Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021 Ran by Steve (administrator) on NEWBACKCELLAR (30-01-2021 19:22:08) Running from C:\Users\Steve\Documents\Desktop Loaded Profiles: Steve Platform: Windows 10 Pro Version 1909 18363.1316 (X64) Language: English (United Kingdom) Default browser: Vivaldi Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\TalkTalk\OnlineDefence\fshoster32.exe <3> (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fshoster64.exe <2> (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fsorsp64.exe (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\FsPisces.exe (F-Secure Corporation -> F-Secure Corporation) C:\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fsulprothoster.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe (INMUSIC BRANDS INC -> M-Audio) C:\Program Files (x86)\M-Audio\M-Track 2X2\AudioDevMon.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe (Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\Display.NvContainer\NVDisplay.Container.exe <2> (PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe (Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe (Plays.tv, Inc -> Copyright (c) 2018 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe (PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Trichilia Consultants Limited -> CloudBerry Lab) C:\Program Files\CloudBerryLab\CloudBerry Remote Assistant\CloudRaService.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\Steve\AppData\Local\Vivaldi\Application\vivaldi.exe <28> (ZOODOTNET LIMITED -> ) C:\Users\Steve\AppData\Local\OVD\MediaDL\MediaDLUpdater.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7200984 2013-10-04] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [7580024 2021-01-18] (Paramount Software UK Ltd -> Paramount Software UK Ltd) HKLM\...\Run: [AVGUI.exe] => "C:\Program Files\AVG\Antivirus\AvLaunch.exe" /gui HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-01-25] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-12-09] (Apple Inc.) [File not signed] HKLM-x32\...\Run: [DT BEN] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121096 2017-04-24] (PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.) HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] (Portrait Displays, Inc. -> ) HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51440 2018-04-11] (Plays.tv, Inc -> Copyright (c) 2018 Plays.tv, LLC) HKLM-x32\...\Run: [uupdate] => C:\ProgramData\wDcLibs\uhelper.exe [512280 2019-11-28] (Shenzhen Yi Xing Investment Co., Ltd. -> ) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\Run: [MediaDLUpdater] => C:\Users\Steve\AppData\Local\OVD\MediaDL\MediaDLUpdater.exe [706096 2020-09-14] (ZOODOTNET LIMITED -> ) HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1097580972-3163717967-1959395198-1001\...\MountPoints2: {4bf36394-ede9-11ea-bb07-3085a98ea9bd} - "E:\setup.exe" HKLM\...\Windows x64\Print Processors\Canon Pro9000 II series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD9T.DLL [30208 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Windows x64\Print Processors\HPIPP7a0: C:\Windows\System32\spool\prtprocs\x64\hpipp7a0.DLL [263680 2012-06-13] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [53656 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc) HKLM\...\Print\Monitors\Canon BJ Language Monitor Pro9000 II series: C:\WINDOWS\system32\CNMLM9T.DLL [391168 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [File not signed] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVR Scheduler.lnk [2019-10-10] ShortcutTarget: TVR Scheduler.lnk -> C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe () [File not signed] GroupPolicy: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {041A0CEC-43EE-45B1-979F-DDF7C8C41921} - \DSOne Agent -> No File <==== ATTENTION Task: {151A2448-E0DB-487B-9BD9-2CF03408D783} - System32\Tasks\{24657FB4-F108-45BA-A246-84726C1EC6D2} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe" -c uplay://uninstall/205 Task: {168FD3C0-FCA0-4DBC-9C42-7DFA3A89844B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {1D9DD373-BA0D-4B23-A193-FC4601770D7B} - System32\Tasks\{F494BE0A-41E3-4F3F-AB4D-B4E94D095A7C} => C:\Windows\system32\pcalua.exe -a D:\2.ASMEDIA_OTB\PCCLONEEX_LITE_2_01_41_ASMEDIA\Setup.exe -d D:\2.ASMEDIA_OTB\PCCLONEEX_LITE_2_01_41_ASMEDIA Task: {219671FA-565E-492C-BDF7-0DB38024A015} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {2275A738-C142-4338-8740-23633BDE81A0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3292984 2020-06-25] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2403AD38-1DD6-48E3-9850-FAE5F334207B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {24BB2B6C-5095-4538-A995-E42DA16A812D} - \Seagate_Install_Launch -> No File <==== ATTENTION Task: {24DCBD1E-B0BF-46F8-8D80-1136898BF726} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23062920 2021-01-19] (Microsoft Corporation -> Microsoft Corporation) Task: {323E8117-81B8-4EC2-B2FA-1D139BFCA5E8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {346BC5FD-B9BB-47D0-B94D-68B0C47F54A9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {38765B7D-403D-4F11-8A15-79ABAC2FB2F0} - \ByteFence -> No File <==== ATTENTION Task: {39388DE8-3D25-4757-9F5B-3A3718435CE5} - System32\Tasks\{E328E6B4-E10A-4B1A-9D46-460016F63D15} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Vidalia Bridge Bundle\Uninstall.exe" -d "C:\Program Files (x86)\Vidalia Bridge Bundle" Task: {4150ABCF-A58D-4F1C-8D37-26987328B1E0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd) Task: {45AB236E-4083-4108-89A6-0C159B826733} - System32\Tasks\Photoshop => C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe [62231200 2012-03-15] (Adobe Systems Incorporated -> Adobe Systems, Incorporated) Task: {4B1449D9-0F19-47A0-8204-99066943F046} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-26] (Dropbox, Inc -> Dropbox, Inc.) Task: {4C7D4FC9-4658-44B8-B38F-E33BB8AC2CF9} - System32\Tasks\{95E0801D-D16F-4DCE-823F-39D021101459} => C:\WINDOWS\system32\pcalua.exe -a D:\SetupSel.exe -d D:\ Task: {4D442E7C-2BDD-423A-838C-2FC1B1463DA9} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {50363F55-289C-4BB1-825A-38B108C1F3E9} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1773192 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies) Task: {5240AF03-C184-47B2-846E-E69D274D4F2A} - System32\Tasks\{A1E61302-45D3-49C0-BF21-41C3A3F24270} => C:\Windows\system32\pcalua.exe -a C:\Users\Steve\AppData\Local\Temp\Temp1_AsusUpdt_V71003.zip\AsusSetup.exe <==== ATTENTION Task: {567E7408-408F-4325-8278-D425E50FDED8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5CFB22B9-A542-487E-84F9-898C67527D45} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {5D05443E-B2B3-4ECC-BCDE-FFED81B47A4A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {64E74A71-A1B5-42E3-91F1-958D7CC40C9E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd) Task: {694CE578-123F-4F76-9E98-B3B18E153061} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-24] (Microsoft Corporation -> Microsoft Corporation) Task: {6CE39460-8A9C-41FA-A1A0-3F18F56D6036} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Task: {6E998708-45CD-4C25-B05C-1CB7E24BCC83} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe Task: {85C4BD0A-33D3-46F2-93E2-2D84AC572801} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4071336 2021-01-24] (Microsoft Corporation -> Microsoft Corporation) Task: {86D0BD09-AD6F-4B46-9162-A36CA908DCBF} - System32\Tasks\AdobeAAMUpdater-1.0-NewBackCellar-Steve => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE} Task: {92399C86-C608-4FF0-8AF2-9817BFE0E3CF} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {935B2B23-CA3F-48A0-B480-682AB27FBD65} - System32\Tasks\F-Secure\F-Secure Hotfix => C:\Program Files (x86)\TalkTalk\OnlineDefence\fs_hotfix.exe [308608 2020-11-03] (F-Secure Corporation -> F-Secure Corporation) Task: {939FF5B5-8746-41C6-BA2D-61044961E4B4} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {99F629A3-50D8-4EF1-9833-ED9FC2E8E72F} - System32\Tasks\Steve DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe Task: {9C3EBA43-A062-420F-9A2E-31B95BE0077D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {B382BE19-75F8-481B-93F8-EF710ED81AA2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {B62E7028-E3AA-44A7-B9ED-A0752BC5A552} - System32\Tasks\{34D5569F-1B61-4CCB-A32D-0767901DAE74} => C:\WINDOWS\system32\pcalua.exe -a D:\Drivers\AMD\CoolnQuiet\setup.exe -d D:\Drivers\AMD\CoolnQuiet Task: {B9E57258-F2FA-430B-85F8-6012C18C9FBB} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA} Task: {BCFF40A6-1147-4868-B375-DC875154ACCC} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe Task: {BD5F09BB-F008-4B79-BD28-B7DC0E6A79AF} - System32\Tasks\NeroLiveEpgUpdate-NEWBACKCELLAR_Steve => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe Task: {BEB38F21-A5A4-4690-8D2E-239EDDDE3040} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.) Task: {BFE964D2-A29C-4734-AC47-C1CD17CE7314} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {C4315DCB-81A0-4E46-B16A-314562D21662} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {C47ED8C6-D008-4D91-91D2-E81C07FBA928} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {C543E1F2-78C9-4136-B7F1-A3E5C2B80033} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {C5820A80-44A3-4A50-B214-05201AF725B0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-26] (Dropbox, Inc -> Dropbox, Inc.) Task: {C61FEF5C-409F-4249-B794-205E1EE60813} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-02-11] (Google Inc -> Google Inc.) Task: {C84D2536-E522-42BC-8617-8780D5B2AFEC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-24] (Microsoft Corporation -> Microsoft Corporation) Task: {C8A6C7DC-ABAB-4770-AD7B-C23D22AF5564} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {CAC1BCA2-40E1-469A-A769-DA55CE622DF8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe Task: {CDDD6669-A3BE-410F-9D99-603302ACE62F} - System32\Tasks\1strun => C:\Program Files (x86)\VPNVault\VPNVault.exe Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {CE563CFC-8BE4-46D5-9235-6F2587757B14} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {D09CCBD0-2A2C-40A9-9296-DFF1BD04D5B1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe Task: {DAFB162D-4893-4982-8E11-94E365266B6E} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe Task: {DCE069BA-9244-4883-A147-E575F7935B23} - System32\Tasks\{1B38D7BD-4BCB-45ED-830A-6674F1FAE32D} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe" Task: {DEC487D2-2CC0-406A-B980-14123A509F7C} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-05-07] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {E937D95D-A41C-45C5-971E-B258CC00B2BD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {EABDFEB5-0E9F-4A34-BB35-62B8247713E5} - System32\Tasks\{54327156-C754-4A2C-BB56-39773221E633} => C:\Windows\system32\pcalua.exe -a D:\Nero9.9\dotnetfx3setup.exe -d D:\Nero9.9 Task: {EB854A30-38C1-4668-BAE6-351B0947FC29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2016-02-11] (Google Inc -> Google Inc.) Task: {EDFF4D2F-05C3-40DD-BAE6-65C2C675F514} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4071336 2021-01-24] (Microsoft Corporation -> Microsoft Corporation) Task: {EEEA04AE-6C6F-4528-90B1-394A0A93C107} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F8C24148-ACA7-4D8D-A0DE-88F81CD356E0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23062920 2021-01-19] (Microsoft Corporation -> Microsoft Corporation) Task: {FC96AABC-0528-42C8-8FF9-96E0D1824F04} - System32\Tasks\{7C79B8C8-17D4-4F3A-A384-0C9FC079C654} => C:\Windows\system32\pcalua.exe -a C:\Users\Steve\Desktop\2\AsusSetup.exe -d C:\Users\Steve\Desktop\2 Task: {FEA50550-DDBF-4481-A97A-870735578040} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647656 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation) Task: {FEB91447-4C3F-4D4A-9B20-39B69675BA7A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-06-23] (NVIDIA Corporation -> NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\NeroLiveEpgUpdate-NEWBACKCELLAR_Steve.job => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{a469da97-76b1-404c-b2f1-27fbd9bf589c}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{ac511b68-23dd-45e1-9607-142f9548f174}: [DhcpNameServer] 192.168.1.1 Edge: ======= DownloadDir: C:\Users\Steve\Downloads Edge HomeButtonPage: HKU\S-1-5-21-1097580972-3163717967-1959395198-1001 -> hxxps://www.ephotozine.com/ Edge DefaultProfile: Default Edge Profile: C:\Users\Steve\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-30] Edge DownloadDir: C:\Users\Steve\Downloads Edge HomePage: Default -> hxxps://www.ephotozine.com/ Edge StartupUrls: Default -> "hxxps://www.ephotozine.com/" Edge DefaultSearchURL: Default -> hxxps://www.google.co.uk/search?q={searchTerms}&ie={inputEncoding?}&oe={outputEncoding?} Edge DefaultSearchKeyword: Default -> google.co.uk Edge Extension: (Browsing Protection by F-Secure) - C:\Users\Steve\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2020-12-01] Edge HKLM\...\Edge\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] Edge HKLM-x32\...\Edge\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2020-09-07] [Legacy] [not signed] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2013-04-19] (CANON INC.) [File not signed] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-10-12] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File] FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2009-09-25] (Wacom, Inc.) [File not signed] FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin HKU\S-1-5-21-1097580972-3163717967-1959395198-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2021-01-18] (Ubisoft Entertainment Sweden AB -> ) Chrome: ======= CHR HKLM\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] CHR HKLM-x32\...\Chrome\Extension: [jmjjnhpacphpjmnnlnccpfmhkcloaade] Vivaldi: ======= VIV DefaultProfile: Default VIV Profile: C:\Users\Steve\AppData\Local\Vivaldi\User Data\Default [2021-01-30] VIV DownloadDir: C:\Users\Steve\Documents\Desktop VIV Notifications: Default -> hxxps://notification-centar.com; hxxps://realmlessgsaludgfj.download; hxxps://sauwoaptain.com; hxxps://uzmite.me; hxxps://wolve.pro; hxxps://www.wondershare.com; hxxps://www1.pushworldtool.com VIV HomePage: Default -> hxxps://www.ephotozine.com/ VIV Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Steve\AppData\Local\Vivaldi\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2020-09-04] VIV Extension: (Browsing Protection by F-Secure) - C:\Users\Steve\AppData\Local\Vivaldi\User Data\Default\Extensions\jmjjnhpacphpjmnnlnccpfmhkcloaade [2020-10-12] VIV Extension: (Chrome Media Router) - C:\Users\Steve\AppData\Local\Vivaldi\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-25] VIV Profile: C:\Users\Steve\AppData\Local\Vivaldi\User Data\Guest Profile [2021-01-30] VIV Profile: C:\Users\Steve\AppData\Local\Vivaldi\User Data\System Profile [2021-01-30] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960384 2021-01-19] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-26] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-26] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-01-25] (Dropbox, Inc -> Dropbox, Inc.) R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [141576 2017-04-24] (PORTRAIT DISPLAYS, INC. -> Portrait Displays, Inc.) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [779392 2019-10-18] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) R2 fshoster; C:\Program Files (x86)\TalkTalk\OnlineDefence\fshoster32.exe [244096 2020-11-03] (F-Secure Corporation -> F-Secure Corporation) R2 fsnethoster; C:\Program Files (x86)\TalkTalk\OnlineDefence\fshoster32.exe [244096 2020-11-03] (F-Secure Corporation -> F-Secure Corporation) R2 fsulhoster; C:\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fshoster64.exe [624888 2021-01-13] (F-Secure Corporation -> F-Secure Corporation) R2 fsulnethoster; C:\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fshoster64.exe [624888 2021-01-13] (F-Secure Corporation -> F-Secure Corporation) R2 fsulorsp; C:\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fsorsp64.exe [101248 2021-01-13] (F-Secure Corporation -> F-Secure Corporation) R2 fsulprothoster; C:\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fsulprothoster.exe [624888 2021-01-13] (F-Secure Corporation -> F-Secure Corporation) R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [8921936 2021-01-18] (Paramount Software UK Ltd -> Paramount Software UK Ltd) R2 MTrack2X2AudioDevMon; C:\Program Files (x86)\M-Audio\M-Track 2X2\AudioDevMon.exe [289880 2018-06-07] (INMUSIC BRANDS INC -> M-Audio) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55024 2018-04-11] (Plays.tv, Inc -> Copyright (c) 2018 Plays.tv, LLC) S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed] S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2258840 2016-01-22] (Trusteer -> IBM Corp.) R2 Remote Assistant Service; C:\Program Files\CloudBerryLab\CloudBerry Remote Assistant\CloudRaService.exe [62624 2019-08-14] (Trichilia Consultants Limited -> CloudBerry Lab) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6264144 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\NisSrv.exe [2343112 2020-09-06] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2008.9-0\MsMpEng.exe [128360 2020-09-06] (Microsoft Windows Publisher -> Microsoft Corporation) S2 AVG Antivirus; "C:\Program Files\AVG\Antivirus\AVGSvc.exe" /runassvc [X] S3 avgbIDSAgent; "C:\Program Files\AVG\Antivirus\aswidsagent.exe" [X] S2 AvgWscReporter; "C:\Program Files\AVG\Antivirus\wsc_proxy.exe" /runassvc /rpcserver [X] R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e0a5a1b06de180e3\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [51120 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> ) R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [171952 2016-12-21] (CHENGDU AOMEI Tech Co., Ltd. -> ) R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [38320 2017-09-01] (CHENGDU AOMEI Tech Co., Ltd. -> ) S3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Co., Ltd. -> AnvSoft Inc.) S3 asmtxhci; C:\WINDOWS\System32\drivers\asmtxhci.sys [424192 2013-08-16] (MCCI Corporation -> ASMedia Technology Inc) R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [36936 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S3 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [208808 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S3 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [332944 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S3 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [247952 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S3 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [97424 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16832 2021-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.) S3 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42568 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [176528 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S3 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [522616 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S3 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [109064 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [84640 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S3 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [851392 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [469040 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S3 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [214936 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) S3 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [325056 2021-01-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) R3 F-Secure Gatekeeper; C:\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fsulgk.sys [321512 2021-01-13] (F-Secure Corporation -> F-Secure Corporation) R1 F-Secure UL HIPS; C:\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\ulcore\1610529558\fshs.sys [103912 2021-01-13] (F-Secure Corporation -> F-Secure Corporation) R0 fsbts; C:\WINDOWS\System32\drivers\fsbts.sys [58752 2020-12-02] (F-Secure Corporation -> F-Secure Corporation) S0 fselms; C:\WINDOWS\System32\drivers\fselms.sys [15304 2020-09-06] (Microsoft Windows Early Launch Anti-malware Publisher -> F-Secure Corporation) R2 fsnif2; C:\Program Files (x86)\TalkTalk\OnlineDefence\Ultralight\nif2\1606295644\nif2s64.sys [179440 2020-12-01] (F-Secure Corporation -> F-Secure Corporation) S3 gdrv; C:\WINDOWS\gdrv.sys [24104 