Howdy:
Just doing a regular check for malware/virus. My PC is old, and has been slower. I updated to Win10 and got some bloatware that I deleted. This PC is mostly just kids being online, social media, etc.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by Cnudde (administrator) on MININT-7ERSP8L (Dell Inc. Inspiron 580) (12-07-2020 13:13:58)
Running from C:\Users\Cnudde\Downloads
Loaded Profiles: Cnudde
Platform: Windows 10 Home Version 1909 18363.900 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Chromium.) [File not signed] C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe <3>
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\101.4.434\QtWebEngineProcess.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Cnudde\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2005.23.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Seagate Technology, LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302392 2020-05-20] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [CL-24-4F9532CA-AA90-4E32-B81D-9189E0C14D34] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-24-4F9532CA-AA90-4E32-B81D-9189E0C14D34\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-24-4F9532CA-AA90-4E32-B81D-9189E0C (the data entry has 7 more characters).
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-05-07] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Dropbox Update] => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Chromium] => "c:\users\cnudde\appdata\local\chromium\application\chrome.exe" --profile-directory="Default" --auto-launch-at-startup --restore-last-session
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Chromium Update] => C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\ChromiumUpdateCore.exe [588800 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Dashlane] => "C:\Users\Cnudde\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
HKLM\...\Print\Monitors\KX Language Monitor: C:\WINDOWS\system32\KXPLM64.DLL [134784 2018-09-11] (Microsoft Windows Hardware Compatibility Publisher -> KYOCERA Document Solutions Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-23] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-10]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia)
Startup: C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2020-03-04] ()
Startup: C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2020-07-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C4C94AB-D0BF-463E-B9A9-9448E38C5A7E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {11B525D8-83A3-4873-9D88-8CE4B3C094FD} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {15E5DCDB-0D25-423B-8729-0F653D51F442} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {163CA91E-FBA3-4991-B777-5BC1E6E2E578} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {1873A166-8D21-4E2F-B411-9AE17B8C9E7A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1F171958-4E44-4644-8FF8-2E29F0A568D9} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {223F742A-1BBE-4C95-9280-8D95C4601255} - System32\Tasks\{C68EF8F9-3B70-4806-9D8A-DDF64849ACA9} => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe
Task: {25FC684F-A716-420A-A802-7AA73EFA2190} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {26D1625F-8C4D-47ED-A1F9-7C0836A3EAB0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2CF65AF7-3DE6-4CE3-9860-951FF3995B2C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2ECE72A2-7E52-4703-98BA-FDB3FDDEDE35} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {3388321B-C85D-499E-A84B-90B173322E0A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34F19C40-EE28-4235-B342-7CEFB515908D} - System32\Tasks\{92B0B57D-D4FF-4793-A9A1-EB306D3CAEE1} => C:\Windows\system32\pcalua.exe -a "C:\Users\Cnudde\Desktop\New folder\Adobe Photoshop Elements 10\PSE 10\AdobeAIRInstaller.exe" -d "C:\Users\Cnudde\Desktop\New folder\Adobe Photoshop Elements 10\PSE 10"
Task: {36A6E196-4448-4314-9417-A89C44F3C55E} - System32\Tasks\{DCE50F48-9E43-4BDE-93F8-2C64B01E160D} => C:\Windows\system32\pcalua.exe -a C:\Users\Cnudde\Downloads\win64_152822.exe -d C:\Users\Cnudde\Downloads
Task: {380688F7-AEF1-4676-B964-333BF4199D08} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4255141F-EA88-4226-AF49-3437332156C6} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA => C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
Task: {42B25C6E-5C88-4F9F-930F-6076C0E50B7B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {43CDAC0B-835C-4FFB-877B-E3B71D1FE2F2} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146048 2018-10-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {43ED296E-6DAE-47C3-A52B-71E0AE134A2F} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {4546B62A-312C-4FC9-9AB8-764E8664782F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-27] (Adobe Inc. -> Adobe)
Task: {46A908C7-A3D3-4F66-B5CD-429DE6F2C016} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {481FB75B-9E2A-4E5F-A1CC-F1C8756EB3D8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {525788BF-C7F9-47D7-B995-F44B54A7FE92} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {56213EA7-5CA0-4227-8FE6-391E2F14E925} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e92d237107f1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {56DEA1CC-BD0F-4FE3-AB19-A7C538C1995E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {60EC5B90-12D4-4780-B002-0AFC9E198741} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {6E35FABA-5228-4E03-A1C6-1FB0F017BFF7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {75E281A2-8684-4DA0-A41A-06455B04CB9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-27] (Adobe Inc. -> Adobe)
