Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-02-2021 Ran by Joe (administrator) on DESKTOPTOWER (Gigabyte Technology Co., Ltd. X58A-UD5) (26-02-2021 11:57:20) Running from C:\Program Files\Farbar Loaded Profiles: Joe Platform: Microsoft Windows 10 Pro Version 20H2 19042.804 (X86) Language: English (United States) -> English (United Kingdom) Default browser: FF Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\AutoHotkey\AutoHotkey.exe () [File not signed] C:\Program Files\Kleptomania\KMania.exe (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files\Actual Window Manager\ActualWindowManagerCenter.exe (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files\Actual Window Manager\ActualWindowManagerShellCenter.exe (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) C:\Program Files\Actual Window Manager\LogonScreenService.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4> (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (BitTorrent Inc -> BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe (Code Sector) [File not signed] C:\Program Files\TeraCopy\TeraCopyService.exe (Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <8> (Google LLC -> Google LLC) C:\Program Files\Google\Update\1.3.36.72\GoogleCrashHandler.exe (Insight Software Solutions, Inc.) [File not signed] C:\Program Files\Macro Express Pro\MacExp.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ntvdm.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Nitro PDF Software -> Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe (PushBullet Inc -> Pushbullet Inc) C:\Users\Joe\AppData\Local\Pushbullet\bin\pushbullet_client.exe (SOFTPERFECT PTY. LTD. -> SoftPerfect) C:\Program Files\NetWorx\networx.exe (Sony Mobile Communications AB -> Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\Joe\AppData\Roaming\Telegram Desktop\Telegram.exe (Up to Eleven Digital Solutions GmbH) C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.2.0.0_x86__c9d6r4qvva5x8\mysms.exe (XemiComputers ltd.) [File not signed] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [5219656 2016-09-28] (SOFTPERFECT PTY. LTD. -> SoftPerfect) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [104160 2021-02-25] (Avast Software s.r.o. -> AVAST Software) HKLM\...\Policies\Explorer: [Nodrive Autorun] 0 HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [Active Desktop Calendar] => C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe [7608832 2011-11-23] (XemiComputers ltd.) [File not signed] HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [Kleptomania] => C:\Program Files\Kleptomania\KMania.exe [973312 2017-10-16] () [File not signed] HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-08] (Ruiware, LLC -> Ruiware) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Joe\AppData\Local\Microsoft\Teams\Update.exe [2350752 2020-06-11] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [Pushbullet] => C:\Program Files\Pushbullet\pushbullet.exe [345600 2015-07-01] (Pushbullet inc) [File not signed] HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [44344 2021-02-07] (Glarysoft LTD -> Glarysoft Ltd) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [uTorrent] => C:\Program Files\uTorrent\uTorrent.exe [399736 2019-04-18] (BitTorrent Inc -> BitTorrent, Inc.) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\ccleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Run: [Actual Window Manager] => C:\Program Files\Actual Window Manager\ActualWindowManagerCenter.exe [2193152 2020-10-11] (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Policies\system: [DisableLockWorkstation] 1 HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Policies\Explorer: [NoCookiesForDCFMC] 81<0 HKU\S-1-5-21-198903158-1304534811-4163729061-1007\...\Policies\system: [DisableLockWorkstation] 1 HKLM\...\Print\Monitors\Nitro PDF Port 13 Monitor: C:\WINDOWS\system32\NxPrinterMonitor13.dll [273160 2020-07-30] (Nitro Software, Inc. -> Nitro Software, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.190\Installer\chrmstp.exe [2021-02-25] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2020-07-03] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Macro Express Pro.lnk [2020-07-03] ShortcutTarget: Macro Express Pro.lnk -> C:\Program Files\Macro Express Pro\MacExp.exe (Insight Software Solutions, Inc.) [File not signed] Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autohotkey.lnk [2019-01-19] ShortcutTarget: autohotkey.lnk -> C:\Data\Batch Files\Autohotkey\autohotkey.bat () [File not signed] Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty_Recycle_Bin.lnk [2020-06-29] ShortcutTarget: Empty_Recycle_Bin.lnk -> C:\Data\Batch Files\VBS\Empty_Recycle_Bin.vbs () [File not signed] Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefox.lnk [2020-07-16] ShortcutTarget: Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mysms.lnk [2019-12-22] ShortcutTarget: mysms.lnk -> (No File) Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pushbullet.lnk [2020-07-02] ShortcutTarget: Pushbullet.lnk -> C:\Program Files\Pushbullet\pushbullet.exe (Pushbullet inc) [File not signed] Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2021-01-26] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter) Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SendLeap.lnk [2020-01-01] ShortcutTarget: SendLeap.