Jump to content


Photo

i've been hacked with an updated driver

Started by Carlgrus , Jul 15 2022 09:17 AM

  • Please log in to reply
14 replies to this topic

#1 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 159 posts

Posted 15 July 2022 - 09:17 AM

I updated my drivers via CCleaner and my keyboard on my Surface Pro 3, with attached screen [not detachable], has stopped working .  i'm typing this on the onscreen keyboard. everything else seems to be working.  Here are my MBAM file and FRST and Addition files,  unable to download Security Analysis RGSA, doesn't seem to be available anymore.  l'm traveling for business with this laptop so any help you can give me would be greatly appreciated. thank you .  Carl

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/15/22
Scan Time: 10:22 AM
Log File: 7fa7a916-0449-11ed-8d62-c8348e022bf6.json

-Software Information-
Version: 4.5.11.202
Components Version: 1.0.1716
Update Package Version: 1.0.57265
License: Premium

-System Information-
OS: Windows 11 (Build 22000.795)
CPU: x64
File System: NTFS
User: DESKTOP-RA8BHB0\cruss

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 335225
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 40 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-07-2022
Ran by cruss (administrator) on DESKTOP-RA8BHB0 (Microsoft Corporation Surface Laptop 3) (15-07-2022 10:37:37)
Running from C:\Users\cruss\Downloads
Loaded Profiles: cruss
Platform: Microsoft Windows 11 Pro Version 21H2 22000.795 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(C:\Program Files (x86)\ACT\Act for Windows\Act!.exe ->) (The CefSharp Authors) [File not signed] [File is in use] C:\Program Files (x86)\ACT\Act for Windows\CefSharp.BrowserSubprocess.exe <2>
(C:\Program Files (x86)\Kamo\Kamo.exe ->) (Piriform Software Ltd -> The CefSharp Authors) C:\Program Files (x86)\Kamo\CefSharp.BrowserSubprocess.exe <5>
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\osk.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.545.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.49\msedgewebview2.exe <6>
(DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxEMN.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7>
(dwm.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ISM.exe
(explorer.exe ->) (Act! LLC -> Act! LLC) C:\Program Files (x86)\ACT\Act for Windows\Act!.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <15>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) () [File not signed] C:\ActConnectLink\nssm-x64.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\ACT\Act.Web.API\bin\act.web.api.hosting.exe
(services.exe ->) (Act! LLC) [File not signed] [File is in use] C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\103.0.5060.46\remoting_host.exe <2>
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d73f88d32ddb95d3\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.37.139.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe
(services.exe ->) (Piriform Software Ltd -> ) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files (x86)\Kamo\KamoSvc.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_549ec1e4af1ff178\RtkAudUService64.exe <2>
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(services.exe ->) (Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectPnPService.exe
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(sihost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12>
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.545.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
(svchost.exe ->) (Piriform Software Ltd -> Piriform) C:\Program Files (x86)\Kamo\Kamo.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_549ec1e4af1ff178\RtkAudUService64.exe [835680 2021-06-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213760 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [TechSmithSnagit] => C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe [9094872 2022-02-25] (TechSmith Corporation -> TechSmith Corporation)
HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe [4560720 2022-05-25] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11186440 2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [HeimdalAgentLoader] => C:\Program Files (x86)\Heimdal\Heimdal.AgentLoader.exe [43224 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
HKLM-x32\...\Run: [Zwift] => C:\Program Files (x86)\Zwift\ZwiftLauncher.exe [18040192 2022-01-05] (Zwift, Inc. -> Zwift, Inc)
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [272504 2021-02-24] (Act! LLC -> Act! LLC)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [DYMOWebApi] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe [181230592 2022-02-24] (Sanford, L.P. -> DYMO.WebApi.Win.Host)
HKLM-x32\...\Run: [DymoOfficeHelper] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.OfficeHelper.exe [63488 2022-02-24] () [File not signed]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632088 2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632088 2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2632088 2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36976728 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1866544 2013-03-05] (Sanford, L.P. -> Sanford, L.P.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [AvastBrowserAutoLaunch_38E8DBE963846923F5008B0D528FC97A] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2793640 2022-07-05] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [ZoomInfo Contact Contributor] => C:\Users\cruss\AppData\Local\ZoomInfoCEUtility\launch.bat [108 2021-01-11] () [File not signed]
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [Nextcloud] => C:\Program Files\Nextcloud\nextcloud.exe [3825944 2022-03-18] (Nextcloud GmbH -> Nextcloud GmbH)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [] => [X]
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [DYMOConnectLauncher] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectLauncher.exe [163968 2022-02-24] (Sanford, L.P. -> )
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [MicrosoftEdgeAutoLaunch_88CD0AC2E08AC39BA3E5773C80221B99] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-07-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP 5912 Status Monitor: C:\WINDOWS\system32\hpinksts5912LM.dll [331664 2012-06-18] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8600): C:\WINDOWS\system32\HPDiscoPM5912.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\rica5Xlm: C:\WINDOWS\system32\rica5Xlm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.83\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\103.0.17593.114\Installer\chrmstp.exe [2022-07-13] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.114\Installer\chrmstp.exe [2022-07-05] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\cruss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2021-04-22]
ShortcutAndArgument: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN36QDXGHQ05KC;CONNECTION=NW;MONITOR=1;
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0565D503-41ED-405D-89F6-192A6930C1AA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {07666173-3780-4E7D-8088-420A5C8E4109} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-03] (Google Inc -> Google LLC)
Task: {0BAF53F1-AF06-457D-89A4-7BA1D0129EBF} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
Task: {201FD886-3793-4EA8-972D-547FC18F51CB} - System32\Tasks\G2MUploadTask-S-1-5-21-3941208988-4064051922-1525667148-1001 => C:\Users\cruss\AppData\Local\GoToMeeting\19932\g2mupload.exe [31176 2021-11-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {2699BFE8-133C-4FA4-A84E-38F20A0783BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-03] (Google Inc -> Google LLC)
Task: {27BACBBE-3A05-4788-B144-5EFDF97E71AC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4938496 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
Task: {28F1AEE0-B9A2-46A2-8245-FC28C103A039} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1197392 2022-06-20] (Avast Software s.r.o. -> AVAST Software)
Task: {2A6199A1-F252-4C33-B4A4-5ECA328726AC} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
Task: {2DC16A3E-2F6F-43A4-B8C1-60FE8CD823C3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\cruss\Downloads\esetonlinescanner.exe LOGON (No File)
Task: {2FF8580B-2B7D-4ADF-874A-52180D78C9A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378872 2022-07-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {32DC7478-72FF-4E26-8FEF-16BC293099E9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {368FEC66-27BD-41E3-BC1A-26BEBD11F6F7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {39F8018F-7EBF-4A73-88D5-2C2DB0F6F50D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378872 2022-07-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {3AFF63AA-19DA-4282-AFE5-3DFCAB6693FF} - System32\Tasks\CCleanerSkipUAC - cruss => C:\Program Files\CCleaner\CCleaner.exe [31027800 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {48322853-9738-4EB9-9D00-AF706023EB04} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
Task: {486F2677-B1E8-4D04-B40B-3169F9542749} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2793640 2022-07-05] (Avast Software s.r.o. -> AVAST Software)
Task: {4E5E608A-24B6-4520-B73A-BF9D17639764} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145320 2022-07-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {501E8539-76D9-40B6-94BC-F9D1E67C7144} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\cruss\Downloads\esetonlinescanner.exe SCHED (No File)
Task: {53D547E5-4143-4E05-A44D-7AD3E230453E} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64416 2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DB332C7-887E-4873-B721-0EADE023BFD3} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3941208988-4064051922-1525667148-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214144 2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {6FB855B8-FFD4-4808-A9F3-E71510B0C20A} - System32\Tasks\G2MUpdateTask-S-1-5-21-3941208988-4064051922-1525667148-1001 => C:\Users\cruss\AppData\Local\GoToMeeting\19932\g2mupdate.exe [31176 2021-11-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {72A8C9D0-EECE-475B-8B67-C982B4589E3D} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4613456 2022-05-25] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid f49bcb77-354e-4fa1-b521-40b247cda57e
Task: {768B3DD0-DBF6-4C43-8F13-EE3307FDB9B7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {7ACE9DAD-8BF7-4079-8594-9C959A60037E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {87BD8628-3366-49F5-ABFE-E10276366CA1} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {8DE917F7-843D-4D40-8ADC-C98B92F4EA31} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6634776 2022-05-30] (Avast Software s.r.o. -> Avast Software)
Task: {8E9CA863-2CA8-42FE-BB85-4B0F9C273B36} - System32\Tasks\CCleanerSkipUAC - SYSTEM => C:\Program Files\CCleaner\CCleaner.exe [31027800 2022-06-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {93142CA3-3C0A-4BDB-8524-421373C6C6C2} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [1689600 2018-01-31] (Informer Technologies, Inc.) [File not signed]
Task: {93E9AC07-AE04-4A30-90D5-81963064F261} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {946652F4-765F-41A9-BE4D-6D5E9B4E4C8E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {A0ACD289-6C75-4D8F-BBB1-167DE9645166} - System32\Tasks\Heimdal Security Service Monitor => C:\WINDOWS\SysWOW64\Heimdal Security\Heimdal Jobs\Heimdal.MonitorServices.exe [42200 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
Task: {A614C253-0A36-4DFC-B80A-5DA18FE27BA8} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2793640 2022-07-05] (Avast Software s.r.o. -> AVAST Software)
Task: {A86320A3-5859-4FB7-A252-BA2D6555184D} - System32\Tasks\Kamo\KamoStart => C:\Program Files (x86)\Kamo\Kamo.exe [900352 2022-06-28] (Piriform Software Ltd -> Piriform)
Task: {ADDD1D7B-3CF6-4901-90CE-70159106305D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {B380C96F-9963-48CA-BDFA-96D0086D0791} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B9070784-2B80-4E30-84D2-70668FB5F701} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {BCAEC4FE-76EC-4F3B-AA26-5DCBBC44B718} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [6667600 2022-05-19] (Avast Software s.r.o. -> Avast Software)
Task: {C444747D-7C2B-436E-BB18-3D41B42E3CA1} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4615504 2022-06-20] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 8555d14e-76f8-43de-ac00-c5de57528bcf
Task: {C77D7B51-5BD7-4FB4-BD10-7AEA6E48F316} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145320 2022-07-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {CEE01250-8B26-4684-9314-0078E8E1B49B} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214144 2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {D7D85984-7C81-499E-81EA-DEFB806FB085} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2022-06-21] (Piriform Software Ltd -> Piriform Software Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3941208988-4064051922-1525667148-1001.job => C:\Users\cruss\AppData\Local\GoToMeeting\19932\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3941208988-4064051922-1525667148-1001.job => C:\Users\cruss\AppData\Local\GoToMeeting\19932\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8
Tcpip\..\Interfaces\{0594af8b-abec-469b-9745-ab935433be86}: [DhcpNameServer] 172.16.235.200 172.17.132.200 172.16.255.200
Tcpip\..\Interfaces\{1939fd7b-6712-4265-a4c3-e6b48f2ce4ff}: [DhcpNameServer] 192.168.1.1 8.8.8.8
Tcpip\..\Interfaces\{e5e98d18-3337-4e3d-b67d-43a7156029e8}: [DhcpNameServer] 192.168.1.1 8.8.8.8