2019-11-19] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider) S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [115704 2015-07-09] (GENESYS LOGIC, INC. -> GenesysLogic) S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation) R1 JitDriver; C:\WINDOWS\system32\drivers\JitDriver.sys [47104 2020-04-21] (Microsoft Windows Hardware Compatibility Publisher -> ) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [21208 2021-01-26] (北京铠信神州科技有限责任公司 -> ) S3 MTRACK2X2; C:\WINDOWS\System32\drivers\MAudioMTrack2X2.sys [245832 2018-06-07] (Microsoft Windows Hardware Compatibility Publisher -> M-Audio) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> ) S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> ) R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation -> Corel Corporation) S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [504504 2016-01-22] (Trusteer -> IBM Corp.) S0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [142488 2016-01-22] (Trusteer -> IBM Corp.) S0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [397336 2016-01-22] (Trusteer -> IBM Corp.) S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [497592 2016-01-22] (Trusteer -> IBM Corp.) S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-06-13] (TunnelBear, Inc. -> The OpenVPN Project) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2020-09-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428256 2020-09-06] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69856 2020-09-06] (Microsoft Windows -> Microsoft Corporation) S2 AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S3 AtiDCM; \??\C:\Users\Steve\AppData\Local\Temp\atdcm64a.sys [X] <==== ATTENTION U3 avgbdisk; no ImagePath S3 cpuz136; \??\C:\Users\Steve\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] <==== ATTENTION ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-30 19:20 - 2021-01-30 19:22 - 000000000 ____D C:\FRST 2021-01-26 15:19 - 2021-01-26 15:19 - 000000000 ___HD C:\$Windows.~WS 2021-01-26 10:38 - 2021-01-26 19:52 - 000000192 _____ C:\WINDOWS\dm.dmap 2021-01-26 10:23 - 2021-01-26 10:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2021-01-26 10:21 - 2021-01-26 10:21 - 000729880 _____ C:\WINDOWS\system32\ndm-fre.exe 2021-01-26 10:21 - 2021-01-26 10:21 - 000021208 _____ C:\WINDOWS\system32\MDA_NTDRV.sys 2021-01-26 10:20 - 2021-01-26 10:20 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrorit Partition Expert Free 2021-01-26 10:20 - 2021-01-26 10:20 - 000000000 ____D C:\Program Files\Macrorit 2021-01-25 16:12 - 2021-01-25 16:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2021-01-25 16:12 - 2021-01-25 16:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2021-01-25 16:12 - 2021-01-25 16:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2021-01-25 16:12 - 2021-01-25 16:12 - 000044064 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2021-01-25 14:35 - 2021-01-25 15:25 - 000000000 ____D C:\Users\Steve\Downloads\HOW TO LAWFULLY AVOID MASKS, TESTS AND QUARANTINES DURING TRAVEL - PROF. DOLORES CAHILL 2021-01-24 16:51 - 2021-01-24 16:51 - 000000000 ____D C:\Users\Steve\AppData\Local\ElevatedDiagnostics 2021-01-24 16:48 - 2021-01-24 16:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-1097580972-3163717967-1959395198-1001 2021-01-24 16:38 - 2021-01-24 16:38 - 000000000 ____H C:\Users\Steve\Documents\Default.rdp 2021-01-23 12:50 - 2021-01-23 13:00 - 000000140 _____ C:\WINDOWS\restoro.ini 2021-01-23 12:24 - 2021-01-23 12:30 - 000013010 _____ C:\ProgramData\DisplaySessionContainer11.log_backup1 2021-01-23 12:08 - 2021-01-23 12:24 - 000014001 _____ C:\ProgramData\DisplaySessionContainer10.log_backup1 2021-01-22 23:02 - 2021-01-23 12:08 - 000013988 _____ C:\ProgramData\DisplaySessionContainer9.log_backup1 2021-01-21 20:39 - 2021-01-22 23:02 - 000015844 _____ C:\ProgramData\DisplaySessionContainer8.log_backup1 2021-01-18 09:28 - 2020-11-14 15:18 - 000105248 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\MRCBT.sys 2021-01-18 09:28 - 2020-10-05 11:02 - 000079840 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\mrigflt.sys 2021-01-15 11:21 - 2021-01-15 11:21 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2021-01-15 11:21 - 2021-01-15 11:21 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2021-01-15 11:21 - 2021-01-15 11:21 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2021-01-15 11:21 - 2021-01-15 11:21 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2021-01-15 11:21 - 2021-01-15 11:21 - 000502784 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll 2021-01-15 11:21 - 2021-01-15 11:21 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2021-01-15 11:21 - 2021-01-15 11:21 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl 2021-01-15 11:21 - 2021-01-15 11:21 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2021-01-15 11:21 - 2021-01-15 11:21 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2021-01-15 11:21 - 2021-01-15 11:21 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2021-01-15 11:21 - 2021-01-15 11:21 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax 2021-01-15 11:21 - 2021-01-15 11:21 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2021-01-15 11:21 - 2021-01-15 