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC -> Google LLC) Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2021-01-14] ShortcutTarget: Telegram.lnk -> C:\Users\Joe\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC) Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WLM.lnk [2015-10-09] ShortcutTarget: WLM.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (Microsoft Corporation -> Microsoft Corporation) BootExecute: autocheck autochk * NDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\AOMEI Backupper;C:\Users\Joe\AppData\Local\Microsoft\WindowsApps;C:\Users\Joe\AppData\Local\Programs\EmEditorPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 6 Model 44 Stepping 2, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=2c02PROG27B48B2C051=1ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesPSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\PUBLIC=C:\Users\PublicSAN_DIR=C:\Program Files\SiSoftware\SiSoftware Sandra Business 2016.SP1SystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\Users\Joe\AppData\Local\TempTMP=C:\Users\Joe\AppData\Local\TempUSERDOMAIN=DESKTOPTOWERUSERDOMAIN_ROAMINGPROFILE=DESKTOPTOWERUSERNAME=JoeUSERPROFILE=C:\Users\Joewindir=C:\WINDOWS__COMPAT_LAYER=DetectorsAppHealth GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08864895-7A0A-44C1-A691-43F3F6DF8E97} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4108000 2021-02-25] (Avast Software s.r.o. -> AVAST Software) Task: {1AA84EE5-ED74-4508-AB04-800F817C5524} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1696976 2014-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {258AA677-86CB-4D4F-9D77-CED823D0705B} - System32\Tasks\GMHSkipUAC => C:\Program Files\Glarysoft\Malware Hunter\MalwareHunter.exe [2441136 2020-12-20] (Glarysoft LTD -> Glarysoft Ltd) Task: {2A4BB477-D5D2-4159-A391-79CFC1D3D814} - System32\Tasks\{EB3B1F34-37CE-4AAC-9491-1B51A99EF057} => C:\Windows\system32\pcalua.exe -a "C:\Users\Joe\Downloads\Utilities\Voice & Video chat\GoogleVoiceAndVideoSetup.exe" -d "C:\Users\Joe\Downloads\Utilities\Voice & Video chat" Task: {2A6AAE0A-529B-4CF7-82E1-51C962140A40} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd) Task: {2D00380B-BCA4-47F0-92BB-DE86EA24A749} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40864 2021-01-26] (Garmin International, Inc. -> ) Task: {41B4479B-CE79-4E00-88A6-5910895E7BFC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1696976 2014-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {4819EA1D-C6B2-4A48-8554-E3257C37D1A6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft) Task: {48920FDE-4F57-4B1A-9581-2C84E84CF16B} - System32\Tasks\{79B648AB-D2C7-4CB6-B481-8750BB0C9223} => C:\Windows\system32\pcalua.exe -a "U:\Drivers\Brother Laser\SETUP.EXE" -d "U:\Drivers\Brother Laser" Task: {495F7F3D-F249-42FF-AF62-5CEA8A3945EE} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin\InstallManagerApp.exe [9431240 2016-03-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {4D1B8669-469B-4A21-AE33-428EF5B56156} - System32\Tasks\{5D2BF198-67A0-47E7-8C5F-A3524EDD536B} => C:\Windows\system32\pcalua.exe -a "U:\Utilities\WP51+\Tame v6\tame60.exe" -d "U:\Utilities\WP51+\Tame v6" Task: {62798434-2842-41A5-922E-E479E405DC6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {81A0B725-4B5F-4FC0-875E-BDFCEC4237FA} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-02-13] () [File not signed] Task: {895936EB-17D5-4A65-AD01-861BF8E4DCD3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1106128 2014-03-19] (Microsoft Corporation -> Microsoft Corporation) Task: {89C980E2-68AC-4FDE-B713-F7E7086CF301} - System32\Tasks\{1C8C8445-3AF3-4DD6-8C02-6694F42FDBE6} => C:\Windows\system32\pcalua.exe -a C:\Utilities\GTalk\GoogleVoiceAndVideoSetup.exe -d C:\Utilities\GTalk Task: {8F919ED4-806D-4EE1-B4FA-F65D9D44C5ED} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1550048 2021-02-24] (Avast Software s.r.o. -> Avast Software) Task: {A0BABFE1-F03C-4C2B-B95E-BCDA5FFC882E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {AA7AE67F-4EC8-4BDD-826D-3F6AF6F33F08} - System32\Tasks\GU5SkipUAC => C:\Program Files\Glary Utilities 5\Integrator.exe [917816 2021-02-07] (Glarysoft LTD -> Glarysoft Ltd) Task: {B47BF8F2-207F-414D-B278-3640571BDBD8} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => C:\Program Files\Future Systems Solutions\Casper 8.0\CASPER.EXE [12154288 2014-04-30] (Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.) Task: {B5CDF6ED-23F7-4FAC-8757-F008FA85F2F4} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform) Task: {C29C0A7B-324D-47E4-BA07-FA6EF99D1262} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} C:\Program Files\Windows Live\SOXE\wlsoxe.dll [192704 2014-03-31] (Microsoft Corporation -> Microsoft Corporation) Task: {C44EB20B-C9B1-4DC4-8625-B83CE2CDE70C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc -> Google Inc.) Task: {CE030FC7-013B-490A-83E2-F9FFBD8D7D59} - System32\Tasks\{25E6CB6D-8992-43FF-9440-629929607D3D} => C:\Windows\system32\pcalua.exe -a "C:\Users\Joe\Desktop\Brother Driver\eng\inst\setup.exe" -d "C:\Users\Joe\Desktop\Brother Driver\eng\inst" Task: {EC546FC1-8235-4E97-8B77-D2F6E056B8E3} - System32\Tasks\{F45CE27F-5014-49C7-9C3D-D02C23C9DF8A} => "c:\program files\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?source=lightinstaller&page=tsInstall Task: {F20713DE-957F-41A0-9DC0-D0FEBE841BA7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1106128 2014-03-19] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{ac4dbacb-ac43-4c15-845b-e2e36b51b764}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Edge: ======= Edge Extension: (IDM Integration Module) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.30.6.0_neutral__e7b5mm5d3r6v2 [2019-04-01] Edge DefaultProfile: Default Edge Profile: C:\Users\Joe\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-26] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Joe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-23] Edge Extension: (IDM Integration Module) - C:\Users\Joe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2021-01-02] Edge HKLM\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: 05pnfbxa.default FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\05pnfbxa.default [2021-02-26] FF Homepage: Mozilla\Firefox\Profiles\05pnfbxa.default -> about:newtab FF Notifications: Mozilla\Firefox\Profiles\05pnfbxa.default -> hxxps://www.tenforums.com FF Extension: (Add-on Compatibility Reporter) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\05pnfbxa.default\Extensions\compatibility@addons.mozilla.org.xpi [2020-07-16] [Legacy] FF Extension: (HTTPS Everywhere) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\05pnfbxa.default\Extensions\https-everywhere@eff.org.xpi [2021-01-29] FF Extension: (Auto-Sort Bookmarks) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\05pnfbxa.default\Extensions\sortbookmarks@bouanto.xpi [2020-07-16] [Legacy] FF Extension: (uBlock Origin) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\05pnfbxa.default\Extensions\uBlock0@raymondhill.net.xpi [2020-07-16] [Legacy] FF Extension: (Session Manager) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\05pnfbxa.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2020-08-18] [Legacy] FF Extension: (Password Exporter) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\05pnfbxa.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2020-07-16] [Legacy] FF Extension: (Video DownloadHelper) - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\05pnfbxa.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-07-17] FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-12-21] [Legacy] FF HKLM\...\Firefox\Extensions: [{682F8106-3DFC-4cde-98D2-285FCF23FD09}] - C:\Program Files\Tomabo\MP4 Downloader Pro\MP4DP_FF.xpi FF Extension: (MP4 Downloader Pro Extension) - C:\Program Files\Tomabo\MP4 Downloader Pro\MP4DP_FF.xpi [2016-07-26] [Legacy] FF HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files\Wondershare\AllMyTube\BrowserPlugin\kvallmytube@keepvid.com_xpi FF Extension: (KeepVid Pro) - C:\Program Files\Wondershare\AllMyTube\BrowserPlugin\kvallmytube@keepvid.com_xpi [2020-12-01] [Legacy] FF HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\Firefox\Extensions: [{31C8B8A4-6712-4A47-B378-2BE78B8EE9E1}] - C:\Program Files\Bigasoft\Video Downloader Pro\extensions\3.23.0.7627\BVDFirefoxExt FF Extension: (Bigasoft Video Downloader Pro) - C:\Program Files\Bigasoft\Video Downloader Pro\extensions\3.23.0.7627\BVDFirefoxExt [2020-12-01] [Legacy] [not signed] FF HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Joe\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Joe\AppData\Roaming\IDM\idmmzcc5 [2019-12-21] [Legacy] [not signed] FF HKU\S-1-5-21-198903158-1304534811-4163729061-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (Garmin International, Inc. -> GARMIN Corp.) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google Inc -> Google) FF Plugin: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [No File] FF Plugin: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [No File] FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc. -> Yahoo! Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-05] (VideoLAN -> VideoLAN) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default [2021-02-26] CHR Notifications: Default -> hxxps://app.mysms.com; hxxps://ocsnext.ebay.com.au; hxxps://seemendy.club; hxxps://sendleap.com CHR DefaultSearchURL: Default -> hxxps://static.xx.fbcdn.net/rsrc.php/yg/r/4_vfHVmZ5XD.ico CHR Extension: (Messenger) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikmbkiaomfbeknnagjbfgfckhlbnjnj [2020-08-18] CHR Extension: (Google Docs Offline) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-22] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-02-26] CHR Extension: (Chrome Web Store Payments) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30] CHR Extension: (Sendleap) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\phnjmiobjppgfeicepedmfnpjjmfjlha [2020-09-13] CHR Extension: (Chrome Media Router) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-27] CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM\...