ADBDCBFB5A} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {08CBF674-BCCD-40A6-A30D-415F67675E5B} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {12F48089-9ECB-4C9B-84B2-6452ECAE23D8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1542080 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {14C511F5-66C4-409A-BF60-F116DD690718} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1AEE77F1-822D-4817-B5F9-5FD253A205F8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {20E2C4E1-8239-4D90-8290-5890D46B291F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {20FD0F89-9C16-484D-B404-7E0419F82EA2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {22F84BA2-A993-407B-B2F5-AB0B1DAA2436} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {233729EC-E1E4-4203-86F5-8C33BBE411CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {25C5E78D-F287-4457-9E5B-A69EFF52E18C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [655296 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {26D62DAB-BFDC-409C-9149-20F5B8E8C523} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {26F6772F-6DA4-449B-8CB4-8182BE413686} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2719EA79-7A4F-4FBB-95A2-B56A88C813C4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436160 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {27A94917-1528-4540-8AA6-0D9B9EEFC4A1} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2BE6CAB2-47BE-42D0-943D-D594B0FE6DEE} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [960448 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C163FE4-AE8E-4821-8FD4-3AD4463217DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2EEF25BF-4EDD-4221-AC06-8644A805369C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {347385FF-D16A-4A70-B4DF-F8CC6F748429} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {38A49214-32F0-4053-B9F4-AA95394FB037} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3BC62128-F873-40C7-834E-55275F0CBBDE} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3FE7D34A-E677-4455-B9FB-AC984B3064AE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4BB5F8A9-A76E-4B78-9271-C679B10F1BAD} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4C63382F-5430-486A-86F0-54D159138BE3} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E5663EF-399E-415C-9671-1074E10988E5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {56520555-4342-47EB-8822-99641515BC5A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {599F7DFC-9509-4860-9A1C-EE39688F465E} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5BB479EF-2365-455A-88B9-F1CE041F65DF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {60D72EC8-ED88-49D6-95FF-CA1C6F1A08BC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6829A4F3-EDF7-4ABD-80C1-FC340D6FB0F8} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {68ECD9A7-5055-41B1-8B06-8BC4DDF9E8B8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3438359483-788715594-605512005-1002Core1d236d58d8e7b93 => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {6AF4ACF7-27B0-4C9F-9569-77904C4980BC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3438359483-788715594-605512005-1002UA1d236d58dca325b => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {6C248317-091D-4F5C-80AD-84720652B2E0} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [728000 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6E277D80-69D8-4B46-9059-D7FDDEE19EF2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {74949FB4-A27B-4DC7-A9ED-2E0F403C3D8C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {7CDA4EC9-821B-4258-9110-4F7C132FBA98} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7E1FA30B-2769-4214-8BE8-C47D71F34EF9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7EB3BCCE-E359-4ED7-93F6-B8B44FF6AE89} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {853AEC60-0713-47B1-BD4D-1807AE4EC042} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {917EF24C-BE4E-41D9-BD18-19AB849D51B1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {97DAC5BC-658E-4E81-9B9D-15AD6D855F65} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [655296 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {991B102B-E8E9-4210-B7EB-19615E63F55C} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9DF34A5A-C1CE-4223-8A82-D25FC4C1F3E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {9F648031-8871-42BD-BA4C-A4FC7E1E2D8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {A427A8CB-8189-49E6-9114-55D5E8236418} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A719BA88-9D80-4E80-84AF-9B1E91E3379A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A97DF3F9-7BE5-4537-9CDA-33446068151A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AF83CAB7-B339-4B26-B4B3-2AE4A082FD0B} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B0D69D41-ECE3-49EA-BB54-A329098780E6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B2D24892-F74F-4A9E-9A7E-99BB383AC06B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {BA011C7B-2974-4161-938A-56070E82F73B} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-01-27] (Mozilla Corporation -> Mozilla Foundation)
Task: {C3730FEF-FB67-4F83-8031-D49604FE8401} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {C53DF9F9-5A31-490C-BC9F-BC2E6167A6EB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C8983E5E-DE2F-4635-A931-B2E358536D76} - System32\Tasks\AdobeAAMUpdater-1.0-Ben-PC-Ben => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {C90A5D67-D96B-491E-991D-8193976D96AB} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {CCE508D5-810A-47EF-982A-88E37FDE7FA8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {D009C81C-0F2F-4216-A9CF-50A7E188AE0E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {D43610E0-0196-44CC-873B-DB0A354E584F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D5422FE3-11A0-4A3B-9018-3F4498BC9DBB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {D7DAF053-A7D0-4D6C-97CA-E874616F09C1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DC01776B-24CC-456C-BA83-557EF32E1F15} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DF0AC9CC-8E5F-4785-96AD-FCF366984EC7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E089F281-B472-4A2F-9F9D-44549E5466A1} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {E8DF964D-1E7E-4A34-808B-DC1C103477DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E9B45071-2577-4E1A-86F3-4A130D337BF2} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {ECB6F66C-23EA-4915-9D22-DC0B5C4B445A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {EE06C15B-BB36-4F9B-BCE2-3EFBB5408602} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F0942D0E-6849-4D85-A7F3-497891EAA873} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {F6537901-9411-4264-A6D8-39B7F512DDFC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FC26315C-BFD2-4057-96C5-AC879F67DD58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FDA90D76-4DB6-4A2B-B547-C94C78E6081A} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3438359483-788715594-605512005-1002Core1d236d58d8e7b93.job => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3438359483-788715594-605512005-1002UA1d236d58dca325b.job => C:\Users\Ben\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3438359483-788715594-605512005-1002] => Proxy is enabled.
ProxyServer: [S-1-5-21-3438359483-788715594-605512005-1002] => 127.0.0.1:8003
Tcpip\Parameters: [DhcpNameServer] 10.0.0.243
Tcpip\..\Interfaces\{10668c1b-d881-44f6-8a5d-e5960d3d1a2f}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{cc9fb975-1ec3-4869-ad54-6f4a63a42249}: [DhcpNameServer] 10.0.0.243

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Ben\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-01]

FireFox:
========
FF DefaultProfile: atw8q7f6.default-1547980408862
FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\atw8q7f6.default-1547980408862 [2021-02-01]
FF Extension: (AdGuard AdBlocker) - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\atw8q7f6.default-1547980408862\Extensions\[email protected] [2019-02-28]
FF Extension: (Okami sunrise) - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\atw8q7f6.default-1547980408862\Extensions\{1c43b9c2-b534-409a-81e2-cb6bff62d58e}.xpi [2019-05-14]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 <video>) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-15] [Legacy] [not signed]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, Inc. -> DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC -> DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, Inc. -> DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll [2013-02-25] (Microsoft Corporation -> )
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3438359483-788715594-605512005-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.) [File not signed]
FF Plugin HKU\S-1-5-21-3438359483-788715594-605512005-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2020-08-04] (Ubisoft Entertainment Sweden AB -> )

