Jump to content

johnnydandelion

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

1 Neutral
  1. Thanks Kevin. That fixed it. You are a champion! Here are the file. malwarebytes.txt AdwCleaner[S05].txt Fixlog.txt msert.log
  2. I have a malware that I cannot seem to get rid through the anti-virus program. Every time I I restart my computer and connect to the internet, files are created in Windows\Temp and my anti-virus software quarantines and removes it (XMRig Miner and Generic PUA OI). It also automatically disables my Task Manager through adding entries into Regedit (I restore it deleting the entries in Regedit) and creates incoming/outcoming exceptions in my Firewall settings. Thanks for any help you can give me. -------------------------------- My FRST scan shows this: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-01-2021 Ran by jackk (administrator) on DESKTOP-OLNNLBI (20-01-2021 18:26:00) Running from C:\Users\jackk\OneDrive\Desktop Loaded Profiles: jackk Platform: Windows 10 Home Version 2004 19041.746 (X64) Default browser: "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --single-argument %1 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe <18> (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe (Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2011.16.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.740_none_e752aa59261f271f\TiWorker.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3> (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (Realtek Semiconductor Corp. -> ) C:\Windows\runSW.exe (Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SEDService.exe (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SSPService.exe (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942936 2018-11-02] (Logitech -> Logitech, Inc.) HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [465288 2019-09-26] (Express Vpn LLC -> ExpressVPN) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [401464 2019-09-27] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1542560 2020-08-26] (Sophos Ltd -> Sophos Limited) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [670856 2020-04-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [896136 2020-04-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-19\...\Policies\system: [] HKU\S-1-5-19\...\Policies\system: [DisableTaskMgr] 1 HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-20\...\Policies\system: [] HKU\S-1-5-20\...\Policies\system: [DisableTaskMgr] 1 HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50010064 2020-11-03] (Google LLC -> ) HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\jackk\AppData\Local\Microsoft\Teams\Update.exe [1790704 2019-10-17] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\Run: [Steam] => D:\Steam\steam.exe [3424032 2020-10-29] (Valve -> Valve Corporation) HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5491248 2020-12-08] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATISPE.EXE [418000 2016-07-14] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [2166200 2021-01-19] (Brave Software, Inc. -> Brave Software, Inc.) HKU\S-1-5-18\...\Policies\system: [] HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1 HKLM\...\Print\Monitors\EPSON L6190 Series 64MonitorBE: C:\Windows\system32\E_YLMBSPE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation) HKLM\...\Print\Monitors\EPSON PC-FAX Driver2 64Monitor: C:\Windows\system32\EFXLM16A.DLL [182784 2020-04-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed] HKLM\...\Print\Monitors\PDF-XChange Standard Port Monitor: C:\WINDOWS\system32\pxcpm.dll [2044248 2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-12] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\88.1.19.86\Installer\chrmstp.exe [2021-01-20] (Brave Software, Inc. -> Brave Software, Inc.) Startup: C:\Users\jackk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2020-02-15] ShortcutTarget: Twitch.lnk -> C:\Users\jackk\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {087DB6E6-C920-47CA-B8FC-25EE0E989E61} - System32\Tasks\EPSON L6190 Series Update {FF71275C-7191-42E6-84BE-B8DFA96C50B3} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSPE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) Task: {0ADC3CAA-A81E-42C7-B12F-33CB028737A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-16] (Microsoft Corporation -> Microsoft Corporation) Task: {1A181AC6-D0B7-4F6F-81E1-AF35F83437F9} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {20F9B8C7-60C6-498E-A07A-46C3F4F5E987} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-06-18] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {329B9C37-35CF-4383-A0B9-7D89AB5BBBE3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {3710EE9C-56C5-49D4-9322-A66575DFD3A6} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation) Task: {379B7EE1-0BE1-48FD-A0F7-40B2FAF52735} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation) Task: {3A108886-5365-4258-9CB6-AEDF527532FB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation) Task: {3A41EB86-60CB-4B63-A0E4-01AD60E6B48B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {46898FE1-CEB0-4FB9-99A6-7F9CEE926F68} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4712829F-53B0-469B-AEC6-B76A8DFACECB} - System32\Tasks\nv4drv => C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\86D92E552AB84E1CB98DD9F875076466\5903A58C50B74856A21B5C8F2EDFC4D6.vbe [748056 2021-01-20] () [File not signed] <==== ATTENTION Task: {4AF587D5-3AEA-486E-9437-77651D26AA50} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-16] (Microsoft Corporation -> Microsoft Corporation) Task: {4E8BE2F8-1097-41B3-8850-D6C48F83B63B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-16] (Microsoft Corporation -> Microsoft Corporation) Task: {512E5D4F-944C-4AE3-8CCA-4ACD19195975} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {5414E23C-23C6-4D76-9825-6F3B3D44DFC7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1683352 2021-01-16] (Microsoft Corporation -> Microsoft Corporation) Task: {6BBCD9CA-88A1-4C42-9C11-69B5156B8F85} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-16] (Microsoft Corporation -> Microsoft Corporation) Task: {6D744FD3-2A61-4D8A-B349-AFD607C5200A} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [64920 2020-02-13] (Microsoft Corporation -> Microsoft) Task: {780F36F7-883B-4628-AFCA-F45A14E3A9C0} - System32\Tasks\EPSON L6190 Series Update {7B961670-95DB-473D-871B-C9D578414F52} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSPE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) Task: {7A336CC0-EB8E-4049-8975-F825A6D6E763} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.) Task: {88AD4BE4-5FC1-43A8-82F7-D3C8B31A1F63} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8AE913B3-0451-4115-8A52-C14E1986937B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {9C23198D-194D-4236-8003-8DA3CE2ABDCF} - System32\Tasks\WindowsTaskCoreUpdate => C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\0D582809304449EF8B5E122302EF84E3\BD2BB037CD9643DC95D8C61707A8C650.vbe [24140 2021-01-20] () [File not signed] <==== ATTENTION Task: {A279BE17-D05B-4312-97A5-6B86E9E460B2} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-11-23] () [File not signed] Task: {A450E91B-D231-4EC9-BB2F-F9A2C511D722} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-06-18] (Brave Software, Inc. -> BraveSoftware Inc.) Task: {AC7C7A4D-3033-46FF-89F2-B6C6E63035BC} - System32\Tasks\AdwCleaner_onReboot => C:\Users\jackk\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\adwcleaner_8.0.4 (1).exe Task: {ADD887FB-0C14-4917-A548-7EDD469A3189} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {CFB541A2-1C52-4B39-B3E6-6A52173B28B3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {DE2F2374-E60C-46ED-A88F-5BADD5C9E619} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-16] (Google Inc -> Google LLC) Task: {DFD5FFBB-436A-4D46-B6B0-58111563DFB5} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F969C401-7D87-4838-907E-F2301DC6EB5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-16] (Google Inc -> Google LLC) Task: {FCB9FFF5-F463-4AE7-A272-EB15542BB47D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\EPSON L6190 Series Update {7B961670-95DB-473D-871B-C9D578414F52}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSPE.EXE:/EXE:{7B961670-95DB-473D-871B-C9D578414F52} /F:UpdateWORKGROUP\DESKTOP-OLNNLBI$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\EPSON L6190 Series Update {FF71275C-7191-42E6-84BE-B8DFA96C50B3}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSPE.EXE:/EXE:{FF71275C-7191-42E6-84BE-B8DFA96C50B3} /F:UpdateWORKGROUP\DESKTOP-OLNNLBI$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{87a5212c-193d-4d1c-a824-07206d2eddf3}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{b47b7b52-9c38-41b6-ae1a-e0ceba01e74f}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{e2507a06-7ece-4429-abe7-eab99ed3ed26}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge Extension: (Grammarly for Microsoft Edge) -> EdgeExtension_GrammarlyGrammarlyforMicrosoftEdge_zee0y2571dhse => C:\Program Files\WindowsApps\Grammarly.GrammarlyforMicrosoftEdge_1.121.2317.0_neutral__zee0y2571dhse [2020-04-17] Edge Profile: C:\Users\jackk\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-20] FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-01-16] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-16] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-01-16] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-06-18] (Brave Software, Inc. -> BraveSoftware Inc.) FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-06-18] (Brave Software, Inc. -> BraveSoftware Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-08] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems) FF Plugin HKU\S-1-5-21-1641942009-3868922671-2432026576-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1641942009-3868922671-2432026576-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1641942009-3868922671-2432026576-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.) Chrome: ======= CHR Profile: C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default [2020-12-21] CHR Notifications: Default -> hxxps://admin.yelo.red; hxxps://astra.yelo.red; hxxps://calendar.google.com; hxxps://jungleworks.com; hxxps://www.techinasia.com CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Extension: (Slides) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-16] CHR Extension: (Docs) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-16] CHR Extension: (Google Drive) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-21] CHR Extension: (Ledger Manager) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2019-10-17] CHR Extension: (YouTube) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-16] CHR Extension: (Visual CV: Online Resume Builder) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaficoeoafjilohgbmjkiflobhcbifnl [2019-10-17] CHR Extension: (Adobe Acrobat) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-21] CHR Extension: (Sheets) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-16] CHR Extension: (ExpressVPN: VPN proxy to unblock everything) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2020-12-21] CHR Extension: (Google Docs Offline) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-21] CHR Extension: (Resume (CV) Maker) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpbnepipgmcpkdglgbcfmcecaoflaemc [2019-10-17] CHR Extension: (Wappalyzer) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2020-12-21] CHR Extension: (Ledger Wallet Ethereum) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlhkialjkaldndjnlcdfdphcgeadkkm [2019-10-17] CHR Extension: (Cisco Webex Extension) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-06-16] CHR Extension: (Grammarly for Chrome) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-12-21] CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2019-10-17] CHR Extension: (NCapture) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2020-07-03] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-12-21] CHR Extension: (TubeBuddy) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2020-12-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-16] CHR Extension: (Gmail) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-21] CHR Extension: (Chrome Media Router) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-21] CHR HKLM\...\Chrome\Extension: [blgipgnbmnikbdecnjmgckmndlkebhid] CHR HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] CHR HKLM-x32\...