\Chrome\Extension: [jpnkpjikgipojkofgjjkfgdhfanggcdm] - C:\Program Files\Bigasoft\Video Downloader Pro\extensions\3.23.0.7627\BVDChromeExt.crx [2020-12-01] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2019-03-22] CHR HKU\S-1-5-21-198903158-1304534811-4163729061-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aim_LSService; C:\Program Files\Actual Window Manager\LogonScreenService.exe [95472 2020-10-11] (Actual Tools (Mikhail Yurievich Tretyakov IP) -> Actual Tools) R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7050776 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [563416 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [330976 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56904 2021-02-25] (Avast Software s.r.o. -> AVAST Software) S3 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [483184 2019-01-22] (CHENGDU AOMEI Tech Co., Ltd. -> AOMEI Tech Co., Ltd.) S3 caspereui; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [607976 2013-11-19] (Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.) S4 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [607976 2013-11-19] (Future Systems Solutions, Inc. -> Future Systems Solutions, Inc.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [5815504 2020-11-14] (Malwarebytes Inc -> Malwarebytes) R2 nlsX86cc; C:\Windows\system32\NLSSRV32.EXE [69640 2014-05-19] (Nitro PDF Software -> Nalpeiron Ltd.) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [426792 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation) S4 NvTelemetryContainer; C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460872 2018-01-24] (NVIDIA Corporation -> NVIDIA Corporation) S3 rpcapd; C:\Program Files\WinPcap\rpcapd.exe [117264 2011-02-12] (CACE Technologies, Inc. -> CACE Technologies, Inc.) S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Business 2016.SP1\RpcAgentSrv.exe [81968 2016-02-23] (SiSoftware SPC -> SiSoftware) [File not signed] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3996632 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [12834584 2021-01-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [57344 2016-07-29] (Code Sector) [File not signed] S4 uhssvc; C:\Program Files\Microsoft Update Health Tools\uhssvc.exe [259904 2021-02-05] (Microsoft Windows -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [2250992 2019-12-31] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [85240 2019-12-31] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WsDrvInst; C:\Program Files\Wondershare\UniConverter\Transfer\DriverInstall.exe [112560 2020-04-09] (Wondershare Technology Co.,Ltd -> Wondershare) R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2013024 2019-10-22] (Sony Mobile Communications AB -> Sony) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 ambakdrv; C:\WINDOWS\System32\ambakdrv.sys [26424 2015-02-26] (Aomei Technology Co., Limited -> ) [File not signed] R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [129720 2015-02-26] (Aomei Technology Co., Limited -> ) [File not signed] S3 ampa; C:\WINDOWS\system32\ampa.sys [35760 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> ) R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [14392 2015-02-26] (Aomei Technology Co., Limited -> ) [File not signed] R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [32896 2011-11-28] (AnvSoft Inc.) [File not signed] R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [33544 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [175872 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [287192 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206304 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [91616 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16320 2020-12-30] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39248 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [147728 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [376840 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [92696 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [71352 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [690144 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [384136 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [161312 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [276960 2021-02-25] (Avast Software s.r.o. -> AVAST Software) R2 BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed] S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [33200 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> ) R3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [29496 2016-09-29] (DEV47 APPS -> Dev47Apps) R3 DroidCamVideo; C:\WINDOWS\System32\drivers\droidcamvideo.sys [225592 2016-09-29] (DEV47 APPS -> Windows (R) Win 7 DDK provider) U3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [60232 2020-01-03] (EnigmaSoft Limited -> EnigmaSoft Limited) S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [31936 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) R0 