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe [8704 2020-12-26] (GuinpinSoft inc) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1741384 2020-12-23] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-24] (GOG Sp. z o.o. -> GOG.com)
R2 MaskVPNService; C:\Program Files (x86)\MaskVPN\mask_svc.exe [7493560 2020-08-06] (Global Media (Thailand) Co., Ltd -> Global Media (Thailand) Co., Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-30] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2510136 2020-08-06] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3462464 2020-08-06] (Electronic Arts, Inc. -> Electronic Arts)
R2 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [2034176 2020-12-09] (London Trust Media Incorporated -> )
S3 PrivateInternetAccessWireguard; C:\Program Files\Private Internet Access\pia-wgservice.exe [4448632 2020-12-09] (London Trust Media Incorporated -> )
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-06-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [935352 2020-06-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 apmwin; C:\WINDOWS\System32\DRIVERS\apmwin.sys [48920 2017-08-31] (Paragon Software GmbH -> Paragon Software Group)
S2 csvol; C:\WINDOWS\system32\DRIVERS\csvol.sys [46552 2017-08-31] (Paragon Software GmbH -> Paragon Software Group)
R3 DGUSBAP; C:\WINDOWS\system32\DRIVERS\dgmbx2.sys [194864 2011-02-13] (Avid Technology, Inc. -> Avid Technology, Inc.)
R0 gpt_loader; C:\WINDOWS\System32\DRIVERS\gpt_loader.sys [79832 2017-08-31] (Paragon Software GmbH -> )
S3 hfsplus; C:\WINDOWS\System32\DRIVERS\hfsplus.sys [218072 2017-08-31] (Paragon Software GmbH -> Paragon Software Group)
R2 HfsplusRec; C:\WINDOWS\System32\DRIVERS\hfsplusrec.sys [35288 2017-08-31] (Paragon Software GmbH -> Paragon Software Group)
S3 IntcDAud; C:\WINDOWS\System32\DRIVERS\IntcDAud.sys [331264 2011-12-05] (Intel® Corporation) [File not signed]
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220600 2021-02-01] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-01-28] (Malwarebytes Inc -> Malwarebytes)
R3 MBX2DFU; C:\WINDOWS\SYSTEM32\DRIVERS\dgmbx2fu.sys [32944 2011-02-13] (Avid Technology, Inc. -> Avid Technology, Inc.)
R0 mounthlp; C:\WINDOWS\System32\DRIVERS\mounthlp.sys [66832 2017-08-31] (Paragon Software GmbH -> Paragon Software Group)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R3 tap-pia-0901; C:\WINDOWS\System32\drivers\tap-pia-0901.sys [39944 2020-12-09] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-08-29] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
S3 MpKsl10847b6e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FD4435B3-8235-46C0-BEF4-31F956677C67}\MpKslDrv.sys [X]
U3 swmidi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-01 22:03 - 2021-02-01 22:04 - 000036301 _____ C:\Users\Ben\Desktop\FRST.txt
2021-02-01 22:01 - 2021-02-01 22:04 - 000000000 ____D C:\FRST
2021-02-01 21:48 - 2021-02-01 21:48 - 002297856 _____ (Farbar) C:\Users\Ben\Desktop\FRST64.exe
2021-02-01 20:44 - 2021-02-01 20:44 - 000220600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-01-31 15:11 - 2021-01-31 15:11 - 000000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2021-01-31 15:11 - 2021-01-31 15:11 - 000000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2021-01-31 15:09 - 2021-01-31 15:09 - 000000000 ____D C:\Program Files (x86)\MaskVPN
2021-01-31 15:09 - 2018-08-29 15:48 - 000027136 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2021-01-31 15:08 - 2021-02-01 20:44 - 000000000 ____D C:\WINDOWS\trustedlogos
2021-01-31 15:08 - 2021-01-31 15:08 - 000000000 ____D C:\Users\Ben\AppData\Local\AdvinstAnalytics
2021-01-31 15:04 - 2021-01-31 15:05 - 000000000 ____D C:\Program Files (x86)\ii__BR000W53i3
2021-01-31 10:27 - 2021-01-31 10:46 - 000000000 ____D C:\Users\Ben\Downloads\Adobe Photoshop CS6 13.0.3 Final Multilanguage (cracked dll)
2021-01-31 04:07 - 2021-02-01 04:07 - 000000000 ____D C:\WINDOWS\Panther
2021-01-30 09:43 - 2021-01-30 09:43 - 000000000 ____D C:\Program Files\Common Files\SpeechEngines
2021-01-30 09:42 - 2021-01-30 09:52 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-01-30 09:39 - 2021-01-30 09:42 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-01-30 09:39 - 2021-01-30 09:39 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-01-30 09:35 - 2021-01-30 09:35 - 000000000 ____D C:\ProgramData\ssh
2021-01-30 09:25 - 2021-01-30 09:25 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-30 09:25 - 2021-01-30 09:25 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-30 09:25 - 2021-01-30 09:25 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-30 09:24 - 2021-01-30 09:24 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-01-30 09:24 - 2021-01-30 09:24 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-30 09:24 - 2021-01-30 09:24 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-30 09:24 - 2021-01-30 09:24 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-30 09:24 - 2021-01-30 09:24 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-01-30 09:24 - 2021-01-30 09:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-30 09:24 - 2021-01-30 09:24 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-01-30 09:24 - 2021-01-30 09:24 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-30 09:24 - 2021-01-30 09:24 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-30 09:24 - 2021-01-30 09:24 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-30 09:24 - 2021-01-30 09:24 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-30 09:24 - 2021-01-30 09:24 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-30 09:24 - 2021-01-30 09:24 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-30 09:24 - 2021-01-30 09:24 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-01-30 09:23 - 2021-01-30 09:23 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-01-30 09:23 - 2021-01-30 09:23 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-01-30 09:23 - 2021-01-30 09:23 - 001309504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-01-30 09:23 - 2021-01-30 09:23 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-01-30 09:23 - 2021-01-30 09:23 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-01-30 09:23 - 2021-01-30 09:23 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-01-30 09:23 - 2021-01-30 09:23 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-30 09:23 - 2021-01-30 09:23 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-30 09:23 - 2021-01-30 09:23 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-30 09:23 - 2021-01-30 09:23 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-30 09:23 - 2021-01-30 09:23 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-01-30 09:23 - 2021-01-30 09:23 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-30 09:23 - 2021-01-30 09:23 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-01-30 09:23 - 2021-01-30 09:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-01-30 09:23 - 2021-01-30 09:23 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-30 09:23 - 2021-01-30 09:23 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-30 09:23 - 2021-01-30 09:23 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-01-30 09:23 - 2021-01-30 09:23 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-01-30 09:23 - 2021-01-30 09:23 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-01-30 09:23 - 2021-01-30 09:23 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-30 09:22 - 2021-01-30 09:22 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-01-30 09:22 - 2021-01-30 09:22 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-01-30 09:22 - 2021-01-30 09:22 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-30 09:22 - 2021-01-30 09:22 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-30 09:22 - 2021-01-30 09:22 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-01-30 09:22 - 2021-01-30 09:22 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-01-30 09:22 - 2021-01-30 09:22 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-01-30 09:22 - 2021-01-30 09:22 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-30 09:22 - 2021-01-30 09:22 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-30 09:22 - 2021-01-30 09:22 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-30 09:22 - 2021-01-30 09:22 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-01-30 09:22 - 2021-01-30 09:22 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-30 09:22 - 2021-01-30 09:22 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-30 09:22 - 2021-01-30 09:22 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-30 09:22 - 2021-01-30 09:22 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-01-30 09:22 - 2021-01-30 09:22 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-01-30 09:22 - 2021-01-30 09:22 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-01-30 09:22 - 2021-01-30 09:22 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-01-30 09:22 - 2021-01-30 09:22 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-01-30 09:21 - 2021-01-30 09:21 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-30 09:21 - 2021-01-30 09:21 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-01-30 09:21 - 2021-01-30 09:21 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-30 09:21 - 2021-01-30 09:21 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-01-30 09:21 - 2021-01-30 09:21 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-01-30 09:21 - 2021-01-30 09:21 - 000707544 _____ C:\WINDOWS\system32\TextShaping.dll