\Chrome\Extension: [blgipgnbmnikbdecnjmgckmndlkebhid] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] Opera: ======= StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe Brave: ======= BRA DefaultProfile: Default BRA Profile: C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-01-20] BRA Notifications: Default -> hxxps://calendar.google.com; hxxps://pollev.com; hxxps://www.facebook.com BRA DefaultSearchKeyword: Default -> :g BRA Extension: (Google Translate) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-07-15] BRA Extension: (PDF-XChange) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\blgipgnbmnikbdecnjmgckmndlkebhid [2021-01-18] BRA Extension: (Adobe Acrobat) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-16] BRA Extension: (ExpressVPN: VPN proxy to unblock everything) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2021-01-18] BRA Extension: (Wappalyzer) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2021-01-07] BRA Extension: (Cisco Webex Extension) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-06-18] BRA Extension: (Grammarly for Chrome) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-01-09] BRA Extension: (Application Launcher for Drive (by Google)) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-13] BRA Extension: (TubeBuddy) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2021-01-16] BRA Extension: (Crypto Wallets) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl\1.0.24 [2020-11-27] BRA Profile: C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Guest Profile [2020-07-23] BRA Extension: (NCapture) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Guest Profile\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2020-07-23] BRA Extension: (Brave Local Data Files Updater) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-01-20] BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-01-20] BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-07-16] BRA Extension: (Crowd Deny) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crowd Deny [2020-11-02] BRA Extension: (chromeEnterpriseConnectors) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\ECSerivceProvidersConfig [2020-08-14] BRA Extension: (Brave User Model Installer) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\emgmepnebbddgnkhfmhdhmjifkglkamo [2021-01-16] BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2020-06-18] BRA Extension: (Brave NTP sponsored images) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\hlcinbnbfgoealjpgmoacabdkapmjjfj [2021-01-20] BRA Extension: (intervention_policy_database) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\InterventionPolicyDatabase [2020-08-14] BRA Extension: (Brave SpeedReader Updater) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2020-08-13] BRA Extension: (Crypto Wallets) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl [2020-12-04] BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-01-20] BRA Extension: (Origin Trials Updates) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\OriginTrials [2020-10-08] BRA Extension: (safetyTips) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\SafetyTips [2020-11-02] BRA Extension: (sslErrorAssistant) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\SSLErrorAssistant [2020-08-14] BRA Extension: (legacyTLSDeprecation) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\TLSDeprecationConfig [2020-08-14] BRA Extension: (WidevineCdm) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\WidevineCdm [2020-12-05] BRA Extension: (zxcvbnData) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\ZxcvbnData [2020-11-01] StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated) S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-06-18] (Brave Software, Inc. -> BraveSoftware Inc.) S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-06-18] (Brave Software, Inc. -> BraveSoftware Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8854920 2021-01-10] (Microsoft Corporation -> Microsoft Corporation) R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2019-11-05] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA) S4 PanoptoRecorderService; C:\Program Files\Panopto\Recorder\Recorder.exe [1476704 2019-06-20] (Panopto Inc. -> Panopto, Inc) S3 Rockstar Service; f:\Program Files\Rockstar Games\Launcher\RockstarService.exe [474256 2019-11-18] (Rockstar Games, Inc. -> Rockstar Games) R2 RunSwUSB; C:\Windows\runSW.exe [59232 2019-08-19] (Realtek Semiconductor Corp. -> ) R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [300688 2020-10-22] (Sophos Ltd -> Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [217064 2020-10-22] (Sophos Ltd -> Sophos Limited) R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe [4927592 2020-08-26] (Sophos Ltd -> Sophos Limited) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [779392 2020-08-26] (Sophos Ltd -> Sophos Limited) R2 Sophos Endpoint Defense Service; C:\Program Files\Sophos\Endpoint