Task: {7BF325B5-8738-412D-B357-C65FE0B64847} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {809DA5EF-C04B-4834-B2AF-B887E27B0F08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {848EF025-8C22-44E6-8130-8CABF22C4D46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {875163D5-2B57-4874-AFAE-07159D8020C2} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {8B13F4DA-D597-4612-89E6-4B1C9AF25C37} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {90E0F212-78EC-4FF3-94CE-DFA61C87C377} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {9204C125-1A2D-40DF-BA85-3351DD8078F7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9401DD4B-5796-4399-AF19-19A47BCDB4BE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A35A1D62-4E7D-4728-BBDA-50686E2F1E5F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AA9F315E-DEB0-4768-8F43-1AD9E3DB11D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B12D6B9F-EC9D-489D-ADE4-C37CB3910C84} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B5E97B50-2B40-4342-9A23-4A06947F70AD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD4E9ACF-E343-496B-B382-58E40C59FD12} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BDF59FF5-11BD-405D-8FE7-8688BC04CEEB} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C02D6B33-CEAC-47A3-AB53-477ED4A81E4F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C36F4343-36CF-4C51-BA7C-1D82B91C54CB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C5D56391-95F0-4D3F-A816-0E8B9303A7FA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {C748C1F6-B8EC-4C73-93BC-BD6DF90FD81A} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {C8FAA9CF-6AAF-4843-A44C-1A7861707D27} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D2002D9F-F778-466D-A72F-1CD8CA9092D3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D794D30B-2C31-40AC-AE41-691E14A35942} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DF6B7A5C-9D02-4973-BC99-D04F3894ED37} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core => C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
Task: {E3B8C05F-4B35-4A1C-83C6-68578D939C36} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E68EC7FF-FE48-4C1F-99AD-8F0A9C4D14F0} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {E73FD4DB-82A2-4D85-936D-337AD81DD2F2} - System32\Tasks\AdobeAAMUpdater-1.0-MININT-7ERSP8L-Cnudde => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {EC1DDC05-E82E-40A9-B525-51981BF2605A} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e92d24711690 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {F7AAE0FC-7400-49F0-B17F-F6FB3044F271} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {FAF31BC3-1465-45E5-8EF0-CF55A99B8242} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core.job => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA.job => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{237A3DF2-ED0D-4801-8447-173281B1CEB4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{328AA78D-68C0-4EEE-BF6A-EC093F25A38B}: [DhcpNameServer] 10.220.45.31
Tcpip\..\Interfaces\{8FE230F4-AED0-467D-B179-AE73029BAC9B}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wbf_fptxqjxp1acegikmwv4_20_26_ssg00
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fptxqjxp1acegikmwv4_20_26_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0AyD0DtAtB0AtC0ByEtDtN0D0Tzu0StAtCtDtDtN1L2XzuyDtFtCtFtDtFtCyEtAtN1L1Czu1ByE1VtAtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDyCyBtBtAtGtAyC0DtAtGtDtCtA0EtGyBzy0FzytGtBtDtDtAyByCyB0F0BtDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA1P1Pzy1TtB1PyBtG1Rzz1QzytGyEzzyEyBtGzyyEzzzztGtA1R1QyEyByBzy1OtCtC1QtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutByBtAzytCtN1Q2Z1B1P1RzutCyDzytAtBzzyDzytCzy%26cr%3D1213498091%26a%3Dwbf_fptxqjxp1acegikmwv4_20_26_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fptxqjxp1acegikmwv4_20_26_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0AyD0DtAtB0AtC0ByEtDtN0D0Tzu0StAtCtDtDtN1L2XzuyDtFtCtFtDtFtCyEtAtN1L1Czu1ByE1VtAtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDyCyBtBtAtGtAyC0DtAtGtDtCtA0EtGyBzy0FzytGtBtDtDtAyByCyB0F0BtDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA1P1Pzy1TtB1PyBtG1Rzz1QzytGyEzzyEyBtGzyyEzzzztGtA1R1QyEyByBzy1OtCtC1QtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutByBtAzytCtN1Q2Z1B1P1RzutCyDzytAtBzzyDzytCzy%26cr%3D1213498091%26a%3Dwbf_fptxqjxp1acegikmwv4_20_26_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://webdeposit.ensenta.com/eztwainx.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Cnudde\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-12]
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-27] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-18] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-27] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-18] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @chbrowserupdate.com/Chromium Update;version=3 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-06-02] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @chbrowserupdate.com/Chromium Update;version=9 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-06-02] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Cnudde\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-26] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cnudde\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-09] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @zoom.us/ZoomVideoPlugin -> C:\Users\Cnudde\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-03-23] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default [2020-07-12]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://myhomenetwork.att.com; hxxps://www.bestbuy.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-07-02]