2021-01-30 09:21 - 2021-01-30 09:21 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-30 09:21 - 2021-01-30 09:21 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-30 09:21 - 2021-01-30 09:21 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-30 09:21 - 2021-01-30 09:21 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-01-30 09:21 - 2021-01-30 09:21 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-30 09:21 - 2021-01-30 09:21 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-30 09:21 - 2021-01-30 09:21 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-01-30 09:21 - 2021-01-30 09:21 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-01-30 09:21 - 2021-01-30 09:21 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-01-30 09:21 - 2021-01-30 09:21 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-01-30 09:21 - 2021-01-30 09:21 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-01-30 09:20 - 2021-01-30 09:20 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-01-30 09:20 - 2021-01-30 09:20 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-30 09:20 - 2021-01-30 09:20 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-30 09:20 - 2021-01-30 09:20 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-01-30 09:20 - 2021-01-30 09:20 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-01-30 09:20 - 2021-01-30 09:20 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-30 09:20 - 2021-01-30 09:20 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-01-30 09:20 - 2021-01-30 09:20 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-30 09:20 - 2021-01-30 09:20 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-01-30 09:20 - 2021-01-30 09:20 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-30 09:20 - 2021-01-30 09:20 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-01-30 09:20 - 2021-01-30 09:20 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-01-30 09:20 - 2021-01-30 09:20 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-01-30 09:20 - 2021-01-30 09:20 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-01-30 09:01 - 2021-01-30 09:01 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2021-01-30 09:01 - 2021-01-30 09:01 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2021-01-30 08:52 - 2021-01-30 08:52 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2021-01-30 08:52 - 2021-01-30 08:52 - 000000000 ____D C:\WINDOWS\system32\msmq
2021-01-30 08:52 - 2021-01-30 08:52 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2021-01-30 08:52 - 2021-01-30 08:52 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-01-30 08:52 - 2021-01-30 08:52 - 000000000 ____D C:\Program Files\MSBuild
2021-01-30 08:52 - 2021-01-30 08:52 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-01-30 08:52 - 2021-01-30 08:52 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-30 08:52 - 2021-01-30 08:52 - 000000000 ____D C:\inetpub
2021-01-30 02:46 - 2021-01-30 02:46 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-01-30 02:40 - 2021-01-30 02:40 - 000000020 ___SH C:\Users\Ben\ntuser.ini
2021-01-30 02:38 - 2021-02-01 20:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-30 02:38 - 2021-02-01 20:40 - 000004142 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D72BEABC-BB0A-4D9D-87F3-C3D29DF59441}
2021-01-30 02:38 - 2021-01-30 02:39 - 000003626 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-3438359483-788715594-605512005-1002UA1d236d58dca325b
2021-01-30 02:38 - 2021-01-30 02:39 - 000003408 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-30 02:38 - 2021-01-30 02:39 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-30 02:38 - 2021-01-30 02:39 - 000003358 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-3438359483-788715594-605512005-1002Core1d236d58d8e7b93
2021-01-30 02:38 - 2021-01-30 02:39 - 000003346 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-30 02:38 - 2021-01-30 02:39 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-30 02:38 - 2021-01-30 02:39 - 000003176 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-30 02:38 - 2021-01-30 02:39 - 000003122 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-30 02:38 - 2021-01-30 02:39 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-30 02:38 - 2021-01-30 02:39 - 000002956 _____ C:\WINDOWS\system32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-30 02:38 - 2021-01-30 02:39 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3438359483-788715594-605512005-1002
2021-01-30 02:38 - 2021-01-30 02:39 - 000002786 _____ C:\WINDOWS\system32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-30 02:38 - 2021-01-30 02:39 - 000002748 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-Ben-PC-Ben
2021-01-30 02:38 - 2021-01-30 02:39 - 000002420 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2021-01-30 02:38 - 2021-01-30 02:39 - 000002394 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2021-01-30 02:38 - 2021-01-30 02:39 - 000002392 _____ C:\WINDOWS\system32\Tasks\Microsoft_Hardware_Launch_itype_exe
2021-01-30 02:38 - 2021-01-30 02:39 - 000002378 _____ C:\WINDOWS\system32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2021-01-30 02:38 - 2021-01-30 02:38 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-01-30 02:38 - 2021-01-30 02:38 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-30 02:38 - 2021-01-30 02:38 - 000002838 _____ C:\WINDOWS\system32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-30 02:38 - 2021-01-30 02:38 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-30 02:38 - 2021-01-30 02:38 - 000002376 _____ C:\WINDOWS\system32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2021-01-30 02:38 - 2021-01-30 02:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\WPD
2021-01-30 02:38 - 2021-01-30 02:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-01-30 02:38 - 2021-01-30 02:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-30 02:38 - 2021-01-30 02:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2021-01-30 02:38 - 2012-10-09 12:26 - 000003566 _____ C:\WINDOWS\system32\Tasks\CreateChoiceProcessTask
2021-01-30 02:36 - 2021-01-30 02:38 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-01-30 02:36 - 2021-01-30 02:38 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-01-30 02:19 - 2021-01-31 04:14 - 000971894 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-30 02:03 - 2021-01-30 02:40 - 000000000 ____D C:\Users\Ben
2021-01-30 02:03 - 2021-01-30 02:16 - 000000000 ____D C:\Users\DefaultAppPool
2021-01-30 02:03 - 2019-12-07 09:10 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-30 02:03 - 2019-12-07 09:10 - 000001105 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-01-30 01:56 - 2021-01-30 01:56 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_UsbXhciCompanion_02_23_00.Wdf
2021-01-30 01:53 - 2021-02-01 20:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-30 01:53 - 2021-02-01 07:23 - 004934280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-29 10:05 - 2021-01-29 10:05 - 000000000 ___HD C:\$WinREAgent
2021-01-28 19:46 - 2021-01-28 19:46 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-27 10:12 - 2021-01-29 15:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-01-26 22:35 - 2021-01-30 02:10 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-01-26 07:46 - 2021-01-31 10:26 - 000000000 ____D C:\Users\Ben\AppData\LocalLow\uTorrent
2021-01-06 23:16 - 2021-01-31 15:13 - 000000000 ____D C:\Users\Ben\AppData\Roaming\uTorrent
2021-01-06 23:16 - 2021-01-06 23:16 - 000000894 _____ C:\Users\Ben\Desktop\µTorrent.lnk