11:21 - 000151040 _____ C:\WINDOWS\system32\uwfcsp.dll 2021-01-15 11:21 - 2021-01-15 11:21 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax 2021-01-15 11:21 - 2021-01-15 11:21 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll 2021-01-15 11:21 - 2021-01-15 11:21 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2021-01-15 11:21 - 2021-01-15 11:21 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-01-15 11:21 - 2021-01-15 11:21 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2021-01-15 11:21 - 2021-01-15 11:21 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-01-15 11:21 - 2021-01-15 11:21 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll 2021-01-15 11:21 - 2021-01-15 11:21 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin 2021-01-15 11:21 - 2021-01-15 11:21 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin 2021-01-15 11:20 - 2021-01-15 11:20 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll 2021-01-15 11:20 - 2021-01-15 11:20 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-01-15 11:20 - 2021-01-15 11:20 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl 2021-01-15 11:20 - 2021-01-15 11:20 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-01-15 11:20 - 2021-01-15 11:20 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll 2021-01-15 11:20 - 2021-01-15 11:20 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2021-01-15 11:20 - 2021-01-15 11:20 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll 2021-01-15 11:20 - 2021-01-15 11:20 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2021-01-15 11:20 - 2021-01-15 11:20 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl 2021-01-15 11:19 - 2021-01-15 11:19 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-01-15 11:19 - 2021-01-15 11:19 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-01-15 11:19 - 2021-01-15 11:19 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll 2021-01-15 11:19 - 2021-01-15 11:19 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll 2021-01-15 11:19 - 2021-01-15 11:19 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2021-01-15 11:19 - 2021-01-15 11:19 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-01-15 11:19 - 2021-01-15 11:19 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2021-01-09 12:19 - 2021-01-09 12:19 - 000003162 _____ C:\WINDOWS\system32\Tasks\1strun 2021-01-09 12:19 - 2021-01-09 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows 2021-01-09 12:19 - 2021-01-09 12:19 - 000000000 ____D C:\Program Files\TAP-Windows 2021-01-09 12:10 - 2021-01-09 12:10 - 000000000 ___HD C:\$WINDOWS.~BT 2021-01-08 13:20 - 2021-01-08 13:20 - 000000000 ____D C:\Users\Steve\AppData\Roaming\ClipGrab 2021-01-08 12:53 - 2021-01-08 12:53 - 000000000 ____D C:\Users\Steve\AppData\Roaming\AVG 2021-01-08 12:52 - 2021-01-10 13:11 - 000004266 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update 2021-01-08 12:52 - 2021-01-08 12:52 - 000851392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000522616 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000469040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000341128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe 2021-01-08 12:52 - 2021-01-08 12:52 - 000332944 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000325056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000247952 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000214936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000208808 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000176528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000109064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000097424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000084640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000053616 _____ () C:\WINDOWS\system32\Drivers\staport.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000042568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000036936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000016832 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys 2021-01-08 12:52 - 2021-01-08 12:52 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG 2021-01-08 12:52 - 2021-01-08 12:52 - 000000000 ____D C:\Program Files\Common Files\AVG 2021-01-08 12:51 - 2021-01-10 13:07 - 000000000 ____D C:\ProgramData\AVG 2021-01-08 12:51 - 2021-01-08 12:51 - 000000000 ____D C:\Users\Steve\AppData\Local\ClipGrab 2021-01-08 12:51 - 2021-01-08 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab 2021-01-08 12:51 - 2021-01-08 12:51 - 000000000 ____D C:\Program Files (x86)\ClipGrab 2021-01-03 18:31 - 2021-01-03 18:31 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Yamicsoft 2021-01-03 14:39 - 2017-06-07 00:36 - 000138296 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys 2021-01-03 14:34 - 2021-01-03 14:34 - 000000000 ____D C:\Users\Steve\Documents\Ashampoo Burning Studio 22 2021-01-03 14:20 - 2021-01-03 14:20 - 000000000 ____D C:\Program Files (x86)\PremierOpinion 2021-01-03 11:04 - 2021-01-03 11:04 - 000000000 ____D C:\Users\Steve\Documents\VideoProc 2021-01-03 11:03 - 2021-01-03 11:35 - 000000000 ____D