EPMVolFlt; C:\WINDOWS\System32\drivers\EPMVolFlt.sys [28880 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider) S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10208 2018-10-24] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [27632 2021-02-20] (Microsoft Windows Hardware Compatibility Publisher -> Glarysoft Ltd) S3 GUMHFilters; C:\Program Files\Glarysoft\Malware Hunter\Native\winxp_x86\GUMHFilter.sys [41104 2020-11-23] (Glarysoft LTD -> Glarysoft Ltd) R1 GUSBootStartup; C:\WINDOWS\System32\drivers\GUSBootStartup.sys [25872 2020-03-03] (Glarysoft LTD -> Glarysoft Ltd) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [17360 2020-11-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [213912 2020-12-12] (Malwarebytes Inc -> Malwarebytes) R3 mf; C:\WINDOWS\System32\drivers\mf.sys [29696 2019-12-07] (Microsoft Windows -> Microsoft Corporation) R3 mv91cons; C:\WINDOWS\System32\drivers\mv91cons.sys [30440 2016-04-12] (Marvell Semiconductor, Inc. -> Marvell Semiconductor Inc.) R1 networx; C:\WINDOWS\System32\drivers\networx.sys [67640 2016-09-20] (SOFTPERFECT PTY. LTD. -> NetFilterSDK.com) R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2019-07-16] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_x86_9f540655d9eda3dd\nvlddmkm.sys [15367072 2018-06-13] (NVIDIA Corporation -> NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad32v.sys [53616 2018-01-24] (NVIDIA Corporation -> NVIDIA Corporation) S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [50248 2018-01-24] (NVIDIA Corporation -> NVIDIA Corporation) R1 PCIESER; C:\WINDOWS\system32\drivers\PCIESER.sys [67328 2014-10-09] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com) U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [70512 2021-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com) R1 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2015-11-10] (Microolap technologies -> microOLAP Technologies LTD) R1 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2015-11-10] (Microolap technologies -> microOLAP Technologies LTD) S3 RDPDISPM; C:\WINDOWS\System32\DRIVERS\rdpdispm.sys [15488 2010-09-22] (Microsoft Corporation) [File not signed] S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [33280 2020-10-14] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group) R3 rt640x86; C:\WINDOWS\System32\drivers\rt640x86.sys [956752 2018-09-04] (Realtek Semiconductor Corp. -> Realtek) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Business 2016.SP1\WNt600x86\Sandra.sys [23112 2009-08-07] (SiSoftware Ltd -> SiSoftware) R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [114304 2015-06-08] (Power Software Limited -> Power Software Ltd) S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [37472 2019-12-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [278456 2019-12-31] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [39368 2019-12-31] (Microsoft Windows -> Microsoft Corporation) S3 WsAudio_Device; C:\WINDOWS\system32\drivers\VirtualAudio.sys [27496 2015-02-27] (Wondershare Software Co., Ltd. -> Wondershare) R3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [213504 2019-12-07] (Microsoft Windows -> Microsoft Corporation) U1 aswbdisk; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-02-26 02:56 - 2021-02-26 02:56 - 000001180 _____ C:\Users\Joe\Desktop\loop this - Shortcut.lnk 2021-02-26 02:50 - 2021-02-26 02:50 - 000086276 _____ C:\-AAAJOBS.WPF 2021-02-25 17:48 - 2021-02-26 01:43 - 000000931 _____ C:\Users\Joe\Desktop\32Gb USB.txt 2021-02-25 11:27 - 2021-02-25 11:27 - 000003170 _____ C:\WINDOWS\system32\Tasks\klcp_update 2021-02-25 11:27 - 2021-02-25 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2021-02-25 11:27 - 2021-02-25 11:27 - 000000000 ____D C:\Program Files\K-Lite Codec Pack 2021-02-25 05:09 - 2021-02-25 05:09 - 000384136 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2021-02-25 05:09 - 2021-02-25 05:09 - 000376840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys 2021-02-25 05:09 - 2021-02-25 05:09 - 000286944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2021-02-25 05:09 - 2021-02-25 05:09 - 000276960 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2021-02-25 05:09 - 2021-02-25 05:09 - 000206304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2021-02-25 05:09 - 2021-02-25 05:09 - 000161312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2021-02-25 05:09 - 2021-02-25 05:09 - 000147728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2021-02-25 05:09 - 2021-02-25 05:09 - 000092696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2021-02-25 05:09 - 2021-02-25 05:09 - 000091616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2021-02-25 05:09 - 2021-02-25 05:09 - 000071352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2021-02-25 05:09 - 2021-02-25 05:09 - 000039248 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2021-02-25 05:09 - 2021-02-25 05:09 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2021-02-25 05:09 - 2021-02-25 05:08 - 000690144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2021-02-25 05:09 - 2021-02-25 05:08 - 