2021-01-06 23:16 - 2021-01-06 23:16 - 000000874 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2021-01-06 20:35 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-06 20:35 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-06 20:35 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-06 20:35 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-06 20:35 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-06 20:35 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-06 20:35 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-06 20:35 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-06 20:35 - 2020-10-05 14:05 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-06 20:34 - 2020-10-05 14:05 - 000351128 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-06 20:34 - 2020-10-05 14:03 - 001690976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2021-01-06 20:34 - 2020-10-05 14:03 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-06 20:34 - 2020-10-05 14:03 - 001161112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-06 20:34 - 2020-10-05 14:03 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2021-01-06 20:34 - 2020-10-05 14:03 - 000673520 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-06 20:34 - 2020-10-05 14:03 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-06 20:34 - 2020-10-05 14:03 - 000555248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-06 20:34 - 2020-10-05 14:03 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-06 20:34 - 2020-10-05 14:03 - 000230720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-01-06 20:34 - 2020-10-05 14:03 - 000047424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2021-01-06 20:34 - 2020-10-05 14:02 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-06 20:34 - 2020-10-05 14:02 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-06 20:34 - 2020-10-05 14:02 - 004174064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-06 20:34 - 2020-10-05 14:02 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-06 20:34 - 2020-10-05 14:02 - 002098072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-06 20:34 - 2020-10-05 14:02 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445671.dll
2021-01-06 20:34 - 2020-10-05 14:02 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-06 20:34 - 2020-10-05 14:02 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445671.dll
2021-01-06 20:34 - 2020-10-05 14:02 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-06 20:34 - 2020-10-05 14:02 - 000657304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-06 20:34 - 2020-10-05 14:00 - 007001536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-01-06 20:34 - 2020-10-05 14:00 - 005972824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-01-06 20:34 - 2020-10-05 13:42 - 000058620 _____ C:\WINDOWS\system32\nvinfo.pb
2021-01-06 18:22 - 2021-01-31 02:47 - 000000000 ____D C:\Users\Ben\AppData\Local\BitTorrentHelper
2021-01-06 18:21 - 2021-01-08 19:32 - 000001855 _____ C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2021-01-06 17:41 - 2021-01-06 17:44 - 000000000 ____D C:\Users\Ben\AppData\Local\Private Internet Access
2021-01-06 17:41 - 2021-01-06 17:41 - 000001079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk
2021-01-06 17:41 - 2020-12-09 15:31 - 000039944 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap-pia-0901.sys
2021-01-06 17:40 - 2021-01-06 17:41 - 000000000 ____D C:\Program Files\Private Internet Access
2021-01-06 17:40 - 2021-01-06 17:40 - 021061128 _____ C:\Users\Ben\Downloads\pia-windows-x64-2.6.1-05824.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-01 22:04 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-01 22:01 - 2016-08-15 22:13 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-01 22:00 - 2020-12-03 20:53 - 000000000 ____D C:\Users\Ben\AppData\LocalLow\IGDump
2021-02-01 21:43 - 2012-11-16 21:40 - 000000000 ____D C:\ProgramData\Mozilla
2021-02-01 21:42 - 2016-11-20 15:45 - 000000000 ____D C:\Users\Ben\AppData\LocalLow\Mozilla
2021-02-01 20:55 - 2012-11-17 13:33 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-01 20:41 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-01 20:41 - 2019-12-07 09:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-01 07:21 - 2019-12-07 09:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-31 04:18 - 2018-05-17 20:22 - 000000000 ____D C:\Users\Ben\AppData\Local\D3DSCache
2021-01-31 04:16 - 2014-08-03 22:34 - 000000000 ___RD C:\Users\Ben\Google Drive
2021-01-31 03:59 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-31 03:58 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-01-30 18:21 - 2020-07-16 18:00 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-30 18:21 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-30 18:21 - 2017-12-11 21:15 - 000000000 ____D C:\Users\Ben\AppData\Local\Packages
2021-01-30 15:42 - 2020-06-07 21:50 - 000012328 _____ C:\Users\Ben\Desktop\Car Loan.xlsx
2021-01-30 15:14 - 2020-01-12 18:54 - 000000000 ____D C:\Users\Ben\Desktop\Ebay photos
2021-01-30 09:52 - 2020-12-09 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thief Gold [GOG.com]
2021-01-30 09:52 - 2020-11-06 13:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gabriel Knight 3 [GOG.com]
2021-01-30 09:52 - 2020-09-16 21:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2019.4.10f1 (64-bit)
2021-01-30 09:52 - 2020-08-06 21:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STAR WARS® Jedi Knight - Dark Forces 2 [GOG.com]
2021-01-30 09:52 - 2020-08-06 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STAR WARS® Jedi Knight - Mysteries of the Sith [GOG.com]
2021-01-30 09:52 - 2020-08-06 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings! Classic [GOG.com]
2021-01-30 09:52 - 2020-08-06 12:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars - Rogue Squadron 3D [GOG.com]
2021-01-30 09:52 - 2020-06-26 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2021-01-30 09:52 - 2020-06-06 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2021-01-30 09:52 - 2020-06-06 21:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression 2
2021-01-30 09:52 - 2019-12-07 09:18 - 000000000 ____D C:\WINDOWS\Setup
2021-01-30 09:52 - 2019-12-07 09:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 __SHD C:\Program Files\Windows Sidebar
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\IME
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\schemas
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Registration
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Cursors
2021-01-30 09:52 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-01-30 09:52 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-01-30 09:52 - 2019-02-20 22:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2021-01-30 09:52 - 2018-11-04 17:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Cthulhu - Dark Corners of the Earth [GOG.com]
2021-01-30 09:52 - 2018-08-03 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plugable Technologies
2021-01-30 09:52 - 2018-06-03 08:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2021-01-30 09:52 - 2018-04-11 23:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-01-30 09:52 - 2018-04-08 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon HFS+ for Windows
2021-01-30 09:52 - 2017-09-23 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-01-30 09:52 - 2017-08-05 11:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUAE
2021-01-30 09:52 - 2017-07-23 19:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookSmart
2021-01-30 09:52 - 2017-06-06 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-01-30 09:52 - 2017-05-03 20:49 - 000000000 ____D C:\Program Files\UNP
2021-01-30 09:52 - 2016-06-28 21:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2021-01-30 09:52 - 2016-06-01 22:04 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2021-01-30 09:52 - 2016-02-13 13:03 - 000000000 ____D C:\WINDOWS\ShellNew
2021-01-30 09:52 - 2015-10-21 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
2021-01-30 09:52 - 2015-03-15 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2021-01-30 09:52 - 2014-12-27 08:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2021-01-30 09:52 - 2014-12-14 09:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2021-01-30 09:52 - 2014-11-06 20:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Command & Conquer