Edge:
=======
DownloadDir: C:\Users\cruss\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\cruss\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-15]
Edge HomePage: Default -> hxxps://www.bing.com/?pc=U528
Edge StartupUrls: Default -> "hxxps://www.bing.com/?pc=U528"
Edge Extension: (Dashlane - Password Manager) - C:\Users\cruss\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gehmmocbbkpblljhkekmfhjpfbkclbph [2022-07-12]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\cruss\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-06-28]
Edge Extension: (Capital One Shopping: Add to Edge for Free) - C:\Users\cruss\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2022-07-15]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: g5xy1w6g.default
FF ProfilePath: C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\g5xy1w6g.default [2022-06-21]
FF user.js: detected! => C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\g5xy1w6g.default\user.js [2022-06-21]
FF ProfilePath: C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046 [2022-07-15]
FF user.js: detected! => C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\user.js [2022-06-21]
FF Homepage: Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046 -> hxxps://www.bing.com/?pc=U528
FF Notifications: Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046 -> hxxps://zwiftinsider.com; hxxps://www.youtube.com; hxxps://www.overstock.com; hxxps://www.statista.com
FF HomepageOverride: Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046 -> Enabled: {3e06d96e-26f5-4a68-ac64-2b6bc583a35d}
FF Extension: (Cisco Webex Extension) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\ciscowebexstart1@cisco.com.xpi [2022-07-05]
FF Extension: (iCloud Bookmarks) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\firefoxdav@icloud.com.xpi [2020-02-13]
FF Extension: (Dashlane) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\jetpack-extension@dashlane.com.xpi [2022-07-12] [UpdateUrl:hxxps://ws1.dashlane.com/5/binaries/query?logins=&platform=firefox&target=ff_web_extension&format=json&version=]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\sp@avast.com.xpi [2022-06-27]
FF Extension: (Avast Online Security & Privacy) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\wrc@avast.com.xpi [2022-06-07]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-06-28]
FF Extension: (Microsoft Bing Homepage and Search Engine) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{3e06d96e-26f5-4a68-ac64-2b6bc583a35d}.xpi [2022-03-09] [UpdateUrl:hxxps://browserdefaults.microsoft.com/FirefoxExtn/updateextension.json]
FF Extension: (Capital One Shopping: Online Coupon Tool) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{aff8af88-06a9-4eee-b383-3af08c47b8c8}.xpi [2022-07-10]
FF Extension: (Zoom Scheduler) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}.xpi [2022-06-06]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-07-05]
FF Extension: (Safe Search powered by Yahoo) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{fd299ce1-1602-4490-b659-f45504f9324c}.xpi [2021-08-03] [UpdateUrl:hxxps://addons.safetybrowsing.com/gyff/updates.json]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-07-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2013-03-05] (Sanford, L.P. ->  Sanford L.P.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin ProgramFiles/Appdata: C:\Users\cruss\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-04-01]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default [2022-07-14]
CHR HomePage: Default -> hxxps://www.bing.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Bitmoji) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfgdeiadkckfbkeigkoncpdieiiefpig [2022-01-21]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-07-05]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-06-14]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2022-06-27]
CHR Extension: (Dashlane - Password Manager) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2022-06-27]
CHR Extension: (Chrome Remote Desktop) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-11-03]
CHR Extension: (Google Docs Offline) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-27]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-06-29]
CHR Extension: (Chrome Remote Desktop) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-11-03]
CHR Extension: (Disconnect) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2020-10-08]
CHR Extension: (Cisco Webex Extension) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2021-12-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U2 ActConnectLink; C:\ActConnectLink\nssm-x64.exe [331264 2014-08-31] () [File not signed]
R2 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [26624 2021-02-24] (Act! LLC) [File not signed] [File is in use]
R2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [26624 2021-02-24] (Act! LLC) [File not signed] [File is in use]
R2 ActWebApiService; C:\Program Files (x86)\ACT\Act.Web.API\bin\act.web.api.hosting.exe [22528 2021-05-17] () [File not signed]
S4 ActWebHookMessengerService; C:\Program Files (x86)\ACT\act.webhook.notifications\bin\act.webhook.notifications.exe [93696 2021-05-17] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8486968 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [590080 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2009344 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [589056 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\103.0.17593.114\elevation_service.exe [1991960 2022-07-05] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-02] (Avast Software s.r.o. -> AVAST Software)
R2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1081432 2022-06-14] (Piriform Software Ltd -> )
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\103.0.5060.46\remoting_host.exe [73104 2022-06-09] (Google LLC -> Google LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111288 2022-07-12] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46872 2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
S4 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [1051136 2021-10-13] (wondershare) [File not signed]
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [7680336 2022-05-25] (Avast Software s.r.o. -> AVAST Software)
R2 DYMOConnectPnPService; C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectPnPService.exe [26112 2022-02-24] (Sanford, L.P.) [File not signed]
S4 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P. -> Sanford, L.P.)
S4 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\ElevationService.exe [907776 2021-09-23] () [File not signed]
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.131.0619.0001\FileSyncHelper.exe [3381632 2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
S4 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1702\g2ax_service.exe [614856 2022-02-09] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 Heimdal Admin Privilege; C:\Program Files (x86)\Heimdal\Heimdal.AdminPrivilege.exe [162008 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Antivirus; C:\Program Files (x86)\Heimdal\Heimdal.Antivirus.exe [345304 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Client Host; C:\Program Files (x86)\Heimdal\Heimdal.ClientHost.exe [132824 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal DarkLayer Guard; C:\Program Files (x86)\Heimdal\Heimdal.DarkLayerGuard.exe [221912 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Firewall; C:\Program Files (x86)\Heimdal\Heimdal.Firewall.exe [75480 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Insights; C:\Program Files (x86)\Heimdal\Heimdal.Insights.exe [74968 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal MailSentry; C:\Program Files (x86)\Heimdal\Heimdal.MailSentry.exe [85720 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Monitor; C:\Program Files (x86)\Heimdal\Heimdal.Monitor.exe [53976 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal ProcessLock; C:\Program Files (x86)\Heimdal\Heimdal.ProcessLock.exe [112856 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal RemoteDesktop; C:\Program Files (x86)\Heimdal\Heimdal.RemoteDesktop.exe [59608 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Update Service; C:\Program Files (x86)\Heimdal\Heimdal.UpdateService.exe [59464 2020-06-25] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Uptime Checker; C:\Program Files (x86)\Heimdal\Heimdal.UptimeChecker.exe [63192 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
R2 KamoSvc; C:\Program Files (x86)\Kamo\KamoSvc.exe [1974528 2022-06-28] (Piriform Software Ltd -> Piriform Software Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-15] (Malwarebytes Inc. -> Malwarebytes)
R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.131.0619.0001\OneDriveUpdaterService.exe [3822496 2022-07-10] (Microsoft Corporation -> Microsoft Corporation)
S4 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13921616 2021-07-01] (Adlice -> )
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9762128 2022-06-20] (Avast Software s.r.o. -> AVAST Software)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6207688 2022-06-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SQLAgent$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
R2 SurfaceExperienceService-5.37; C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.37.139.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8726944 2022-07-14] (Microsoft Corporation -> Microsoft)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [14585248 2022-06-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WMIRegistrationService; C:\WINDOWS\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2021-07-25] (Intel Corporation -> Intel Corporation)
S4 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262880 2021-10-14] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\DriverInstall.exe [124424 2021-09-23] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Default\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [235584 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [385560 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [258072 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [104976 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25048 2022-06-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [47976 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [274536 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [553928 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [113984 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [89056 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [860416 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [668208 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [221528 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [324864 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [65944 2022-06-20] (Avast Software s.r.o. -> Avast Software)