CHR Extension: (YouTube) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-09]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-07-02]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2020-07-12]
CHR Extension: (Google Search) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-06-24]
CHR Extension: (Google Docs Offline) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-27]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-07-12]
CHR Extension: (Search Manager) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpggceimbegdiddifklmeponnmkppfho [2020-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Live Football) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2018-09-25]
CHR Extension: (Gmail) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-10]
CHR HKLM\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojfilbbecboffgonioffpjjhcobjahoe]
CHR HKLM-x32\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-27] (Adobe Inc. -> Adobe)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [92160 2009-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia -> Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia -> Secunia)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\NisSrv.exe [2496144 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe [104192 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BrSerId; C:\WINDOWS\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2020-01-09] (Microsoft Corporation) [File not signed]
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia -> Secunia)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45976 2020-07-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [408816 2020-07-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-07-12] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-12 13:13 - 2020-07-12 13:14 - 000033942 _____ C:\Users\Cnudde\Downloads\FRST.txt
2020-07-12 13:13 - 2020-07-12 13:14 - 000000000 ____D C:\FRST
2020-07-12 13:13 - 2020-07-12 13:13 - 002292736 _____ (Farbar) C:\Users\Cnudde\Downloads\FRST64.exe
2020-07-12 12:07 - 2020-07-12 12:07 - 000068808 _____ C:\ProgramData\agent.uninstall.1594570045.bdinstall.v2.bin
2020-07-12 12:06 - 2020-07-12 12:06 - 000417164 _____ C:\ProgramData\cl.uninstall.1594569526.bdinstall.v2.bin
2020-07-12 11:59 - 2020-07-12 11:59 - 000082012 _____ C:\ProgramData\dm.uninstall.1594569540.bdinstall.v2.bin
2020-07-10 06:52 - 2020-07-10 06:52 - 000216816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-07-10 06:52 - 2020-07-10 06:52 - 000175192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-07-08 17:52 - 2020-07-08 17:52 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-07-02 16:03 - 2020-07-02 16:03 - 000000000 ____D C:\Users\Cnudde\Downloads\opera autoupdate
2020-07-02 13:50 - 2020-07-02 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2020-06-30 13:53 - 2020-06-30 13:53 - 000104437 _____ C:\Users\Cnudde\Downloads\ACFrOgCTU1oN7qcqSc6qOyZrFiW7z-rWlpmq3RUIcowP1h6Ki4u9Yn5UZqlRv_xFtGY3jOXrvC_bKI93jbCZP5iQpQ-xWjBCYlEOSR0ObIRIf7CSA3ZWqOhNz7nzyCI=.pdf
2020-06-30 13:53 - 2020-06-30 13:53 - 000071901 _____ C:\Users\Cnudde\Downloads\ACFrOgDV8m6agy9fE_foRT91b7v2sAPrQirRhN8-RzSbgntXyFPR-0Kb3-EnoPfv-mE2X7F70LnssUqnccD9d3V2xTMuuDAlg028mvXiVKXh6Dg5AY7t8lXV6g3s0aA=.pdf
2020-06-30 13:53 - 2020-06-30 13:53 - 000070300 _____ C:\Users\Cnudde\Downloads\ACFrOgBeLaUBKJJQEQFoxo8CT7bFcXNZlUUjC4xUIiHaDiJDj3QJGgeoM1EyOC-Mc7ATlq5AA4KftmRgUCSJ3p5VHsja3JkUaARjDYAZ0j0aNahoaRuBOQ1sF2KPp-k=.pdf
2020-06-30 13:52 - 2020-06-30 13:52 - 000126996 _____ C:\Users\Cnudde\Downloads\ACFrOgAMsD-GBROi5dCCdmxXCdDskIQlFDz3TR7Il0wunB6Oy4fMCEh8Rr0SzYed3tajhxXehuDpb0N3N4oD22AlnhxGHnNedJxQC-IHNQJu3V2IK6aQm6SQl91FxAj-Dxtjmun1AuOd8DZNIjm5.pdf
2020-06-27 15:36 - 2020-06-27 15:36 - 000001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-06-27 15:36 - 2020-06-27 15:36 - 000001822 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-06-27 15:36 - 2020-06-27 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-06-27 15:36 - 2020-06-27 15:36 - 000000000 ____D C:\Program Files\iPod
2020-06-27 15:35 - 2020-06-27 15:36 - 000000000 ____D C:\Program Files\iTunes
2020-06-27 15:31 - 2020-06-27 15:31 - 000769764 _____ C:\ProgramData\cl.1593286048.bdinstall.v2.bin
2020-06-27 15:31 - 2020-06-27 15:31 - 000138668 _____ C:\ProgramData\dm.1593286304.bdinstall.v2.bin
2020-06-27 15:31 - 2020-06-27 15:31 - 000104332 _____ C:\ProgramData\cl.kit.1593286033.bdinstall.v2.bin
2020-06-27 15:31 - 2020-06-27 15:31 - 000000000 ____D C:\ProgramData\Bitdefender Device Management
2020-06-27 15:30 - 2020-06-27 15:30 - 000000000 ____D C:\ProgramData\Gemma
2020-06-27 15:30 - 2020-06-27 15:30 - 000000000 ____D C:\ProgramData\Atc
2020-06-27 15:29 - 2020-06-27 15:29 - 000000000 ____D C:\WINDOWS\system32\elambkup
2020-06-27 15:29 - 2020-06-27 15:29 - 000000000 ____D C:\ProgramData\BDLogging
2020-06-27 15:28 - 2020-06-27 15:29 - 003787928 _____ ( ) C:\Users\Cnudde\Downloads\my-talking-tom_2690529315.exe
2020-06-27 15:26 - 2020-07-12 12:15 - 000000000 ____D C:\Program Files (x86)\Chromium
2020-06-27 15:26 - 2020-06-27 15:26 - 000004536 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-06-27 15:25 - 2020-06-27 15:25 - 000111044 _____ C:\ProgramData\agent.1593285922.bdinstall.v2.bin
2020-06-27 15:25 - 2020-06-27 15:25 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-06-27 15:25 - 2020-06-27 15:25 - 000000000 ____D C:\ProgramData\{43CA7FF6-6BE2-078E-33BA-2FA6DB52F77E}
2020-06-27 15:23 - 2020-06-27 15:23 - 078905506 _____ C:\Users\Cnudde\Downloads\kinemaster.apk
2020-06-27 15:23 - 2020-06-27 15:23 - 000002446 _____ C:\Users\Cnudde\Desktop\facebook.lnk