Defense\SEDService.exe [3477760 2020-08-26] (Sophos Ltd -> Sophos Limited) R2 Sophos System Protection Service; C:\Program Files\Sophos\Endpoint Defense\SSPService.exe [10578600 2020-08-26] (Sophos Ltd -> Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [351336 2020-10-22] (Sophos Ltd -> Sophos Limited) R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [484072 2020-10-22] (Sophos Ltd -> Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3606872 2020-10-22] (Sophos Ltd -> Sophos Limited) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-06-05] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-06-05] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 duetbus; C:\WINDOWS\System32\drivers\duetbus.sys [32512 2019-03-25] (Duet, Inc. -> Duet, Inc.) S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [28160 2019-09-26] (ExprsVPN LLC -> ) R1 SAVOnAccess; C:\WINDOWS\System32\DRIVERS\savonaccess.sys [216280 2020-08-26] (Sophos Ltd -> Sophos Limited) S3 sdcfilter; C:\WINDOWS\system32\DRIVERS\sdcfilter.sys [38144 2020-05-23] (Sophos Limited -> Sophos Limited) R1 sntp; C:\WINDOWS\system32\DRIVERS\sntp.sys [227152 2020-08-26] (Sophos Ltd -> Sophos Limited) S0 Sophos ELAM; C:\WINDOWS\System32\DRIVERS\SophosEL.sys [22152 2020-08-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Sophos Limited) R0 Sophos Endpoint Defense; C:\WINDOWS\System32\DRIVERS\SophosED.sys [1188944 2020-08-26] (Sophos Ltd -> Sophos Limited) S4 SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [45840 2020-05-23] (Sophos Limited -> Sophos Limited) R1 swi_callout; C:\WINDOWS\system32\DRIVERS\swi_callout.sys [47760 2020-05-23] (Sophos Limited -> Sophos Limited) R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45440 2019-09-26] (ExprsVPN LLC -> The OpenVPN Project) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [401120 2020-06-05] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-05] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-20 18:25 - 2021-01-20 18:26 - 000000000 ____D C:\FRST 2021-01-20 18:24 - 2021-01-20 18:24 - 002295808 _____ (Farbar) C:\Users\jackk\Downloads\FRST64.exe 2021-01-18 13:39 - 2021-01-18 13:39 - 000000000 ____D C:\Users\jackk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2021-01-17 23:17 - 2021-01-18 08:52 - 000321128 _____ C:\WINDOWS\ntbtlog.txt 2021-01-17 11:50 - 2021-01-17 11:50 - 008458096 _____ (Malwarebytes) C:\Users\jackk\Downloads\adwcleaner_8.0.9.exe 2021-01-15 23:14 - 2021-01-15 23:14 - 000000000 ____D C:\Users\jackk\AppData\Roaming\Tracker Software 2021-01-15 23:13 - 2021-01-15 23:13 - 000001249 _____ C:\Users\Public\Desktop\PDF-XChange Office2PDF.lnk 2021-01-15 23:13 - 2021-01-15 23:13 - 000001249 _____ C:\ProgramData\Desktop\PDF-XChange Office2PDF.lnk 2021-01-15 23:13 - 2021-01-15 23:13 - 000001115 _____ C:\Users\Public\Desktop\PDF-XChange Editor.lnk 2021-01-15 23:13 - 2021-01-15 23:13 - 000001115 _____ C:\ProgramData\Desktop\PDF-XChange Editor.lnk 2021-01-15 23:13 - 2021-01-15 23:13 - 000001097 _____ C:\Users\Public\Desktop\PDF Tools.lnk 2021-01-15 23:13 - 2021-01-15 23:13 - 000001097 _____ C:\ProgramData\Desktop\PDF Tools.lnk 2021-01-15 23:13 - 2021-01-15 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker Software 2021-01-15 23:13 - 2021-01-15 23:13 - 000000000 ____D C:\ProgramData\FileOpen 2021-01-15 23:13 - 2021-01-15 23:13 - 000000000 ____D C:\Program Files\Tracker Software 2021-01-15 23:13 - 2021-01-15 23:13 - 000000000 ____D C:\Program Files\Common Files\Tracker Software 2021-01-15 23:13 - 2021-01-14 11:51 - 002044248 _____ (Tracker Software Products (Canada) Ltd.) C:\WINDOWS\system32\pxcpm.dll 2021-01-14 13:03 - 2021-01-14 13:03 - 000000000 ____D C:\ProgramData\F-Secure 2021-01-14 13:02 - 2021-01-16 10:43 - 000000000 ____D C:\Users\jackk\AppData\Local\FSDART 2021-01-14 13:02 - 2021-01-14 13:02 - 010618960 _____ (F-Secure Corporation) C:\Users\jackk\Downloads\F-SecureOnlineScanner.exe 2021-01-14 13:02 - 2021-01-14 13:02 - 000000000 ____D C:\Users\jackk\AppData\Local\F-Secure 2021-01-13 19:57 - 2021-01-13 19:57 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2021-01-13 19:57 - 2021-01-13 19:57 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2021-01-13 19:57 - 2021-01-13 19:57 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2021-01-13 19:57 - 2021-01-13 19:57 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2021-01-13 19:57 - 2021-01-13 19:57 