R3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [37104 2022-06-20] (Avast Software s.r.o. -> WireGuard LLC)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-07-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 iaLPSS2_GPIO2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_90beccc7e046abab\iaLPSS2_GPIO2_ICL.sys [132872 2021-05-25] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2021-05-25] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_icl.inf_amd64_b535659b9405201a\iaLPSS2_UART2_ICL.sys [312600 2021-05-25] (Intel Corporation -> Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\DriverStore\FileRepository\intcaudiobus.inf_amd64_2b27d88d994fb23c\IntcAudioBus.sys [300864 2021-01-27] ((PREPRODUCTION USE ONLY) Smart Sound Technology -> Intel® Corporation)
R3 IntcOED; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_687314a06853d3c2\IntcOED.sys [1278272 2021-01-27] ((PREPRODUCTION USE ONLY) Smart Sound Technology -> Intel® Corporation)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2019-06-18] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-07-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-15] (Malwarebytes Inc. -> Malwarebytes)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [116296 2022-06-20] (Piriform Software Ltd -> Windows ® Win 7 DDK provider)
S4 RsFx0300; C:\WINDOWS\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
S3 rtump63x64; C:\WINDOWS\System32\drivers\rtump63x64.sys [971360 2021-12-21] (Realtek Semiconductor Corp. -> Realtek Corporation)
R3 rtump64x64; C:\WINDOWS\System32\drivers\rtump64x64.sys [1073608 2022-05-13] (Realtek Semiconductor Corp. -> Realtek Corporation)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows ® Win 7 DDK provider)
S3 SurfaceBattery; C:\WINDOWS\System32\DriverStore\FileRepository\surfacebattery.inf_amd64_1028dadb684c3ca6\SurfaceBattery.sys [334856 2020-11-20] (Microsoft Corporation -> Microsoft Corporation)
S3 SurfaceHotPlug; C:\WINDOWS\System32\DriverStore\FileRepository\surfacehotplug.inf_amd64_969ca64342a7b9bf\SurfaceHotPlug.sys [426840 2021-06-24] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceLightSensor; C:\WINDOWS\System32\DriverStore\FileRepository\surfacelightsensor.inf_amd64_2e1054954bf6a237\SurfaceLightSensor.sys [244216 2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
S3 SurfacePowerTrackerCore; C:\WINDOWS\System32\DriverStore\FileRepository\surfacepowertrackercore.inf_amd64_617dc1f6160f71ab\SurfacePowerTrackerCore.sys [405872 2021-07-01] (Microsoft Corporation -> Microsoft Corporation)
S3 SurfaceSerialHubDriver; C:\WINDOWS\System32\DriverStore\FileRepository\surfaceserialhubdriver.inf_amd64_0fbecbb6d745fcec\SurfaceSerialHubDriver.sys [395640 2021-06-24] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceTconDriver; C:\WINDOWS\System32\DriverStore\FileRepository\surfacetcondriver.inf_amd64_ffe66823cceccded\SurfaceTconDriver.sys [308600 2021-05-25] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceVirtualFunctionEnum; C:\WINDOWS\System32\DriverStore\FileRepository\surfacevirtualfunctionenum.inf_amd64_2fa2ee1a8b7bba84\SurfaceVirtualFunctionEnum.sys [199536 2021-06-20] (Microsoft Corporation -> Microsoft Corporation)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-05-26] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-11-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435424 2021-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-19] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-15 10:36 - 2022-07-15 10:36 - 002369536 _____ (Farbar) C:\Users\cruss\Downloads\FRST64(1).exe
2022-07-15 10:27 - 2022-07-15 10:27 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\cruss\Downloads\rkill.exe
2022-07-15 10:19 - 2022-07-15 10:19 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-15 10:19 - 2022-07-15 10:19 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-07-15 10:18 - 2022-07-15 10:18 - 002556344 _____ (Malwarebytes) C:\Users\cruss\Downloads\MBSetup-37335.37335.exe
2022-07-15 10:05 - 2022-07-15 10:05 - 051296144 _____ C:\Users\cruss\Downloads\IMG_7020.MOV
2022-07-14 18:16 - 2022-07-15 10:19 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-14 18:15 - 2022-07-15 10:19 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-14 18:13 - 2022-07-14 18:13 - 000000000 ____D C:\Users\cruss\Downloads\Surface Pro 3 AssetTag
2022-07-14 18:12 - 2022-07-14 18:12 - 000002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Surface Pro 3 TPM Update Tool.lnk
2022-07-14 18:12 - 2022-07-14 18:12 - 000000000 ____D C:\Program Files\Microsoft Surface Pro 3 TPM Update Tool
2022-07-14 18:10 - 2022-07-14 18:10 - 007911935 _____ C:\Users\cruss\Downloads\Surface Pro 3 KB2978002.zip
2022-07-14 18:10 - 2022-07-14 18:10 - 001998848 _____ C:\Users\cruss\Downloads\Microsoft_Surface_Pro_3_Tpm_Update_Tool_Setup.msi
2022-07-14 18:10 - 2022-07-14 18:10 - 000491520 _____ C:\Users\cruss\Downloads\Surface Firmware Tool.msi
2022-07-14 18:10 - 2022-07-14 18:10 - 000061094 _____ C:\Users\cruss\Downloads\Surface Pro 3 AssetTag.zip
2022-07-14 18:07 - 2022-07-14 18:11 - 689688576 _____ C:\Users\cruss\Downloads\SurfacePro7_Win11_22000_22.032.19761.0.msi
2022-07-14 18:04 - 2022-07-14 18:04 - 000000000 ____D C:\ProgramData\SurfaceExperienceService
2022-07-14 11:12 - 2022-07-14 11:12 - 000270592 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-07-14 11:12 - 2022-07-14 11:12 - 000221528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2022-07-12 17:35 - 2022-07-15 10:19 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-12 17:25 - 2022-07-12 17:25 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-12 17:25 - 2022-07-12 17:25 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-12 17:25 - 2022-07-12 17:25 - 000015040 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-12 17:23 - 2022-07-12 17:23 - 000000000 ___HD C:\$WinREAgent
2022-07-11 13:37 - 2022-07-11 13:37 - 001214328 _____ C:\Users\cruss\Downloads\110_Webb_Street_Flyer_For_Lease.pdf
2022-07-11 13:27 - 2022-07-11 13:27 - 009741490 _____ C:\Users\cruss\Downloads\104_Spreadsheets_2018-12-27-1.zip
2022-07-10 13:27 - 2022-07-12 17:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-07 10:17 - 2022-07-07 10:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-07-07 10:16 - 2022-07-07 10:16 - 000000000 ____D C:\Users\cruss\OneDrive\Documents\RingCentral
2022-07-04 10:42 - 2022-07-04 10:42 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2022-07-04 10:42 - 2022-07-04 10:42 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2022-07-04 10:42 - 2022-07-04 10:42 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2022-07-04 10:42 - 2022-07-04 10:42 - 000046872 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2022-07-01 16:09 - 2022-07-01 16:09 - 006248819 _____ C:\Users\cruss\Downloads\60WellingtonCBCSaleBrochureL (1).pdf
2022-06-28 09:50 - 2022-06-28 09:50 - 000335872 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-06-27 09:18 - 2022-06-27 09:18 - 000025048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2022-06-23 09:56 - 2022-06-23 09:56 - 000000000 ____D C:\Users\cruss\.ms-ad
2022-06-21 11:00 - 2022-06-21 11:00 - 000000000 ____D C:\Users\cruss\OneDrive\Documents\DYMO Connect
2022-06-21 10:58 - 2022-06-21 10:58 - 000002769 _____ C:\Users\Public\Desktop\DYMO Connect.lnk
2022-06-21 10:52 - 2022-06-21 10:54 - 299079768 _____ (DYMO) C:\Users\cruss\Downloads\DCDSetup1.4.3.131.exe
2022-06-20 09:32 - 2022-06-20 09:32 - 008234296 _____ (Piriform Software Ltd) C:\Users\cruss\Downloads\spsetup132.exe
2022-06-20 09:32 - 2022-06-20 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2022-06-20 09:31 - 2022-06-20 09:31 - 000000000 ____D C:\Program Files\Speccy
2022-06-20 09:31 - 2022-06-20 09:31 - 000000000 ____D C:\Program Files\Recuva
2022-06-20 09:31 - 2022-06-20 09:31 - 000000000 ____D C:\Program Files\Defraggler
2022-06-20 09:29 - 2022-06-20 09:30 - 059317896 _____ (Piriform Software Ltd) C:\Users\cruss\Downloads\CCleanerBundle-600-Setup.exe
2022-06-20 09:28 - 2022-06-20 09:28 - 001358416 _____ (Piriform) C:\Users\cruss\Downloads\kamo_2.1.1.3164.0_bundle(2).exe
2022-06-20 09:26 - 2022-07-15 08:11 - 000000000 ____D C:\Users\cruss\AppData\Local\Kamo
2022-06-20 09:26 - 2022-07-14 18:17 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2022-06-20 09:26 - 2022-06-20 09:26 - 000065944 _____ (Avast Software) C:\WINDOWS\system32\Drivers\aswVpnRdr.sys
2022-06-20 09:26 - 2022-06-20 09:26 - 000037104 _____ (WireGuard LLC) C:\WINDOWS\system32\Drivers\aswWintun.sys
2022-06-20 09:26 - 2022-06-20 09:25 - 000116296 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\netfilter2.sys
2022-06-20 09:25 - 2022-07-14 13:47 - 000000000 ____D C:\Program Files (x86)\Kamo
2022-06-20 09:25 - 2022-06-21 10:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Kamo
2022-06-20 09:25 - 2022-06-20 09:25 - 001358416 _____ (Piriform) C:\Users\cruss\Downloads\kamo_2.1.1.3164.0_bundle(1).exe
2022-06-20 09:25 - 2022-06-20 09:25 - 000001965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kamo.lnk
2022-06-20 09:25 - 2022-06-20 09:25 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2022-06-20 09:25 - 2022-06-20 09:25 - 000000000 ____D C:\Program Files\Common Files\Piriform
2022-06-20 09:25 - 2022-06-20 09:25 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2022-06-20 09:24 - 2022-06-20 09:24 - 001358416 _____ (Piriform) C:\Users\cruss\Downloads\kamo_2.1.1.3164.0_bundle.exe
2022-06-15 15:27 - 2022-06-15 15:27 - 000024919 _____ C:\Users\cruss\Downloads\US-Canada-Powerbroker-Submissions-Sales.xlsx
2022-06-15 12:26 - 2022-06-15 12:26 - 000874867 _____ C:\Users\cruss\Downloads\Concept Plan 31-49 Silvermine Road - 100K SF -.pdf
2022-06-15 12:23 - 2022-06-15 12:23 - 002276371 _____ C:\Users\cruss\Downloads\Fact Sheet HL w Demographics & price reduc - 31-47 Silvermine Rd, Seym - 5-24-22 PDF.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-15 10:38 - 2020-06-03 18:51 - 000052175 _____ C:\Users\cruss\Downloads\FRST.txt
2022-07-15 10:37 - 2020-02-11 14:07 - 000000000 ____D C:\FRST
2022-07-15 10:29 - 2021-06-05 08:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-15 10:19 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-07-15 10:19 - 2020-08-13 14:44 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-07-15 10:19 - 2019-11-03 23:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-07-15 10:19 - 2019-11-03 23:01 - 000000000 ____D C:\Program Files\Malwarebytes
2022-07-15 10:16 - 2019-11-03 22:21 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-15 10:10 - 2019-11-03 15:02 - 000000000 ____D C:\Users\cruss\OneDrive\Documents\Outlook Files
2022-07-15 10:03 - 2022-02-09 11:51 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-15 10:02 - 2019-11-03 17:46 - 000000000 ____D C:\Users\cruss\AppData\LocalLow\Mozilla
2022-07-15 09:40 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-07-15 09:30 - 2021-03-19 14:57 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2022-07-15 09:25 - 2021-10-30 09:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-15 09:25 - 2021-06-05 08:09 - 000000000 ____D C:\WINDOWS\INF
2022-07-15 09:11 - 2019-11-03 22:59 - 000000000 ____D C:\Users\cruss\AppData\Local\AVAST Software
2022-07-15 08:38 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\A

