Jump to content

Persistent Malware - disables Task Manager and creates Firewall exception


Go to solution Solved by kevinf80,

Recommended Posts

I have a malware that I cannot seem to get rid through the anti-virus program.

Every time I I restart my computer and connect to the internet, files are created in Windows\Temp and my anti-virus software quarantines and removes it (XMRig Miner and Generic PUA OI).
It also automatically disables my Task Manager through adding entries into Regedit (I restore it deleting the entries in Regedit) and creates incoming/outcoming exceptions in my Firewall settings.

Thanks for any help you can give me.

 

--------------------------------

My FRST scan shows this:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-01-2021
Ran by jackk (administrator) on DESKTOP-OLNNLBI (20-01-2021 18:26:00)
Running from C:\Users\jackk\OneDrive\Desktop
Loaded Profiles: jackk
Platform: Windows 10 Home Version 2004 19041.746 (X64)
Default browser: "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe <18>
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(Express Vpn LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2011.16.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.740_none_e752aa59261f271f\TiWorker.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Realtek Semiconductor Corp. -> ) C:\Windows\runSW.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Windows\SwUSB.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SEDService.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SSPService.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942936 2018-11-02] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [465288 2019-09-26] (Express Vpn LLC -> ExpressVPN)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [401464 2019-09-27] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1542560 2020-08-26] (Sophos Ltd -> Sophos Limited)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [670856 2020-04-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [896136 2020-04-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-19\...\Policies\system: [] 
HKU\S-1-5-19\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\Policies\system: [] 
HKU\S-1-5-20\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [50010064 2020-11-03] (Google LLC -> )
HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\jackk\AppData\Local\Microsoft\Teams\Update.exe [1790704 2019-10-17] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\Run: [Steam] => D:\Steam\steam.exe [3424032 2020-10-29] (Valve -> Valve Corporation)
HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5491248 2020-12-08] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATISPE.EXE [418000 2016-07-14] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [2166200 2021-01-19] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-18\...\Policies\system: [] 
HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Print\Monitors\EPSON L6190 Series 64MonitorBE: C:\Windows\system32\E_YLMBSPE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EPSON PC-FAX Driver2 64Monitor: C:\Windows\system32\EFXLM16A.DLL [182784 2020-04-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\PDF-XChange Standard Port Monitor: C:\WINDOWS\system32\pxcpm.dll [2044248 2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.141\Installer\chrmstp.exe [2021-01-12] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\88.1.19.86\Installer\chrmstp.exe [2021-01-20] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\Users\jackk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2020-02-15]
ShortcutTarget: Twitch.lnk -> C:\Users\jackk\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc. -> Twitch Interactive, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {087DB6E6-C920-47CA-B8FC-25EE0E989E61} - System32\Tasks\EPSON L6190 Series Update {FF71275C-7191-42E6-84BE-B8DFA96C50B3} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSPE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {0ADC3CAA-A81E-42C7-B12F-33CB028737A4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {1A181AC6-D0B7-4F6F-81E1-AF35F83437F9} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {20F9B8C7-60C6-498E-A07A-46C3F4F5E987} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-06-18] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {329B9C37-35CF-4383-A0B9-7D89AB5BBBE3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3710EE9C-56C5-49D4-9322-A66575DFD3A6} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {379B7EE1-0BE1-48FD-A0F7-40B2FAF52735} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A108886-5365-4258-9CB6-AEDF527532FB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A41EB86-60CB-4B63-A0E4-01AD60E6B48B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {46898FE1-CEB0-4FB9-99A6-7F9CEE926F68} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4712829F-53B0-469B-AEC6-B76A8DFACECB} - System32\Tasks\nv4drv => C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\86D92E552AB84E1CB98DD9F875076466\5903A58C50B74856A21B5C8F2EDFC4D6.vbe [748056 2021-01-20] () [File not signed] <==== ATTENTION
Task: {4AF587D5-3AEA-486E-9437-77651D26AA50} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E8BE2F8-1097-41B3-8850-D6C48F83B63B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {512E5D4F-944C-4AE3-8CCA-4ACD19195975} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5414E23C-23C6-4D76-9825-6F3B3D44DFC7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1683352 2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {6BBCD9CA-88A1-4C42-9C11-69B5156B8F85} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D744FD3-2A61-4D8A-B349-AFD607C5200A} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [64920 2020-02-13] (Microsoft Corporation -> Microsoft)
Task: {780F36F7-883B-4628-AFCA-F45A14E3A9C0} - System32\Tasks\EPSON L6190 Series Update {7B961670-95DB-473D-871B-C9D578414F52} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSPE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {7A336CC0-EB8E-4049-8975-F825A6D6E763} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {88AD4BE4-5FC1-43A8-82F7-D3C8B31A1F63} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8AE913B3-0451-4115-8A52-C14E1986937B} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {9C23198D-194D-4236-8003-8DA3CE2ABDCF} - System32\Tasks\WindowsTaskCoreUpdate => C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\0D582809304449EF8B5E122302EF84E3\BD2BB037CD9643DC95D8C61707A8C650.vbe [24140 2021-01-20] () [File not signed] <==== ATTENTION
Task: {A279BE17-D05B-4312-97A5-6B86E9E460B2} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1706496 2020-11-23] () [File not signed]
Task: {A450E91B-D231-4EC9-BB2F-F9A2C511D722} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-06-18] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {AC7C7A4D-3033-46FF-89F2-B6C6E63035BC} - System32\Tasks\AdwCleaner_onReboot => C:\Users\jackk\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\adwcleaner_8.0.4 (1).exe
Task: {ADD887FB-0C14-4917-A548-7EDD469A3189} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {CFB541A2-1C52-4B39-B3E6-6A52173B28B3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DE2F2374-E60C-46ED-A88F-5BADD5C9E619} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-16] (Google Inc -> Google LLC)
Task: {DFD5FFBB-436A-4D46-B6B0-58111563DFB5} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F969C401-7D87-4838-907E-F2301DC6EB5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-16] (Google Inc -> Google LLC)
Task: {FCB9FFF5-F463-4AE7-A272-EB15542BB47D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\EPSON L6190 Series Update {7B961670-95DB-473D-871B-C9D578414F52}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSPE.EXE:/EXE:{7B961670-95DB-473D-871B-C9D578414F52} /F:UpdateWORKGROUP\DESKTOP-OLNNLBI$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON L6190 Series Update {FF71275C-7191-42E6-84BE-B8DFA96C50B3}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSSPE.EXE:/EXE:{FF71275C-7191-42E6-84BE-B8DFA96C50B3} /F:UpdateWORKGROUP\DESKTOP-OLNNLBI$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\Intel PTT EK Recertification.job => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{87a5212c-193d-4d1c-a824-07206d2eddf3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b47b7b52-9c38-41b6-ae1a-e0ceba01e74f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e2507a06-7ece-4429-abe7-eab99ed3ed26}: [DhcpNameServer] 192.168.1.1

Edge: 
=======
Edge Extension: (Grammarly for Microsoft Edge) -> EdgeExtension_GrammarlyGrammarlyforMicrosoftEdge_zee0y2571dhse => C:\Program Files\WindowsApps\Grammarly.GrammarlyforMicrosoftEdge_1.121.2317.0_neutral__zee0y2571dhse [2020-04-17]
Edge Profile: C:\Users\jackk\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-20]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-01-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-06-18] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-06-18] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-08] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-1641942009-3868922671-2432026576-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1641942009-3868922671-2432026576-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1641942009-3868922671-2432026576-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-01-14] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)

Chrome: 
=======
CHR Profile: C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default [2020-12-21]
CHR Notifications: Default -> hxxps://admin.yelo.red; hxxps://astra.yelo.red; hxxps://calendar.google.com; hxxps://jungleworks.com; hxxps://www.techinasia.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Extension: (Slides) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-16]
CHR Extension: (Docs) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-16]
CHR Extension: (Google Drive) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-21]
CHR Extension: (Ledger Manager) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimhnaefocolcplfimocfiaiefpkgbf [2019-10-17]
CHR Extension: (YouTube) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-16]
CHR Extension: (Visual CV: Online Resume Builder) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaficoeoafjilohgbmjkiflobhcbifnl [2019-10-17]
CHR Extension: (Adobe Acrobat) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-21]
CHR Extension: (Sheets) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-16]
CHR Extension: (ExpressVPN: VPN proxy to unblock everything) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2020-12-21]
CHR Extension: (Google Docs Offline) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-21]
CHR Extension: (Resume (CV) Maker) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpbnepipgmcpkdglgbcfmcecaoflaemc [2019-10-17]
CHR Extension: (Wappalyzer) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2020-12-21]
CHR Extension: (Ledger Wallet Ethereum) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmlhkialjkaldndjnlcdfdphcgeadkkm [2019-10-17]
CHR Extension: (Cisco Webex Extension) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-06-16]
CHR Extension: (Grammarly for Chrome) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2020-12-21]
CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2019-10-17]
CHR Extension: (NCapture) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2020-07-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-12-21]
CHR Extension: (TubeBuddy) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2020-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-16]
CHR Extension: (Gmail) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-21]
CHR Extension: (Chrome Media Router) - C:\Users\jackk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-21]
CHR HKLM\...\Chrome\Extension: [blgipgnbmnikbdecnjmgckmndlkebhid]
CHR HKU\S-1-5-21-1641942009-3868922671-2432026576-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [blgipgnbmnikbdecnjmgckmndlkebhid]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

Opera: 
=======
StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe

Brave: 
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-01-20]
BRA Notifications: Default -> hxxps://calendar.google.com; hxxps://pollev.com; hxxps://www.facebook.com
BRA DefaultSearchKeyword: Default -> :g
BRA Extension: (Google Translate) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-07-15]
BRA Extension: (PDF-XChange) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\blgipgnbmnikbdecnjmgckmndlkebhid [2021-01-18]
BRA Extension: (Adobe Acrobat) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-16]
BRA Extension: (ExpressVPN: VPN proxy to unblock everything) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2021-01-18]
BRA Extension: (Wappalyzer) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2021-01-07]
BRA Extension: (Cisco Webex Extension) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-06-18]
BRA Extension: (Grammarly for Chrome) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2021-01-09]
BRA Extension: (Application Launcher for Drive (by Google)) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-13]
BRA Extension: (TubeBuddy) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mhkhmbddkmdggbhaaaodilponhnccicb [2021-01-16]
BRA Extension: (Crypto Wallets) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl\1.0.24 [2020-11-27]
BRA Profile: C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Guest Profile [2020-07-23]
BRA Extension: (NCapture) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Guest Profile\Extensions\lgomjifbpjfhpodjhihemafahhmegbek [2020-07-23]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-01-20]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-01-20]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-07-16]
BRA Extension: (Crowd Deny) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\Crowd Deny [2020-11-02]
BRA Extension: (chromeEnterpriseConnectors) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\ECSerivceProvidersConfig [2020-08-14]
BRA Extension: (Brave User Model Installer) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\emgmepnebbddgnkhfmhdhmjifkglkamo [2021-01-16]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2020-06-18]
BRA Extension: (Brave NTP sponsored images) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\hlcinbnbfgoealjpgmoacabdkapmjjfj [2021-01-20]
BRA Extension: (intervention_policy_database) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\InterventionPolicyDatabase [2020-08-14]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2020-08-13]
BRA Extension: (Crypto Wallets) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\odbfpeeihdkbihmopkbjmoonfanlbfcl [2020-12-04]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-01-20]
BRA Extension: (Origin Trials Updates) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\OriginTrials [2020-10-08]
BRA Extension: (safetyTips) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\SafetyTips [2020-11-02]
BRA Extension: (sslErrorAssistant) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\SSLErrorAssistant [2020-08-14]
BRA Extension: (legacyTLSDeprecation) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\TLSDeprecationConfig [2020-08-14]
BRA Extension: (WidevineCdm) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\WidevineCdm [2020-12-05]
BRA Extension: (zxcvbnData) - C:\Users\jackk\AppData\Local\BraveSoftware\Brave-Browser\User Data\ZxcvbnData [2020-11-01]
StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-06-18] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-06-18] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8854920 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2019-11-05] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S4 PanoptoRecorderService; C:\Program Files\Panopto\Recorder\Recorder.exe [1476704 2019-06-20] (Panopto Inc. -> Panopto, Inc)
S3 Rockstar Service; f:\Program Files\Rockstar Games\Launcher\RockstarService.exe [474256 2019-11-18] (Rockstar Games, Inc. -> Rockstar Games)
R2 RunSwUSB; C:\Windows\runSW.exe [59232 2019-08-19] (Realtek Semiconductor Corp. -> )
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [300688 2020-10-22] (Sophos Ltd -> Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [217064 2020-10-22] (Sophos Ltd -> Sophos Limited)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe [4927592 2020-08-26] (Sophos Ltd -> Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [779392 2020-08-26] (Sophos Ltd -> Sophos Limited)
R2 Sophos Endpoint Defense Service; C:\Program Files\Sophos\Endpoint Defense\SEDService.exe [3477760 2020-08-26] (Sophos Ltd -> Sophos Limited)
R2 Sophos System Protection Service; C:\Program Files\Sophos\Endpoint Defense\SSPService.exe [10578600 2020-08-26] (Sophos Ltd -> Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [351336 2020-10-22] (Sophos Ltd -> Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [484072 2020-10-22] (Sophos Ltd -> Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3606872 2020-10-22] (Sophos Ltd -> Sophos Limited)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\NisSrv.exe [2484256 2020-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2005.5-0\MsMpEng.exe [103168 2020-06-05] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 duetbus; C:\WINDOWS\System32\drivers\duetbus.sys [32512 2019-03-25] (Duet, Inc. -> Duet, Inc.)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [28160 2019-09-26] (ExprsVPN LLC -> )
R1 SAVOnAccess; C:\WINDOWS\System32\DRIVERS\savonaccess.sys [216280 2020-08-26] (Sophos Ltd -> Sophos Limited)
S3 sdcfilter; C:\WINDOWS\system32\DRIVERS\sdcfilter.sys [38144 2020-05-23] (Sophos Limited -> Sophos Limited)
R1 sntp; C:\WINDOWS\system32\DRIVERS\sntp.sys [227152 2020-08-26] (Sophos Ltd -> Sophos Limited)
S0 Sophos ELAM; C:\WINDOWS\System32\DRIVERS\SophosEL.sys [22152 2020-08-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Sophos Limited)
R0 Sophos Endpoint Defense; C:\WINDOWS\System32\DRIVERS\SophosED.sys [1188944 2020-08-26] (Sophos Ltd -> Sophos Limited)
S4 SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [45840 2020-05-23] (Sophos Limited -> Sophos Limited)
R1 swi_callout; C:\WINDOWS\system32\DRIVERS\swi_callout.sys [47760 2020-05-23] (Sophos Limited -> Sophos Limited)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45440 2019-09-26] (ExprsVPN LLC -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45960 2020-06-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [401120 2020-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-06-05] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-20 18:25 - 2021-01-20 18:26 - 000000000 ____D C:\FRST
2021-01-20 18:24 - 2021-01-20 18:24 - 002295808 _____ (Farbar) C:\Users\jackk\Downloads\FRST64.exe
2021-01-18 13:39 - 2021-01-18 13:39 - 000000000 ____D C:\Users\jackk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-01-17 23:17 - 2021-01-18 08:52 - 000321128 _____ C:\WINDOWS\ntbtlog.txt
2021-01-17 11:50 - 2021-01-17 11:50 - 008458096 _____ (Malwarebytes) C:\Users\jackk\Downloads\adwcleaner_8.0.9.exe
2021-01-15 23:14 - 2021-01-15 23:14 - 000000000 ____D C:\Users\jackk\AppData\Roaming\Tracker Software
2021-01-15 23:13 - 2021-01-15 23:13 - 000001249 _____ C:\Users\Public\Desktop\PDF-XChange Office2PDF.lnk
2021-01-15 23:13 - 2021-01-15 23:13 - 000001249 _____ C:\ProgramData\Desktop\PDF-XChange Office2PDF.lnk
2021-01-15 23:13 - 2021-01-15 23:13 - 000001115 _____ C:\Users\Public\Desktop\PDF-XChange Editor.lnk
2021-01-15 23:13 - 2021-01-15 23:13 - 000001115 _____ C:\ProgramData\Desktop\PDF-XChange Editor.lnk
2021-01-15 23:13 - 2021-01-15 23:13 - 000001097 _____ C:\Users\Public\Desktop\PDF Tools.lnk
2021-01-15 23:13 - 2021-01-15 23:13 - 000001097 _____ C:\ProgramData\Desktop\PDF Tools.lnk
2021-01-15 23:13 - 2021-01-15 23:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker Software
2021-01-15 23:13 - 2021-01-15 23:13 - 000000000 ____D C:\ProgramData\FileOpen
2021-01-15 23:13 - 2021-01-15 23:13 - 000000000 ____D C:\Program Files\Tracker Software
2021-01-15 23:13 - 2021-01-15 23:13 - 000000000 ____D C:\Program Files\Common Files\Tracker Software
2021-01-15 23:13 - 2021-01-14 11:51 - 002044248 _____ (Tracker Software Products (Canada) Ltd.) C:\WINDOWS\system32\pxcpm.dll
2021-01-14 13:03 - 2021-01-14 13:03 - 000000000 ____D C:\ProgramData\F-Secure
2021-01-14 13:02 - 2021-01-16 10:43 - 000000000 ____D C:\Users\jackk\AppData\Local\FSDART
2021-01-14 13:02 - 2021-01-14 13:02 - 010618960 _____ (F-Secure Corporation) C:\Users\jackk\Downloads\F-SecureOnlineScanner.exe
2021-01-14 13:02 - 2021-01-14 13:02 - 000000000 ____D C:\Users\jackk\AppData\Local\F-Secure
2021-01-13 19:57 - 2021-01-13 19:57 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 19:57 - 2021-01-13 19:57 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 19:57 - 2021-01-13 19:57 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 19:57 - 2021-01-13 19:57 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 19:57 - 2021-01-13 19:57 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 19:57 - 2021-01-13 19:57 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 19:57 - 2021-01-13 19:57 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 19:57 - 2021-01-13 19:57 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 19:57 - 2021-01-13 19:57 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 19:57 - 2021-01-13 19:57 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 19:57 - 2021-01-13 19:57 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 19:57 - 2021-01-13 19:57 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 19:57 - 2021-01-13 19:57 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 19:57 - 2021-01-13 19:57 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 19:57 - 2021-01-13 19:57 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 19:57 - 2021-01-13 19:57 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 19:57 - 2021-01-13 19:57 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 19:57 - 2021-01-13 19:57 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 19:57 - 2021-01-13 19:57 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-13 19:56 - 2021-01-13 19:56 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 19:56 - 2021-01-13 19:56 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 19:56 - 2021-01-13 19:56 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 19:56 - 2021-01-13 19:56 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 19:56 - 2021-01-13 19:56 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 19:56 - 2021-01-13 19:56 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 19:56 - 2021-01-13 19:56 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 19:56 - 2021-01-13 19:56 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 19:56 - 2021-01-13 19:56 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 19:56 - 2021-01-13 19:56 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 19:56 - 2021-01-13 19:56 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 19:56 - 2021-01-13 19:56 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 19:56 - 2021-01-13 19:56 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 19:56 - 2021-01-13 19:56 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 19:56 - 2021-01-13 19:56 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 19:56 - 2021-01-13 19:56 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 19:55 - 2021-01-13 19:55 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 19:55 - 2021-01-13 19:55 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 19:55 - 2021-01-13 19:55 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 19:55 - 2021-01-13 19:55 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 19:55 - 2021-01-13 19:55 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-11 23:07 - 2021-01-12 23:36 - 000000000 ____D C:\Users\jackk\AppData\Local\Adobe
2021-01-11 12:22 - 2021-01-11 12:24 - 656672542 _____ C:\Users\jackk\Downloads\backup-moodle2-course-76749-ccst9025_1a_2020-20210111-1221-nu.mbz
2021-01-11 12:17 - 2021-01-11 12:17 - 000043064 _____ C:\Users\jackk\Downloads\2c92a0fd6fa80019016fb2378c67298b (1).pdf
2021-01-11 12:14 - 2021-01-11 12:14 - 000043064 _____ C:\Users\jackk\Downloads\2c92a0fd6fa80019016fb2378c67298b.pdf
2021-01-11 11:45 - 2021-01-11 11:45 - 000008912 _____ C:\Users\jackk\Downloads\feedback_Course Feedback (1).xlsx
2021-01-08 23:09 - 2020-10-19 13:42 - 000069608 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2021-01-08 23:09 - 2020-10-19 13:42 - 000058344 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
22021-01-07 12:34 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-01-07 12:34 - 2020-10-05 14:05 - 001769688 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-01-07 12:34 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-01-07 12:34 - 2020-10-05 14:05 - 001370328 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-01-07 12:34 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-01-07 12:34 - 2020-10-05 14:05 - 001054944 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-01-07 12:34 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-01-07 12:34 - 2020-10-05 14:05 - 000917728 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-01-07 12:34 - 2020-10-05 14:05 - 000455408 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-01-07 12:34 - 2020-10-05 14:05 - 000351128 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-01-07 12:34 - 2020-10-05 14:03 - 001507224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-01-07 12:34 - 2020-10-05 14:03 - 001161112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-01-07 12:34 - 2020-10-05 14:03 - 000816368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2021-01-07 12:34 - 2020-10-05 14:03 - 000673520 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-01-07 12:34 - 2020-10-05 14:03 - 000670616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-01-07 12:34 - 2020-10-05 14:03 - 000555248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-01-07 12:34 - 2020-10-05 14:03 - 000543128 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-01-07 12:34 - 2020-10-05 14:03 - 000047424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2021-01-07 12:34 - 2020-10-05 14:02 - 007707544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-01-07 12:34 - 2020-10-05 14:02 - 006860184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-01-07 12:34 - 2020-10-05 14:02 - 004174064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-01-07 12:34 - 2020-10-05 14:02 - 002508528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-01-07 12:34 - 2020-10-05 14:02 - 002098072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-01-07 12:34 - 2020-10-05 14:02 - 001731824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6445671.dll
2021-01-07 12:34 - 2020-10-05 14:02 - 001585560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-01-07 12:34 - 2020-10-05 14:02 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6445671.dll
2021-01-07 12:34 - 2020-10-05 14:02 - 000813464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-01-07 12:34 - 2020-10-05 14:02 - 000657304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-01-07 12:34 - 2020-10-05 14:00 - 005972824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-12-25 16:26 - 2021-01-20 18:12 - 000003358 _____ C:\WINDOWS\system32\Tasks\nv4drv
2020-12-21 18:41 - 2020-12-21 18:44 - 000000000 ____D C:\Users\jackk\OneDrive\Documents\Assassin's Creed Valhalla
2020-12-21 17:12 - 2021-01-10 16:11 - 000000000 ____D C:\Users\jackk\AppData\Local\Ubisoft Game Launcher
2020-12-21 17:12 - 2020-12-21 17:12 - 119486896 _____ (Ubisoft) C:\Users\jackk\Downloads\UbisoftConnectInstaller.exe
2020-12-21 17:12 - 2020-12-21 17:12 - 000000000 ____D C:\Users\jackk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2020-12-21 17:12 - 2020-12-21 17:12 - 000000000 ____D C:\ProgramData\Ubisoft
2020-12-21 17:12 - 2020-12-21 17:12 - 000000000 ____D C:\Program Files (x86)\Ubisoft

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-20 18:26 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-20 18:18 - 2020-11-28 00:07 - 001955992 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-20 18:18 - 2020-11-27 18:21 - 000431390 _____ C:\WINDOWS\system32\prfh0804.dat
2021-01-20 18:18 - 2020-11-27 18:21 - 000137840 _____ C:\WINDOWS\system32\prfc0804.dat
2021-01-20 18:18 - 2019-12-07 22:48 - 000443702 _____ C:\WINDOWS\system32\prfh0404.dat
2021-01-20 18:18 - 2019-12-07 22:48 - 000137342 _____ C:\WINDOWS\system32\prfc0404.dat
2021-01-20 18:18 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-20 18:14 - 2019-10-17 00:18 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-20 18:12 - 2020-12-16 20:55 - 000003392 _____ C:\WINDOWS\system32\Tasks\WindowsTaskCoreUpdate
2021-01-20 18:12 - 2020-11-28 00:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-20 18:12 - 2020-11-27 23:56 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-20 18:12 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-20 18:11 - 2019-12-07 17:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-01-20 17:02 - 2019-10-16 23:40 - 000000000 ____D C:\Users\jackk\AppData\Local\Packages
2021-01-20 15:19 - 2020-06-18 16:44 - 000002394 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-01-20 15:18 - 2020-11-27 23:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-20 13:47 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-20 09:37 - 2020-01-31 12:29 - 000000000 ____D C:\Users\jackk\OneDrive\Documents\Zoom
2021-01-18 13:39 - 2020-01-31 12:26 - 000000000 ____D C:\Users\jackk\AppData\Roaming\Zoom
2021-01-18 09:19 - 2020-11-28 11:08 - 000003042 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6c4d6c0d24a1e
2021-01-18 09:19 - 2020-11-28 00:03 - 000003136 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-17 23:17 - 2020-02-14 22:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-01-17 11:58 - 2019-12-07 17:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-16 10:43 - 2019-10-17 00:34 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-16 10:41 - 2020-02-23 18:32 - 000000000 ____D C:\Users\jackk\AppData\Roaming\Grammarly
2021-01-15 23:14 - 2019-11-22 13:34 - 000000000 ____D C:\Users\jackk\AppData\LocalLow\Temp
2021-01-15 23:12 - 2019-10-17 00:18 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-15 22:58 - 2020-01-06 22:28 - 000000000 ____D C:\Users\jackk\OneDrive\Documents\My Games
2021-01-13 23:22 - 2020-11-27 23:56 - 000631912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 23:21 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 23:20 - 2020-11-27 18:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-01-13 23:20 - 2019-12-07 22:51 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 23:20 - 2019-12-07 22:51 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 23:20 - 2019-12-07 17:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 19:59 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 19:55 - 2020-11-27 23:59 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 19:47 - 2019-10-17 00:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 19:45 - 2019-10-17 00:10 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-12 08:01 - 2019-10-16 23:59 - 000002277 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-11 22:43 - 2020-10-28 20:47 - 000000000 ____D C:\Users\jackk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Init ML
2021-01-11 22:43 - 2020-10-28 20:47 - 000000000 ____D C:\Users\jackk\AppData\Local\clipdrop
2021-01-10 22:43 - 2019-10-27 18:41 - 000000000 ____D C:\Users\jackk\AppData\Local\BitTorrentHelper
2021-01-10 22:42 - 2019-10-27 18:41 - 000000000 ____D C:\Users\jackk\AppData\Roaming\uTorrent Web
2021-01-10 09:43 - 2020-07-13 10:05 - 000002401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-08 23:09 - 2020-11-28 00:03 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-08 23:09 - 2020-11-28 00:03 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-08 23:09 - 2020-11-28 00:03 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-08 23:09 - 2020-11-28 00:03 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-08 23:09 - 2020-11-28 00:03 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-08 23:09 - 2020-11-28 00:03 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-08 23:09 - 2020-11-28 00:03 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-08 23:09 - 2020-11-28 00:03 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-08 23:09 - 2019-10-17 00:17 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-01-08 23:09 - 2019-10-17 00:17 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-01-08 23:09 - 2019-10-17 00:15 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-01-08 23:08 - 2020-11-28 00:03 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-08 23:08 - 2020-11-28 00:03 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-12-29 00:54 - 2020-11-27 17:39 - 000000000 ___DC C:\WINDOWS\Panther
2020-12-28 16:48 - 2019-12-07 22:50 - 000000000 ____D C:\WINDOWS\OCR
2020-12-24 10:01 - 2019-12-07 17:03 - 000000000 ____D C:\WINDOWS\servicing
2020-12-21 18:41 - 2019-11-12 22:33 - 000000000 ____D C:\Users\jackk\AppData\Local\D3DSCache
2020-12-21 10:54 - 2020-01-07 18:05 - 000000000 ____D C:\Users\jackk\AppData\Roaming\audacity

==================== Files in the root of some directories ========

2019-12-01 16:22 - 2019-12-01 16:22 - 000000410 _____ () C:\Users\jackk\AppData\Local\oobelibMkey.log
2020-08-26 17:59 - 2020-08-26 17:59 - 000000218 _____ () C:\Users\jackk\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Link to post
Share on other sites

  • Solution

Hiya johnnydandelion,

Thanks for those logs, continue:

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.

NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed.

The following directories are emptied:
 
  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin


Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

user posted image

The system will be rebooted after the fix has run.

Next,

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

Open Malwarebytes, select > small cog wheel top right hand corner, that will open "settings" from there select "Security" tab.

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Clsoe out the settings window, this will take you back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download "Microsoft's Safety Scanner" and save direct to the desktop

Ensure to get the correct version for your system....

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download


Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\msert.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply...

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Hiya johnnydandelion,

Thanks for those logs, run FRST again to make sure we`ve not left any remnants..

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

user posted image
 
Thank you,
 
Kevin..
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Topic has been reopened per request.

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

user posted image

 

Edited by kevinf80
added FRST instruction...
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.