2021-01-30 09:52 - 2014-10-11 20:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-01-30 09:52 - 2014-08-25 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2021-01-30 09:52 - 2014-05-11 10:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2021-01-30 09:52 - 2014-05-10 13:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2021-01-30 09:52 - 2014-05-03 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2021-01-30 09:52 - 2014-04-10 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2021-01-30 09:52 - 2014-03-29 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2021-01-30 09:52 - 2014-02-08 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2021-01-30 09:52 - 2013-10-17 18:14 - 000000000 ____D C:\WINDOWS\SysWOW64\xlive
2021-01-30 09:52 - 2013-09-14 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
2021-01-30 09:52 - 2013-09-13 11:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2021-01-30 09:52 - 2013-09-03 06:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photosynth
2021-01-30 09:52 - 2013-05-15 11:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Tag
2021-01-30 09:52 - 2013-05-15 10:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
2021-01-30 09:52 - 2013-05-15 10:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2021-01-30 09:52 - 2013-05-15 10:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2021-01-30 09:52 - 2013-05-15 10:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2021-01-30 09:52 - 2013-05-15 10:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
2021-01-30 09:52 - 2013-05-03 22:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
2021-01-30 09:52 - 2013-03-24 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2021-01-30 09:52 - 2012-11-30 21:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2021-01-30 09:52 - 2012-11-17 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-30 09:52 - 2012-10-09 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2021-01-30 09:52 - 2012-10-09 18:35 - 000000000 ____D C:\WINDOWS\en
2021-01-30 09:52 - 2012-10-09 18:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2021-01-30 09:52 - 2012-10-09 17:43 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2021-01-30 09:52 - 2012-10-09 17:43 - 000000000 ____D C:\Program Files\Intel
2021-01-30 09:52 - 2009-07-14 05:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2021-01-30 09:51 - 2019-12-07 09:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-01-30 09:45 - 2019-12-31 22:45 - 000000000 ____D C:\WINDOWS\system32\Samsung
2021-01-30 09:45 - 2019-12-06 19:52 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-01-30 09:43 - 2020-06-04 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Konami
2021-01-30 09:43 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Resources
2021-01-30 09:43 - 2019-08-06 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2021-01-30 09:43 - 2017-05-07 08:01 - 000000000 ____D C:\Program Files\Realtek
2021-01-30 09:43 - 2014-10-25 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2021-01-30 09:43 - 2014-04-23 19:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2021-01-30 09:43 - 2014-04-23 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2021-01-30 09:43 - 2013-03-13 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2021-01-30 09:43 - 2012-11-26 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2021-01-30 09:43 - 2012-11-24 12:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
2021-01-30 09:43 - 2012-11-17 12:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
2021-01-30 09:43 - 2009-07-14 05:32 - 000000000 ____D C:\Program Files\Microsoft Games
2021-01-30 09:42 - 2012-11-17 11:32 - 000000000 ____D C:\Program Files\Common Files\Digidesign
2021-01-30 09:35 - 2019-12-07 09:52 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-30 09:35 - 2019-12-07 09:52 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-01-30 09:35 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-01-30 09:35 - 2019-12-07 09:03 - 000000000 ____D C:\WINDOWS\servicing
2021-01-30 09:33 - 2019-12-07 09:52 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-01-30 09:33 - 2019-12-07 09:52 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-01-30 09:03 - 2019-12-07 09:51 - 000000000 ____D C:\WINDOWS\OCR
2021-01-30 09:01 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-01-30 09:01 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-01-30 09:01 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-01-30 09:01 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-01-30 09:01 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-01-30 09:01 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-01-30 09:01 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-01-30 09:00 - 2019-12-07 09:49 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-01-30 09:00 - 2019-12-07 09:49 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-01-30 03:00 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-30 02:56 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-30 02:43 - 2019-12-07 09:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-30 02:43 - 2018-06-27 17:54 - 000000000 ____D C:\ProgramData\Packages
2021-01-30 02:43 - 2017-12-11 21:49 - 000000000 ___RD C:\Users\Ben\3D Objects
2021-01-30 02:43 - 2016-02-13 13:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-30 02:40 - 2019-12-07 09:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-30 02:39 - 2019-12-07 09:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-01-30 02:38 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-01-30 02:38 - 2019-12-07 09:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-30 02:38 - 2016-11-04 19:56 - 000000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3438359483-788715594-605512005-1002UA1d236d58dca325b.job
2021-01-30 02:38 - 2016-11-04 19:56 - 000000872 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3438359483-788715594-605512005-1002Core1d236d58d8e7b93.job
2021-01-30 02:26 - 2019-12-07 09:14 - 000000000 __RSD C:\WINDOWS\Media
2021-01-30 02:10 - 2020-12-26 22:59 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2021-01-30 02:10 - 2020-12-26 14:29 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citra
2021-01-30 02:10 - 2020-12-15 18:51 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Fodder
2021-01-30 02:10 - 2020-12-09 23:02 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Thief 1 HD
2021-01-30 02:10 - 2020-02-29 15:17 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-01-30 02:10 - 2019-12-01 12:57 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2021-01-30 02:10 - 2014-10-11 20:37 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-01-30 02:10 - 2014-06-29 18:58 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
2021-01-30 02:10 - 2012-11-25 12:50 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2021-01-30 02:10 - 2012-11-16 20:59 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Broadband
2021-01-30 02:06 - 2020-07-06 22:28 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2021-01-30 02:06 - 2014-04-10 20:33 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2021-01-30 02:00 - 2017-05-07 08:01 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-01-30 01:59 - 2017-05-07 08:02 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-01-30 00:14 - 2012-11-18 10:12 - 000000000 ___RD C:\Users\Ben\Dropbox
2021-01-29 15:30 - 2012-11-16 21:40 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-29 15:30 - 2012-11-16 21:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-28 22:49 - 2015-06-26 08:45 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Mp3tag
2021-01-28 05:33 - 2014-08-03 22:31 - 000002073 _____ C:\Users\Public\Desktop\Google Slides.lnk
2021-01-28 05:33 - 2014-08-03 22:31 - 000002073 _____ C:\ProgramData\Desktop\Google Slides.lnk
2021-01-28 05:33 - 2014-08-03 22:31 - 000002071 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2021-01-28 05:33 - 2014-08-03 22:31 - 000002071 _____ C:\ProgramData\Desktop\Google Sheets.lnk
2021-01-28 05:33 - 2014-08-03 22:31 - 000002061 _____ C:\Users\Public\Desktop\Google Docs.lnk
2021-01-28 05:33 - 2014-08-03 22:31 - 000002061 _____ C:\ProgramData\Desktop\Google Docs.lnk
2021-01-26 22:38 - 2012-11-18 10:10 - 000000000 ____D C:\Users\Ben\AppData\Roaming\Dropbox
2021-01-25 19:24 - 2014-10-18 13:09 - 000000000 ____D C:\Users\Ben\Desktop\Soundtracks
2021-01-25 08:00 - 2016-05-14 16:03 - 000000000 ____D C:\Users\Ben\AppData\Local\CrashDumps
2021-01-22 07:35 - 2010-11-21 03:27 - 000799104 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-13 06:44 - 2013-08-15 07:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 06:37 - 2012-10-09 12:17 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-12 17:58 - 2019-09-11 21:03 - 000000000 ____D C:\Users\Ben\Desktop\Insurance
2021-01-06 20:41 - 2017-05-07 08:02 - 000000000 ____D C:\ProgramData\NVIDIA Corporation