#2 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 159 posts

Posted 15 July 2022 - 02:46 PM

I was able to fix this....so thank you anyways...l was finally able to remove the drivers that I had updated, and start over...I'm all set....thanks, all


#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,428 posts

Posted 16 July 2022 - 07:40 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
 

start::

CreateRestorePoint:
CloseProcesses:

Comment: Items from the FRST.TXT log that will be removed.
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2DC16A3E-2F6F-43A4-B8C1-60FE8CD823C3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\cruss\Downloads\esetonlinescanner.exe LOGON (No File)
Task: {501E8539-76D9-40B6-94BC-F9D1E67C7144} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\cruss\Downloads\esetonlinescanner.exe SCHED (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

Comment: Items from the Addition.txt log that will be removed.
HKLM\...\.scr: => <==== ATTENTION

Comment: TCP/IP Reset
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /flushDNS

Comment: To rebuild the performance counter library values.
CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
CMD: "C:\Windows\SysWOW64\lodctr.exe /R"

Comment: Use Farbar routine to delete temp files
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
C:\Program Files (x86)\Temp\*.tmp

Comment: Some maintenance.
cmd: sfc /scannow
cmd: DISM.exe /Online /Cleanup-image /Scanhealth
cmd: DISM.exe /Online /Cleanup-image /Restorehealth

Reboot:

End::

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
Let me know what problem persists.
===


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,428 posts

Posted 20 July 2022 - 07:05 AM

Is the problem solved?