C:\Users\Steve\AppData\Roaming\VideoProc 2021-01-03 11:03 - 2021-01-03 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoProc 2021-01-03 11:03 - 2021-01-03 11:03 - 000000000 ____D C:\Program Files (x86)\Digiarty 2021-01-01 14:07 - 2021-01-01 14:07 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-30 19:24 - 2017-08-25 13:33 - 000000000 ____D C:\Users\Steve\Documents\Outlook Files 2021-01-30 19:18 - 2020-08-16 17:03 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-01-30 19:18 - 2019-11-19 11:33 - 000000000 ____D C:\ProgramData\NVIDIA 2021-01-30 13:50 - 2020-04-29 14:09 - 000018923 _____ C:\ProgramData\DisplaySessionContainer2.log_backup1 2021-01-30 13:17 - 2019-09-03 11:55 - 000000000 ____D C:\Users\Steve\AppData\Local\Ubisoft Game Launcher 2021-01-30 12:29 - 2014-12-16 15:15 - 000000000 _RSHD C:\Users\Steve\Documents\FreeFolderHiderData 2021-01-30 12:27 - 2020-12-01 10:10 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2021-01-30 12:27 - 2020-12-01 10:10 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData 2021-01-30 12:24 - 2019-12-05 15:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-01-30 09:19 - 2014-12-14 16:27 - 000000000 ____D C:\Users\Steve\AppData\Local\Adobe 2021-01-30 09:19 - 2014-12-12 13:56 - 000000000 ____D C:\Program Files\CCleaner 2021-01-30 00:51 - 2020-04-07 19:20 - 000014207 _____ C:\ProgramData\DisplaySessionContainer1.log_backup1 2021-01-30 00:26 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps 2021-01-30 00:26 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-01-30 00:26 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-01-30 00:07 - 2020-02-28 23:39 - 000000000 ____D C:\Users\Steve\AppData\Roaming\vlc 2021-01-29 20:40 - 2019-11-19 13:16 - 000000374 _____ C:\Users\Steve\.vivaldi_reporting_data 2021-01-29 15:35 - 2019-12-05 15:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-01-29 15:34 - 2020-08-22 12:41 - 000015227 _____ C:\ProgramData\DisplaySessionContainer3.log_backup1 2021-01-29 15:34 - 2020-04-07 19:19 - 000095639 _____ C:\ProgramData\NVDisplayContainerWatchdog.log_backup1 2021-01-29 15:34 - 2020-04-07 19:19 - 000023531 _____ C:\ProgramData\NVDisplay.ContainerLocalSystem.log_backup1 2021-01-29 15:34 - 2019-03-19 04:37 - 000262144 _____ C:\WINDOWS\system32\config\BBI 2021-01-28 20:50 - 2020-12-16 20:28 - 000000000 ____D C:\Users\Steve\AppData\Roaming\ovd 2021-01-28 14:30 - 2020-04-07 19:19 - 000001209 _____ C:\ProgramData\NvcDispCorePlugin.log_backup1 2021-01-28 10:49 - 2019-03-19 04:50 - 000000000 ____D C:\WINDOWS\INF 2021-01-28 09:59 - 2020-08-22 23:27 - 000013999 _____ C:\ProgramData\DisplaySessionContainer4.log_backup1 2021-01-27 20:14 - 2020-12-20 15:54 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Kodi 2021-01-27 20:14 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-01-26 15:44 - 2019-12-05 15:48 - 000000000 ____D C:\Users\Steve 2021-01-26 14:30 - 2019-12-05 13:35 - 000000000 ___DC C:\WINDOWS\Panther 2021-01-26 11:19 - 2019-09-18 12:08 - 000000000 ____D C:\Users\Steve\Documents\Reflect 2021-01-26 10:41 - 2020-08-23 19:54 - 000014309 _____ C:\ProgramData\DisplaySessionContainer5.log_backup1 2021-01-26 10:23 - 2015-12-25 11:44 - 000000000 ____D C:\Program Files (x86)\Dropbox 2021-01-24 20:44 - 2019-10-09 18:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-01-24 20:00 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-01-24 14:21 - 2018-02-26 19:34 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\Mozilla 2021-01-23 20:27 - 2019-12-05 15:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software 2021-01-23 12:46 - 2015-12-25 11:44 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2021-01-23 12:46 - 2015-12-25 11:44 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2021-01-22 10:15 - 2019-12-05 15:57 - 000003994 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA 2021-01-22 10:15 - 2019-12-05 15:57 - 000003762 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore 2021-01-22 09:56 - 2019-12-05 15:57 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-01-21 20:39 - 2020-08-24 10:11 - 000016193 _____ C:\ProgramData\DisplaySessionContainer7.log_backup1 2021-01-21 14:23 - 2020-08-23 20:32 - 000011435 _____ C:\ProgramData\DisplaySessionContainer6.log_backup1 2021-01-19 20:14 - 2020-08-16 17:03 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-01-19 20:14 - 2020-08-16 17:03 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-01-19 14:04 - 2018-12-04 18:12 - 000000000 ____D C:\Users\Steve\AppData\Local\CrashDumps 2021-01-18 11:14 - 2014-12-12 02:06 - 000000000 ____D C:\Users\Steve\AppData\Local\Packages 2021-01-17 19:39 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp 2021-01-15 12:13 - 2020-02-07 10:31 - 000556008 _____ C:\WINDOWS\system32\perfh008.dat 2021-01-15 12:13 - 2020-02-07 10:31 - 000092812 _____ C:\WINDOWS\system32\perfc008.dat 2021-01-15 12:13 - 2019-12-05 15:55 - 001468572 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-01-15 12:10 - 2019-04-01 21:40 - 000000000 ___RD C:\Users\Steve\3D Objects 2021-01-15 12:10 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2021-01-15 12:10 - 2014-12-15 19:29 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-01-15 