==================== Files in the root of some directories ========

2013-12-01 13:07 - 2013-08-10 08:30 - 000012005 _____ () C:\Users\Ben\AppData\Roaming\alsoft.ini
2013-05-19 08:50 - 2013-05-19 08:50 - 000000005 _____ () C:\Users\Ben\AppData\Roaming\BCT-TTL.DAT
2013-07-27 07:44 - 2014-08-16 09:59 - 000000117 _____ () C:\Users\Ben\AppData\Roaming\WB.CFG
2013-06-16 20:44 - 2014-01-28 08:14 - 000000005 _____ () C:\Users\Ben\AppData\Roaming\WBPU-TTL.DAT

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


  • 0

Advertisements

#2
JSntgRvr
Posted 01 February 2021 - 10:46 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Hi and welcome  :)
 
That is a Super Hidden location. I doubt it can be removed.

  • Highlight the entire content of the quote box below.

Start:: 
CloseProcesses: 
Task: {14C511F5-66C4-409A-BF60-F116DD690718} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION 
Task: {2C163FE4-AE8E-4821-8FD4-3AD4463217DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION 
Task: {2EEF25BF-4EDD-4221-AC06-8644A805369C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION 
Task: {38A49214-32F0-4053-B9F4-AA95394FB037} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION 
Task: {5BB479EF-2365-455A-88B9-F1CE041F65DF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION 
Task: {6E277D80-69D8-4B46-9059-D7FDDEE19EF2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION 
Task: {7EB3BCCE-E359-4ED7-93F6-B8B44FF6AE89} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION 
Task: {A97DF3F9-7BE5-4537-9CDA-33446068151A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION 
Task: {B0D69D41-ECE3-49EA-BB54-A329098780E6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION 
Task: {B2D24892-F74F-4A9E-9A7E-99BB383AC06B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION 
Task: {C3730FEF-FB67-4F83-8031-D49604FE8401} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION 
Task: {D7DAF053-A7D0-4D6C-97CA-E874616F09C1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION 
Task: {DC01776B-24CC-456C-BA83-557EF32E1F15} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {DF0AC9CC-8E5F-4785-96AD-FCF366984EC7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION 
Task: {FC26315C-BFD2-4057-96C5-AC879F67DD58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION 
Task: {14C511F5-66C4-409A-BF60-F116DD690718} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION 
Task: {2C163FE4-AE8E-4821-8FD4-3AD4463217DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION 
Task: {2EEF25BF-4EDD-4221-AC06-8644A805369C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION 
Task: {38A49214-32F0-4053-B9F4-AA95394FB037} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION 
Task: {5BB479EF-2365-455A-88B9-F1CE041F65DF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION 
Task: {6E277D80-69D8-4B46-9059-D7FDDEE19EF2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION 
Task: {7EB3BCCE-E359-4ED7-93F6-B8B44FF6AE89} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION 
Task: {A97DF3F9-7BE5-4537-9CDA-33446068151A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION 
Task: {B0D69D41-ECE3-49EA-BB54-A329098780E6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION 
Task: {B2D24892-F74F-4A9E-9A7E-99BB383AC06B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION 
Task: {C3730FEF-FB67-4F83-8031-D49604FE8401} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION 
Task: {D7DAF053-A7D0-4D6C-97CA-E874616F09C1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION 
Task: {DC01776B-24CC-456C-BA83-557EF32E1F15} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION 
Task: {DF0AC9CC-8E5F-4785-96AD-FCF366984EC7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION 
Task: {FC26315C-BFD2-4057-96C5-AC879F67DD58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION 
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\CXJISKJM
EMPTYTEMP: 
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 
Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
  • When the scan has finished a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.