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 159 posts

Posted 22 July 2022 - 10:16 PM

here's the Fixlog.txt Thank you, yes, the problem is fixed, although the laptop seems to be moving much slower...don't know why

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by cruss (22-07-2022 23:07:59) Run:5
Running from C:\Users\cruss\Downloads
Loaded Profiles: cruss
Boot Mode: Normal
==============================================

fixlist content:
*****************
start::

CreateRestorePoint:
CloseProcesses:

Comment: Items from the FRST.TXT log that will be removed.
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {2DC16A3E-2F6F-43A4-B8C1-60FE8CD823C3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\cruss\Downloads\esetonlinescanner.exe LOGON (No File)
Task: {501E8539-76D9-40B6-94BC-F9D1E67C7144} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\cruss\Downloads\esetonlinescanner.exe SCHED (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

Comment: Items from the Addition.txt log that will be removed.
HKLM\...\.scr: => <==== ATTENTION

Comment: TCP/IP Reset
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /flushDNS

Comment: To rebuild the performance counter library values.
CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
CMD: "C:\Windows\SysWOW64\lodctr.exe /R"

Comment: Use Farbar routine to delete temp files
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
C:\Program Files (x86)\Temp\*.tmp

Comment: Some maintenance.
cmd: sfc /scannow
cmd: DISM.exe /Online /Cleanup-image /Scanhealth
cmd: DISM.exe /Online /Cleanup-image /Restorehealth

Reboot:

End::
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2DC16A3E-2F6F-43A4-B8C1-60FE8CD823C3}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DC16A3E-2F6F-43A4-B8C1-60FE8CD823C3}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{501E8539-76D9-40B6-94BC-F9D1E67C7144}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{501E8539-76D9-40B6-94BC-F9D1E67C7144}" => removed successfully
C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
HKLM\Software\Classes\.scr\\"Default"="scrfile" => value restored successfully

========= netsh int ip reset c:\resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe /R" =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe /R" =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "C:\Windows\SYSTEM32\lodctr.exe /R" =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= "C:\Windows\SysWOW64\lodctr.exe /R" =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


=========== "C:\Windows\Temp\*.*" ==========

C:\Windows\Temp\DESKTOP-RA8BHB0-20220721-1211b.log => moved successfully
C:\Windows\Temp\DESKTOP-RA8BHB0-20220722-0640.log => moved successfully
C:\Windows\Temp\DESKTOP-RA8BHB0-20220722-0645.log => moved successfully
C:\Windows\Temp\DESKTOP-RA8BHB0-20220722-0655.log => moved successfully
C:\Windows\Temp\DESKTOP-RA8BHB0-20220722-0701.log => moved successfully
C:\Windows\Temp\DESKTOP-RA8BHB0-20220722-0735.log => moved successfully
C:\Windows\Temp\DESKTOP-RA8BHB0-20220722-0741.log => moved successfully
C:\Windows\Temp\DESKTOP-RA8BHB0-20220722-1031.log => moved successfully
C:\Windows\Temp\DESKTOP-RA8BHB0-20220722-1039.log => moved successfully
C:\Windows\Temp\DESKTOP-RA8BHB0-20220722-1045.log => moved successfully
C:\Windows\Temp\DESKTOP-RA8BHB0-20220722-2024.log => moved successfully
Could not move "C:\Windows\Temp\DESKTOP-RA8BHB0-20220722-2308.log" => Scheduled to move on reboot.
C:\Windows\Temp\officeclicktorun.exe_streamserver(202207221039481AE8).log => moved successfully
Could not move "C:\Windows\Temp\officeclicktorun.exe_streamserver(202207222308389520).log" => Scheduled to move on reboot.
C:\Windows\Temp\wbxtra_07222022_065554.wbt => moved successfully
C:\Windows\Temp\wbxtra_07222022_103947.wbt => moved successfully

========= End -> "C:\Windows\Temp\*.*" ========


=========== "C:\WINDOWS\system32\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\system32\*.tmp" ========


=========== "C:\WINDOWS\syswow64\*.tmp" ==========

not found

========= End -> "C:\WINDOWS\syswow64\*.tmp" ========


=========== "C:\Program Files (x86)\Temp\*.tmp" ==========

not found

========= End -> "C:\Program Files (x86)\Temp\*.tmp" ========


========= sfc /scannow =========


Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

========= End of CMD: =========


========= DISM.exe /Online /Cleanup-image /Scanhealth =========


Deployment Image Servicing and Management tool
Version: 10.0.22000.653

Image Version: 10.0.22000.795


[==                         4.9%                           ]

[===                        5.7%                           ]

[===                        6.3%                           ]

[====                       7.3%                           ]

[====                       7.7%                           ]

[=====                      8.7%                           ]

[=====                      9.2%                           ]

[=====                      10.1%                          ]

[======                     11.1%                          ]

[=======                    12.1%                          ]

[=======                    12.6%                          ]

[=======                    12.7%                          ]

[=======                    13.5%                          ]

[========                   14.4%                          ]

[========                   15.4%                          ]

[=========                  16.4%                          ]

[=========                  17.1%                          ]

[==========                 18.0%                          ]

[==========                 18.6%                          ]

[===========                19.0%                          ]

[===========                19.5%                          ]

[===========                19.9%                          ]

[===========                20.7%                          ]

[============               21.3%                          ]

[============               21.8%                          ]

[============               22.3%                          ]

[=============              22.7%                          ]

[=============              22.9%                          ]

[=============              23.5%                          ]

[=============              23.8%                          ]

[=============              24.1%                          ]

[==============             24.4%                          ]

[==============             24.8%                          ]

[==============             25.1%                          ]

[==============             25.4%                          ]

[==============             25.5%                          ]

[==============             25.6%                          ]

[==============             25.7%                          ]

[==============             25.7%                          ]

[===============            26.0%                          ]

[===============            26.7%                          ]

[===============            27.3%                          ]

[================           28.1%                          ]

[================           29.0%                          ]

[=================          29.8%                          ]

[=================          30.3%                          ]

[==================         31.3%                          ]

[==================         32.3%                          ]

[===================        33.3%                          ]

[===================        34.2%                          ]

[====================       35.2%                          ]

[====================       36.2%                          ]

[=====================      37.1%                          ]

[======================     38.0%                          ]

[======================     39.0%                          ]

[=======================    40.0%                          ]

[=======================    41.0%                          ]

[========================   42.0%                          ]

[========================   42.8%                          ]

[=========================  43.8%                          ]

[=========================  44.2%                          ]

[=========================  44.3%                          ]

[=========================  44.8%                          ]

[========================== 45.3%                          ]

[========================== 45.6%                          ]

[========================== 46.0%                          ]

[========================== 46.3%                          ]

[========================== 46.5%                          ]

[===========================47.1%                          ]

[===========================47.6%                          ]

[===========================48.6%                          ]

[===========================49.4%                          ]

[===========================50.0%                          ]

[===========================50.5%                          ]

[===========================50.6%                          ]

[===========================50.7%                          ]

[===========================51.6%                          ]

[===========================51.9%                          ]

[===========================52.5%                          ]

[===========================52.7%                          ]

[===========================53.2%                          ]

[===========================53.4%                          ]

[===========================54.0%                          ]

[===========================54.9%                          ]

[===========================55.3%                          ]

[===========================55.6%                          ]

[===========================56.1%                          ]

[===========================56.5%                          ]

[===========================56.8%                          ]

[===========================57.1%=                         ]

[===========================57.1%=                         ]

[===========================57.4%=                         ]

[===========================57.7%=                         ]

[===========================57.9%=                         ]

[===========================58.3%=                         ]

[===========================58.4%=                         ]

[===========================58.9%==                        ]

[===========================59.0%==                        ]

[===========================59.3%==                        ]

[===========================59.6%==                        ]

[===========================59.9%==                        ]

[===========================60.2%==                        ]

[===========================60.5%===                       ]

[===========================60.9%===                       ]

[===========================61.3%===                       ]

[===========================61.8%===                       ]

[===========================61.9%===                       ]

[===========================62.2%====                      ]

[===========================62.7%====                      ]

[===========================63.2%====                      ]

[===========================63.4%====                      ]

[===========================63.8%=====                     ]

[===========================64.2%=====                     ]

[===========================64.5%=====                     ]

[===========================65.0%=====                     ]

[===========================65.2%=====                     ]

[===========================65.5%=====                     ]

[===========================65.8%======                    ]

[===========================66.6%======                    ]

[===========================67.6%=======                   ]

[===========================68.1%=======                   ]

[===========================69.0%========                  ]

[===========================69.7%========                  ]

[===========================70.5%========                  ]

[===========================71.0%=========                 ]

[===========================71.1%=========                 ]

[===========================71.4%=========                 ]

[===========================71.7%=========                 ]

[===========================72.1%=========                 ]

[===========================72.4%=========                 ]

[===========================72.7%==========                ]

[===========================73.3%==========                ]

[===========================73.6%==========                ]

[===========================74.0%==========                ]

[===========================74.3%===========               ]

[===========================74.5%===========               ]

[===========================74.8%===========               ]

[===========================75.0%===========               ]

[===========================75.3%===========               ]

[===========================75.7%===========               ]

[===========================75.9%============              ]

[===========================76.1%============              ]

[===========================76.5%============              ]

[===========================76.9%============              ]

[===========================77.2%============              ]

[===========================77.7%=============             ]

[===========================77.9%=============             ]

[===========================78.4%=============             ]

[===========================79.4%==============            ]

[===========================80.4%==============            ]

[===========================81.4%===============           ]

[===========================82.3%===============           ]

[===========================83.3%================          ]

[===========================84.3%================          ]

[===========================84.5%=================         ]

[===========================85.5%=================         ]

[===========================86.2%==================        ]

[===========================86.2%==================        ]

[===========================86.3%==================        ]

[===========================86.3%==================        ]

[===========================86.4%==================        ]

[===========================86.5%==================        ]

[===========================86.6%==================        ]