000287192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2021-02-25 05:09 - 2021-02-25 05:08 - 000175872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2021-02-25 05:09 - 2021-02-25 05:08 - 000033544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2021-02-24 13:47 - 2021-02-24 13:47 - 025698703 _____ C:\Users\Joe\Desktop\2798-Smokescreen-_21_Feb_-_Edited_FINAL_(1).pdf 2021-02-23 16:15 - 2021-02-23 16:15 - 000016490 _____ C:\Users\Joe\Desktop\ChatTranscript_00024aG37W5C1BGD.html 2021-02-20 06:49 - 2021-02-23 21:32 - 000002212 _____ C:\WINDOWS\system32\Tasks\GU5SkipUAC 2021-02-20 06:49 - 2021-02-20 06:49 - 000027632 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys 2021-02-19 13:32 - 2021-02-23 21:32 - 000003194 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-02-17 04:45 - 2021-02-17 04:47 - 000000000 ____D C:\Users\Joe\Desktop\forum pics 2021-02-16 19:46 - 2021-02-16 19:46 - 000000000 ____D C:\Users\Joe\AppData\Local\Ico Converter 2021-02-16 14:47 - 2021-02-21 16:29 - 000000557 _____ C:\Users\Joe\Desktop\prob.txt 2021-02-16 14:14 - 2021-02-16 14:14 - 000158511 _____ C:\Users\Joe\Desktop\Lot_19_FeeNotice202104.pdf 2021-02-14 20:06 - 2021-02-14 20:06 - 000999966 _____ C:\A.TXT 2021-02-14 16:50 - 2019-07-16 18:42 - 000053299 _____ C:\WINDOWS\system32\pthreadVC.dll 2021-02-12 20:51 - 2021-02-12 20:51 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-02-12 15:24 - 2021-02-12 15:24 - 000000000 ____D C:\Users\Joe\Documents\EaseUS 2021-02-12 15:15 - 2021-02-12 15:15 - 000000000 ____D C:\Users\Joe\AppData\Roaming\EaseUS 2021-02-12 15:15 - 2021-02-12 15:15 - 000000000 ____D C:\Users\Joe\AppData\Local\EaseUS 2021-02-12 15:15 - 2021-02-12 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Video Editor 2021-02-12 15:15 - 2021-02-12 15:15 - 000000000 ____D C:\ProgramData\EaseUS 2021-02-12 13:58 - 2021-02-12 12:45 - 000413690 __RSH C:\bootmgr 2021-02-12 13:58 - 2019-12-07 17:07 - 000000001 ___SH C:\BOOTNXT 2021-02-12 12:45 - 2021-02-12 12:45 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-02-11 23:19 - 2021-02-11 23:30 - 000001125 _____ C:\Users\Joe\Documents\starburn.txt 2021-02-11 12:38 - 2021-02-16 13:18 - 000002750 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask 2021-02-09 14:42 - 2021-02-09 14:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira 2021-02-09 14:36 - 2021-02-09 14:36 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee 2021-02-08 15:43 - 2021-02-08 15:43 - 000000000 ____D C:\Program Files\Event Viewer 2021-02-08 12:45 - 2021-02-08 12:45 - 000070512 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS 2021-02-06 22:11 - 2018-02-20 12:33 - 000001011 _____ C:\Users\Joe\Desktop\Mp3tag.lnk 2021-02-06 10:20 - 2021-02-06 10:20 - 000000000 ____D C:\Program Files\Process Monitor 2021-02-06 09:08 - 2021-02-06 09:08 - 000000000 ____D C:\Program Files\System Info 2021-02-05 01:00 - 2021-02-26 11:27 - 000008192 ___SH C:\DumpStack.log.tmp 2021-02-04 13:12 - 2020-07-16 12:54 - 000455813 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20210204-131243.backup 2021-02-03 19:36 - 2021-02-03 19:40 - 000000000 ____D C:\Users\Joe\Documents\New folder 2021-02-03 19:24 - 2018-03-10 21:19 - 000001973 _____ C:\Users\Joe\Desktop\FreeVideoFlipAndRotate.lnk 2021-02-02 13:38 - 2021-02-05 01:00 - 2654300584 _____ C:\WINDOWS\Minidump 2021-02-02 10:41 - 2021-02-02 10:43 - 000000000 ____D C:\Program Files\Prime 95 2021-01-30 03:09 - 2021-01-30 03:09 - 000000000 ____D C:\Users\Jo\AppData\Local\PeerDistRepub 2021-01-29 18:06 - 2021-01-29 18:06 - 000002400 _____ C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-01-29 18:06 - 2021-01-29 18:06 - 000000000 ____D C:\Users\Jo\Documents\Insight Software 2021-01-29 18:05 - 2021-01-29 18:06 - 000000000 ___RD C:\Users\Jo\OneDrive 2021-01-29 18:04 - 2021-01-29 18:04 - 000002298 _____ C:\Users\Jo\Desktop\Microsoft Edge.lnk 2021-01-29 18:04 - 2021-01-29 18:04 - 000002284 _____ C:\Users\Jo\Desktop\Google Chrome.lnk 2021-01-29 18:04 - 2021-01-29 18:04 - 000000020 ___SH C:\Users\Jo\ntuser.ini 2021-01-28 23:08 - 2021-01-28 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer 2021-01-28 23:03 - 2021-01-28 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro 2021-01-28 23:03 - 2021-01-28 23:03 - 000000000 ____D C:\Program Files\FlashIntegro 2021-01-28 23:03 - 2021-01-20 12:06 - 000072872 _____ (Multilab LLC) C:\WINDOWS\system32\mslvddsfilter5.ax ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-02-26 11:57 - 2020-01-05 09:58 - 000000000 ____D C:\FRST 2021-02-26 11:57 - 2019-04-18 00:52 - 000000000 ____D C:\Users\Joe\AppData\Roaming\uTorrent 2021-02-26 11:56 - 2020-01-06 00:06 - 000000000 ____D C:\Program Files\Farbar 2021-02-26 11:48 - 2019-10-03 23:23 - 000000000 ____D C:\ProgramData\AVAST Software 2021-02-26 11:47 - 2019-12-11 10:16 - 000000000 ____D C:\WP51 2021-02-26 11:33 - 2020-11-03 12:44 - 000006714 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-02-26 11:29 - 2014-09-13 21:08 - 000000000 ____D C:\Program Files\CCleaner 2021-02-26 11:27 - 2020-09-28 01:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-02-26 11:27 - 2020-07-02 11:59 - 000000000 ____D C:\Users\Joe\AppData\Local\Pushbullet 