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2021-01-13 19:57 - 2021-01-13 19:57 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2021-01-13 19:57 - 2021-01-13 19:57 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2021-01-13 19:57 - 2021-01-13 19:57 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2021-01-13 19:57 - 2021-01-13 19:57 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2021-01-13 19:57 - 2021-01-13 19:57 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax 2021-01-13 19:57 - 2021-01-13 19:57 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax 2021-01-13 19:57 - 2021-01-13 19:57 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll 2021-01-13 19:57 - 2021-01-13 19:57 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2021-01-13 19:57 - 2021-01-13 19:57 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-01-13 19:57 - 2021-01-13 19:57 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2021-01-13 19:57 - 2021-01-13 19:57 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-01-13 19:57 - 2021-01-13 19:57 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll 2021-01-13 19:57 - 2021-01-13 19:57 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll 2021-01-13 19:57 - 2021-01-13 19:57 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-01-13 19:56 - 2021-01-13 19:56 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-01-13 19:56 - 2021-01-13 19:56 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2021-01-13 19:56 - 2021-01-13 19:56 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-01-13 19:56 - 2021-01-13 19:56 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-01-13 19:56 - 2021-01-13 19:56 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-01-13 19:56 - 2021-01-13 19:56 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl 2021-01-13 19:56 - 2021-01-13 19:56 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-01-13 19:56 - 2021-01-13 19:56 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl 2021-01-13 19:56 - 2021-01-13 19:56 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-01-13 19:56 - 2021-01-13 19:56 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll 2021-01-13 19:56 - 2021-01-13 19:56 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll 2021-01-13 19:56 - 2021-01-13 19:56 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2021-01-13 19:56 - 2021-01-13 19:56 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll 2021-01-13 19:56 - 2021-01-13 19:56 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2021-01-13 19:56 - 2021-01-13 19:56 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl 2021-01-13 19:56 - 2021-01-13 19:56 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe 2021-01-13 19:55 - 2021-01-13 19:55 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-01-13 19:55 - 2021-01-13 19:55 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll 2021-01-13 19:55 - 2021-01-13 19:55 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2021-01-13 19:55 - 2021-01-13 19:55 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-01-13 19:55 - 2021-01-13 19:55 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2021-01-11 23:07 - 2021-01-12 23:36 - 000000000 ____D C:\Users\jackk\AppData\Local\Adobe 2021-01-11 12:22 - 2021-01-11 12:24 - 656672542 _____ C:\Users\jackk\Downloads\backup-moodle2-course-76749-ccst9025_1a_2020-20210111-1221-nu.mbz 2021-01-11 12:17 - 2021-01-11 12:17 - 000043064 _____ C:\Users\jackk\Downloads\2c92a0fd6fa80019016fb2378c67298b (1).pdf 2021-01-11 12:14 - 2021-01-11 12:14 - 000043064 _____ C:\Users\jackk\Downloads\2c92a0fd6fa80019016fb2378c67298b.pdf 2021-01-11 11:45 - 2021-01-11 11:45 - 000008912 _____ C:\Users\jackk\Downloads\feedback_Course Feedback (1).xlsx 2021-01-08 23:09 - 2020-10-19 13:42 - 000069608 _____ C:\WINDOWS\system32\FvSDK_x64.dll 2021-01-08 23:09 - 2020-10-19 13:42 - 000058344 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll 22021-01-07 12:34 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe 2021-01-07 12:34 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe 2021-01-07 12:34 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2021-01-07 12:34 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2021-01-07 12:34 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll 2021-01-07 12:34 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll 2021-01-07 12:34 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll 2021-01-07 12:34 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2021-01-07 12:34 - 2020-10-05 14:05 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2021-01-07 12:34 - 2020-10-05 14:05 - 000351128 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2021-01-07 12:34 - 2020-10-05 14:03 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2021-01-07 12:34 - 2020-10-05 14:03 - 001161112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2021-01-07 12:34 - 2020-10-05 14:03 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll 2021-01-07 12:34 - 2020-10-05 14:03 - 000673520 _____ C:\WINDOWS\system32\nvofapi64.dll 2021-01-07 12:34 - 2020-10-05 14:03 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2021-01-07 12:34 - 2020-10-05 14:03 - 000555248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2021-01-07 12:34 - 2020-10-05 14:03 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll 2021-01-07 12:34 - 2020-10-05 14:03 - 000047424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2021-01-07 12:34 - 2020-10-05 14:02 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2021-01-07 12:34 - 2020-10-05 14:02 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2021-01-07 12:34 - 2020-10-05 14:02 - 004174064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2021-01-07 12:34 - 2020-10-05 14:02 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2021-01-07 12:34 - 2020-10-05 14:02 - 002098072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2021-01-07 12:34 - 2020-10-05 14:02 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445671.dll 2021-01-07 12:34 - 2020-10-05 14:02 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2021-01-07 12:34 - 2020-10-05 14:02 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445671.dll 2021-01-07 12:34 - 2020-10-05 14:02 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2021-01-07 12:34 - 2020-10-05 14:02 - 000657304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2021-01-07 12:34 - 2020-10-05 14:00 - 005972824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2020-12-25 16:26 - 2021-01-20 18:12 - 000003358 _____ C:\WINDOWS\system32\Tasks\nv4drv 2020-12-21 18:41 - 2020-12-21 18:44 - 000000000 ____D C:\Users\jackk\OneDrive\Documents\Assassin's Creed Valhalla 2020-12-21 17:12 - 2021-01-10 16:11 - 000000000 ____D C:\Users\jackk\AppData\Local\Ubisoft Game Launcher 2020-12-21 17:12 - 2020-12-21 17:12 - 119486896 _____ (Ubisoft) C:\Users\jackk\Downloads\UbisoftConnectInstaller.exe 2020-12-21 17:12 - 2020-12-21 17:12 - 000000000 ____D C:\Users\jackk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2020-12-21 17:12 - 2020-12-21 17:12 - 000000000 ____D C:\ProgramData\Ubisoft 2020-12-21 17:12 - 2020-12-21 17:12 - 000000000 ____D C:\Program Files (x86)\Ubisoft ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-01-20 18:26 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-01-20 18:18 - 2020-11-28 00:07 - 001955992 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-01-20 18:18 - 2020-11-27 18:21 - 000431390 _____ C:\WINDOWS\system32\prfh0804.dat 2021-01-20 18:18 - 2020-11-27 18:21 - 000137840 _____ C:\WINDOWS\system32\prfc0804.dat 2021-01-20 18:18 - 2019-12-07 22:48 - 000443702 _____ C:\WINDOWS\system32\prfh0404.dat 2021-01-20 18:18 - 2019-12-07 22:48 - 000137342 _____ C:\WINDOWS\system32\prfc0404.dat 2021-01-20 18:18 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF 2021-01-20 18:14 - 2019-10-17 00:18 - 000000000 ____D C:\ProgramData\NVIDIA 2021-01-20 18:12 - 2020-12-16 20:55 - 000003392 _____ C:\WINDOWS\system32\Tasks\WindowsTaskCoreUpdate 2021-01-20 18:12 - 2020-11-28 00:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-01-20 18:12 - 2020-11-27 23:56 - 000008192 ___SH C:\DumpStack.log.tmp 2021-01-20 18:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-01-20 18:11 - 2019-12-07 17:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-01-20 17:02 - 2019-10-16 23:40 - 000000000 ____D C:\Users\jackk\AppData\Local\Packages 2021-01-20 15:19 - 2020-06-18 16:44 - 000002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk 2021-01-20 15:18 - 2020-11-27 23:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-01-20 13:47 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-01-20 09:37 - 2020-01-31 12:29 - 000000000 ____D C:\Users\jackk\OneDrive\Documents\Zoom 2021-01-18 13:39 - 2020-01-31 12:26 - 000000000 ____D