[===========================86.7%==================        ]

[===========================86.8%==================        ]

[===========================86.9%==================        ]

[===========================86.9%==================        ]

[===========================86.9%==================        ]

[===========================87.0%==================        ]

[===========================87.1%==================        ]

[===========================87.1%==================        ]

[===========================87.1%==================        ]

[===========================87.2%==================        ]

[===========================87.2%==================        ]

[===========================87.3%==================        ]

[===========================87.3%==================        ]

[===========================87.3%==================        ]

[===========================87.4%==================        ]

[===========================87.5%==================        ]

[===========================87.5%==================        ]

[===========================87.5%==================        ]

[===========================87.6%==================        ]

[===========================87.6%==================        ]

[===========================87.7%==================        ]

[===========================87.8%==================        ]

[===========================87.8%==================        ]

[===========================87.9%==================        ]

[===========================87.9%==================        ]

[===========================88.0%===================       ]

[===========================88.0%===================       ]

[===========================88.1%===================       ]

[===========================88.1%===================       ]

[===========================88.1%===================       ]

[===========================88.2%===================       ]

[===========================88.2%===================       ]

[===========================88.3%===================       ]

[===========================88.3%===================       ]

[===========================88.3%===================       ]

[===========================88.3%===================       ]

[===========================88.4%===================       ]

[===========================88.4%===================       ]

[===========================88.4%===================       ]

[===========================88.5%===================       ]

[===========================88.5%===================       ]

[===========================88.6%===================       ]

[===========================88.6%===================       ]

[===========================88.7%===================       ]

[===========================88.7%===================       ]

[===========================88.7%===================       ]

[===========================88.8%===================       ]

[===========================88.8%===================       ]

[===========================88.9%===================       ]

[===========================88.9%===================       ]

[===========================89.1%===================       ]

[===========================89.1%===================       ]

[===========================89.2%===================       ]

[===========================89.3%===================       ]

[===========================89.3%===================       ]

[===========================89.4%===================       ]

[===========================89.5%===================       ]

[===========================89.5%===================       ]

[===========================89.5%===================       ]

[===========================89.5%===================       ]

[===========================89.6%===================       ]

[===========================89.6%===================       ]

[===========================89.6%===================       ]

[===========================89.7%====================      ]

[===========================90.4%====================      ]

[===========================90.6%====================      ]

[===========================90.9%====================      ]

[===========================91.1%====================      ]

[===========================91.2%====================      ]

[===========================92.2%=====================     ]

[===========================93.2%======================    ]

[===========================94.1%======================    ]

[===========================95.1%=======================   ]

[===========================96.1%=======================   ]

[===========================97.1%========================  ]

[===========================97.2%========================  ]

[==========================100.0%==========================]
No component store corruption detected.
The operation completed successfully.

========= End of CMD: =========


========= DISM.exe /Online /Cleanup-image /Restorehealth =========


Deployment Image Servicing and Management tool
Version: 10.0.22000.653

Image Version: 10.0.22000.795


[==                         3.8%                           ]

[==                         4.0%                           ]

[==                         4.5%                           ]

[==                         4.8%                           ]

[===                        5.2%                           ]

[===                        5.4%                           ]

[===                        6.0%                           ]

[===                        6.3%                           ]

[===                        6.4%                           ]

[====                       7.4%                           ]

[====                       8.3%                           ]

[====                       8.5%                           ]

[====                       8.5%                           ]

[=====                      9.0%                           ]

[=====                      10.0%                          ]

[======                     10.9%                          ]

[======                     11.3%                          ]

[======                     12.0%                          ]

[=======                    12.2%                          ]

[=======                    12.3%                          ]

[=======                    12.7%                          ]

[=======                    12.8%                          ]

[=======                    13.0%                          ]

[=======                    13.3%                          ]

[=======                    13.5%                          ]

[========                   13.9%                          ]

[========                   14.0%                          ]

[========                   14.3%           &

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,428 posts

Posted 23 July 2022 - 07:31 AM

Hi
 
Let's check the integrity of the Operating System Files.
 
Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 

Start::
 
Comment: TCP/IP Reset
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /flushDNS
 
cmd: sfc /scannow
cmd: DISM.exe /Online /Cleanup-image /Scanhealth
cmd: DISM.exe /Online /Cleanup-image /Restorehealth
 
Reboot:
 
End::
 
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
How is the computer running now?

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 159 posts

Posted 23 July 2022 - 05:55 PM

Here's the log:   Don't really see any improvement in the speed...sorry

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by cruss (23-07-2022 19:23:03) Run:6
Running from C:\Users\cruss\Downloads
Loaded Profiles: cruss
Boot Mode: Normal
==============================================

fixlist content:
*****************
Quote

    Start::

 
Comment: TCP/IP Reset
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /flushDNS
 
cmd: sfc /scannow
cmd: DISM.exe /Online /Cleanup-image /Scanhealth
cmd: DISM.exe /Online /Cleanup-image /Restorehealth
 
Reboot:
 
End::
*****************


========= netsh int ip reset c:\resetlog.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= sfc /scannow =========


Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

========= End of CMD: =========


========= DISM.exe /Online /Cleanup-image /Scanhealth =========


Deployment Image Servicing and Management tool
Version: 10.0.22000.653

Image Version: 10.0.22000.795


[==                         4.9%                           ]

[===                        5.4%                           ]

[===                        6.0%                           ]

[===                        6.6%                           ]

[====                       7.2%                           ]

[====                       7.7%                           ]

[=====                      8.7%                           ]

[=====                      9.1%                           ]

[=====                      9.2%                           ]

[=====                      10.1%                          ]

[======                     11.1%                          ]

[=======                    12.1%                          ]

[=======                    12.6%                          ]

[=======                    12.7%                          ]

[=======                    13.4%                          ]

[========                   14.3%                          ]

[========                   15.3%                          ]

[=========                  16.3%                          ]

[=========                  16.9%                          ]

[==========                 17.9%                          ]

[==========                 18.4%                          ]

[==========                 18.6%                          ]

[===========                19.0%                          ]

[===========                19.5%                          ]

[===========                19.7%                          ]

[===========                20.1%                          ]

[===========                20.5%                          ]

[============               20.8%                          ]

[============               21.5%                          ]

[============               21.6%                          ]

[============               22.0%                          ]

[============               22.2%                          ]

[============               22.3%                          ]

[=============              22.7%                          ]

[=============              22.7%                          ]

[=============              23.5%                          ]

[=============              23.8%                          ]

[=============              23.9%                          ]

[=============              24.0%                          ]

[=============              24.1%                          ]

[==============             24.2%                          ]

[==============             24.4%                          ]

[==============             24.8%                          ]

[==============             25.0%                          ]

[==============             25.1%                          ]

[==============             25.4%                          ]

[==============             25.5%                          ]

[==============             25.6%                          ]

[==============             25.7%                          ]

[==============             25.7%                          ]

[===============            26.0%                          ]

[===============            26.6%                          ]

[===============            27.3%                          ]

[================           27.8%                          ]

[================           28.4%                          ]

[=================          29.4%                          ]

[=================          29.8%                          ]

[=================          30.3%                          ]

[==================         31.2%                          ]

[==================         32.2%                          ]

[===================        33.2%                          ]

[===================        34.1%                          ]

[====================       34.9%                          ]

[====================       35.8%                          ]

[=====================      36.3%                          ]

[=====================      37.2%                          ]

[======================     38.1%                          ]

[======================     39.1%                          ]

[=======================    40.1%                          ]

[=======================    41.1%                          ]

[========================   42.0%                          ]

[========================   42.7%                          ]

[=========================  43.3%                          ]

[=========================  44.2%                          ]

[=========================  44.3%                          ]

[=========================  44.7%                          ]

[========================== 45.2%                          ]

[========================== 45.5%                          ]

[========================== 45.8%                          ]

[========================== 46.1%                          ]

[========================== 46.3%                          ]

[========================== 46.5%                          ]

[========================== 46.5%                          ]

[===========================46.9%                          ]

[===========================47.3%                          ]

[===========================48.1%                          ]

[===========================48.7%                          ]

[===========================49.6%                          ]

[===========================50.0%                          ]

[===========================50.4%                          ]

[===========================50.6%                          ]

[===========================50.7%                          ]

[===========================51.3%                          ]

[===========================51.9%                          ]

[===========================52.4%                          ]

[===========================52.7%                          ]

[===========================53.2%                          ]

[===========================53.4%                          ]

[===========================54.0%                          ]

[===========================54.9%                          ]

[===========================55.2%                          ]

[===========================55.6%                          ]

[===========================56.1%                          ]

[===========================56.3%                          ]

[===========================56.5%                          ]

[===========================56.7%                          ]

[===========================57.0%=                         ]

[===========================57.1%=                         ]

[===========================57.3%=                         ]

[===========================57.6%=                         ]

[===========================57.8%=                         ]

[===========================58.0%=                         ]

[===========================58.3%=                         ]

[===========================58.4%=                         ]

[===========================58.7%==                        ]

[===========================59.0%==                        ]

[===========================59.2%==                        ]

[===========================59.4%==                        ]

[===========================59.7%==                        ]

[===========================60.0%==                        ]

[===========================60.3%==                        ]

[===========================60.3%==                        ]

[===========================60.8%===                       ]

[===========================60.9%===                       ]

[===========================61.3%===                       ]

[===========================61.5%===                       ]

[===========================61.8%===                       ]

[===========================61.9%===                       ]

[===========================62.1%====                      ]

[===========================62.4%====                      ]

[===========================62.8%====                      ]

[===========================63.1%====                      ]

[===========================63.4%====                      ]

[===========================63.7%====                      ]

[===========================64.0%=====                     ]

[===========================64.3%=====                     ]

[===========================64.5%=====                     ]

[===========================64.9%=====                     ]

[===========================65.2%=====                     ]

[===========================65.5%=====                     ]

[===========================65.7%======                    ]

[===========================66.1%======                    ]

[===========================66.8%======                    ]

[===========================67.6%=======                   ]

[===========================68.0%=======                   ]

[===========================68.7%=======                   ]

[===========================69.2%========                  ]

[===========================69.7%========                  ]

[===========================70.4%========                  ]

[===========================70.9%=========                 ]

[===========================71.1%=========                 ]

[===========================71.2%=========                 ]

[===========================71.4%=========                 ]

[===========================71.7%=========                 ]

[===========================72.0%=========                 ]

[===========================72.2%=========                 ]

[===========================72.5%==========                ]

[===========================72.7%==========                ]

[===========================73.1%==========                ]

[===========================73.5%==========                ]

[===========================73.7%==========                ]

[===========================74.0%==========                ]

[===========================74.3%===========               ]