2021-02-26 11:27 - 2019-12-07 17:12 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-02-26 11:27 - 2019-02-18 12:04 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Telegram Desktop 2021-02-26 11:27 - 2019-01-24 22:14 - 000000000 ____D C:\Program Files\TeamViewer 2021-02-26 11:27 - 2017-09-02 16:17 - 000000000 ____D C:\Users\Joe\AppData\LocalLow\Mozilla 2021-02-26 11:27 - 2011-12-06 23:41 - 000000000 ____D C:\ProgramData\NVIDIA 2021-02-26 03:12 - 2019-12-07 17:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-02-26 03:11 - 2018-07-30 18:06 - 000000000 ____D C:\Users\Joe\AppData\Roaming\vlc 2021-02-26 02:16 - 2020-09-28 01:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-02-26 02:06 - 2013-02-01 19:24 - 000000000 ____D C:\OutputFolder 2021-02-26 02:05 - 2018-02-09 21:35 - 000000000 ____D C:\Users\Joe\AppData\Local\CrashDumps 2021-02-26 01:57 - 2014-05-23 19:17 - 000000000 ____D C:\Captures 2021-02-26 01:10 - 2019-04-01 21:52 - 000000000 ____D C:\Users\Joe\AppData\Roaming\DMCache 2021-02-25 05:09 - 2019-12-07 17:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-02-25 02:26 - 2020-08-08 00:30 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-02-24 21:47 - 2020-05-23 14:46 - 000000000 ____D C:\Users\Joe\AppData\Roaming\MightyText 2021-02-24 20:30 - 2021-01-20 23:28 - 000000000 ____D C:\Users\Joe\Desktop\MightyText 2021-02-23 21:32 - 2021-01-04 20:01 - 000002232 _____ C:\WINDOWS\system32\Tasks\GMHSkipUAC 2021-02-23 21:32 - 2020-11-03 12:46 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-02-23 21:32 - 2020-11-03 12:46 - 000003110 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-02-23 21:32 - 2020-11-03 12:46 - 000002234 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2021-02-23 21:32 - 2020-11-03 12:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software 2021-02-23 16:40 - 2020-11-30 18:17 - 000000000 ____D C:\Data 2021-02-22 12:38 - 2019-06-02 22:39 - 000000000 ____D C:\Users\Joe\AppData\Local\Greenshot 2021-02-20 21:27 - 2018-02-20 12:33 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Mp3tag 2021-02-20 14:45 - 2019-12-07 17:10 - 000000000 ____D C:\WINDOWS\INF 2021-02-20 06:54 - 2019-01-24 22:14 - 000000000 ____D C:\Users\Joe\AppData\Roaming\TeamViewer 2021-02-20 06:49 - 2016-01-10 10:13 - 000001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2021-02-20 06:49 - 2016-01-10 10:13 - 000000000 ____D C:\Program Files\Glary Utilities 5 2021-02-16 19:46 - 2020-12-05 18:57 - 000000000 ____D C:\Users\Joe\AppData\Roaming\IcoFX2 2021-02-15 23:55 - 2018-05-18 13:26 - 000000000 ____D C:\Users\Joe\AppData\Local\D3DSCache 2021-02-14 19:51 - 2019-04-22 13:40 - 000000000 ____D C:\Program Files\Hard Disk Sentinel 2021-02-14 14:49 - 2017-04-25 16:03 - 000000000 ____D C:\Users\Joe\AppData\Local\ConnectedDevicesPlatform 2021-02-14 09:22 - 2019-04-14 02:38 - 000000000 ____D C:\Users\Joe\AppData\Local\Adobe 2021-02-13 00:34 - 2018-11-18 01:09 - 000000000 ____D C:\Users\Joe\AppData\Local\Apowersoft 2021-02-13 00:34 - 2018-09-22 09:02 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Apowersoft 2021-02-12 15:15 - 2017-04-14 07:51 - 000000000 ____D C:\Program Files\EaseUS 2021-02-12 13:58 - 2020-09-28 01:44 - 000482176 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-02-12 13:56 - 2020-02-20 10:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB 2021-02-12 13:56 - 2019-12-07 17:45 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-02-12 13:56 - 2019-12-07 17:12 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-02-12 13:56 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\SystemResources 2021-02-12 13:56 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-02-12 13:56 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\Keywords 2021-02-12 13:56 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-02-12 13:56 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-02-12 13:56 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-02-12 13:56 - 2019-12-07 17:12 - 000000000 ____D C:\Program Files\Common Files\System 2021-02-12 13:56 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing 2021-02-12 12:47 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-02-12 12:39 - 2013-08-14 21:32 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-02-12 12:30 - 2012-01-07 11:47 - 127354856 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-02-11 12:43 - 2012-02-18 09:20 - 000000000 ____D C:\ProgramData\Garmin 2021-02-11 12:38 - 2019-03-12 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2021-02-11 12:38 - 2018-01-12 14:36 - 000000000 ____D C:\Program Files\Garmin 2021-02-11 12:38 - 2015-02-19 13:13 - 000000000 ____D C:\ProgramData\Package Cache 2021-02-09 18:02 - 2016-02-12 17:39 - 000000000 ____D C:\ProgramData\Wondershare 2021-02-09 15:04 - 2020-07-16 23:43 - 000000000 ____D C:\Program Files\Avira 2021-02-09 14:53 - 2020-11-03 12:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\Safer-Networking 2021-02-09 14:51 - 2017-07-02 23:30 - 000000079 _____ C:\WINDOWS\wininit.ini 2021-02-09 14:42 - 2020-07-16 23:43 - 000000000 ____D C:\ProgramData\Avira 2021-02-09 14:26 