Please post the contents of the file in your next reply.


  • 0

#3
bg111
Posted 02 February 2021 - 06:05 AM

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

Hi. Thanks for trying to help.

 

FixLog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by Ben (02-02-2021 10:34:49) Run:1
Running from C:\Users\Ben\Desktop
Loaded Profiles: Ben
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
CloseProcesses:
Task: {14C511F5-66C4-409A-BF60-F116DD690718} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2C163FE4-AE8E-4821-8FD4-3AD4463217DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2EEF25BF-4EDD-4221-AC06-8644A805369C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {38A49214-32F0-4053-B9F4-AA95394FB037} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {5BB479EF-2365-455A-88B9-F1CE041F65DF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6E277D80-69D8-4B46-9059-D7FDDEE19EF2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7EB3BCCE-E359-4ED7-93F6-B8B44FF6AE89} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A97DF3F9-7BE5-4537-9CDA-33446068151A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B0D69D41-ECE3-49EA-BB54-A329098780E6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B2D24892-F74F-4A9E-9A7E-99BB383AC06B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C3730FEF-FB67-4F83-8031-D49604FE8401} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D7DAF053-A7D0-4D6C-97CA-E874616F09C1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DC01776B-24CC-456C-BA83-557EF32E1F15} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DF0AC9CC-8E5F-4785-96AD-FCF366984EC7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FC26315C-BFD2-4057-96C5-AC879F67DD58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {14C511F5-66C4-409A-BF60-F116DD690718} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2C163FE4-AE8E-4821-8FD4-3AD4463217DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2EEF25BF-4EDD-4221-AC06-8644A805369C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {38A49214-32F0-4053-B9F4-AA95394FB037} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {5BB479EF-2365-455A-88B9-F1CE041F65DF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6E277D80-69D8-4B46-9059-D7FDDEE19EF2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7EB3BCCE-E359-4ED7-93F6-B8B44FF6AE89} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A97DF3F9-7BE5-4537-9CDA-33446068151A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B0D69D41-ECE3-49EA-BB54-A329098780E6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B2D24892-F74F-4A9E-9A7E-99BB383AC06B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C3730FEF-FB67-4F83-8031-D49604FE8401} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D7DAF053-A7D0-4D6C-97CA-E874616F09C1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DC01776B-24CC-456C-BA83-557EF32E1F15} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {DF0AC9CC-8E5F-4785-96AD-FCF366984EC7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FC26315C-BFD2-4057-96C5-AC879F67DD58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\CXJISKJM
EMPTYTEMP:

*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14C511F5-66C4-409A-BF60-F116DD690718}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14C511F5-66C4-409A-BF60-F116DD690718}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C163FE4-AE8E-4821-8FD4-3AD4463217DF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C163FE4-AE8E-4821-8FD4-3AD4463217DF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EEF25BF-4EDD-4221-AC06-8644A805369C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EEF25BF-4EDD-4221-AC06-8644A805369C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38A49214-32F0-4053-B9F4-AA95394FB037}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38A49214-32F0-4053-B9F4-AA95394FB037}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5BB479EF-2365-455A-88B9-F1CE041F65DF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BB479EF-2365-455A-88B9-F1CE041F65DF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E277D80-69D8-4B46-9059-D7FDDEE19EF2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E277D80-69D8-4B46-9059-D7FDDEE19EF2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EB3BCCE-E359-4ED7-93F6-B8B44FF6AE89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EB3BCCE-E359-4ED7-93F6-B8B44FF6AE89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A97DF3F9-7BE5-4537-9CDA-33446068151A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A97DF3F9-7BE5-4537-9CDA-33446068151A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0D69D41-ECE3-49EA-BB54-A329098780E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0D69D41-ECE3-49EA-BB54-A329098780E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2D24892-F74F-4A9E-9A7E-99BB383AC06B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2D24892-F74F-4A9E-9A7E-99BB383AC06B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3730FEF-FB67-4F83-8031-D49604FE8401}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3730FEF-FB67-4F83-8031-D49604FE8401}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7DAF053-A7D0-4D6C-97CA-E874616F09C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7DAF053-A7D0-4D6C-97CA-E874616F09C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC01776B-24CC-456C-BA83-557EF32E1F15}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC01776B-24CC-456C-BA83-557EF32E1F15}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF0AC9CC-8E5F-4785-96AD-FCF366984EC7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF0AC9CC-8E5F-4785-96AD-FCF366984EC7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC26315C-BFD2-4057-96C5-AC879F67DD58}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC26315C-BFD2-4057-96C5-AC879F67DD58}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14C511F5-66C4-409A-BF60-F116DD690718}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C163FE4-AE8E-4821-8FD4-3AD4463217DF}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EEF25BF-4EDD-4221-AC06-8644A805369C}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38A49214-32F0-4053-B9F4-AA95394FB037}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BB479EF-2365-455A-88B9-F1CE041F65DF}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E277D80-69D8-4B46-9059-D7FDDEE19EF2}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EB3BCCE-E359-4ED7-93F6-B8B44FF6AE89}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A97DF3F9-7BE5-4537-9CDA-33446068151A}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0D69D41-ECE3-49EA-BB54-A329098780E6}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2D24892-F74F-4A9E-9A7E-99BB383AC06B}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3730FEF-FB67-4F83-8031-D49604FE8401}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7DAF053-A7D0-4D6C-97CA-E874616F09C1}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC01776B-24CC-456C-BA83-557EF32E1F15}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF0AC9CC-8E5F-4785-96AD-FCF366984EC7}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC26315C-BFD2-4057-96C5-AC879F67DD58}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\CXJISKJM => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 99867185 B
Java, Flash, Steam htmlcache => 637998236 B
Windows/system/drivers => 25984123 B
Edge => 6961161 B
Firefox => 1437602812 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 28608 B
Ben => 356324429 B
DefaultAppPool => 356324429 B

RecycleBin => 0 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:45:11 ====

 

 

 

ADWCleaner:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build:    01-20-2021
# Database: 2021-01-26.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-02-2021
# Duration: 00:01:26
# OS:       Windows 10 Home
# Scanned:  31956
# Detected: 47


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.TrustedLogos             C:\Windows\TrustedLogos
PUP.Optional.Legacy             C:\Users\Ben\AppData\Roaming\Codec Pack Packages
PUP.Optional.Legacy             C:\Users\Ben\AppData\Roaming\RPEng