[===========================74.4%===========               ]

[===========================74.6%===========               ]

[===========================74.8%===========               ]

[===========================75.0%===========               ]

[===========================75.2%===========               ]

[===========================75.3%===========               ]

[===========================75.6%===========               ]

[===========================75.9%============              ]

[===========================75.9%============              ]

[===========================76.1%============              ]

[===========================76.2%============              ]

[===========================76.5%============              ]

[===========================76.7%============              ]

[===========================76.9%============              ]

[===========================77.1%============              ]

[===========================77.2%============              ]

[===========================77.5%============              ]

[===========================77.8%=============             ]

[===========================77.9%=============             ]

[===========================78.1%=============             ]

[===========================79.1%=============             ]

[===========================80.1%==============            ]

[===========================81.1%===============           ]

[===========================82.0%===============           ]

[===========================83.0%================          ]

[===========================83.4%================          ]

[===========================84.4%================          ]

[===========================84.5%=================         ]

[===========================85.0%=================         ]

[===========================85.9%=================         ]

[===========================86.2%==================        ]

[===========================86.2%==================        ]

[===========================86.3%==================        ]

[===========================86.3%==================        ]

[===========================86.3%==================        ]

[===========================86.4%==================        ]

[===========================86.5%==================        ]

[===========================86.6%==================        ]

[===========================86.7%==================        ]

[===========================86.8%==================        ]

[===========================86.9%==================        ]

[===========================86.9%==================        ]

[===========================86.9%==================        ]

[===========================87.0%==================        ]

[===========================87.1%==================        ]

[===========================87.1%==================        ]

[===========================87.1%==================        ]

[===========================87.2%==================        ]

[===========================87.2%==================        ]

[===========================87.3%==================        ]

[===========================87.3%==================        ]

[===========================87.3%==================        ]

[===========================87.4%==================        ]

[===========================87.5%==================        ]

[===========================87.5%==================        ]

[===========================87.5%==================        ]

[===========================87.6%==================        ]

[===========================87.6%==================        ]

[===========================87.7%==================        ]

[===========================87.8%==================        ]

[===========================87.8%==================        ]

[===========================87.9%==================        ]

[===========================87.9%==================        ]

[===========================88.0%===================       ]

[===========================88.0%===================       ]

[===========================88.1%===================       ]

[===========================88.1%===================       ]

[===========================88.1%===================       ]

[===========================88.2%===================       ]

[===========================88.2%===================       ]

[===========================88.3%===================       ]

[===========================88.3%===================       ]

[===========================88.3%===================       ]

[===========================88.4%===================       ]

[===========================88.4%===================       ]

[===========================88.4%===================       ]

[===========================88.5%===================       ]

[===========================88.5%===================       ]

[===========================88.6%===================       ]

[===========================88.6%===================       ]

[===========================88.7%===================       ]

[===========================88.7%===================       ]

[===========================88.7%===================       ]

[===========================88.8%===================       ]

[===========================88.8%===================       ]

[===========================88.9%===================       ]

[===========================89.0%===================       ]

[===========================89.1%===================       ]

[===========================89.2%===================       ]

[===========================89.3%===================       ]

[===========================89.3%===================       ]

[===========================89.4%===================       ]

[===========================89.5%===================       ]

[===========================89.5%===================       ]

[===========================89.5%===================       ]

[===========================89.6%===================       ]

[===========================89.6%===================       ]

[===========================89.6%===================       ]

[===========================89.7%====================      ]

[===========================90.4%====================      ]

[===========================90.5%====================      ]

[===========================90.7%====================      ]

[===========================90.9%====================      ]

[===========================91.2%====================      ]

[===========================91.7%=====================     ]

[===========================92.7%=====================     ]

[===========================93.7%======================    ]

[===========================94.6%======================    ]

[===========================95.6%=======================   ]

[===========================96.6%========================  ]

[===========================97.2%========================  ]

[==========================100.0%==========================]
No component store corruption detected.
The operation completed successfully.

========= End of CMD: =========


========= DISM.exe /Online /Cleanup-image /Restorehealth =========


Deployment Image Servicing and Management tool
Version: 10.0.22000.653

Image Version: 10.0.22000.795


[==                         3.8%                           ]

[==                         4.0%                           ]

[==                         4.5%                           ]

[==                         4.8%                           ]

[===                        5.2%                           ]

[===                        5.4%                           ]

[===                        6.0%                           ]

[===                        6.3%                           ]

[===                        6.4%                           ]

[====                       7.4%                           ]

[====                       8.3%                           ]

[====                       8.5%                           ]

[====                       8.5%                           ]

[=====                      9.1%                           ]

[=====                      10.0%                          ]

[======                     11.0%                          ]

[======                     11.5%                          ]

[=======                    12.2%                          ]

[=======                    12.2%                          ]

[=======                    12.6%                          ]

[=======                    12.7%                          ]

[=======                    12.9%                          ]

[=======                    13.2%                          ]

[=======                    13.4%                          ]

[=======                    13.7%                          ]

[========                   14.0%                          ]

[========                   14.3%                          ]

[========                   14.5%                          ]

[========                   14.7%                          ]

[========                   14.7%                          ]

[========                   15.1%                          ]

[========                   15.3%                          ]

[========                   15.4%                          ]

[========                   15.5%               

#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,428 posts

Posted 24 July 2022 - 07:43 AM

Him Please scan the computer with the Farbar program and post fresh logs for my review. Make sure you include the FRST.TXT and Addition.TXt logs.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 159 posts

Posted 24 July 2022 - 04:09 PM

o.k. here they are again...thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-07-2022
Ran by cruss (administrator) on DESKTOP-RA8BHB0 (Microsoft Corporation Surface Laptop 3) (24-07-2022 17:57:23)
Running from C:\Users\cruss\Downloads
Loaded Profiles: cruss
Platform: Microsoft Windows 11 Pro Version 21H2 22000.795 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe ->) () [File not signed] C:\Program Files\TechSmith\Snagit 2020\crashpad_handler.exe <2>
(C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\SnagitEditor.exe
(C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\SnagPriv.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.545.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.62\msedgewebview2.exe <6>
(DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxEMN.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\dptf_helper.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7>
(dwm.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ISM.exe
(explorer.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(services.exe ->) () [File not signed] C:\ActConnectLink\nssm-x64.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\ACT\Act.Web.API\bin\act.web.api.hosting.exe
(services.exe ->) (Act! LLC) [File not signed] C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\103.0.5060.46\remoting_host.exe <2>
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d73f88d32ddb95d3\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.37.139.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe
(services.exe ->) (Piriform Software Ltd -> ) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files (x86)\Kamo\KamoSvc.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_549ec1e4af1ff178\RtkAudUService64.exe <2>
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(services.exe ->) (Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectPnPService.exe
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(svchost.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.545.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_549ec1e4af1ff178\RtkAudUService64.exe [835680 2021-06-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213760 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [TechSmithSnagit] => C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe [9094872 2022-02-25] (TechSmith Corporation -> TechSmith Corporation)
HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe [4560720 2022-05-25] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11186440 2022-07-16] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [HeimdalAgentLoader] => C:\Program Files (x86)\Heimdal\Heimdal.AgentLoader.exe [43224 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
HKLM-x32\...\Run: [Zwift] => C:\Program Files (x86)\Zwift\ZwiftLauncher.exe [18040192 2022-01-05] (Zwift, Inc. -> Zwift, Inc)
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [272504 2021-02-24] (Act! LLC -> Act! LLC)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [DYMOWebApi] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe [181230592 2022-02-24] (Sanford, L.P. -> DYMO.WebApi.Win.Host)
HKLM-x32\...\Run: [DymoOfficeHelper] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.OfficeHelper.exe [63488 2022-02-24] () [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2640272 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2640272 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2640272 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [37054552 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1866544 2013-03-05] (Sanford, L.P. -> Sanford, L.P.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [AvastBrowserAutoLaunch_38E8DBE963846923F5008B0D528FC97A] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2793640 2022-07-05] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [ZoomInfo Contact Contributor] => C:\Users\cruss\AppData\Local\ZoomInfoCEUtility\launch.bat [108 2021-01-11] () [File not signed]
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [Nextcloud] => C:\Program Files\Nextcloud\nextcloud.exe [3825944 2022-03-18] (Nextcloud GmbH -> Nextcloud GmbH)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [] => [X]
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [DYMOConnectLauncher] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectLauncher.exe [163968 2022-02-24] (Sanford, L.P. -> )
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [MicrosoftEdgeAutoLaunch_88CD0AC2E08AC39BA3E5773C80221B99] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601832 2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP 5912 Status Monitor: C:\WINDOWS\system32\hpinksts5912LM.dll [331664 2012-06-18] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8600): C:\WINDOWS\system32\HPDiscoPM5912.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\rica5Xlm: C:\WINDOWS\system32\rica5Xlm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.83\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\103.0.17593.114\Installer\chrmstp.exe [2022-07-13] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-21] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\cruss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2022-07-24]
ShortcutAndArgument: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN36QDXGHQ05KC;CONNECTION=NW;MONITOR=1;
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0565D503-41ED-405D-89F6-192A6930C1AA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {061ECEA6-3924-4AF9-9653-4A5F1BEEC43E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {07666173-3780-4E7D-8088-420A5C8E4109} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-03] (Google Inc -> Google LLC)
Task: {0BAF53F1-AF06-457D-89A4-7BA1D0129EBF} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
Task: {201FD886-3793-4EA8-972D-547FC18F51CB} - System32\Tasks\G2MUploadTask-S-1-5-21-3941208988-4064051922-1525667148-1001 => C:\Users\cruss\AppData\Local\GoToMeeting\19932\g2mupload.exe [31176 2021-11-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {2699BFE8-133C-4FA4-A84E-38F20A0783BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-03] (Google Inc -> Google LLC)
Task: {27BACBBE-3A05-4788-B144-5EFDF97E71AC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4938496 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
Task: {2A6199A1-F252-4C33-B4A4-5ECA328726AC} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
Task: {32DC7478-72FF-4E26-8FEF-16BC293099E9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {368FEC66-27BD-41E3-BC1A-26BEBD11F6F7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3AFF63AA-19DA-4282-AFE5-3DFCAB6693FF} - System32\Tasks\CCleanerSkipUAC - cruss => C:\Program Files\CCleaner\CCleaner.exe [31101528 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {48322853-9738-4EB9-9D00-AF706023EB04} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
Task: {486F2677-B1E8-4D04-B40B-3169F9542749} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2793640 2022-07-05] (Avast Software s.r.o. -> AVAST Software)
Task: {6DB332C7-887E-4873-B721-0EADE023BFD3} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3941208988-4064051922-1525667148-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {6FB855B8-FFD4-4808-A9F3-E71510B0C20A} - System32\Tasks\G2MUpdateTask-S-1-5-21-3941208988-4064051922-1525667148-1001 => C:\Users\cruss\AppData\Local\GoToMeeting\19932\g2mupdate.exe [31176 2021-11-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {72A8C9D0-EECE-475B-8B67-C982B4589E3D} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4613456 2022-05-25] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid f49bcb77-354e-4fa1-b521-40b247cda57e
Task: {768B3DD0-DBF6-4C43-8F13-EE3307FDB9B7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {7ACE9DAD-8BF7-4079-8594-9C959A60037E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {87BD8628-3366-49F5-ABFE-E10276366CA1} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {8A719E06-0979-4368-BC11-1416F687E6D5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {8DE917F7-843D-4D40-8ADC-C98B92F4EA31} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6634776 2022-05-30] (Avast Software s.r.o. -> Avast Software)
Task: {8E9CA863-2CA8-42FE-BB85-4B0F9C273B36} - System32\Tasks\CCleanerSkipUAC - SYSTEM => C:\Program Files\CCleaner\CCleaner.exe [31101528 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {93142CA3-3C0A-4BDB-8524-421373C6C6C2} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [1689600 2018-01-31] (Informer Technologies, Inc.) [File not signed]
Task: {93E9AC07-AE04-4A30-90D5-81963064F261} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {946652F4-765F-41A9-BE4D-6D5E9B4E4C8E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {9A4F3AE5-7736-450A-8BE0-7166FAB7A106} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1197392 2022-06-20] (Avast Software s.r.o. -> AVAST Software)
Task: {9BB1E02E-2C4B-47A0-8F2F-CFB7062734E9} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145304 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0ACD289-6C75-4D8F-BBB1-167DE9645166} - System32\Tasks\Heimdal Security Service Monitor => C:\WINDOWS\SysWOW64\Heimdal Security\Heimdal Jobs\Heimdal.MonitorServices.exe [42200 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
Task: {A614C253-0A36-4DFC-B80A-5DA18FE27BA8} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2793640 2022-07-05] (Avast Software s.r.o. -> AVAST Software)
Task: {A8FED30C-F165-48A3-8798-F34A6147049B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-07-18] (Piriform Software Ltd -> Piriform)
Task: {ADDD1D7B-3CF6-4901-90CE-70159106305D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {B380C96F-9963-48CA-BDFA-96D0086D0791} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B9070784-2B80-4E30-84D2-70668FB5F701} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {BCAEC4FE-76EC-4F3B-AA26-5DCBBC44B718} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [6667600 2022-05-19] (Avast Software s.r.o. -> Avast Software)
Task: {C114B5D9-C346-4868-8530-0EFDFF9655CD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145304 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {C444747D-7C2B-436E-BB18-3D41B42E3CA1} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4615504 2022-06-20] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 8555d14e-76f8-43de-ac00-c5de57528bcf
Task: {ED28E857-ECBE-4FBB-AD39-6981C08DF2C4} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64416 2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {FDB74472-960A-4135-BE0B-BC444461608E} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3941208988-4064051922-1525667148-1001.job => C:\Users\cruss\AppData\Local\GoToMeeting\19932\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3941208988-4064051922-1525667148-1001.job => C:\Users\cruss\AppData\Local\GoToMeeting\19932\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 130.253.2.14 130.253.3.39
Tcpip\..\Interfaces\{1939fd7b-6712-4265-a4c3-e6b48f2ce4ff}: [DhcpNameServer] 192.168.1.1 8.8.8.8
Tcpip\..\Interfaces\{269921a4-7ec5-48ad-b2f9-364948796d67}: [DhcpNameServer] 192.168.1.1 8.8.8.8
Tcpip\..\Interfaces\{bdc3331c-8528-4de9-8d66-c7bb011ef40b}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{e5e98d18-3337-4e3d-b67d-43a7156029e8}: [DhcpNameServer] 130.253.2.14 130.253.3.39