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\Macromed 2021-02-09 14:13 - 2020-11-04 07:28 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2021-02-09 14:13 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\system32\config\Journal 2021-02-05 09:15 - 2019-12-31 22:54 - 000001024 ____H C:\AMTAG.BIN 2021-02-05 09:15 - 2019-12-09 23:04 - 000028592 _____ C:\WINDOWS\GA_OF.dat 2021-02-02 14:20 - 2020-11-04 22:16 - 000000000 ____D C:\Program Files\Activator for Win10 & Office 2021-02-02 12:36 - 2018-03-25 08:39 - 000000000 ____D C:\EEK 2021-02-01 20:56 - 2016-07-25 01:51 - 000007617 _____ C:\Users\Joe\AppData\Local\Resmon.ResmonCfg 2021-01-30 10:51 - 2019-12-07 17:12 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-01-29 18:51 - 2020-03-27 22:45 - 000000000 ____D C:\Users\Jo\AppData\Local\CrashDumps 2021-01-29 18:21 - 2020-03-27 22:45 - 000000000 ____D C:\Users\Jo\AppData\Local\Packages 2021-01-29 18:21 - 2019-12-07 17:12 - 000000000 ___HD C:\Program Files\WindowsApps 2021-01-29 18:20 - 2019-12-07 17:12 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-01-29 18:07 - 2020-03-27 23:23 - 000000000 ____D C:\Users\Jo\AppData\Local\PlaceholderTileLogoFolder 2021-01-29 18:05 - 2020-11-03 12:34 - 000000000 ____D C:\Users\Jo 2021-01-29 18:04 - 2020-03-27 22:45 - 000000000 ___RD C:\Users\Jo\Virtual Machines 2021-01-29 18:04 - 2020-03-27 22:45 - 000000000 ___RD C:\Users\Jo\3D Objects 2021-01-29 16:52 - 2018-02-20 12:33 - 000000000 ____D C:\Program Files\Mp3tag 2021-01-28 23:15 - 2015-06-10 22:37 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU 2021-01-28 23:15 - 2015-06-10 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU 2021-01-28 23:15 - 2015-06-10 22:35 - 000000000 ____D C:\Program Files\AVS4YOU 2021-01-28 23:08 - 2019-07-13 00:09 - 000000000 ____D C:\Program Files\SMPlayer 2021-01-28 23:03 - 2018-07-25 09:16 - 000000000 ____D C:\Program Files\Common Files\FlashIntegro 2021-01-28 18:40 - 2020-10-17 02:02 - 000001991 _____ C:\Users\Joe\Desktop\StartUps.lnk 2021-01-28 17:07 - 2018-02-24 23:23 - 000000000 ____D C:\Users\Joe\AppData\Local\AnyMP4 Studio 2021-01-28 17:06 - 2017-10-29 18:36 - 000000000 ____D C:\Users\Joe\AppData\Local\Apps\2.0 2021-01-28 17:04 - 2019-11-03 00:58 - 000000000 ____D C:\Users\Joe\AppData\Local\cache 2021-01-28 17:02 - 2017-04-08 13:20 - 000000000 ____D C:\Users\Joe\AppData\Local\Clipboarder 2021-01-28 17:01 - 2016-07-24 16:30 - 000000000 ____D C:\Users\Joe\AppData\Local\Comms 2021-01-28 16:58 - 2018-07-08 20:25 - 000000000 ____D C:\Users\Joe\AppData\Local\ConverterAgent 2021-01-28 16:55 - 2019-06-14 10:02 - 000000000 ____D C:\Users\Joe\AppData\Local\Downloaded Installations 2021-01-28 16:49 - 2012-07-31 22:06 - 000000000 ____D C:\Users\Joe\AppData\Local\GARMIN_Corp 2021-01-28 16:48 - 2015-06-01 21:35 - 000000000 ____D C:\Users\Joe\AppData\Local\Garmin_Ltd._or_its_subsid 2021-01-28 16:06 - 2011-12-11 08:28 - 000000000 ____D C:\Users\Joe\AppData\Local\Microsoft Help 2021-01-28 11:21 - 2015-03-08 19:53 - 000000000 ____D C:\Users\Joe\AppData\Local\MPlayer 2021-01-28 10:25 - 2012-02-27 21:05 - 000000000 ____D C:\Users\Joe\AppData\Roaming\dvdcss 2021-01-28 10:23 - 2015-09-01 16:11 - 000000000 ____D C:\Users\Joe\AppData\Roaming\DVDVideoSoft 2021-01-28 10:18 - 2012-08-06 01:42 - 000000000 ____D C:\Users\Joe\AppData\Roaming\FotoTagger 2021-01-28 09:26 - 2020-01-18 22:35 - 000000000 ____D C:\Users\Joe\AppData\Roaming\TeraCopy 2021-01-28 09:21 - 2016-05-13 23:18 - 000000000 ____D C:\Users\Joe\AppData\Roaming\ViberPC 2021-01-28 09:09 - 2017-10-22 16:38 - 000000000 ____D C:\Users\Joe\AppData\Roaming\Wise Duplicate Finder ==================== Files in the root of some directories ======== 2020-03-30 12:17 - 2020-03-30 12:17 - 000000044 _____ () C:\Users\Joe\IP_Log_Data.js 2013-02-17 14:27 - 2013-02-17 14:27 - 002174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll 2014-12-03 14:31 - 2016-01-11 22:16 - 000087608 _____ () C:\Users\Joe\AppData\Roaming\inst.exe 2020-03-30 12:18 - 2020-03-30 12:18 - 000000017 _____ () C:\Users\Joe\AppData\Roaming\Network Meter_Usage.ini 2020-07-02 12:55 - 2020-07-02 12:55 - 000000114 _____ () C:\Users\Joe\AppData\Roaming\Network Monitor II_#0_Traffic.ini 2014-12-03 14:31 - 2016-01-11 22:16 - 000007887 _____ () C:\Users\Joe\AppData\Roaming\pcouffin.cat 2014-12-03 14:31 - 2016-01-11 22:16 - 000001144 _____ () C:\Users\Joe\AppData\Roaming\pcouffin.inf 2014-12-03 14:31 - 2016-01-11 22:16 - 000000033 _____ () C:\Users\Joe\AppData\Roaming\pcouffin.log 2014-12-03 14:31 - 2016-01-11 22:16 - 000047360 _____ (VSO Software) C:\Users\Joe\AppData\Roaming\pcouffin.sys 2020-05-08 01:54 - 2016-02-18 00:30 - 015384576 _____ () C:\Users\Joe\AppData\Roaming\Sandra.mdb 2020-03-30 12:19 - 2020-07-02 12:56 - 000000115 _____ () C:\Users\Joe\AppData\Roaming\System Monitor II_UptimeRecord.ini 2020-10-02 21:57 - 2020-10-02 21:57 - 000000600 _____ () C:\Users\Joe\AppData\Roaming\winscp.rnd 2019-10-06 21:45 - 2019-10-07 22:37 - 000001435 _____ () C:\Users\Joe\AppData\Local\oobelibMkey.log 2016-07-25 01:51 - 2021-02-01 20:56 - 000007617 _____ () C:\Users\Joe\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================