12:09 - 2019-12-05 15:41 - 005175616 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-01-15 12:07 - 2019-03-19 11:43 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-01-15 12:07 - 2019-03-19 11:43 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-01-15 12:07 - 2019-03-19 11:43 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-01-15 12:07 - 2019-03-19 11:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SystemResources 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\setup 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\Com 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\Provisioning 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\IME 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-01-15 12:07 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Windows Defender 2021-01-15 11:29 - 2019-03-19 04:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-01-15 11:28 - 2014-12-11 08:50 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-01-15 11:25 - 2014-12-12 13:28 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-01-15 11:19 - 2019-12-05 15:44 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2021-01-14 14:02 - 2015-12-08 12:26 - 000000000 ____D C:\ProgramData\Package Cache 2021-01-13 12:45 - 2020-12-16 20:28 - 000000000 ____D C:\Users\Steve\AppData\Local\OVD 2021-01-10 15:26 - 2018-11-26 14:36 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2021-01-09 19:21 - 2020-08-04 11:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2021-01-09 12:21 - 2015-12-08 18:35 - 000000000 ____D C:\Users\Steve\AppData\Local\CEF 2021-01-09 12:10 - 2019-12-05 15:56 - 000001908 _____ C:\WINDOWS\diagwrn.xml 2021-01-09 12:10 - 2019-12-05 15:56 - 000001908 _____ C:\WINDOWS\diagerr.xml 2021-01-08 12:52 - 2019-03-19 04:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-01-03 18:33 - 2018-12-18 15:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer 2021-01-03 18:33 - 2018-12-18 15:40 - 000000000 ____D C:\Program Files (x86)\ImageWriter 2021-01-03 18:32 - 2017-07-02 18:58 - 000000000 ____D C:\Windows10Upgrade 2021-01-03 16:52 - 2019-04-01 19:14 - 000000000 ____D C:\ESD 2021-01-03 14:32 - 2016-07-27 18:23 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Ashampoo 2021-01-03 14:32 - 2016-07-27 18:23 - 000000000 ____D C:\Users\Steve\AppData\Local\ashampoo 2021-01-03 14:31 - 2016-07-27 18:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2021-01-03 14:31 - 2016-07-27 18:23 - 000000000 ____D C:\ProgramData\Ashampoo 2021-01-03 14:30 - 2016-07-27 18:23 - 000000000 ____D C:\Program Files (x86)\Ashampoo 2021-01-03 11:06 - 2020-12-04 21:53 - 000000000 ____D C:\Users\Steve\.cache 2021-01-03 11:03 - 2018-09-08 21:24 - 000000000 ____D C:\Users\Steve\AppData\Roaming\Digiarty 2021-01-01 14:05 - 2019-12-09 09:55 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys ==================== Files in the root of some directories ======== 2017-04-27 18:47 - 2018-01-01 11:11 - 000000132 _____ () C:\Users\Steve\AppData\Roaming\Adobe PNG Format CS6 Prefs 2016-06-27 10:05 - 2016-06-27 10:05 - 000000132 _____ () C:\Users\Steve\AppData\Roaming\Adobe Targa Format CS6 Prefs 2016-07-27 18:15 - 2016-07-27 18:17 - 000000360 _____ () C:\Users\Steve\AppData\Roaming\burnaware.ini 2015-01-06 21:07 - 2015-07-08 17:23 - 000000223 _____ () C:\Users\Steve\AppData\Roaming\default.rss 2014-12-16 12:12 - 2019-12-18 20:41 - 000099384 _____ () C:\Users\Steve\AppData\Roaming\inst.exe 2014-12-16 12:12 - 2019-12-18 20:41 - 000007859 _____ () C:\Users\Steve\AppData\Roaming\pcouffin.cat 2014-12-16 12:12 - 2019-12-18 20:41 - 000001167 _____ () C:\Users\Steve\AppData\Roaming\pcouffin.inf 2014-12-16 12:12 - 2019-12-18 20:41 - 000000055 _____ () C:\Users\Steve\AppData\Roaming\pcouffin.log 2014-12-16 12:12 - 2019-12-18 20:41 - 000082816 _____ (VSO Software) C:\Users\Steve\AppData\Roaming\pcouffin.sys 2016-01-09 12:05 - 2016-01-09 12:05 - 000001167 _____ () C:\Users\Steve\AppData\Roaming\trace_FilterInstaller.1.txt 2016-01-09 12:05 - 2016-01-09 12:52 - 000000905 _____ () C:\Users\Steve\AppData\Roaming\trace_FilterInstaller.txt 2016-01-09 12:05 - 2016-01-09 12:52 - 000000000 _____ () C:\Users\Steve\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt 2015-07-14 16:04 - 2015-08-06 10:34 - 000000000 _____ () C:\Users\Steve\AppData\Roaming\Tuner 2016-05-24 19:36 - 2016-05-24 19:36 - 266040255 _____ () C:\Users\Steve\AppData\Local\ACCCx3_6_0_248.zip.aamdownload 2016-05-24 19:36 - 2016-05-24 19:36 - 000003014 _____ () C:\Users\Steve\AppData\Local\ACCCx3_6_0_248.zip.aamdownload.aamd 2019-10-10 18:06 - 2019-10-10 18:06 - 000003584 _____ () C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2018-04-21 11:11 - 2018-04-21 11:11 - 000000058 _____ () C:\Users\Steve\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat 2020-01-17 10:58 - 2020-01-20 11:17 - 001065984 _____ () C:\Users\Steve\AppData\Local\file__0.localstorage 2018-10-05 20:24 - 2020-08-03 17:06 - 000000205 _____ () C:\Users\Steve\AppData\Local\oobelibMkey.log 2014-12-21 11:49 - 2014-12-21 11:51 - 000007605 _____ () C:\Users\Steve\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================