2020-06-27 15:23 - 2020-06-27 15:23 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Opera Software
2020-06-27 15:23 - 2020-06-27 15:23 - 000000000 ____D C:\Users\Cnudde\AppData\Local\Opera Software
2020-06-27 15:23 - 2020-06-27 15:23 - 000000000 ____D C:\Program Files\Avast Software
2020-06-27 15:22 - 2020-07-12 12:19 - 000000000 ____D C:\ProgramData\Avast Software
2020-06-27 15:21 - 2020-06-27 15:22 - 003787928 _____ ( ) C:\Users\Cnudde\Downloads\kinemaster_0141086022.exe
2020-06-24 22:17 - 2020-07-09 03:29 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-24 22:17 - 2020-07-09 03:29 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-06-24 22:17 - 2020-07-09 03:29 - 000002282 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-06-24 22:17 - 2020-06-25 08:23 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-24 22:17 - 2020-06-25 08:23 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-06-22 12:23 - 2020-06-22 12:23 - 000036713 _____ C:\Users\Cnudde\Downloads\fellowship-application.pdf
2020-06-19 12:22 - 2020-06-19 12:22 - 000454085 _____ C:\Users\Cnudde\Downloads\doc (7).pdf
2020-06-15 14:54 - 2020-06-15 14:54 - 000054549 _____ C:\Users\Cnudde\Downloads\8th_Summer_Reading_-_Crossover_Allies.pdf
2020-06-14 17:12 - 2020-06-14 17:12 - 000026921 _____ C:\Users\Cnudde\Downloads\Private-Teacher-Listing (1).pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-12 12:49 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-12 12:23 - 2020-03-04 11:52 - 000940200 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-07-12 12:23 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF
2020-07-12 12:22 - 2020-03-04 11:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-07-12 12:19 - 2020-03-04 12:31 - 000000000 ___RD C:\Users\Cnudde\OneDrive
2020-07-12 12:19 - 2020-03-04 11:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-07-12 12:19 - 2018-10-29 18:28 - 000000000 ____D C:\Program Files\McAfee
2020-07-12 12:19 - 2014-11-19 18:30 - 000000000 ____D C:\Users\Cnudde\Downloads\ControlCenter
2020-07-12 12:18 - 2019-03-19 00:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-07-12 12:16 - 2020-03-04 12:13 - 000000000 ____D C:\Users\Cnudde\AppData\Local\Packages
2020-07-12 12:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-07-12 12:06 - 2011-02-14 10:21 - 000000000 ____D C:\ProgramData\McAfee
2020-07-12 11:40 - 2020-03-04 11:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-07-12 06:53 - 2019-03-19 00:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-07-12 06:01 - 2019-03-19 00:37 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2020-07-10 13:02 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-08 17:53 - 2011-03-12 12:40 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Dropbox
2020-07-08 14:03 - 2016-12-04 21:05 - 000001486 _____ C:\Users\Cnudde\Desktop\Roblox Player.lnk
2020-07-08 14:03 - 2016-12-04 21:05 - 000001301 _____ C:\Users\Cnudde\Desktop\Roblox Studio.lnk
2020-07-08 14:03 - 2016-12-04 21:05 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-07-06 21:41 - 2020-03-04 11:55 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-07-06 21:41 - 2017-09-09 11:14 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-06-27 15:26 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-27 15:26 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-06-25 14:03 - 2020-03-04 12:31 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2633741134-1219916110-1491873213-1003
2020-06-25 14:03 - 2020-03-04 11:52 - 000002422 _____ C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-24 22:17 - 2020-03-04 11:52 - 000000000 ____D C:\Users\Cnudde
2020-06-24 15:11 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-24 10:31 - 2020-03-04 12:31 - 000000000 ____D C:\Users\Cnudde\AppData\Local\Comms
2020-06-23 17:35 - 2016-04-09 11:11 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
==================== Files in the root of some directories ========
2020-06-10 16:42 - 2020-06-10 16:42 - 000000076 _____ () C:\Users\Cnudde\AppData\Roaming\WB.CFG
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
Just doing a regular check for malware/virus. My PC is old, and has been slower. I updated to Win10 and got some bloatware that I deleted. This PC is mostly just kids being online, social media, etc.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2020 01
Ran by Cnudde (administrator) on MININT-7ERSP8L (Dell Inc. Inspiron 580) (12-07-2020 13:13:58)
Running from C:\Users\Cnudde\Downloads
Loaded Profiles: Cnudde
Platform: Windows 10 Home Version 1909 18363.900 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Chromium.) [File not signed] C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe
(CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe <3>
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\101.4.434\QtWebEngineProcess.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <15>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Cnudde\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2005.23.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.320.6242.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\NisSrv.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Seagate Technology, LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302392 2020-05-20] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [CL-24-4F9532CA-AA90-4E32-B81D-9189E0C14D34] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-24-4F9532CA-AA90-4E32-B81D-9189E0C14D34\setuplauncher.exe" /run:Installer.exe /args:"/setup-folder:"CL-24-4F9532CA-AA90-4E32-B81D-9189E0C (the data entry has 7 more characters).
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-05-07] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Dropbox Update] => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Chromium] => "c:\users\cnudde\appdata\local\chromium\application\chrome.exe" --profile-directory="Default" --auto-launch-at-startup --restore-last-session
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Chromium Update] => C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\ChromiumUpdateCore.exe [588800 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\...\Run: [Dashlane] => "C:\Users\Cnudde\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup
HKLM\...\Print\Monitors\KX Language Monitor: C:\WINDOWS\system32\KXPLM64.DLL [134784 2018-09-11] (Microsoft Windows Hardware Compatibility Publisher -> KYOCERA Document Solutions Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-23] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Lsa: [Notification Packages] scecli "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-03-10]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia)
Startup: C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2020-03-04] ()
Startup: C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2020-07-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Cnudde\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C4C94AB-D0BF-463E-B9A9-9448E38C5A7E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {11B525D8-83A3-4873-9D88-8CE4B3C094FD} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {15E5DCDB-0D25-423B-8729-0F653D51F442} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {163CA91E-FBA3-4991-B777-5BC1E6E2E578} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {1873A166-8D21-4E2F-B411-9AE17B8C9E7A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1F171958-4E44-4644-8FF8-2E29F0A568D9} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {223F742A-1BBE-4C95-9280-8D95C4601255} - System32\Tasks\{C68EF8F9-3B70-4806-9D8A-DDF64849ACA9} => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe
Task: {25FC684F-A716-420A-A802-7AA73EFA2190} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {26D1625F-8C4D-47ED-A1F9-7C0836A3EAB0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2CF65AF7-3DE6-4CE3-9860-951FF3995B2C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2ECE72A2-7E52-4703-98BA-FDB3FDDEDE35} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [334848 2019-07-13] (Microsoft Corporation) [File not signed]
Task: {3388321B-C85D-499E-A84B-90B173322E0A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {34F19C40-EE28-4235-B342-7CEFB515908D} - System32\Tasks\{92B0B57D-D4FF-4793-A9A1-EB306D3CAEE1} => C:\Windows\system32\pcalua.exe -a "C:\Users\Cnudde\Desktop\New folder\Adobe Photoshop Elements 10\PSE 10\AdobeAIRInstaller.exe" -d "C:\Users\Cnudde\Desktop\New folder\Adobe Photoshop Elements 10\PSE 10"
Task: {36A6E196-4448-4314-9417-A89C44F3C55E} - System32\Tasks\{DCE50F48-9E43-4BDE-93F8-2C64B01E160D} => C:\Windows\system32\pcalua.exe -a C:\Users\Cnudde\Downloads\win64_152822.exe -d C:\Users\Cnudde\Downloads
Task: {380688F7-AEF1-4676-B964-333BF4199D08} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4255141F-EA88-4226-AF49-3437332156C6} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA => C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
Task: {42B25C6E-5C88-4F9F-930F-6076C0E50B7B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {43CDAC0B-835C-4FFB-877B-E3B71D1FE2F2} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146048 2018-10-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {43ED296E-6DAE-47C3-A52B-71E0AE134A2F} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {4546B62A-312C-4FC9-9AB8-764E8664782F} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_387_Plugin.exe [1459256 2020-06-27] (Adobe Inc. -> Adobe)
Task: {46A908C7-A3D3-4F66-B5CD-429DE6F2C016} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {481FB75B-9E2A-4E5F-A1CC-F1C8756EB3D8} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {525788BF-C7F9-47D7-B995-F44B54A7FE92} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {56213EA7-5CA0-4227-8FE6-391E2F14E925} - System32\Tasks\GoogleUpdateTaskMachineCore1d1e92d237107f1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {56DEA1CC-BD0F-4FE3-AB19-A7C538C1995E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {60EC5B90-12D4-4780-B002-0AFC9E198741} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {6E35FABA-5228-4E03-A1C6-1FB0F017BFF7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {75E281A2-8684-4DA0-A41A-06455B04CB9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-27] (Adobe Inc. -> Adobe)
Task: {7BF325B5-8738-412D-B357-C65FE0B64847} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {809DA5EF-C04B-4834-B2AF-B887E27B0F08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {848EF025-8C22-44E6-8130-8CABF22C4D46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {875163D5-2B57-4874-AFAE-07159D8020C2} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {8B13F4DA-D597-4612-89E6-4B1C9AF25C37} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {90E0F212-78EC-4FF3-94CE-DFA61C87C377} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {9204C125-1A2D-40DF-BA85-3351DD8078F7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9401DD4B-5796-4399-AF19-19A47BCDB4BE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A35A1D62-4E7D-4728-BBDA-50686E2F1E5F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AA9F315E-DEB0-4768-8F43-1AD9E3DB11D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B12D6B9F-EC9D-489D-ADE4-C37CB3910C84} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B5E97B50-2B40-4342-9A23-4A06947F70AD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD4E9ACF-E343-496B-B382-58E40C59FD12} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BDF59FF5-11BD-405D-8FE7-8688BC04CEEB} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C02D6B33-CEAC-47A3-AB53-477ED4A81E4F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C36F4343-36CF-4C51-BA7C-1D82B91C54CB} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C5D56391-95F0-4D3F-A816-0E8B9303A7FA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe
Task: {C748C1F6-B8EC-4C73-93BC-BD6DF90FD81A} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {C8FAA9CF-6AAF-4843-A44C-1A7861707D27} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D2002D9F-F778-466D-A72F-1CD8CA9092D3} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D794D30B-2C31-40AC-AE41-691E14A35942} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DF6B7A5C-9D02-4973-BC99-D04F3894ED37} - System32\Tasks\ChromiumUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core => C:\Users\Cnudde\AppData\Local\Chromium\Update\ChromiumUpdate.exe [100352 2020-06-02] (Chromium.) [File not signed] <==== ATTENTION
Task: {E3B8C05F-4B35-4A1C-83C6-68578D939C36} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E68EC7FF-FE48-4C1F-99AD-8F0A9C4D14F0} - \Microsoft\Windows\Setup\EOSNotify2 -> No File <==== ATTENTION
Task: {E73FD4DB-82A2-4D85-936D-337AD81DD2F2} - System32\Tasks\AdobeAAMUpdater-1.0-MININT-7ERSP8L-Cnudde => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {EC1DDC05-E82E-40A9-B525-51981BF2605A} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e92d24711690 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {F7AAE0FC-7400-49F0-B17F-F6FB3044F271} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {FAF31BC3-1465-45E5-8EF0-CF55A99B8242} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003Core.job => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2633741134-1219916110-1491873213-1003UA.job => C:\Users\Cnudde\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{237A3DF2-ED0D-4801-8447-173281B1CEB4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{328AA78D-68C0-4EEE-BF6A-EC093F25A38B}: [DhcpNameServer] 10.220.45.31
Tcpip\..\Interfaces\{8FE230F4-AED0-467D-B179-AE73029BAC9B}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=fes_yfp_chr_nt_yfp2&type=wbf_fptxqjxp1acegikmwv4_20_26_ssg00
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fptxqjxp1acegikmwv4_20_26_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0AyD0DtAtB0AtC0ByEtDtN0D0Tzu0StAtCtDtDtN1L2XzuyDtFtCtFtDtFtCyEtAtN1L1Czu1ByE1VtAtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDyCyBtBtAtGtAyC0DtAtGtDtCtA0EtGyBzy0FzytGtBtDtDtAyByCyB0F0BtDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA1P1Pzy1TtB1PyBtG1Rzz1QzytGyEzzyEyBtGzyyEzzzztGtA1R1QyEyByBzy1OtCtC1QtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutByBtAzytCtN1Q2Z1B1P1RzutCyDzytAtBzzyDzytCzy%26cr%3D1213498091%26a%3Dwbf_fptxqjxp1acegikmwv4_20_26_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2633741134-1219916110-1491873213-1003 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fptxqjxp1acegikmwv4_20_26_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0AyD0DtAtB0AtC0ByEtDtN0D0Tzu0StAtCtDtDtN1L2XzuyDtFtCtFtDtFtCyEtAtN1L1Czu1ByE1VtAtN1L1G1B1V1N2Y1L1Qzu2SyCtA0DtDyCyBtBtAtGtAyC0DtAtGtDtCtA0EtGyBzy0FzytGtBtDtDtAyByCyB0F0BtDtCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA1P1Pzy1TtB1PyBtG1Rzz1QzytGyEzzyEyBtGzyyEzzzztGtA1R1QyEyByBzy1OtCtC1QtC2QtN0A0LzutBtN1B2Z1V1T1S1NzutByBtAzytCtN1Q2Z1B1P1RzutCyDzytAtBzzyDzytCzy%26cr%3D1213498091%26a%3Dwbf_fptxqjxp1acegikmwv4_20_26_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://webdeposit.ensenta.com/eztwainx.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Cnudde\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-12]
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_387.dll [2020-06-27] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-18] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_387.dll [2020-06-27] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) [File not signed]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-18] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @chbrowserupdate.com/Chromium Update;version=3 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-06-02] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @chbrowserupdate.com/Chromium Update;version=9 -> C:\Users\Cnudde\AppData\Local\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2020-06-02] (Chromium.) [File not signed]
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Cnudde\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-26] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cnudde\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-09] (Unity Technologies ApS -> Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2633741134-1219916110-1491873213-1003: @zoom.us/ZoomVideoPlugin -> C:\Users\Cnudde\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-03-23] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default [2020-07-12]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://myhomenetwork.att.com; hxxps://www.bestbuy.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxps://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2020-07-02]
CHR Extension: (YouTube) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-09]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-07-02]
CHR Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2020-07-12]
CHR Extension: (Google Search) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12]
CHR Extension: (Adobe Acrobat) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-06-24]
CHR Extension: (Google Docs Offline) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-27]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-07-12]
CHR Extension: (Search Manager) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpggceimbegdiddifklmeponnmkppfho [2020-06-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-06]
CHR Extension: (Live Football) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo [2018-09-25]
CHR Extension: (Gmail) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-12]
CHR Extension: (Chrome Media Router) - C:\Users\Cnudde\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-10]
CHR HKLM\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKU\S-1-5-21-2633741134-1219916110-1491873213-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojfilbbecboffgonioffpjjhcobjahoe]
CHR HKLM-x32\...\Chrome\Extension: [bnbbhgcfmdnamgfgjfgjdkcjbofkjihb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-06-27] (Adobe Inc. -> Adobe)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [92160 2009-03-31] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-05-20] (Apple Inc. -> Apple Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia -> Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia -> Secunia)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\NisSrv.exe [2496144 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe [104192 2020-07-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 AvastWscReporter; "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BrSerId; C:\WINDOWS\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2020-01-09] (Microsoft Corporation) [File not signed]
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia -> Secunia)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45976 2020-07-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [408816 2020-07-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-07-12] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-12 13:13 - 2020-07-12 13:14 - 000033942 _____ C:\Users\Cnudde\Downloads\FRST.txt
2020-07-12 13:13 - 2020-07-12 13:14 - 000000000 ____D C:\FRST
2020-07-12 13:13 - 2020-07-12 13:13 - 002292736 _____ (Farbar) C:\Users\Cnudde\Downloads\FRST64.exe
2020-07-12 12:07 - 2020-07-12 12:07 - 000068808 _____ C:\ProgramData\agent.uninstall.1594570045.bdinstall.v2.bin
2020-07-12 12:06 - 2020-07-12 12:06 - 000417164 _____ C:\ProgramData\cl.uninstall.1594569526.bdinstall.v2.bin
2020-07-12 11:59 - 2020-07-12 11:59 - 000082012 _____ C:\ProgramData\dm.uninstall.1594569540.bdinstall.v2.bin
2020-07-10 06:52 - 2020-07-10 06:52 - 000216816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2020-07-10 06:52 - 2020-07-10 06:52 - 000175192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2020-07-08 17:52 - 2020-07-08 17:52 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-07-02 16:03 - 2020-07-02 16:03 - 000000000 ____D C:\Users\Cnudde\Downloads\opera autoupdate
2020-07-02 13:50 - 2020-07-02 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2020-06-30 13:53 - 2020-06-30 13:53 - 000104437 _____ C:\Users\Cnudde\Downloads\ACFrOgCTU1oN7qcqSc6qOyZrFiW7z-rWlpmq3RUIcowP1h6Ki4u9Yn5UZqlRv_xFtGY3jOXrvC_bKI93jbCZP5iQpQ-xWjBCYlEOSR0ObIRIf7CSA3ZWqOhNz7nzyCI=.pdf
2020-06-30 13:53 - 2020-06-30 13:53 - 000071901 _____ C:\Users\Cnudde\Downloads\ACFrOgDV8m6agy9fE_foRT91b7v2sAPrQirRhN8-RzSbgntXyFPR-0Kb3-EnoPfv-mE2X7F70LnssUqnccD9d3V2xTMuuDAlg028mvXiVKXh6Dg5AY7t8lXV6g3s0aA=.pdf
2020-06-30 13:53 - 2020-06-30 13:53 - 000070300 _____ C:\Users\Cnudde\Downloads\ACFrOgBeLaUBKJJQEQFoxo8CT7bFcXNZlUUjC4xUIiHaDiJDj3QJGgeoM1EyOC-Mc7ATlq5AA4KftmRgUCSJ3p5VHsja3JkUaARjDYAZ0j0aNahoaRuBOQ1sF2KPp-k=.pdf
2020-06-30 13:52 - 2020-06-30 13:52 - 000126996 _____ C:\Users\Cnudde\Downloads\ACFrOgAMsD-GBROi5dCCdmxXCdDskIQlFDz3TR7Il0wunB6Oy4fMCEh8Rr0SzYed3tajhxXehuDpb0N3N4oD22AlnhxGHnNedJxQC-IHNQJu3V2IK6aQm6SQl91FxAj-Dxtjmun1AuOd8DZNIjm5.pdf
2020-06-27 15:36 - 2020-06-27 15:36 - 000001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-06-27 15:36 - 2020-06-27 15:36 - 000001822 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-06-27 15:36 - 2020-06-27 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-06-27 15:36 - 2020-06-27 15:36 - 000000000 ____D C:\Program Files\iPod
2020-06-27 15:35 - 2020-06-27 15:36 - 000000000 ____D C:\Program Files\iTunes
2020-06-27 15:31 - 2020-06-27 15:31 - 000769764 _____ C:\ProgramData\cl.1593286048.bdinstall.v2.bin
2020-06-27 15:31 - 2020-06-27 15:31 - 000138668 _____ C:\ProgramData\dm.1593286304.bdinstall.v2.bin
2020-06-27 15:31 - 2020-06-27 15:31 - 000104332 _____ C:\ProgramData\cl.kit.1593286033.bdinstall.v2.bin
2020-06-27 15:31 - 2020-06-27 15:31 - 000000000 ____D C:\ProgramData\Bitdefender Device Management
2020-06-27 15:30 - 2020-06-27 15:30 - 000000000 ____D C:\ProgramData\Gemma
2020-06-27 15:30 - 2020-06-27 15:30 - 000000000 ____D C:\ProgramData\Atc
2020-06-27 15:29 - 2020-06-27 15:29 - 000000000 ____D C:\WINDOWS\system32\elambkup
2020-06-27 15:29 - 2020-06-27 15:29 - 000000000 ____D C:\ProgramData\BDLogging
2020-06-27 15:28 - 2020-06-27 15:29 - 003787928 _____ ( ) C:\Users\Cnudde\Downloads\my-talking-tom_2690529315.exe
2020-06-27 15:26 - 2020-07-12 12:15 - 000000000 ____D C:\Program Files (x86)\Chromium
2020-06-27 15:26 - 2020-06-27 15:26 - 000004536 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-06-27 15:25 - 2020-06-27 15:25 - 000111044 _____ C:\ProgramData\agent.1593285922.bdinstall.v2.bin
2020-06-27 15:25 - 2020-06-27 15:25 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2020-06-27 15:25 - 2020-06-27 15:25 - 000000000 ____D C:\ProgramData\{43CA7FF6-6BE2-078E-33BA-2FA6DB52F77E}
2020-06-27 15:23 - 2020-06-27 15:23 - 078905506 _____ C:\Users\Cnudde\Downloads\kinemaster.apk
2020-06-27 15:23 - 2020-06-27 15:23 - 000002446 _____ C:\Users\Cnudde\Desktop\facebook.lnk
2020-06-27 15:23 - 2020-06-27 15:23 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Opera Software
2020-06-27 15:23 - 2020-06-27 15:23 - 000000000 ____D C:\Users\Cnudde\AppData\Local\Opera Software
2020-06-27 15:23 - 2020-06-27 15:23 - 000000000 ____D C:\Program Files\Avast Software
2020-06-27 15:22 - 2020-07-12 12:19 - 000000000 ____D C:\ProgramData\Avast Software
2020-06-27 15:21 - 2020-06-27 15:22 - 003787928 _____ ( ) C:\Users\Cnudde\Downloads\kinemaster_0141086022.exe
2020-06-24 22:17 - 2020-07-09 03:29 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-06-24 22:17 - 2020-07-09 03:29 - 000002282 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-06-24 22:17 - 2020-07-09 03:29 - 000002282 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-06-24 22:17 - 2020-06-25 08:23 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-06-24 22:17 - 2020-06-25 08:23 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-06-22 12:23 - 2020-06-22 12:23 - 000036713 _____ C:\Users\Cnudde\Downloads\fellowship-application.pdf
2020-06-19 12:22 - 2020-06-19 12:22 - 000454085 _____ C:\Users\Cnudde\Downloads\doc (7).pdf
2020-06-15 14:54 - 2020-06-15 14:54 - 000054549 _____ C:\Users\Cnudde\Downloads\8th_Summer_Reading_-_Crossover_Allies.pdf
2020-06-14 17:12 - 2020-06-14 17:12 - 000026921 _____ C:\Users\Cnudde\Downloads\Private-Teacher-Listing (1).pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-12 12:49 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-12 12:23 - 2020-03-04 11:52 - 000940200 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-07-12 12:23 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF
2020-07-12 12:22 - 2020-03-04 11:55 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-07-12 12:19 - 2020-03-04 12:31 - 000000000 ___RD C:\Users\Cnudde\OneDrive
2020-07-12 12:19 - 2020-03-04 11:55 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-07-12 12:19 - 2018-10-29 18:28 - 000000000 ____D C:\Program Files\McAfee
2020-07-12 12:19 - 2014-11-19 18:30 - 000000000 ____D C:\Users\Cnudde\Downloads\ControlCenter
2020-07-12 12:18 - 2019-03-19 00:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-07-12 12:16 - 2020-03-04 12:13 - 000000000 ____D C:\Users\Cnudde\AppData\Local\Packages
2020-07-12 12:16 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-07-12 12:06 - 2011-02-14 10:21 - 000000000 ____D C:\ProgramData\McAfee
2020-07-12 11:40 - 2020-03-04 11:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-07-12 06:53 - 2019-03-19 00:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-07-12 06:01 - 2019-03-19 00:37 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2020-07-10 13:02 - 2019-03-19 00:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-08 17:53 - 2011-03-12 12:40 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Dropbox
2020-07-08 14:03 - 2016-12-04 21:05 - 000001486 _____ C:\Users\Cnudde\Desktop\Roblox Player.lnk
2020-07-08 14:03 - 2016-12-04 21:05 - 000001301 _____ C:\Users\Cnudde\Desktop\Roblox Studio.lnk
2020-07-08 14:03 - 2016-12-04 21:05 - 000000000 ____D C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2020-07-06 21:41 - 2020-03-04 11:55 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-07-06 21:41 - 2017-09-09 11:14 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-06-27 15:26 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-27 15:26 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-06-25 14:03 - 2020-03-04 12:31 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2633741134-1219916110-1491873213-1003
2020-06-25 14:03 - 2020-03-04 11:52 - 000002422 _____ C:\Users\Cnudde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-06-24 22:17 - 2020-03-04 11:52 - 000000000 ____D C:\Users\Cnudde
2020-06-24 15:11 - 2019-03-19 00:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-24 10:31 - 2020-03-04 12:31 - 000000000 ____D C:\Users\Cnudde\AppData\Local\Comms
2020-06-23 17:35 - 2016-04-09 11:11 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
==================== Files in the root of some directories ========
2020-06-10 16:42 - 2020-06-10 16:42 - 000000076 _____ () C:\Users\Cnudde\AppData\Roaming\WB.CFG
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)