C:\Users\jackk\AppData\Roaming\Zoom 2021-01-18 09:19 - 2020-11-28 11:08 - 000003042 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6c4d6c0d24a1e 2021-01-18 09:19 - 2020-11-28 00:03 - 000003136 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-01-17 23:17 - 2020-02-14 22:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2021-01-17 11:58 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-01-16 10:43 - 2019-10-17 00:34 - 000000000 ____D C:\Program Files\Microsoft Office 2021-01-16 10:41 - 2020-02-23 18:32 - 000000000 ____D C:\Users\jackk\AppData\Roaming\Grammarly 2021-01-15 23:14 - 2019-11-22 13:34 - 000000000 ____D C:\Users\jackk\AppData\LocalLow\Temp 2021-01-15 23:12 - 2019-10-17 00:18 - 000000000 ____D C:\ProgramData\Package Cache 2021-01-15 22:58 - 2020-01-06 22:28 - 000000000 ____D C:\Users\jackk\OneDrive\Documents\My Games 2021-01-13 23:22 - 2020-11-27 23:56 - 000631912 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation 2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com 2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2021-01-13 23:20 - 2020-11-27 18:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB 2021-01-13 23:20 - 2019-12-07 22:51 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2021-01-13 23:20 - 2019-12-07 22:51 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\UNP 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\F12 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Com 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ShellComponents 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\IME 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Windows Defender 2021-01-13 19:59 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-01-13 19:55 - 2020-11-27 23:59 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2021-01-13 19:47 - 2019-10-17 00:10 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-01-13 19:45 - 2019-10-17 00:10 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-01-12 08:01 - 2019-10-16 23:59 - 000002277 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-01-11 22:43 - 2020-10-28 20:47 - 000000000 ____D C:\Users\jackk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Init ML 2021-01-11 22:43 - 2020-10-28 20:47 - 000000000 ____D C:\Users\jackk\AppData\Local\clipdrop 2021-01-10 22:43 - 2019-10-27 18:41 - 000000000 ____D C:\Users\jackk\AppData\Local\BitTorrentHelper 2021-01-10 22:42 - 2019-10-27 18:41 - 000000000 ____D C:\Users\jackk\AppData\Roaming\uTorrent Web 2021-01-10 09:43 - 2020-07-13 10:05 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-01-08 23:09 - 2020-11-28 00:03 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-01-08 23:09 - 2020-11-28 00:03 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-01-08 23:09 - 2020-11-28 00:03 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-01-08 23:09 - 2020-11-28 00:03 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-01-08 23:09 - 2020-11-28 00:03 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-01-08 23:09 - 2020-11-28 00:03 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-01-08 23:09 - 2020-11-28 00:03 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-01-08 23:09 - 2020-11-28 00:03 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-01-08 23:09 - 2019-10-17 00:17 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2021-01-08 23:09 - 2019-10-17 00:17 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2021-01-08 23:09 - 2019-10-17 00:15 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2021-01-08 23:08 - 2020-11-28 00:03 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2021-01-08 23:08 - 2020-11-28 00:03 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2020-12-29 00:54 - 2020-11-27 17:39 - 000000000 ___DC C:\WINDOWS\Panther 2020-12-28 16:48 - 2019-12-07 22:50 - 000000000 ____D C:\WINDOWS\OCR 2020-12-24 10:01 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing 2020-12-21 18:41 - 2019-11-12 22:33 - 000000000 ____D C:\Users\jackk\AppData\Local\D3DSCache 2020-12-21 10:54 - 2020-01-07 18:05 - 000000000 ____D C:\Users\jackk\AppData\Roaming\audacity ==================== Files in the root of some directories ======== 2019-12-01 16:22 - 2019-12-01 16:22 - 000000410 _____ () C:\Users\jackk\AppData\Local\oobelibMkey.log 2020-08-26 17:59 - 2020-08-26 17:59 - 000000218 _____ () C:\Users\jackk\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.