***** [ Files ] *****

PUP.Optional.Legacy             C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
PUP.Optional.Legacy             C:\Windows\SysWOW64\lavasofttcpservice.dll
PUP.Optional.Legacy             C:\Windows\System32\LavasoftTcpService64.dll
PUP.Optional.Legacy             C:\Windows\System32\LavasoftTcpServiceOff.ini

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Adware.Heuristic            HKLM\Software\Wow6432Node\ae888ce669e513
PUP.Optional.FreeMakeConverter  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
PUP.Optional.FreeMakeConverter  HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
PUP.Optional.Microleaves        HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.Microleaves        HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.SlimCleanerPlus    HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
PUP.Optional.SlimCleanerPlus    HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
PUP.Optional.Uniblue            HKLM\Software\DivX\Install\Setup\WizardLayout\UniblueDriverScanner
PUP.Optional.WebCompanion       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.DataContainer
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.DataContainer.1
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.DataController
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.DataController.1
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.DataTable
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.DataTable.1
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.DataTableFields
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.DataTableFields.1
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.DataTableHolder
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.DataTableHolder.1
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.LSPLogic
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.LSPLogic.1
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.ReadOnlyManager
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.WFPController
PUP.Optional.WebCompanion       HKLM\Software\Classes\LavasoftTcpServiceLib.WFPController.1

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

 

 

 


  • 0

#4
JSntgRvr
Posted 02 February 2021 - 03:50 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

AdwCleaner - Clean

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now
  • When the scan has finished a Scan Results window will open.
  • Please check all boxes and then click Quarantine
    • Click Next
    • If any pre-installed software was found on your machine, a prompt window will open ...
      • Click OK to close it
    • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
    • Click Quarantine
  • A prompt to save your work will appear ...
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear ...
    • Click Restart Now
  • Once your computer has restarted ...
    • If it doesn't open automatically, please start AdwCleaner ...
    • Click the Log Files tab ...
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

​How is the computer doing?


  • 0

#5
bg111
Posted 02 February 2021 - 06:22 PM

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

It's a bit better, it's faster now than right after. Some weird things happening, like the Task Manager memory is constantly 60-65%,  I don't know if that's normal. Dropbox won't sync. Weird things like that. Anyway below is your report:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build:    01-20-2021
# Database: 2021-01-11.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-02-2021
# Duration: 00:00:32
# OS:       Windows 10 Home
# Cleaned:  47
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\Ben\AppData\Roaming\Codec Pack Packages
Deleted       C:\Users\Ben\AppData\Roaming\RPEng
Deleted       C:\Windows\TrustedLogos

***** [ Files ] *****

Deleted       C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Deleted       C:\Windows\SysWOW64\lavasofttcpservice.dll
Deleted       C:\Windows\System32\LavasoftTcpService64.dll
Deleted       C:\Windows\System32\LavasoftTcpServiceOff.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages
Deleted       HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.DataContainer
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.DataContainer.1
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.DataController
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.DataController.1
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.DataTable
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.DataTable.1
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.DataTableFields
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.DataTableFields.1
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.DataTableHolder
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.LSPLogic
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.LSPLogic.1
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.WFPController
Deleted       HKLM\Software\Classes\LavasoftTcpServiceLib.WFPController.1
Deleted       HKLM\Software\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Deleted       HKLM\Software\DivX\Install\Setup\WizardLayout\UniblueDriverScanner
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
Deleted       HKLM\Software\Wow6432Node\ae888ce669e513
Deleted       HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted       HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.HPCleanFLC   File   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5962 octets] - [02/02/2021 11:59:44]
AdwCleaner[S01].txt - [6023 octets] - [02/02/2021 22:14:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

 


  • 0

#6
JSntgRvr
Posted 02 February 2021 - 08:00 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

As far as malware all seems to be cleaned, For information about the Task Manager and Dropbox, I would suggest you post in our Software Forums. Perhaps changes in your settings may resolve this other issue. Here is the link:
 
Windows 10 Support
 
Since there are no signs of infection anymore , I guess we're done here.
 
 
Use the following tool to remove tools and quarantined items:
 
Please download KpRm by Kernel-panik and save to your Desktop.

  • Click on KpRm.exe to run the tool.

Vista/Windows 7/8/10 users right-click and select Run As Administrator.

  • Put a check mark next to these items:

- Delete tools

- Delete now

  • Click the "Run" button.

automatic.png

  • When the tool has finished, it will create and open a log report and  delete itself.

Windows Updates
 
Keeping Windows up to date is one of the first steps in having a safe and secure system.

Keeping your programs up-to-date
 
As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:

As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.
 
Other recommendations
 
It's your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.
Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :

Stay away from torrents, P2P networks and Registry cleaners.
 
Many peer-to-peer networks are under constant attack by people with a  variety of motives.
 
Examples include:

  • poisoning attacks (e.g. providing files whose contents are different than the description)
  • denial of service attacks (attacks that may make the network run very slowly or break completely)
  • defection attacks (users or software that make use of the network without contributing resources to it)
  • insertion of viruses to carried data (e.g. downloaded or carried files may be infected with viruses or other malware)
  • malware in the peer-to-peer network software itself (e.g. distributed software may contain spyware)
  • filtering (network operators may attempt to prevent peer-to-peer network data from being carried)
  • identity attacks (e.g. tracking down the users of the network and harassing or legally attacking them)
  • spamming (e.g. sending unsolicited information across the network- not necessarily as a denial of service attack)

Best regards. :)


  • 0

#7
bg111
Posted 03 February 2021 - 09:53 AM

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

Thank you for your help. I have done those steps now.

 

So the: Trojan:Win32/Wacatac.B!ml is it harmful do you think?


  • 0

#8
JSntgRvr
Posted 03 February 2021 - 01:57 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

There is no especific information from Microsoft.

 

This is what I can most find about it:

 

What is wacatac? How To Remove Trojan:win32/wacatac.d!ml (unboxhow.com)

 

It will be a good idea to change all your passwords to banks and online shopping.

 

in your case I removed the entire folder detected.

 

C:\Users\Ben\AppData\Local\Microsoft\Windows\INetCache\IE\CXJISKJM => moved successfully


  • 0

#9
bg111
Posted 03 February 2021 - 02:04 PM

bg111

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

Oh that's good to know. Thank you. I'm glad it's gone. I'll change my passwords. Thanks again.


  • 0

#10
JSntgRvr
Posted 03 February 2021 - 02:47 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

You are welcome. :)


  • 0

#11
JSntgRvr
Posted 03 February 2021 - 02:48 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP