Solved Virus Malware Checkup

[cnuddeje]

Howdy:

Just doing a regular check for malware/virus. My PC is old, and has been slower. I updated to Win10 and got some bloatware that I deleted. This PC is mostly just kids being online, social media, etc.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by Cnudde (administrator) on MININT-7ERSP8L (Dell Inc. Inspiron 580) (12-07-2020 13:13:58)
Running from C:\Users\Cnudde\Downloads
Loaded Profiles: Cnudde
Platform: Windows 10 Home Version 1909 18363.900 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Chromium.) [File not signed] C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe <3>
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\101.4.434\QtWebEngineProcess.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Cnudde\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2005.23.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Seagate Technology, LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302392 2020-05-20] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [CL-24-4F9532CA-AA90-4E32-B81D-9189E0C14D34] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-24-4F9532CA-AA90-4E32-B81D-9189E0C14D34\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-24-4F9532CA-AA90-4E32-B81D-9189E0C (the data entry has 7 more characters).
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-05-07] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Dropbox Update] => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Chromium] => "c:\users\cnudde\appdata\local\chromium\application\chrome.exe" --profile-directory="Default" --auto-launch-at-startup --restore-last-session
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Chromium Update] => C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\ChromiumUpdateCore.exe [588800 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Dashlane] => "C:\Users\Cnudde\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
HKLM\...\Print\Monitors\KX Language Monitor: C:\WINDOWS\system32\KXPLM64.DLL [134784 2018-09-11] (Microsoft Windows Hardware Compatibility Publisher -> KYOCERA Document Solutions Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-23] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-10]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia)
Startup: C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2020-03-04] ()
Startup: C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2020-07-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C4C94AB-D0BF-463E-B9A9-9448E38C5A7E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {11B525D8-83A3-4873-9D88-8CE4B3C094FD} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {15E5DCDB-0D25-423B-8729-0F653D51F442} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {163CA91E-FBA3-4991-B777-5BC1E6E2E578} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {1873A166-8D21-4E2F-B411-9AE17B8C9E7A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1F171958-4E44-4644-8FF8-2E29F0A568D9} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {223F742A-1BBE-4C95-9280-8D95C4601255} - System32\Tasks\{C68EF8F9-3B70-4806-9D8A-DDF64849ACA9} => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe
Task: {25FC684F-A716-420A-A802-7AA73EFA2190} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {26D1625F-8C4D-47ED-A1F9-7C0836A3EAB0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2CF65AF7-3DE6-4CE3-9860-951FF3995B2C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2ECE72A2-7E52-4703-98BA-FDB3FDDEDE35} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {3388321B-C85D-499E-A84B-90B173322E0A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34F19C40-EE28-4235-B342-7CEFB515908D} - System32\Tasks\{92B0B57D-D4FF-4793-A9A1-EB306D3CAEE1} => C:\Windows\system32\pcalua.exe -a "C:\Users\Cnudde\Desktop\New folder\Adobe Photoshop Elements 10\PSE 10\AdobeAIRInstaller.exe" -d "C:\Users\Cnudde\Desktop\New folder\Adobe Photoshop Elements 10\PSE 10"
Task: {36A6E196-4448-4314-9417-A89C44F3C55E} - System32\Tasks\{DCE50F48-9E43-4BDE-93F8-2C64B01E160D} => C:\Windows\system32\pcalua.exe -a C:\Users\Cnudde\Downloads\win64_152822.exe -d C:\Users\Cnudde\Downloads
Task: {380688F7-AEF1-4676-B964-333BF4199D08} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4255141F-EA88-4226-AF49-3437332156C6} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA => C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
Task: {42B25C6E-5C88-4F9F-930F-6076C0E50B7B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {43CDAC0B-835C-4FFB-877B-E3B71D1FE2F2} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146048 2018-10-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {43ED296E-6DAE-47C3-A52B-71E0AE134A2F} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {4546B62A-312C-4FC9-9AB8-764E8664782F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-27] (Adobe Inc. -> Adobe)
Task: {46A908C7-A3D3-4F66-B5CD-429DE6F2C016} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {481FB75B-9E2A-4E5F-A1CC-F1C8756EB3D8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {525788BF-C7F9-47D7-B995-F44B54A7FE92} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {56213EA7-5CA0-4227-8FE6-391E2F14E925} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e92d237107f1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {56DEA1CC-BD0F-4FE3-AB19-A7C538C1995E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {60EC5B90-12D4-4780-B002-0AFC9E198741} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {6E35FABA-5228-4E03-A1C6-1FB0F017BFF7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {75E281A2-8684-4DA0-A41A-06455B04CB9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-27] (Adobe Inc. -> Adobe)
Task: {7BF325B5-8738-412D-B357-C65FE0B64847} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {809DA5EF-C04B-4834-B2AF-B887E27B0F08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {848EF025-8C22-44E6-8130-8CABF22C4D46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {875163D5-2B57-4874-AFAE-07159D8020C2} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {8B13F4DA-D597-4612-89E6-4B1C9AF25C37} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {90E0F212-78EC-4FF3-94CE-DFA61C87C377} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {9204C125-1A2D-40DF-BA85-3351DD8078F7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9401DD4B-5796-4399-AF19-19A47BCDB4BE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A35A1D62-4E7D-4728-BBDA-50686E2F1E5F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AA9F315E-DEB0-4768-8F43-1AD9E3DB11D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B12D6B9F-EC9D-489D-ADE4-C37CB3910C84} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B5E97B50-2B40-4342-9A23-4A06947F70AD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD4E9ACF-E343-496B-B382-58E40C59FD12} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BDF59FF5-11BD-405D-8FE7-8688BC04CEEB} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C02D6B33-CEAC-47A3-AB53-477ED4A81E4F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C36F4343-36CF-4C51-BA7C-1D82B91C54CB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C5D56391-95F0-4D3F-A816-0E8B9303A7FA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {C748C1F6-B8EC-4C73-93BC-BD6DF90FD81A} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {C8FAA9CF-6AAF-4843-A44C-1A7861707D27} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D2002D9F-F778-466D-A72F-1CD8CA9092D3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D794D30B-2C31-40AC-AE41-691E14A35942} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DF6B7A5C-9D02-4973-BC99-D04F3894ED37} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core => C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
Task: {E3B8C05F-4B35-4A1C-83C6-68578D939C36} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E68EC7FF-FE48-4C1F-99AD-8F0A9C4D14F0} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {E73FD4DB-82A2-4D85-936D-337AD81DD2F2} - System32\Tasks\AdobeAAMUpdater-1.0-MININT-7ERSP8L-Cnudde => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {EC1DDC05-E82E-40A9-B525-51981BF2605A} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e92d24711690 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {F7AAE0FC-7400-49F0-B17F-F6FB3044F271} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {FAF31BC3-1465-45E5-8EF0-CF55A99B8242} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core.job => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA.job => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{237A3DF2-ED0D-4801-8447-173281B1CEB4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{328AA78D-68C0-4EEE-BF6A-EC093F25A38B}: [DhcpNameServer] 10.220.45.31
Tcpip\..\Interfaces\{8FE230F4-AED0-467D-B179-AE73029BAC9B}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wbf_fptxqjxp1acegikmwv4_20_26_ssg00
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fptxqjxp1acegikmwv4_20_26_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0AyD0DtAtB0AtC0ByEtDtN0D0Tzu0StAtCtDtDtN1L2XzuyDtFtCtFtDtFtCyEtAtN1L1Czu1ByE1VtAtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDyCyBtBtAtGtAyC0DtAtGtDtCtA0EtGyBzy0FzytGtBtDtDtAyByCyB0F0BtDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA1P1Pzy1TtB1PyBtG1Rzz1QzytGyEzzyEyBtGzyyEzzzztGtA1R1QyEyByBzy1OtCtC1QtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutByBtAzytCtN1Q2Z1B1P1RzutCyDzytAtBzzyDzytCzy%26cr%3D1213498091%26a%3Dwbf_fptxqjxp1acegikmwv4_20_26_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fptxqjxp1acegikmwv4_20_26_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0AyD0DtAtB0AtC0ByEtDtN0D0Tzu0StAtCtDtDtN1L2XzuyDtFtCtFtDtFtCyEtAtN1L1Czu1ByE1VtAtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDyCyBtBtAtGtAyC0DtAtGtDtCtA0EtGyBzy0FzytGtBtDtDtAyByCyB0F0BtDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA1P1Pzy1TtB1PyBtG1Rzz1QzytGyEzzyEyBtGzyyEzzzztGtA1R1QyEyByBzy1OtCtC1QtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutByBtAzytCtN1Q2Z1B1P1RzutCyDzytAtBzzyDzytCzy%26cr%3D1213498091%26a%3Dwbf_fptxqjxp1acegikmwv4_20_26_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://webdeposit.ensenta.com/eztwainx.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Cnudde\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-12]

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-27] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-18] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-27] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-18] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @chbrowserupdate.com/Chromium Update;version=3 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-06-02] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @chbrowserupdate.com/Chromium Update;version=9 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-06-02] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Cnudde\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-26] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cnudde\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-09] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @zoom.us/ZoomVideoPlugin -> C:\Users\Cnudde\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-03-23] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default [2020-07-12]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://myhomenetwork.att.com; hxxps://www.bestbuy.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-07-02]
CHR Extension: (YouTube) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-09]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-07-02]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2020-07-12]
CHR Extension: (Google Search) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-06-24]
CHR Extension: (Google Docs Offline) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-27]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-07-12]
CHR Extension: (Search Manager) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpggceimbegdiddifklmeponnmkppfho [2020-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Live Football) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2018-09-25]
CHR Extension: (Gmail) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-10]
CHR HKLM\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojfilbbecboffgonioffpjjhcobjahoe]
CHR HKLM-x32\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-27] (Adobe Inc. -> Adobe)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [92160 2009-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia -> Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia -> Secunia)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\NisSrv.exe [2496144 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe [104192 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrSerId; C:\WINDOWS\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2020-01-09] (Microsoft Corporation) [File not signed]
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia -> Secunia)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45976 2020-07-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [408816 2020-07-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-07-12] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-12 13:13 - 2020-07-12 13:14 - 000033942 _____ C:\Users\Cnudde\Downloads\FRST.txt
2020-07-12 13:13 - 2020-07-12 13:14 - 000000000 ____D C:\FRST
2020-07-12 13:13 - 2020-07-12 13:13 - 002292736 _____ (Farbar) C:\Users\Cnudde\Downloads\FRST64.exe
2020-07-12 12:07 - 2020-07-12 12:07 - 000068808 _____ C:\ProgramData\agent.uninstall.1594570045.bdinstall.v2.bin
2020-07-12 12:06 - 2020-07-12 12:06 - 000417164 _____ C:\ProgramData\cl.uninstall.1594569526.bdinstall.v2.bin
2020-07-12 11:59 - 2020-07-12 11:59 - 000082012 _____ C:\ProgramData\dm.uninstall.1594569540.bdinstall.v2.bin
2020-07-10 06:52 - 2020-07-10 06:52 - 000216816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-07-10 06:52 - 2020-07-10 06:52 - 000175192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-07-08 17:52 - 2020-07-08 17:52 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-07-02 16:03 - 2020-07-02 16:03 - 000000000 ____D C:\Users\Cnudde\Downloads\opera autoupdate
2020-07-02 13:50 - 2020-07-02 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2020-06-30 13:53 - 2020-06-30 13:53 - 000104437 _____ C:\Users\Cnudde\Downloads\ACFrOgCTU1oN7qcqSc6qOyZrFiW7z-rWlpmq3RUIcowP1h6Ki4u9Yn5UZqlRv_xFtGY3jOXrvC_bKI93jbCZP5iQpQ-xWjBCYlEOSR0ObIRIf7CSA3ZWqOhNz7nzyCI=.pdf
2020-06-30 13:53 - 2020-06-30 13:53 - 000071901 _____ C:\Users\Cnudde\Downloads\ACFrOgDV8m6agy9fE_foRT91b7v2sAPrQirRhN8-RzSbgntXyFPR-0Kb3-EnoPfv-mE2X7F70LnssUqnccD9d3V2xTMuuDAlg028mvXiVKXh6Dg5AY7t8lXV6g3s0aA=.pdf
2020-06-30 13:53 - 2020-06-30 13:53 - 000070300 _____ C:\Users\Cnudde\Downloads\ACFrOgBeLaUBKJJQEQFoxo8CT7bFcXNZlUUjC4xUIiHaDiJDj3QJGgeoM1EyOC-Mc7ATlq5AA4KftmRgUCSJ3p5VHsja3JkUaARjDYAZ0j0aNahoaRuBOQ1sF2KPp-k=.pdf
2020-06-30 13:52 - 2020-06-30 13:52 - 000126996 _____ C:\Users\Cnudde\Downloads\ACFrOgAMsD-GBROi5dCCdmxXCdDskIQlFDz3TR7Il0wunB6Oy4fMCEh8Rr0SzYed3tajhxXehuDpb0N3N4oD22AlnhxGHnNedJxQC-IHNQJu3V2IK6aQm6SQl91FxAj-Dxtjmun1AuOd8DZNIjm5.pdf
2020-06-27 15:36 - 2020-06-27 15:36 - 000001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-06-27 15:36 - 2020-06-27 15:36 - 000001822 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-06-27 15:36 - 2020-06-27 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-06-27 15:36 - 2020-06-27 15:36 - 000000000 ____D C:\Program Files\iPod
2020-06-27 15:35 - 2020-06-27 15:36 - 000000000 ____D C:\Program Files\iTunes
2020-06-27 15:31 - 2020-06-27 15:31 - 000769764 _____ C:\ProgramData\cl.1593286048.bdinstall.v2.bin
2020-06-27 15:31 - 2020-06-27 15:31 - 000138668 _____ C:\ProgramData\dm.1593286304.bdinstall.v2.bin
2020-06-27 15:31 - 2020-06-27 15:31 - 000104332 _____ C:\ProgramData\cl.kit.1593286033.bdinstall.v2.bin
2020-06-27 15:31 - 2020-06-27 15:31 - 000000000 ____D C:\ProgramData\Bitdefender Device Management
2020-06-27 15:30 - 2020-06-27 15:30 - 000000000 ____D C:\ProgramData\Gemma
2020-06-27 15:30 - 2020-06-27 15:30 - 000000000 ____D C:\ProgramData\Atc
2020-06-27 15:29 - 2020-06-27 15:29 - 000000000 ____D C:\WINDOWS\system32\elambkup
2020-06-27 15:29 - 2020-06-27 15:29 - 000000000 ____D C:\ProgramData\BDLogging
2020-06-27 15:28 - 2020-06-27 15:29 - 003787928 _____ ( ) C:\Users\Cnudde\Downloads\my-talking-tom_2690529315.exe
2020-06-27 15:26 - 2020-07-12 12:15 - 000000000 ____D C:\Program Files (x86)\Chromium
2020-06-27 15:26 - 2020-06-27 15:26 - 000004536 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-06-27 15:25 - 2020-06-27 15:25 - 000111044 _____ C:\ProgramData\agent.1593285922.bdinstall.v2.bin
2020-06-27 15:25 - 2020-06-27 15:25 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-06-27 15:25 - 2020-06-27 15:25 - 000000000 ____D C:\ProgramData\{43CA7FF6-6BE2-078E-33BA-2FA6DB52F77E}
2020-06-27 15:23 - 2020-06-27 15:23 - 078905506 _____ C:\Users\Cnudde\Downloads\kinemaster.apk
2020-06-27 15:23 - 2020-06-27 15:23 - 000002446 _____ C:\Users\Cnudde\Desktop\facebook.lnk
2020-06-27 15:23 - 2020-06-27 15:23 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Opera Software
2020-06-27 15:23 - 2020-06-27 15:23 - 000000000 ____D C:\Users\Cnudde\AppData\Local\Opera Software
2020-06-27 15:23 - 2020-06-27 15:23 - 000000000 ____D C:\Program Files\Avast Software
2020-06-27 15:22 - 2020-07-12 12:19 - 000000000 ____D C:\ProgramData\Avast Software
2020-06-27 15:21 - 2020-06-27 15:22 - 003787928 _____ ( ) C:\Users\Cnudde\Downloads\kinemaster_0141086022.exe
2020-06-24 22:17 - 2020-07-09 03:29 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-24 22:17 - 2020-07-09 03:29 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-06-24 22:17 - 2020-07-09 03:29 - 000002282 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-06-24 22:17 - 2020-06-25 08:23 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-24 22:17 - 2020-06-25 08:23 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-06-22 12:23 - 2020-06-22 12:23 - 000036713 _____ C:\Users\Cnudde\Downloads\fellowship-application.pdf
2020-06-19 12:22 - 2020-06-19 12:22 - 000454085 _____ C:\Users\Cnudde\Downloads\doc (7).pdf
2020-06-15 14:54 - 2020-06-15 14:54 - 000054549 _____ C:\Users\Cnudde\Downloads\8th_Summer_Reading_-_Crossover_Allies.pdf
2020-06-14 17:12 - 2020-06-14 17:12 - 000026921 _____ C:\Users\Cnudde\Downloads\Private-Teacher-Listing (1).pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-12 12:49 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-12 12:23 - 2020-03-04 11:52 - 000940200 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-07-12 12:23 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF
2020-07-12 12:22 - 2020-03-04 11:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-07-12 12:19 - 2020-03-04 12:31 - 000000000 ___RD C:\Users\Cnudde\OneDrive
2020-07-12 12:19 - 2020-03-04 11:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-07-12 12:19 - 2018-10-29 18:28 - 000000000 ____D C:\Program Files\McAfee
2020-07-12 12:19 - 2014-11-19 18:30 - 000000000 ____D C:\Users\Cnudde\Downloads\ControlCenter
2020-07-12 12:18 - 2019-03-19 00:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-07-12 12:16 - 2020-03-04 12:13 - 000000000 ____D C:\Users\Cnudde\AppData\Local\Packages
2020-07-12 12:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-07-12 12:06 - 2011-02-14 10:21 - 000000000 ____D C:\ProgramData\McAfee
2020-07-12 11:40 - 2020-03-04 11:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-07-12 06:53 - 2019-03-19 00:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-07-12 06:01 - 2019-03-19 00:37 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2020-07-10 13:02 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-08 17:53 - 2011-03-12 12:40 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Dropbox
2020-07-08 14:03 - 2016-12-04 21:05 - 000001486 _____ C:\Users\Cnudde\Desktop\Roblox Player.lnk
2020-07-08 14:03 - 2016-12-04 21:05 - 000001301 _____ C:\Users\Cnudde\Desktop\Roblox Studio.lnk
2020-07-08 14:03 - 2016-12-04 21:05 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-07-06 21:41 - 2020-03-04 11:55 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-07-06 21:41 - 2017-09-09 11:14 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-06-27 15:26 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-27 15:26 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-06-25 14:03 - 2020-03-04 12:31 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2633741134-1219916110-1491873213-1003
2020-06-25 14:03 - 2020-03-04 11:52 - 000002422 _____ C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-24 22:17 - 2020-03-04 11:52 - 000000000 ____D C:\Users\Cnudde
2020-06-24 15:11 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-24 10:31 - 2020-03-04 12:31 - 000000000 ____D C:\Users\Cnudde\AppData\Local\Comms
2020-06-23 17:35 - 2016-04-09 11:11 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories ========

2020-06-10 16:42 - 2020-06-10 16:42 - 000000076 _____ () C:\Users\Cnudde\AppData\Roaming\WB.CFG

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

 

[cnuddeje]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by Cnudde (12-07-2020 13:17:35)
Running from C:\Users\Cnudde\Downloads
Windows 10 Home Version 1909 18363.900 (X64) (2020-03-04 15:55:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2633741134-1219916110-1491873213-500 - Administrator - Disabled)
Cnudde (S-1-5-21-2633741134-1219916110-1491873213-1003 - Administrator - Enabled) => C:\Users\Cnudde
DefaultAccount (S-1-5-21-2633741134-1219916110-1491873213-503 - Limited - Disabled)
Guest (S-1-5-21-2633741134-1219916110-1491873213-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2633741134-1219916110-1491873213-1004 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2633741134-1219916110-1491873213-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20074 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Connect 9 Add-in (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Adobe Connect 9 Add-in) (Version: 11.9.976.299 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.387 - Adobe)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 Content (HKLM-x32\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (32-bit) (HKLM-x32\...\{11C4575B-4B32-44D2-A097-D59A00BA60DE}) (Version: 8.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D39B163A-9E12-442C-95E9-33FA5746AB21}) (Version: 8.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C788AE25-3D4E-4D18-811B-3219F778487E}) (Version: 13.5.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.0.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CopyTrans Suite Remove Only (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Dropbox) (Version: 101.4.434 - Dropbox, Inc.)
Elements 10 Organizer (HKLM-x32\...\{22D3A614-482C-444A-932C-9DA1B8ECDFD2}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Flixster (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\cde6baecc037497b) (Version: 2.2.0.304 - Flixster)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{F0AD317D-AE18-45D0-BE5B-30074AFE6740}) (Version: 7.19.0.10 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{013DB423-A8DE-4423-9E50-D45ED1041789}) (Version: 12.10.7.3 - Apple Inc.)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 5.0.1120 - KYOCERA Document Solutions Inc.)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.61 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.31 - )
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\OneDriveSetup.exe) (Version: 20.084.0426.0007 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.14.160.1208 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal Seagate Edition (HKLM-x32\...\{78E9A751-5616-233F-1249-16AC5758C646}) (Version: 7.0.41.11017 - muvee Technologies Pte Ltd)
PRE10STI64Installer (HKLM-x32\...\{9F06F464-479A-403E-AF92-70CBB8D674A1}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (HKLM-x32\...\{11D08055-939C-432b-98C3-E072478A0CD7}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickBooks 3.3.4 (only current user) (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\05fb5a8b-5c9d-57ac-a4b7-ecf271235d3f) (Version: 3.3.4 - Intuit Inc.)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.7.8 - Intuit)
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.15.15 - Quicken)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Roblox Player for Cnudde (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Cnudde (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\roblox-studio) (Version: - Roblox Corporation)
RogueKiller version 13.1.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.1.5.0 - Adlice Software)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.0.1910 - Samsung Electronics)
Seagate Manager Installer (HKLM-x32\...\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate) Hidden
Seagate Manager Installer (HKLM-x32\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.) Hidden
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Unity Web Player (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:
=========
KYOCERA Print Center -> C:\Program Files\WindowsApps\A97ECD55.KYOCERAPrintCenter_2.4.11127.0_x64__kqmhh0ktdt7dg [2020-03-22] (KYOCERA Document Solutions Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{D8E0CDAD-2FAE-40EB-8433-7F5A79714FB8}\InprocServer32 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\psuser_64.dll (Chromium.) [File not signed]
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{E064AEC2-5150-4DF6-B2A3-1A6721C2076B}\InprocServer32 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\psuser_64.dll (Chromium.) [File not signed]
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Cnudde\Dropbox [2011-03-12 12:43]
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [dropbox-NamespaceExtensionRole.Business] => 0
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-05-07] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers1_S-1-5-21-2633741134-1219916110-1491873213-1003: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll [2020-07-08] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2633741134-1219916110-1491873213-1003: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll [2020-07-08] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2633741134-1219916110-1491873213-1003: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll [2020-07-08] (Dropbox, Inc -> Dropbox, Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\You've signed out.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --app=hxxp://signin.ebay.com/ws/eBayISAPI.dll?SignOutConfirm&I=.67750010600015000830001500062000330011400062

==================== Loaded Modules (Whitelisted) =============

2011-02-20 13:02 - 2009-02-27 17:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2011-02-20 13:02 - 2009-03-06 13:51 - 000770048 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccDCtl.dll
2011-02-20 13:02 - 2008-10-21 20:52 - 000151552 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brcceng.dll
2011-02-20 13:02 - 2009-05-11 14:48 - 000372736 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccFCtl.dll
2011-02-20 13:02 - 2008-07-22 22:24 - 005390336 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccimg.dll
2020-06-02 15:26 - 2020-06-02 15:26 - 001740288 ____T (Chromium.) [File not signed] C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\chromiumpdate.dll
2011-02-20 13:02 - 2003-06-30 01:00 - 000259584 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTDIS12n.dll
2011-02-20 13:02 - 2005-07-05 01:00 - 000131584 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTFIL12n.DLL
2011-02-20 13:02 - 2003-06-30 01:00 - 000406016 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTKRN12n.dll
2020-03-04 14:41 - 2020-03-04 14:41 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2020-03-04 14:41 - 2020-03-04 14:41 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\fastclick.net -> fastclick.net

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2020-07-12 11:31 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Google\Google Apps Sync;C:\Program Files (x86)\Google\Google Apps Migration;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8F9ED1AD-5C41-4CF4-9C5C-5FE7AD77A91A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FACC3D4F-5D57-49B9-B2DD-D0EEE6B416A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3EC41B76-8A6F-4CFE-9D17-A032885C751F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4543C9F1-2E97-4DC2-B193-250DAA99C6DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{595080C0-99BE-4D6A-AE03-78D3D8F0F951}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C26E2C2E-D4AB-4EF5-8FBD-86274AD34C52}] => (Allow) LPort=9247
FirewallRules: [{C775ACE7-4608-4639-9B79-47B7EE28D9DA}] => (Allow) LPort=9246
FirewallRules: [{085DDEEF-2EB0-4FA9-90E2-D9947C8A8AB6}] => (Allow) LPort=9245
FirewallRules: [{0AD99F8C-C084-4E84-88A4-89D6D36414F2}] => (Allow) LPort=9422
FirewallRules: [{F9E33896-38D8-417A-8DEC-F45D97D4468A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{0B55C4B9-3FE2-4144-86FD-957DFFDCE9BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{FA0380D8-EDB3-461E-83FF-B09EF89A5E29}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{31A43C43-0B53-41AF-850B-41D7FDC31413}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{290947CF-F753-4AA1-89F0-F78C4FD7518D}] => (Allow) C:\Program Files (x86)\Seagate\muvee Reveal Seagate Edition\muveereveal.exe (muvee Technologies Pte Ltd -> muvee Technologies Pte Ltd) [File not signed]
FirewallRules: [{2C793921-E1E2-4324-967F-BC4C50506237}] => (Allow) C:\Program Files (x86)\Seagate\muvee Reveal Seagate Edition\muveereveal.exe (muvee Technologies Pte Ltd -> muvee Technologies Pte Ltd) [File not signed]
FirewallRules: [{71890B17-F5FD-4C54-84E4-52C8BC45BE8D}] => (Allow) C:\Program Files (x86)\Seagate\muvee Reveal Seagate Edition\muveereveal.exe (muvee Technologies Pte Ltd -> muvee Technologies Pte Ltd) [File not signed]
FirewallRules: [{585EE679-6AD1-4CE5-B6CE-0DF65B06C1D6}] => (Allow) C:\Program Files (x86)\Seagate\muvee Reveal Seagate Edition\muveereveal.exe (muvee Technologies Pte Ltd -> muvee Technologies Pte Ltd) [File not signed]
FirewallRules: [{27E87B15-7024-4969-BD5C-5F87FF7E9DDD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4CFE0301-F182-4609-AA4C-99C7650BF832}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{050A6D58-D31B-4809-AF7E-6C1CB8790E30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93FBF6F6-345D-41FB-BADC-1D273A4F8E02}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{9BD447A6-A0DC-43FF-BAF1-C77D8EEF91E8}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{A2431DDE-11AB-41F6-A656-C29A66943A7D}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9352B3DF-1C67-49F3-8882-B736BD7408A1}] => (Allow) C:\Users\Cnudde\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [UDP Query User{4B29B914-BAE2-401D-9B99-EB33BF3B3613}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0EE3D70D-20D1-4C74-83BC-35C1C07921B9}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D75DF547-65F6-4B36-8BDE-39C526B68998}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{982B1550-393D-4E35-9F14-64DB6ADA3B1B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{91895C4A-7F09-449E-8EA0-E700D9E435F0}] => (Allow) C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe () [File not signed]
FirewallRules: [{33827A3F-BDF1-4E2C-A82C-1A28B03CF65C}] => (Allow) C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe () [File not signed]
FirewallRules: [{F42149D1-2566-4A5F-BFBF-3A96513F95C1}] => (Allow) C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe () [File not signed]
FirewallRules: [{C92059C0-1C6E-4562-902C-D903A218DDF4}] => (Allow) C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe () [File not signed]
FirewallRules: [{7442887B-163E-4D40-9E6A-456E483AE3F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games) [File not signed]
FirewallRules: [{0B64DF34-F284-4264-9950-FE2F90D1008D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games) [File not signed]
FirewallRules: [{12DD343D-AF54-4B58-B424-1E8E0552E27D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe (Firaxis Games) [File not signed]
FirewallRules: [{2D75DEF9-A47E-48B1-8CB6-FC9E26C7B229}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe (Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{6582148F-0B3B-4BE9-8579-5521B6A892A5}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{E0B8FCA2-DA66-4CB2-B590-50CD485D3951}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3EDB6C41-374D-4D8C-92D2-D432DDBBF093}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6604F8F0-1D1B-4949-AD2B-8A5FD7089860}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{4979A6E7-34DD-4524-87C0-FEE62BFBE4D2}C:\users\cnudde\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\cnudde\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{AB97E300-4C0A-4AFC-89AD-57D8B4E375FC}C:\users\cnudde\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\cnudde\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{6C4CDBB5-A6D9-449C-BE3A-923F05BC8597}] => (Allow) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{15911083-1B6A-4347-8CE3-0B7EF01E21FE}] => (Allow) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{9405ADAA-CC21-49B9-970D-DEF18A956150}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E89395A4-36B0-466D-9130-230CF37B1250}] => (Allow) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{6A5F830F-AD74-43E5-85D0-BE7AFC5E2F98}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{303E0390-B5F0-4587-AA43-90AD84B36B2C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{E9FD22BA-589B-45D3-9EA4-2AEF58227512}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{48C60239-E008-4E3D-A7C2-DE7555C28EA1}] => (Allow) LPort=9422
FirewallRules: [{AB49C8FF-72D9-4299-BB52-38B5FEBDE9B6}] => (Allow) LPort=9245
FirewallRules: [{EDACD33A-58FD-44F3-BD85-9648825A8217}] => (Allow) LPort=9246
FirewallRules: [{DB614030-6666-4E7D-8DE2-F66DA7330C21}] => (Allow) LPort=9247
FirewallRules: [{3862839A-692C-4934-8D00-208B20E581A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3095BB1C-FD85-4D52-BEE3-12A83280C798}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

24-06-2020 15:08:56 Windows Update
02-07-2020 06:17:57 Scheduled Checkpoint
11-07-2020 11:52:27 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/12/2020 01:11:06 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2492,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (07/12/2020 12:35:40 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5320,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (07/12/2020 12:12:52 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (24944,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (07/12/2020 12:00:24 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (07/12/2020 11:31:15 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (07/12/2020 10:51:24 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (07/12/2020 10:31:15 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (07/12/2020 09:42:24 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.


System errors:
=============
Error: (07/12/2020 12:19:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AvastWscReporter service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/12/2020 12:19:09 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (07/12/2020 12:01:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Chromium Update Service (chromium) service terminated unexpectedly. It has done this 454 time(s).

Error: (07/12/2020 11:32:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Chromium Update Service (chromium) service terminated unexpectedly. It has done this 453 time(s).

Error: (07/12/2020 10:51:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Chromium Update Service (chromium) service terminated unexpectedly. It has done this 452 time(s).

Error: (07/12/2020 10:31:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Chromium Update Service (chromium) service terminated unexpectedly. It has done this 451 time(s).

Error: (07/12/2020 09:42:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Chromium Update Service (chromium) service terminated unexpectedly. It has done this 450 time(s).

Error: (07/12/2020 09:32:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Chromium Update Service (chromium) service terminated unexpectedly. It has done this 449 time(s).


Windows Defender:
===================================
Date: 2020-07-12 13:17:41.550
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Trojan:Win32/Occamy.C55 threat description - Microsoft Security Intelligence

Name: Trojan:Win32/Occamy.C55
ID: 2147756042
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Cnudde\AppData\LocalLow\2E3A.tmp
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.319.1330.0, AS: 1.319.1330.0, NIS: 1.319.1330.0
Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2

Date: 2020-06-21 15:57:26.855
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2A5F8F7C-7177-41AB-9E30-548361103EA7}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-06-11 22:20:59.669
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0019D314-C3B8-4663-A6AF-91C732F64CE8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-06-11 22:09:48.100
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5B51F769-02E6-4ABC-AE2F-195E961C6B5D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-06-11 22:05:27.878
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BB0EC495-B51D-4CA9-87B4-0DEFAE7B3A69}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2020-07-12 11:59:19.305
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-12 11:59:17.133
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-12 11:57:11.351
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-12 11:52:58.578
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-12 11:52:58.555
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-12 11:52:56.017
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-12 11:52:55.885
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-12 11:52:54.737
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. A03 02/01/2010
Motherboard: Dell Inc. 0C2KJT
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 50%
Total physical RAM: 7991.11 MB
Available physical RAM: 3939.83 MB
Total Virtual: 22327.11 MB
Available Virtual: 18218.29 MB

==================== Drives ================================

Drive c: (SSDisk) (Fixed) (Total:465.21 GB) (Free:126.68 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:13.25 GB) NTFS
Drive f: (OSDisk) (Fixed) (Total:684.52 GB) (Free:321.05 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{c62b29c8-2406-11e6-b8f8-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{865d43d8-0000-0000-0000-404d74000000}\ () (Fixed) (Total:0.55 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 25DD572F)
Partition 1: (Active) - (Size=684.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 865D43D8)
Partition 1: (Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=567 MB) - (Type=27)

==================== End of Addition.txt =======================

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[cnuddeje]

RogueKiller Anti-Malware V14.6.1.0 (x64) [Jun 17 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18363) 64 bits
Started in : Normal mode
User : Cnudde [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200712_165958, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2020/07/12 16:44:41 (Duration : 00:25:19)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2633741134-1219916110-1491873213-1003\Software\ProductSetup -- -> Deleted
[PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-2633741134-1219916110-1491873213-1003\Software\WebDiscoverBrowser -- -> Deleted

 

[cnuddeje]

Hello, I'm struggling to find the Malwarebytes application log. Where do I find this?

 

[Broni]

Open MBAM, click on Scanner then Raports.

 

[cnuddeje]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/12/20
Scan Time: 4:48 PM
Log File: 0a994fa8-c481-11ea-a4d2-842b2ba5d32a.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.979
Update Package Version: 1.0.26739
License: Trial

-System Information-
OS: Windows 10 (Build 18362.900)
CPU: x64
File System: NTFS
User: MININT-7ERSP8L\Cnudde

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 351997
Threats Detected: 20
Threats Quarantined: 20
Time Elapsed: 4 min, 12 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 4
PUP.Optional.WinYahoo, HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}, Quarantined, 241, 182757, 1.0.26739, , ame,
PUP.Optional.GoodGame, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Goodgame Big Farm0, Quarantined, 3900, 597957, 1.0.26739, , ame,
PUP.Optional.GoodGame, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Goodgame Big Farm1, Quarantined, 3900, 597957, 1.0.26739, , ame,
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gpggceimbegdiddifklmeponnmkppfho, Quarantined, 284, 626728, , , ,

Registry Value: 2
PUP.Optional.WinYahoo, HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, Quarantined, 241, 182757, 1.0.26739, , ame,
PUP.Optional.SearchManager.BITSRST, HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|gpggceimbegdiddifklmeponnmkppfho, Quarantined, 284, 626728, , , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.SearchManager.BITSRST, C:\USERS\CNUDDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GPGGCEIMBEGDIDDIFKLMEPONNMKPPFHO, Quarantined, 284, 626728, 1.0.26739, , ame,

File: 13
PUP.Optional.SearchManager.BITSRST, C:\USERS\CNUDDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 284, 626728, , , ,
PUP.Optional.SearchManager.BITSRST, C:\USERS\CNUDDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, 284, 626728, , , ,
PUP.Optional.SearchManager.BITSRST, C:\USERS\CNUDDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GPGGCEIMBEGDIDDIFKLMEPONNMKPPFHO\10.1.4.66_0\MANIFEST.JSON, Quarantined, 284, 626728, 1.0.26739, , ame,
PUP.Optional.SearchManager.BITSRST, C:\USERS\CNUDDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GPGGCEIMBEGDIDDIFKLMEPONNMKPPFHO\10.1.4.66_0\RESPONSECONFIG.JSON, Quarantined, 284, 626727, 1.0.26739, , ame,
Generic.Malware/Suspicious, C:\USERS\CNUDDE\DOWNLOADS\CLASHBOT_7.10.3.1798 (1).ZIP, Quarantined, 0, 392686, 1.0.26739, , shuriken,
Adware.InstallCore, C:\USERS\CNUDDE\DOWNLOADS\IBIS-PAINT-X-1_2895454844.EXE, Quarantined, 504, 836180, 1.0.26739, , ame,
Adware.InstallCore, C:\USERS\CNUDDE\DOWNLOADS\MY-TALKING-TOM_2690529315.EXE, Quarantined, 504, 836180, 1.0.26739, , ame,
Generic.Malware/Suspicious, C:\USERS\CNUDDE\DOWNLOADS\CLASHBOT_7.10.3.1798.ZIP, Quarantined, 0, 392686, 1.0.26739, , shuriken,
Adware.InstallCore, C:\USERS\CNUDDE\DOWNLOADS\KINEMASTER_0141086022.EXE, Quarantined, 504, 836180, 1.0.26739, , ame,
PUP.Optional.SearchManager.BITSRST, C:\USERS\CNUDDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 284, 628563, 1.0.26739, , ame,
PUP.Optional.WinYahoo, C:\USERS\CNUDDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 241, 454794, 1.0.26739, , ame,
PUP.Optional.SearchManager.BITSRST, C:\USERS\CNUDDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, 284, 626729, 1.0.26739, , ame,
PUP.Optional.SearchManager, C:\USERS\CNUDDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 436, 775333, 1.0.26739, , ame,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[cnuddeje]

# -------------------------------
# Malwarebytes AdwCleaner 8.0.6.0
# -------------------------------
# Build: 06-24-2020
# Database: 2020-06-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-13-2020
# Duration: 00:00:01
# OS: Windows 10 Home
# Cleaned: 25
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Chromium

***** [ Files ] *****

Deleted C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Powered by Yahoo!.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Classes\CLSID\{47E44C3B-0AC6-49C7-A7FD-CCE4B532EE5B}
Deleted HKCU\Software\Classes\CLSID\{D8E0CDAD-2FAE-40EB-8433-7F5A79714FB8}
Deleted HKCU\Software\Classes\Chromium.OneClickCtrl.9
Deleted HKCU\Software\Classes\Chromium.OneClickProcessLauncherUser
Deleted HKCU\Software\Classes\Chromium.OneClickProcessLauncherUser.1.0
Deleted HKCU\Software\Classes\Chromium.Update3WebControl.3
Deleted HKCU\Software\Classes\ChromiumUpdate.CredentialDialogUser
Deleted HKCU\Software\Classes\ChromiumUpdate.CredentialDialogUser.1.0
Deleted HKCU\Software\Classes\ChromiumUpdate.OnDemandCOMClassUser
Deleted HKCU\Software\Classes\ChromiumUpdate.OnDemandCOMClassUser.1.0
Deleted HKCU\Software\Classes\ChromiumUpdate.Update3COMClassUser
Deleted HKCU\Software\Classes\ChromiumUpdate.Update3COMClassUser.1.0
Deleted HKCU\Software\Classes\ChromiumUpdate.Update3WebUser
Deleted HKCU\Software\Classes\ChromiumUpdate.Update3WebUser.1.0
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D38058A-29DC-4608-B481-DDF3748F0B10}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{419E90E1-1BDB-4D2A-9D36-2DFD56D564F4}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Chromium Update
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{2D38058A-29DC-4608-B481-DDF3748F0B10}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D38058A-29DC-4608-B481-DDF3748F0B10}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Chromium Update

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3967 octets] - [13/07/2020 08:22:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

[cnuddeje]

# -------------------------------
# Malwarebytes AdwCleaner 8.0.6.0
# -------------------------------
# Build: 06-24-2020
# Database: 2020-06-15.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-13-2020
# Duration: 00:00:29
# OS: Windows 10 Home
# Scanned: 31836
# Detected: 25


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.FakeChrome C:\Program Files (x86)\Chromium

***** [ Files ] *****

PUP.Optional.WinYahoo C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search Powered by Yahoo!.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.FakeChrome HKCU\Software\Classes\CLSID\{47E44C3B-0AC6-49C7-A7FD-CCE4B532EE5B}
PUP.Optional.FakeChrome HKCU\Software\Classes\CLSID\{D8E0CDAD-2FAE-40EB-8433-7F5A79714FB8}
PUP.Optional.FakeChrome HKCU\Software\Classes\Chromium.OneClickCtrl.9
PUP.Optional.FakeChrome HKCU\Software\Classes\Chromium.OneClickProcessLauncherUser
PUP.Optional.FakeChrome HKCU\Software\Classes\Chromium.OneClickProcessLauncherUser.1.0
PUP.Optional.FakeChrome HKCU\Software\Classes\Chromium.Update3WebControl.3
PUP.Optional.FakeChrome HKCU\Software\Classes\ChromiumUpdate.CredentialDialogUser
PUP.Optional.FakeChrome HKCU\Software\Classes\ChromiumUpdate.CredentialDialogUser.1.0
PUP.Optional.FakeChrome HKCU\Software\Classes\ChromiumUpdate.OnDemandCOMClassUser
PUP.Optional.FakeChrome HKCU\Software\Classes\ChromiumUpdate.OnDemandCOMClassUser.1.0
PUP.Optional.FakeChrome HKCU\Software\Classes\ChromiumUpdate.Update3COMClassUser
PUP.Optional.FakeChrome HKCU\Software\Classes\ChromiumUpdate.Update3COMClassUser.1.0
PUP.Optional.FakeChrome HKCU\Software\Classes\ChromiumUpdate.Update3WebUser
PUP.Optional.FakeChrome HKCU\Software\Classes\ChromiumUpdate.Update3WebUser.1.0
PUP.Optional.FakeChrome HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D38058A-29DC-4608-B481-DDF3748F0B10}
PUP.Optional.FakeChrome HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{419E90E1-1BDB-4D2A-9D36-2DFD56D564F4}
PUP.Optional.FakeChrome HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
PUP.Optional.FakeChrome HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Chromium Update
PUP.Optional.FakeChrome HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{2D38058A-29DC-4608-B481-DDF3748F0B10}
PUP.Optional.FakeChrome HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
PUP.Optional.FakeChrome HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D38058A-29DC-4608-B481-DDF3748F0B10}
PUP.Optional.FakeChrome HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}
PUP.Optional.FakeChrome HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Chromium Update

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

[cnuddeje]

All caught up.

Thank you.

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[cnuddeje]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by Cnudde (administrator) on MININT-7ERSP8L (Dell Inc. Inspiron 580) (13-07-2020 11:05:09)
Running from C:\Users\Cnudde\Downloads
Loaded Profiles: Cnudde
Platform: Windows 10 Home Version 1909 18363.900 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe <3>
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\101.4.434\QtWebEngineProcess.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Cnudde\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Seagate Technology, LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302392 2020-05-20] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [CL-24-4F9532CA-AA90-4E32-B81D-9189E0C14D34] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-24-4F9532CA-AA90-4E32-B81D-9189E0C14D34\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-24-4F9532CA-AA90-4E32-B81D-9189E0C (the data entry has 7 more characters).
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-05-07] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Dropbox Update] => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Chromium] => "c:\users\cnudde\appdata\local\chromium\application\chrome.exe" --profile-directory="Default" --auto-launch-at-startup --restore-last-session
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Dashlane] => "C:\Users\Cnudde\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
HKLM\...\Print\Monitors\KX Language Monitor: C:\WINDOWS\system32\KXPLM64.DLL [134784 2018-09-11] (Microsoft Windows Hardware Compatibility Publisher -> KYOCERA Document Solutions Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-23] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-10]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia)
Startup: C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2020-03-04] ()
Startup: C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2020-07-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C4C94AB-D0BF-463E-B9A9-9448E38C5A7E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {11B525D8-83A3-4873-9D88-8CE4B3C094FD} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {15E5DCDB-0D25-423B-8729-0F653D51F442} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {163CA91E-FBA3-4991-B777-5BC1E6E2E578} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {1873A166-8D21-4E2F-B411-9AE17B8C9E7A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1F171958-4E44-4644-8FF8-2E29F0A568D9} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {223F742A-1BBE-4C95-9280-8D95C4601255} - System32\Tasks\{C68EF8F9-3B70-4806-9D8A-DDF64849ACA9} => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe
Task: {25FC684F-A716-420A-A802-7AA73EFA2190} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {26D1625F-8C4D-47ED-A1F9-7C0836A3EAB0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2CF65AF7-3DE6-4CE3-9860-951FF3995B2C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2ECE72A2-7E52-4703-98BA-FDB3FDDEDE35} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {34F19C40-EE28-4235-B342-7CEFB515908D} - System32\Tasks\{92B0B57D-D4FF-4793-A9A1-EB306D3CAEE1} => C:\Windows\system32\pcalua.exe -a "C:\Users\Cnudde\Desktop\New folder\Adobe Photoshop Elements 10\PSE 10\AdobeAIRInstaller.exe" -d "C:\Users\Cnudde\Desktop\New folder\Adobe Photoshop Elements 10\PSE 10"
Task: {36A6E196-4448-4314-9417-A89C44F3C55E} - System32\Tasks\{DCE50F48-9E43-4BDE-93F8-2C64B01E160D} => C:\Windows\system32\pcalua.exe -a C:\Users\Cnudde\Downloads\win64_152822.exe -d C:\Users\Cnudde\Downloads
Task: {380688F7-AEF1-4676-B964-333BF4199D08} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4255141F-EA88-4226-AF49-3437332156C6} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA => C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
Task: {42B25C6E-5C88-4F9F-930F-6076C0E50B7B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {43CDAC0B-835C-4FFB-877B-E3B71D1FE2F2} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146048 2018-10-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {43ED296E-6DAE-47C3-A52B-71E0AE134A2F} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {4546B62A-312C-4FC9-9AB8-764E8664782F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-27] (Adobe Inc. -> Adobe)
Task: {46A908C7-A3D3-4F66-B5CD-429DE6F2C016} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {481FB75B-9E2A-4E5F-A1CC-F1C8756EB3D8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {525788BF-C7F9-47D7-B995-F44B54A7FE92} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {56213EA7-5CA0-4227-8FE6-391E2F14E925} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e92d237107f1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {56DEA1CC-BD0F-4FE3-AB19-A7C538C1995E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {60EC5B90-12D4-4780-B002-0AFC9E198741} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {6E35FABA-5228-4E03-A1C6-1FB0F017BFF7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {75E281A2-8684-4DA0-A41A-06455B04CB9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-27] (Adobe Inc. -> Adobe)
Task: {7BF325B5-8738-412D-B357-C65FE0B64847} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {848EF025-8C22-44E6-8130-8CABF22C4D46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {875163D5-2B57-4874-AFAE-07159D8020C2} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {8B13F4DA-D597-4612-89E6-4B1C9AF25C37} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {90E0F212-78EC-4FF3-94CE-DFA61C87C377} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {9204C125-1A2D-40DF-BA85-3351DD8078F7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9401DD4B-5796-4399-AF19-19A47BCDB4BE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AA9F315E-DEB0-4768-8F43-1AD9E3DB11D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B12D6B9F-EC9D-489D-ADE4-C37CB3910C84} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B5E97B50-2B40-4342-9A23-4A06947F70AD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD4E9ACF-E343-496B-B382-58E40C59FD12} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BDF59FF5-11BD-405D-8FE7-8688BC04CEEB} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C02D6B33-CEAC-47A3-AB53-477ED4A81E4F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C36F4343-36CF-4C51-BA7C-1D82B91C54CB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C5D56391-95F0-4D3F-A816-0E8B9303A7FA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {C748C1F6-B8EC-4C73-93BC-BD6DF90FD81A} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {C8FAA9CF-6AAF-4843-A44C-1A7861707D27} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D2002D9F-F778-466D-A72F-1CD8CA9092D3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D794D30B-2C31-40AC-AE41-691E14A35942} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DD7F130B-ACF7-4983-9509-768339CFE5CE} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Cnudde\Downloads\AdwCleaner.exe [8420016 2020-07-13] (Malwarebytes Inc -> Malwarebytes)
Task: {DF6B7A5C-9D02-4973-BC99-D04F3894ED37} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core => C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
Task: {E3B8C05F-4B35-4A1C-83C6-68578D939C36} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E68EC7FF-FE48-4C1F-99AD-8F0A9C4D14F0} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {E73FD4DB-82A2-4D85-936D-337AD81DD2F2} - System32\Tasks\AdobeAAMUpdater-1.0-MININT-7ERSP8L-Cnudde => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {EC1DDC05-E82E-40A9-B525-51981BF2605A} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e92d24711690 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {F7AAE0FC-7400-49F0-B17F-F6FB3044F271} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core.job => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA.job => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{237A3DF2-ED0D-4801-8447-173281B1CEB4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{328AA78D-68C0-4EEE-BF6A-EC093F25A38B}: [DhcpNameServer] 10.220.45.31
Tcpip\..\Interfaces\{8FE230F4-AED0-467D-B179-AE73029BAC9B}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wbf_fptxqjxp1acegikmwv4_20_26_ssg00
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://webdeposit.ensenta.com/eztwainx.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Cnudde\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-13]

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-27] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-18] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-27] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-18] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @chbrowserupdate.com/Chromium Update;version=3 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-06-02] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @chbrowserupdate.com/Chromium Update;version=9 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-06-02] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Cnudde\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-26] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cnudde\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-09] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @zoom.us/ZoomVideoPlugin -> C:\Users\Cnudde\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-03-23] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default [2020-07-13]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://myhomenetwork.att.com; hxxps://www.bestbuy.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-07-02]
CHR Extension: (YouTube) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-09]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-07-02]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2020-07-12]
CHR Extension: (Google Search) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-06-24]
CHR Extension: (Google Docs Offline) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-27]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-07-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Live Football) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2018-09-25]
CHR Extension: (Gmail) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-10]
CHR HKLM\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojfilbbecboffgonioffpjjhcobjahoe]
CHR HKLM-x32\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-27] (Adobe Inc. -> Adobe)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [92160 2009-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-07-12] (Malwarebytes Inc -> Malwarebytes)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13570104 2020-06-17] (Adlice -> )
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia -> Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia -> Secunia)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\NisSrv.exe [2496144 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe [104192 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrSerId; C:\WINDOWS\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2020-01-09] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-07-12] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216056 2020-07-12] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-07-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197264 2020-07-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2020-07-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-07-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [131232 2020-07-13] (Malwarebytes Inc -> Malwarebytes)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia -> Secunia)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2020-07-13] (Adlice -> )
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45976 2020-07-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [408816 2020-07-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-07-12] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-13 11:04 - 2020-07-13 11:04 - 002292736 _____ (Farbar) C:\Users\Cnudde\Downloads\FRST64 (1).exe
2020-07-13 08:28 - 2020-07-13 08:28 - 008420016 _____ (Malwarebytes) C:\Users\Cnudde\Downloads\AdwCleaner (1).exe
2020-07-13 08:25 - 2020-07-13 08:25 - 000197264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-07-13 08:25 - 2020-07-13 08:25 - 000131232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-07-13 08:25 - 2020-07-13 08:25 - 000073368 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-07-13 08:24 - 2020-07-13 08:24 - 000003164 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
2020-07-13 08:22 - 2020-07-13 08:24 - 000000000 ____D C:\AdwCleaner
2020-07-13 08:21 - 2020-07-13 08:22 - 008420016 _____ (Malwarebytes) C:\Users\Cnudde\Downloads\AdwCleaner.exe
2020-07-13 08:20 - 2020-07-13 08:20 - 000004417 _____ C:\Users\Cnudde\Downloads\MBAM Scan.txt
2020-07-12 18:09 - 2020-07-12 18:09 - 002012560 _____ (Malwarebytes) C:\Users\Cnudde\Downloads\MBSetup (1).exe
2020-07-12 16:48 - 2020-07-12 16:48 - 000001999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-07-12 16:48 - 2020-07-12 16:48 - 000001987 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-07-12 16:48 - 2020-07-12 16:48 - 000001987 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-07-12 16:47 - 2020-07-12 16:47 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-07-12 16:47 - 2020-07-12 16:47 - 000216056 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-07-12 16:47 - 2020-07-12 16:47 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-07-12 16:47 - 2020-07-12 16:47 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-07-12 16:46 - 2020-07-12 16:46 - 002012560 _____ (Malwarebytes) C:\Users\Cnudde\Downloads\MBSetup.exe
2020-07-12 16:45 - 2020-07-12 16:45 - 000001642 _____ C:\Users\Cnudde\Downloads\rougekiller.txt
2020-07-12 16:16 - 2020-07-12 16:16 - 040310320 _____ (Adlice Software ) C:\Users\Cnudde\Downloads\RogueKiller_setup.exe
2020-07-12 13:17 - 2020-07-12 13:19 - 000047692 _____ C:\Users\Cnudde\Downloads\Addition.txt
2020-07-12 13:13 - 2020-07-13 11:06 - 000032123 _____ C:\Users\Cnudde\Downloads\FRST.txt
2020-07-12 13:13 - 2020-07-13 11:05 - 000000000 ____D C:\FRST
2020-07-12 13:13 - 2020-07-12 13:13 - 002292736 _____ (Farbar) C:\Users\Cnudde\Downloads\FRST64.exe
2020-07-12 12:07 - 2020-07-12 12:07 - 000068808 _____ C:\ProgramData\agent.uninstall.1594570045.bdinstall.v2.bin
2020-07-12 12:06 - 2020-07-12 12:06 - 000417164 _____ C:\ProgramData\cl.uninstall.1594569526.bdinstall.v2.bin
2020-07-12 11:59 - 2020-07-12 11:59 - 000082012 _____ C:\ProgramData\dm.uninstall.1594569540.bdinstall.v2.bin
2020-07-10 06:52 - 2020-07-10 06:52 - 000216816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-07-10 06:52 - 2020-07-10 06:52 - 000175192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-07-08 17:52 - 2020-07-08 17:52 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-07-02 16:03 - 2020-07-02 16:03 - 000000000 ____D C:\Users\Cnudde\Downloads\opera autoupdate
2020-07-02 13:50 - 2020-07-02 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2020-06-30 13:53 - 2020-06-30 13:53 - 000104437 _____ C:\Users\Cnudde\Downloads\ACFrOgCTU1oN7qcqSc6qOyZrFiW7z-rWlpmq3RUIcowP1h6Ki4u9Yn5UZqlRv_xFtGY3jOXrvC_bKI93jbCZP5iQpQ-xWjBCYlEOSR0ObIRIf7CSA3ZWqOhNz7nzyCI=.pdf
2020-06-30 13:53 - 2020-06-30 13:53 - 000071901 _____ C:\Users\Cnudde\Downloads\ACFrOgDV8m6agy9fE_foRT91b7v2sAPrQirRhN8-RzSbgntXyFPR-0Kb3-EnoPfv-mE2X7F70LnssUqnccD9d3V2xTMuuDAlg028mvXiVKXh6Dg5AY7t8lXV6g3s0aA=.pdf
2020-06-30 13:53 - 2020-06-30 13:53 - 000070300 _____ C:\Users\Cnudde\Downloads\ACFrOgBeLaUBKJJQEQFoxo8CT7bFcXNZlUUjC4xUIiHaDiJDj3QJGgeoM1EyOC-Mc7ATlq5AA4KftmRgUCSJ3p5VHsja3JkUaARjDYAZ0j0aNahoaRuBOQ1sF2KPp-k=.pdf
2020-06-30 13:52 - 2020-06-30 13:52 - 000126996 _____ C:\Users\Cnudde\Downloads\ACFrOgAMsD-GBROi5dCCdmxXCdDskIQlFDz3TR7Il0wunB6Oy4fMCEh8Rr0SzYed3tajhxXehuDpb0N3N4oD22AlnhxGHnNedJxQC-IHNQJu3V2IK6aQm6SQl91FxAj-Dxtjmun1AuOd8DZNIjm5.pdf
2020-06-27 15:36 - 2020-06-27 15:36 - 000001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-06-27 15:36 - 2020-06-27 15:36 - 000001822 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-06-27 15:36 - 2020-06-27 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-06-27 15:36 - 2020-06-27 15:36 - 000000000 ____D C:\Program Files\iPod
2020-06-27 15:35 - 2020-06-27 15:36 - 000000000 ____D C:\Program Files\iTunes
2020-06-27 15:31 - 2020-06-27 15:31 - 000769764 _____ C:\ProgramData\cl.1593286048.bdinstall.v2.bin
2020-06-27 15:31 - 2020-06-27 15:31 - 000138668 _____ C:\ProgramData\dm.1593286304.bdinstall.v2.bin
2020-06-27 15:31 - 2020-06-27 15:31 - 000104332 _____ C:\ProgramData\cl.kit.1593286033.bdinstall.v2.bin
2020-06-27 15:31 - 2020-06-27 15:31 - 000000000 ____D C:\ProgramData\Bitdefender Device Management
2020-06-27 15:30 - 2020-06-27 15:30 - 000000000 ____D C:\ProgramData\Gemma
2020-06-27 15:30 - 2020-06-27 15:30 - 000000000 ____D C:\ProgramData\Atc
2020-06-27 15:29 - 2020-06-27 15:29 - 000000000 ____D C:\WINDOWS\system32\elambkup
2020-06-27 15:29 - 2020-06-27 15:29 - 000000000 ____D C:\ProgramData\BDLogging
2020-06-27 15:26 - 2020-06-27 15:26 - 000004536 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-06-27 15:25 - 2020-06-27 15:25 - 000111044 _____ C:\ProgramData\agent.1593285922.bdinstall.v2.bin
2020-06-27 15:25 - 2020-06-27 15:25 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-06-27 15:25 - 2020-06-27 15:25 - 000000000 ____D C:\ProgramData\{43CA7FF6-6BE2-078E-33BA-2FA6DB52F77E}
2020-06-27 15:23 - 2020-06-27 15:23 - 078905506 _____ C:\Users\Cnudde\Downloads\kinemaster.apk
2020-06-27 15:23 - 2020-06-27 15:23 - 000002446 _____ C:\Users\Cnudde\Desktop\facebook.lnk
2020-06-27 15:23 - 2020-06-27 15:23 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Opera Software
2020-06-27 15:23 - 2020-06-27 15:23 - 000000000 ____D C:\Users\Cnudde\AppData\Local\Opera Software
2020-06-27 15:23 - 2020-06-27 15:23 - 000000000 ____D C:\Program Files\Avast Software
2020-06-27 15:22 - 2020-07-12 12:19 - 000000000 ____D C:\ProgramData\Avast Software
2020-06-24 22:17 - 2020-07-09 03:29 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-24 22:17 - 2020-07-09 03:29 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-06-24 22:17 - 2020-07-09 03:29 - 000002282 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-06-24 22:17 - 2020-06-25 08:23 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-24 22:17 - 2020-06-25 08:23 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-06-22 12:23 - 2020-06-22 12:23 - 000036713 _____ C:\Users\Cnudde\Downloads\fellowship-application.pdf
2020-06-19 12:22 - 2020-06-19 12:22 - 000454085 _____ C:\Users\Cnudde\Downloads\doc (7).pdf
2020-06-15 14:54 - 2020-06-15 14:54 - 000054549 _____ C:\Users\Cnudde\Downloads\8th_Summer_Reading_-_Crossover_Allies.pdf
2020-06-14 17:12 - 2020-06-14 17:12 - 000026921 _____ C:\Users\Cnudde\Downloads\Private-Teacher-Listing (1).pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-07-13 11:02 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-13 10:50 - 2020-03-04 11:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-07-13 08:31 - 2020-03-04 11:52 - 000940200 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-07-13 08:31 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF
2020-07-13 08:27 - 2020-03-04 12:31 - 000000000 ___RD C:\Users\Cnudde\OneDrive
2020-07-13 08:26 - 2014-11-19 18:30 - 000000000 ____D C:\Users\Cnudde\Downloads\ControlCenter
2020-07-13 08:25 - 2020-03-04 11:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-07-13 08:25 - 2019-03-19 00:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-07-13 08:25 - 2019-02-22 23:45 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2020-07-12 16:47 - 2019-03-19 00:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-07-12 16:47 - 2011-12-05 00:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-07-12 16:22 - 2019-02-22 23:42 - 000000000 ____D C:\ProgramData\RogueKiller
2020-07-12 16:17 - 2019-02-22 23:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-07-12 16:17 - 2019-02-22 23:42 - 000000000 ____D C:\Program Files\RogueKiller
2020-07-12 12:22 - 2020-03-04 11:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-07-12 12:19 - 2018-10-29 18:28 - 000000000 ____D C:\Program Files\McAfee
2020-07-12 12:16 - 2020-03-04 12:13 - 000000000 ____D C:\Users\Cnudde\AppData\Local\Packages
2020-07-12 12:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-07-12 12:06 - 2011-02-14 10:21 - 000000000 ____D C:\ProgramData\McAfee
2020-07-12 06:01 - 2019-03-19 00:37 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2020-07-10 13:02 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-08 17:53 - 2011-03-12 12:40 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Dropbox
2020-07-08 14:03 - 2016-12-04 21:05 - 000001486 _____ C:\Users\Cnudde\Desktop\Roblox Player.lnk
2020-07-08 14:03 - 2016-12-04 21:05 - 000001301 _____ C:\Users\Cnudde\Desktop\Roblox Studio.lnk
2020-07-08 14:03 - 2016-12-04 21:05 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-07-06 21:41 - 2020-03-04 11:55 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-07-06 21:41 - 2017-09-09 11:14 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-06-27 15:26 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-27 15:26 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-06-25 14:03 - 2020-03-04 12:31 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2633741134-1219916110-1491873213-1003
2020-06-25 14:03 - 2020-03-04 11:52 - 000002422 _____ C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-24 22:17 - 2020-03-04 11:52 - 000000000 ____D C:\Users\Cnudde
2020-06-24 15:11 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-24 10:31 - 2020-03-04 12:31 - 000000000 ____D C:\Users\Cnudde\AppData\Local\Comms
2020-06-23 17:35 - 2016-04-09 11:11 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories ========

2020-06-10 16:42 - 2020-06-10 16:42 - 000000076 _____ () C:\Users\Cnudde\AppData\Roaming\WB.CFG

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[cnuddeje]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by Cnudde (13-07-2020 11:06:49)
Running from C:\Users\Cnudde\Downloads
Windows 10 Home Version 1909 18363.900 (X64) (2020-03-04 15:55:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2633741134-1219916110-1491873213-500 - Administrator - Disabled)
Cnudde (S-1-5-21-2633741134-1219916110-1491873213-1003 - Administrator - Enabled) => C:\Users\Cnudde
DefaultAccount (S-1-5-21-2633741134-1219916110-1491873213-503 - Limited - Disabled)
Guest (S-1-5-21-2633741134-1219916110-1491873213-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2633741134-1219916110-1491873213-1004 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2633741134-1219916110-1491873213-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.009.20074 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Connect 9 Add-in (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Adobe Connect 9 Add-in) (Version: 11.9.976.299 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.387 - Adobe)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 Content (HKLM-x32\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (32-bit) (HKLM-x32\...\{11C4575B-4B32-44D2-A097-D59A00BA60DE}) (Version: 8.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D39B163A-9E12-442C-95E9-33FA5746AB21}) (Version: 8.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C788AE25-3D4E-4D18-811B-3219F778487E}) (Version: 13.5.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM-x32\...\DPP) (Version: 3.10.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.10.0.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
CopyTrans Suite Remove Only (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Dropbox) (Version: 101.4.434 - Dropbox, Inc.)
Elements 10 Organizer (HKLM-x32\...\{22D3A614-482C-444A-932C-9DA1B8ECDFD2}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Flixster (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\cde6baecc037497b) (Version: 2.2.0.304 - Flixster)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{F0AD317D-AE18-45D0-BE5B-30074AFE6740}) (Version: 7.19.0.10 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{013DB423-A8DE-4423-9E50-D45ED1041789}) (Version: 12.10.7.3 - Apple Inc.)
Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 5.0.1120 - KYOCERA Document Solutions Inc.)
Malwarebytes version 4.1.2.73 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.2.73 - Malwarebytes)
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (HKLM-x32\...\{50816F92-1652-4A7C-B9BC-48F682742C4B}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 83.0.478.61 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.129.31 - )
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\OneDriveSetup.exe) (Version: 20.084.0426.0007 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.14.160.1208 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal Seagate Edition (HKLM-x32\...\{78E9A751-5616-233F-1249-16AC5758C646}) (Version: 7.0.41.11017 - muvee Technologies Pte Ltd)
PRE10STI64Installer (HKLM-x32\...\{9F06F464-479A-403E-AF92-70CBB8D674A1}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PSE10 STI Installer (HKLM-x32\...\{11D08055-939C-432b-98C3-E072478A0CD7}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickBooks 3.3.4 (only current user) (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\05fb5a8b-5c9d-57ac-a4b7-ecf271235d3f) (Version: 3.3.4 - Intuit Inc.)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.7.8 - Intuit)
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.15.15 - Quicken)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
Roblox Player for Cnudde (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Cnudde (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\roblox-studio) (Version: - Roblox Corporation)
RogueKiller version 14.6.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.6.1.0 - Adlice Software)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.0.1910 - Samsung Electronics)
Seagate Manager Installer (HKLM-x32\...\{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate) Hidden
Seagate Manager Installer (HKLM-x32\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.) Hidden
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Unity Web Player (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:
=========
KYOCERA Print Center -> C:\Program Files\WindowsApps\A97ECD55.KYOCERAPrintCenter_2.4.11127.0_x64__kqmhh0ktdt7dg [2020-03-22] (KYOCERA Document Solutions Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-03-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-03-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-02] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{E064AEC2-5150-4DF6-B2A3-1A6721C2076B}\InprocServer32 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\psuser_64.dll (Chromium.) [File not signed]
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Cnudde\Dropbox [2011-03-12 12:43]
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [dropbox-NamespaceExtensionRole.Business] => 0
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-05-07] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-07-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2633741134-1219916110-1491873213-1003: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll [2020-07-08] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2633741134-1219916110-1491873213-1003: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll [2020-07-08] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2633741134-1219916110-1491873213-1003: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\DropboxExt64.43.0.dll [2020-07-08] (Dropbox, Inc -> Dropbox, Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\You've signed out.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --app=hxxp://signin.ebay.com/ws/eBayISAPI.dll?SignOutConfirm&I=.67750010600015000830001500062000330011400062

==================== Loaded Modules (Whitelisted) =============

2011-02-20 13:02 - 2009-02-27 17:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2011-02-20 13:02 - 2009-03-06 13:51 - 000770048 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccDCtl.dll
2011-02-20 13:02 - 2008-10-21 20:52 - 000151552 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brcceng.dll
2011-02-20 13:02 - 2009-05-11 14:48 - 000372736 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccFCtl.dll
2011-02-20 13:02 - 2008-07-22 22:24 - 005390336 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\brccimg.dll
2011-02-20 13:02 - 2003-06-30 01:00 - 000259584 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTDIS12n.dll
2011-02-20 13:02 - 2005-07-05 01:00 - 000131584 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTFIL12n.DLL
2011-02-20 13:02 - 2003-06-30 01:00 - 000406016 ____N (LEAD Technologies, Inc.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\LTKRN12n.dll
2020-03-04 14:41 - 2020-03-04 14:41 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2020-03-04 14:41 - 2020-03-04 14:41 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\fastclick.net -> fastclick.net

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2020-07-12 11:31 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Google\Google Apps Sync;C:\Program Files (x86)\Google\Google Apps Migration;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8F9ED1AD-5C41-4CF4-9C5C-5FE7AD77A91A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FACC3D4F-5D57-49B9-B2DD-D0EEE6B416A6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3EC41B76-8A6F-4CFE-9D17-A032885C751F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4543C9F1-2E97-4DC2-B193-250DAA99C6DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{595080C0-99BE-4D6A-AE03-78D3D8F0F951}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C26E2C2E-D4AB-4EF5-8FBD-86274AD34C52}] => (Allow) LPort=9247
FirewallRules: [{C775ACE7-4608-4639-9B79-47B7EE28D9DA}] => (Allow) LPort=9246
FirewallRules: [{085DDEEF-2EB0-4FA9-90E2-D9947C8A8AB6}] => (Allow) LPort=9245
FirewallRules: [{0AD99F8C-C084-4E84-88A4-89D6D36414F2}] => (Allow) LPort=9422
FirewallRules: [{F9E33896-38D8-417A-8DEC-F45D97D4468A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{0B55C4B9-3FE2-4144-86FD-957DFFDCE9BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{FA0380D8-EDB3-461E-83FF-B09EF89A5E29}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{31A43C43-0B53-41AF-850B-41D7FDC31413}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{290947CF-F753-4AA1-89F0-F78C4FD7518D}] => (Allow) C:\Program Files (x86)\Seagate\muvee Reveal Seagate Edition\muveereveal.exe (muvee Technologies Pte Ltd -> muvee Technologies Pte Ltd) [File not signed]
FirewallRules: [{2C793921-E1E2-4324-967F-BC4C50506237}] => (Allow) C:\Program Files (x86)\Seagate\muvee Reveal Seagate Edition\muveereveal.exe (muvee Technologies Pte Ltd -> muvee Technologies Pte Ltd) [File not signed]
FirewallRules: [{71890B17-F5FD-4C54-84E4-52C8BC45BE8D}] => (Allow) C:\Program Files (x86)\Seagate\muvee Reveal Seagate Edition\muveereveal.exe (muvee Technologies Pte Ltd -> muvee Technologies Pte Ltd) [File not signed]
FirewallRules: [{585EE679-6AD1-4CE5-B6CE-0DF65B06C1D6}] => (Allow) C:\Program Files (x86)\Seagate\muvee Reveal Seagate Edition\muveereveal.exe (muvee Technologies Pte Ltd -> muvee Technologies Pte Ltd) [File not signed]
FirewallRules: [{27E87B15-7024-4969-BD5C-5F87FF7E9DDD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4CFE0301-F182-4609-AA4C-99C7650BF832}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{050A6D58-D31B-4809-AF7E-6C1CB8790E30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93FBF6F6-345D-41FB-BADC-1D273A4F8E02}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{9BD447A6-A0DC-43FF-BAF1-C77D8EEF91E8}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{A2431DDE-11AB-41F6-A656-C29A66943A7D}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{9352B3DF-1C67-49F3-8882-B736BD7408A1}] => (Allow) C:\Users\Cnudde\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [UDP Query User{4B29B914-BAE2-401D-9B99-EB33BF3B3613}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0EE3D70D-20D1-4C74-83BC-35C1C07921B9}C:\program files (x86)\microsoft office\office14\groove.exe] => (Block) C:\program files (x86)\microsoft office\office14\groove.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D75DF547-65F6-4B36-8BDE-39C526B68998}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{982B1550-393D-4E35-9F14-64DB6ADA3B1B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{91895C4A-7F09-449E-8EA0-E700D9E435F0}] => (Allow) C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe () [File not signed]
FirewallRules: [{33827A3F-BDF1-4E2C-A82C-1A28B03CF65C}] => (Allow) C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe () [File not signed]
FirewallRules: [{F42149D1-2566-4A5F-BFBF-3A96513F95C1}] => (Allow) C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe () [File not signed]
FirewallRules: [{C92059C0-1C6E-4562-902C-D903A218DDF4}] => (Allow) C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe () [File not signed]
FirewallRules: [{7442887B-163E-4D40-9E6A-456E483AE3F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games) [File not signed]
FirewallRules: [{0B64DF34-F284-4264-9950-FE2F90D1008D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games) [File not signed]
FirewallRules: [{12DD343D-AF54-4B58-B424-1E8E0552E27D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe (Firaxis Games) [File not signed]
FirewallRules: [{2D75DEF9-A47E-48B1-8CB6-FC9E26C7B229}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe (Firaxis Games) [File not signed]
FirewallRules: [UDP Query User{6582148F-0B3B-4BE9-8579-5521B6A892A5}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{E0B8FCA2-DA66-4CB2-B590-50CD485D3951}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{3EDB6C41-374D-4D8C-92D2-D432DDBBF093}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6604F8F0-1D1B-4949-AD2B-8A5FD7089860}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{4979A6E7-34DD-4524-87C0-FEE62BFBE4D2}C:\users\cnudde\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\cnudde\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{AB97E300-4C0A-4AFC-89AD-57D8B4E375FC}C:\users\cnudde\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\cnudde\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{6C4CDBB5-A6D9-449C-BE3A-923F05BC8597}] => (Allow) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{15911083-1B6A-4347-8CE3-0B7EF01E21FE}] => (Allow) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{9405ADAA-CC21-49B9-970D-DEF18A956150}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E89395A4-36B0-466D-9130-230CF37B1250}] => (Allow) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [{6A5F830F-AD74-43E5-85D0-BE7AFC5E2F98}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{303E0390-B5F0-4587-AA43-90AD84B36B2C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{E9FD22BA-589B-45D3-9EA4-2AEF58227512}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink -> CyberLink Corp.)
FirewallRules: [{48C60239-E008-4E3D-A7C2-DE7555C28EA1}] => (Allow) LPort=9422
FirewallRules: [{AB49C8FF-72D9-4299-BB52-38B5FEBDE9B6}] => (Allow) LPort=9245
FirewallRules: [{EDACD33A-58FD-44F3-BD85-9648825A8217}] => (Allow) LPort=9246
FirewallRules: [{DB614030-6666-4E7D-8DE2-F66DA7330C21}] => (Allow) LPort=9247
FirewallRules: [{3862839A-692C-4934-8D00-208B20E581A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3095BB1C-FD85-4D52-BEE3-12A83280C798}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)

==================== Restore Points =========================

24-06-2020 15:08:56 Windows Update
02-07-2020 06:17:57 Scheduled Checkpoint
11-07-2020 11:52:27 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/13/2020 08:44:34 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1912,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (07/13/2020 08:32:48 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5544,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (07/13/2020 03:51:06 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2760,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (07/13/2020 03:45:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname MININT-7ERSP8L.local already in use; will try MININT-7ERSP8L-2.local instead

Error: (07/13/2020 03:45:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 MININT-7ERSP8L.local. Addr 10.220.45.146

Error: (07/13/2020 03:45:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.220.45.146:5353 16 MININT-7ERSP8L.local. AAAA 2600:1700:BF30:30DF:1DB1:8D8D:6DBB:89BA

Error: (07/13/2020 03:45:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 MININT-7ERSP8L.local. AAAA FE80:0000:0000:0000:1DB1:8D8D:6DBB:89BA

Error: (07/13/2020 03:45:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.220.45.146:5353 16 MININT-7ERSP8L.local. AAAA 2600:1700:BF30:30DF:1DB1:8D8D:6DBB:89BA


System errors:
=============
Error: (07/13/2020 08:25:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AvastWscReporter service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/13/2020 08:25:28 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (07/13/2020 08:24:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (07/13/2020 08:24:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (07/13/2020 08:24:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CredentialEnrollmentManagerUserSvc_41412 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/13/2020 08:24:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The RogueKiller RTP service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/13/2020 08:24:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/13/2020 08:24:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Seagate Service service terminated unexpectedly. It has done this 1 time(s).


Windows Defender:
===================================
Date: 2020-07-13 08:27:50.504
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Trojan:Win32/Occamy.C55 threat description - Microsoft Security Intelligence

Name: Trojan:Win32/Occamy.C55
ID: 2147756042
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Cnudde\AppData\LocalLow\899D.tmp; file:_F:\Users\Cnudde\AppData\LocalLow\2E3A.tmp; file:_F:\Users\Cnudde\AppData\LocalLow\899D.tmp
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.319.1330.0, AS: 1.319.1330.0, NIS: 1.319.1330.0
Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2

Date: 2020-07-12 16:41:15.619
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Trojan:Win32/Occamy.C55 threat description - Microsoft Security Intelligence

Name: Trojan:Win32/Occamy.C55
ID: 2147756042
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Cnudde\AppData\LocalLow\899D.tmp; file:_F:\Users\Cnudde\AppData\LocalLow\2E3A.tmp; file:_F:\Users\Cnudde\AppData\LocalLow\899D.tmp
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: C:\Program Files\RogueKiller\RogueKiller64.exe
Security intelligence Version: AV: 1.319.1330.0, AS: 1.319.1330.0, NIS: 1.319.1330.0
Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2

Date: 2020-07-12 15:48:52.450
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6B898D8A-BB35-4FFE-9800-4086C62B38CC}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2020-07-12 15:48:52.447
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Trojan:Win32/Occamy.C55 threat description - Microsoft Security Intelligence

Name: Trojan:Win32/Occamy.C55
ID: 2147756042
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Cnudde\AppData\LocalLow\899D.tmp; file:_F:\Users\Cnudde\AppData\LocalLow\2E3A.tmp; file:_F:\Users\Cnudde\AppData\LocalLow\899D.tmp
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.319.1330.0, AS: 1.319.1330.0, NIS: 1.319.1330.0
Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2

Date: 2020-07-12 13:17:41.550
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Trojan:Win32/Occamy.C55 threat description - Microsoft Security Intelligence

Name: Trojan:Win32/Occamy.C55
ID: 2147756042
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Cnudde\AppData\LocalLow\2E3A.tmp
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.319.1330.0, AS: 1.319.1330.0, NIS: 1.319.1330.0
Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2

CodeIntegrity:
===================================

Date: 2020-07-13 11:02:42.718
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-13 11:02:40.044
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-13 11:02:39.972
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-13 02:55:12.901
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-13 02:55:12.890
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-12 18:17:08.283
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-12 18:17:05.658
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-07-12 18:17:05.580
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Dell Inc. A03 02/01/2010
Motherboard: Dell Inc. 0C2KJT
Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 44%
Total physical RAM: 7991.11 MB
Available physical RAM: 4397.68 MB
Total Virtual: 22327.11 MB
Available Virtual: 17940.51 MB

==================== Drives ================================

Drive c: (SSDisk) (Fixed) (Total:465.21 GB) (Free:125.11 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:13.25 GB) NTFS
Drive f: (OSDisk) (Fixed) (Total:684.52 GB) (Free:321.05 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{c62b29c8-2406-11e6-b8f8-806e6f6e6963}\ () (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{865d43d8-0000-0000-0000-404d74000000}\ () (Fixed) (Total:0.55 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 25DD572F)
Partition 1: (Active) - (Size=684.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 865D43D8)
Partition 1: (Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=567 MB) - (Type=27)

==================== End of Addition.txt =======================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[cnuddeje]

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-07-2020 01
Ran by Cnudde (13-07-2020 11:34:18) Run:1
Running from C:\Users\Cnudde\Downloads
Loaded Profiles: Cnudde
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {11B525D8-83A3-4873-9D88-8CE4B3C094FD} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {4255141F-EA88-4226-AF49-3437332156C6} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA => C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Chromium] => "c:\users\cnudde\appdata\local\chromium\application\chrome.exe" --profile-directory="Default" --auto-launch-at-startup --restore-last-session
Task: {4255141F-EA88-4226-AF49-3437332156C6} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA => C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
Task: {DF6B7A5C-9D02-4973-BC99-D04F3894ED37} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core => C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
Task: {E3B8C05F-4B35-4A1C-83C6-68578D939C36} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E68EC7FF-FE48-4C1F-99AD-8F0A9C4D14F0} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @chbrowserupdate.com/Chromium Update;version=3 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-06-02] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @chbrowserupdate.com/Chromium Update;version=9 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-06-02] (Chromium.) [File not signed]
S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
U3 idsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{E064AEC2-5150-4DF6-B2A3-1A6721C2076B}\InprocServer32 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\psuser_64.dll (Chromium.) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
FirewallRules: [{9352B3DF-1C67-49F3-8882-B736BD7408A1}] => (Allow) C:\Users\Cnudde\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]


*****************

HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11B525D8-83A3-4873-9D88-8CE4B3C094FD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11B525D8-83A3-4873-9D88-8CE4B3C094FD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4255141F-EA88-4226-AF49-3437332156C6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4255141F-EA88-4226-AF49-3437332156C6}" => removed successfully
C:\WINDOWS\System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA" => removed successfully
"HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4255141F-EA88-4226-AF49-3437332156C6}" => not found
"C:\WINDOWS\System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF6B7A5C-9D02-4973-BC99-D04F3894ED37}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF6B7A5C-9D02-4973-BC99-D04F3894ED37}" => removed successfully
C:\WINDOWS\System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3B8C05F-4B35-4A1C-83C6-68578D939C36}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3B8C05F-4B35-4A1C-83C6-68578D939C36}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E68EC7FF-FE48-4C1F-99AD-8F0A9C4D14F0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E68EC7FF-FE48-4C1F-99AD-8F0A9C4D14F0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify2" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
"HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\Software\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=3 => removed successfully
C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll => moved successfully
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\Software\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=9 => removed successfully
"C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll" => not found
HKLM\System\CurrentControlSet\Services\AvastWscReporter => removed successfully
AvastWscReporter => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003_Classes\CLSID\{E064AEC2-5150-4DF6-B2A3-1A6721C2076B} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9352B3DF-1C67-49F3-8882-B736BD7408A1}" => removed successfully

==== End of Fixlog 11:34:18 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[cnuddeje]

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
Avast Antivirus
Malwarebytes
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.9016)
Java version 32-bit out of Date!
Adobe Flash Player 32.0.0.387
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome (83.0.4103.116)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[cnuddeje]

Farbar Service Scanner Version: 14-12-2019
Ran by Cnudde (administrator) on 13-07-2020 at 16:00:13
Running from "C:\Users\Cnudde\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[cnuddeje]

Sophos zero threats found.

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.

 

[cnuddeje]

Thank you very much.

 

[Broni]

You're very welcome