Edge:
=======
DownloadDir: C:\Users\cruss\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\cruss\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-22]
Edge HomePage: Default -> hxxps://www.bing.com/?pc=U528
Edge StartupUrls: Default -> "hxxps://www.bing.com/?pc=U528"
Edge Extension: (Dashlane - Password Manager) - C:\Users\cruss\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gehmmocbbkpblljhkekmfhjpfbkclbph [2022-07-12]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\cruss\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-06-28]
Edge Extension: (Capital One Shopping: Add to Edge for Free) - C:\Users\cruss\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2022-07-15]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: g5xy1w6g.default
FF ProfilePath: C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\g5xy1w6g.default [2022-06-21]
FF user.js: detected! => C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\g5xy1w6g.default\user.js [2022-06-21]
FF ProfilePath: C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046 [2022-07-24]
FF user.js: detected! => C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\user.js [2022-06-21]
FF Homepage: Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046 -> hxxps://www.bing.com/?pc=U528
FF Notifications: Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046 -> hxxps://zwiftinsider.com; hxxps://www.youtube.com; hxxps://www.overstock.com; hxxps://www.statista.com
FF HomepageOverride: Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046 -> Enabled: {3e06d96e-26f5-4a68-ac64-2b6bc583a35d}
FF Extension: (Cisco Webex Extension) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\ciscowebexstart1@cisco.com.xpi [2022-07-23]
FF Extension: (iCloud Bookmarks) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\firefoxdav@icloud.com.xpi [2020-02-13]
FF Extension: (Dashlane) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\jetpack-extension@dashlane.com.xpi [2022-07-12] [UpdateUrl:hxxps://ws1.dashlane.com/5/binaries/query?logins=&platform=firefox&target=ff_web_extension&format=json&version=]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\sp@avast.com.xpi [2022-06-27]
FF Extension: (Avast Online Security & Privacy) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\wrc@avast.com.xpi [2022-07-21]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-06-28]
FF Extension: (Microsoft Bing Homepage and Search Engine) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{3e06d96e-26f5-4a68-ac64-2b6bc583a35d}.xpi [2022-03-09] [UpdateUrl:hxxps://browserdefaults.microsoft.com/FirefoxExtn/updateextension.json]
FF Extension: (Capital One Shopping: Online Coupon Tool) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{aff8af88-06a9-4eee-b383-3af08c47b8c8}.xpi [2022-07-10]
FF Extension: (Zoom Scheduler) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}.xpi [2022-06-06]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-07-05]
FF Extension: (Safe Search powered by Yahoo) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{fd299ce1-1602-4490-b659-f45504f9324c}.xpi [2021-08-03] [UpdateUrl:hxxps://addons.safetybrowsing.com/gyff/updates.json]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-07-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2013-03-05] (Sanford, L.P. ->  Sanford L.P.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin ProgramFiles/Appdata: C:\Users\cruss\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-04-01]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default [2022-07-24]
CHR Notifications: Default -> hxxps://zwiftinsider.com
CHR HomePage: Default -> hxxps://www.bing.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Bitmoji) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfgdeiadkckfbkeigkoncpdieiiefpig [2022-01-21]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-07-05]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-06-14]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2022-06-27]
CHR Extension: (Dashlane - Password Manager) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2022-07-24]
CHR Extension: (Chrome Remote Desktop) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-11-03]
CHR Extension: (Google Docs Offline) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-27]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-06-29]
CHR Extension: (Chrome Remote Desktop) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-11-03]
CHR Extension: (Disconnect) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2020-10-08]
CHR Extension: (Cisco Webex Extension) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2022-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ActConnectLink; C:\ActConnectLink\nssm-x64.exe [331264 2014-08-31] () [File not signed]
R2 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [26624 2021-02-24] (Act! LLC) [File not signed]
R2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [26624 2021-02-24] (Act! LLC) [File not signed]
R2 ActWebApiService; C:\Program Files (x86)\ACT\Act.Web.API\bin\act.web.api.hosting.exe [22528 2021-05-17] () [File not signed]
S4 ActWebHookMessengerService; C:\Program Files (x86)\ACT\act.webhook.notifications\bin\act.webhook.notifications.exe [93696 2021-05-17] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8486968 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [590080 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2009344 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [589056 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\103.0.17593.114\elevation_service.exe [1991960 2022-07-05] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-02] (Avast Software s.r.o. -> AVAST Software)
R2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1081432 2022-06-14] (Piriform Software Ltd -> )
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\103.0.5060.46\remoting_host.exe [73104 2022-06-09] (Google LLC -> Google LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111288 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46864 2022-07-16] (Dropbox, Inc -> Dropbox, Inc.)
S4 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [1051136 2021-10-13] (wondershare) [File not signed]
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [7680336 2022-05-25] (Avast Software s.r.o. -> AVAST Software)
R2 DYMOConnectPnPService; C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectPnPService.exe [26112 2022-02-24] (Sanford, L.P.) [File not signed]
S4 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P. -> Sanford, L.P.)
S4 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\ElevationService.exe [907776 2021-09-23] () [File not signed]
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncHelper.exe [3387808 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
S4 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1702\g2ax_service.exe [614856 2022-02-09] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 Heimdal Admin Privilege; C:\Program Files (x86)\Heimdal\Heimdal.AdminPrivilege.exe [162008 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Antivirus; C:\Program Files (x86)\Heimdal\Heimdal.Antivirus.exe [345304 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Client Host; C:\Program Files (x86)\Heimdal\Heimdal.ClientHost.exe [132824 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal DarkLayer Guard; C:\Program Files (x86)\Heimdal\Heimdal.DarkLayerGuard.exe [221912 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Firewall; C:\Program Files (x86)\Heimdal\Heimdal.Firewall.exe [75480 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Insights; C:\Program Files (x86)\Heimdal\Heimdal.Insights.exe [74968 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal MailSentry; C:\Program Files (x86)\Heimdal\Heimdal.MailSentry.exe [85720 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Monitor; C:\Program Files (x86)\Heimdal\Heimdal.Monitor.exe [53976 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal ProcessLock; C:\Program Files (x86)\Heimdal\Heimdal.ProcessLock.exe [112856 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal RemoteDesktop; C:\Program Files (x86)\Heimdal\Heimdal.RemoteDesktop.exe [59608 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Update Service; C:\Program Files (x86)\Heimdal\Heimdal.UpdateService.exe [59464 2020-06-25] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Uptime Checker; C:\Program Files (x86)\Heimdal\Heimdal.UptimeChecker.exe [63192 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
R2 KamoSvc; C:\Program Files (x86)\Kamo\KamoSvc.exe [1974528 2022-06-28] (Piriform Software Ltd -> Piriform Software Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-15] (Malwarebytes Inc. -> Malwarebytes)
R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.141.0703.0002\OneDriveUpdaterService.exe [3827616 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
S4 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13921616 2021-07-01] (Adlice -> )
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9762128 2022-06-20] (Avast Software s.r.o. -> AVAST Software)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6207688 2022-06-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SQLAgent$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
R2 SurfaceExperienceService-5.37; C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.37.139.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8726944 2022-07-14] (Microsoft Corporation -> Microsoft)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [14585248 2022-06-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WMIRegistrationService; C:\WINDOWS\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2021-07-25] (Intel Corporation -> Intel Corporation)
S4 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262880 2021-10-14] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\DriverInstall.exe [124424 2021-09-23] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Default\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [235584 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [385560 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [258072 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [104976 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25048 2022-06-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [47976 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [274536 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [553928 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [113984 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [89056 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [860416 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [668208 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [221528 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [324864 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [65944 2022-06-20] (Avast Software s.r.o. -> Avast Software)
R3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [37104 2022-06-20] (Avast Software s.r.o. -> WireGuard LLC)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-07-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 iaLPSS2_GPIO2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_90beccc7e046abab\iaLPSS2_GPIO2_ICL.sys [132872 2021-05-25] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2021-05-25] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_icl.inf_amd64_b535659b9405201a\iaLPSS2_UART2_ICL.sys [312600 2021-05-25] (Intel Corporation -> Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\DriverStore\FileRepository\intcaudiobus.inf_amd64_2b27d88d994fb23c\IntcAudioBus.sys [300864 2021-01-27] ((PREPRODUCTION USE ONLY) Smart Sound Technology -> Intel® Corporation)
R3 IntcOED; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_687314a06853d3c2\IntcOED.sys [1278272 2021-01-27] ((PREPRODUCTION USE ONLY) Smart Sound Technology -> Intel® Corporation)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2019-06-18] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-07-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-23] (Malwarebytes Inc. -> Malwarebytes)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [116296 2022-06-20] (Piriform Software Ltd -> Windows ® Win 7 DDK provider)
S4 RsFx0300; C:\WINDOWS\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
S3 rtump63x64; C:\WINDOWS\System32\drivers\rtump63x64.sys [971360 2021-12-21] (Realtek Semiconductor Corp. -> Realtek Corporation)
S3 rtump64x64; C:\WINDOWS\System32\drivers\rtump64x64.sys [1073608 2022-05-13] (Realtek Semiconductor Corp. -> Realtek Corporation)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows ® Win 7 DDK provider)
R3 SurfaceBattery; C:\WINDOWS\System32\DriverStore\FileRepository\surfacebattery.inf_amd64_a712aac0e2f441e0\SurfaceBattery.sys [377208 2021-06-02] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceHotPlug; C:\WINDOWS\System32\DriverStore\FileRepository\surfacehotplug.inf_amd64_969ca64342a7b9bf\SurfaceHotPlug.sys [426840 2021-06-24] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceLightSensor; C:\WINDOWS\System32\DriverStore\FileRepository\surfacelightsensor.inf_amd64_2e1054954bf6a237\SurfaceLightSensor.sys [244216 2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfacePowerTrackerCore; C:\WINDOWS\System32\DriverStore\FileRepository\surfacepowertrackercore.inf_amd64_617dc1f6160f71ab\SurfacePowerTrackerCore.sys [405872 2021-07-01] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSerialHubDriver; C:\WINDOWS\System32\DriverStore\FileRepository\surfaceserialhubdriver.inf_amd64_0fbecbb6d745fcec\SurfaceSerialHubDriver.sys [395640 2021-06-24] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceTconDriver; C:\WINDOWS\System32\DriverStore\FileRepository\surfacetcondriver.inf_amd64_ffe66823cceccded\SurfaceTconDriver.sys [308600 2021-05-25] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceVirtualFunctionEnum; C:\WINDOWS\System32\DriverStore\FileRepository\surfacevirtualfunctionenum.inf_amd64_2fa2ee1a8b7bba84\SurfaceVirtualFunctionEnum.sys [199536 2021-06-20] (Microsoft Corporation -> Microsoft Corporation)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-05-26] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-11-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435424 2021-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-19] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-24 17:57 - 2022-07-24 17:59 - 000051271 _____ C:\Users\cruss\Downloads\FRST.txt
2022-07-23 20:34 - 2022-07-23 20:34 - 000000000 ___HD C:\$WinREAgent
2022-07-23 19:49 - 2022-07-23 19:49 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-23 19:49 - 2022-07-23 19:49 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-23 19:49 - 2022-07-23 19:49 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-23 19:19 - 2022-07-23 19:19 - 000000870 _____ C:\Users\cruss\Downloads\Documents - Shortcut.lnk
2022-07-23 19:18 - 2022-07-23 19:18 - 002369536 _____ (Farbar) C:\Users\cruss\Downloads\FRST64.exe
2022-07-22 23:45 - 2022-07-22 23:45 - 000000008 __RSH C:\ProgramData\ntuser.pol
2022-07-22 23:07 - 2022-07-23 19:45 - 000040941 _____ C:\Users\cruss\Downloads\Fixlog.txt
2022-07-22 21:01 - 2022-07-22 21:01 - 000000847 _____ C:\Users\Public\Desktop\Speccy.lnk
2022-07-22 21:00 - 2022-07-22 21:00 - 000001709 _____ C:\Users\Public\Desktop\Recuva.lnk
2022-07-22 21:00 - 2022-07-22 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2022-07-21 09:13 - 2022-07-21 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-07-16 21:10 - 2022-07-16 21:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2022-07-16 21:10 - 2022-07-16 21:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2022-07-16 21:10 - 2022-07-16 21:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2022-07-16 21:10 - 2022-07-16 21:10 - 000046864 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2022-07-15 10:36 - 2022-07-22 23:07 - 002369536 _____ (Farbar) C:\Users\cruss\Downloads\FRST64(1).exe
2022-07-15 10:27 - 2022-07-15 10:27 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\cruss\Downloads\rkill.exe
2022-07-15 10:18 - 2022-07-15 10:18 - 002556344 _____ (Malwarebytes) C:\Users\cruss\Downloads\MBSetup-37335.37335.exe
2022-07-15 10:05 - 2022-07-15 10:05 - 051296144 _____ C:\Users\cruss\Downloads\IMG_7020.MOV
2022-07-14 18:13 - 2022-07-14 18:13 - 000000000 ____D C:\Users\cruss\Downloads\Surface Pro 3 AssetTag
2022-07-14 18:12 - 2022-07-14 18:12 - 000002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Surface Pro 3 TPM Update Tool.lnk
2022-07-14 18:12 - 2022-07-14 18:12 - 000000000 ____D C:\Program Files\Microsoft Surface Pro 3 TPM Update Tool
2022-07-14 18:10 - 2022-07-14 18:10 - 007911935 _____ C:\Users\cruss\Downloads\Surface Pro 3 KB2978002.zip
2022-07-14 18:10 - 2022-07-14 18:10 - 001998848 _____ C:\Users\cruss\Downloads\Microsoft_Surface_Pro_3_Tpm_Update_Tool_Setup.msi
2022-07-14 18:10 - 2022-07-14 18:10 - 000491520 _____ C:\Users\cruss\Downloads\Surface Firmware Tool.msi
2022-07-14 18:10 - 2022-07-14 18:10 - 000061094 _____ C:\Users\cruss\Downloads\Surface Pro 3 AssetTag.zip
2022-07-14 18:07 - 2022-07-14 18:11 - 689688576 _____ C:\Users\cruss\Downloads\SurfacePro7_Win11_22000_22.032.19761.0.msi
2022-07-14 18:04 - 2022-07-14 18:04 - 000000000 ____D C:\ProgramData\SurfaceExperienceService
2022-07-14 11:12 - 2022-07-14 11:12 - 000270592 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-07-14 11:12 - 2022-07-14 11:12 - 000221528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2022-07-12 17:35 - 2022-07-15 10:19 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-12 17:25 - 2022-07-12 17:25 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-12 17:25 - 2022-07-12 17:25 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-12 17:25 - 2022-07-12 17:25 - 000015040 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-11 13:37 - 2022-07-11 13:37 - 001214328 _____ C:\Users\cruss\Downloads\110_Webb_Street_Flyer_For_Lease.pdf
2022-07-11 13:27 - 2022-07-11 13:27 - 009741490 _____ C:\Users\cruss\Downloads\104_Spreadsheets_2018-12-27-1.zip
2022-07-10 13:27 - 2022-07-12 17:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-07 10:16 - 2022-07-07 10:16 - 000000000 ____D C:\Users\cruss\OneDrive\Documents\RingCentral
2022-07-01 16:09 - 2022-07-01 16:09 - 006248819 _____ C:\Users\cruss\Downloads\60WellingtonCBCSaleBrochureL (1).pdf
2022-06-28 09:50 - 2022-06-28 09:50 - 000335872 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-06-27 09:18 - 2022-06-27 09:18 - 000025048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-24 18:01 - 2021-06-05 08:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-24 17:58 - 2020-02-11 14:07 - 000000000 ____D C:\FRST
2022-07-24 17:56 - 2019-11-03 15:02 - 000000000 ____D C:\Users\cruss\OneDrive\Documents\Outlook Files
2022-07-24 17:49 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-07-24 17:24 - 2019-11-03 22:21 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-24 15:55 - 2021-10-30 09:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-24 15:42 - 2021-10-30 09:21 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{7EA3E303-AC99-4D7B-B3DC-AF46E45FE8F3}
2022-07-24 15:38 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-24 14:16 - 2019-11-04 14:34 - 000000000 ___RD C:\Users\cruss\Dropbox
2022-07-24 14:14 - 2022-02-09 17:47 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-07-24 14:14 - 2021-12-13 10:44 - 000003070 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3941208988-4064051922-1525667148-1001
2022-07-24 14:14 - 2021-11-18 10:34 - 000003270 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7cd90abf56afd
2022-07-24 14:14 - 2021-10-30 09:21 - 000003520 _____ C:\WINDOWS\system32\Tasks\Heimdal Security Service Monitor
2022-07-24 14:14 - 2021-10-30 09:21 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-24 14:14 - 2021-10-30 09:21 - 000003350 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2022-07-24 14:14 - 2021-10-30 09:21 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-07-24 14:14 - 2021-10-30 09:21 - 000003194 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-07-24 14:14 - 2021-10-30 09:21 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-24 14:14 - 2021-10-30 09:21 - 000003126 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2022-07-24 14:14 - 2021-10-30 09:21 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-07-24 14:14 - 2021-10-30 09:21 - 000002716 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-07-24 14:14 - 2021-10-30 09:21 - 000002644 _____ C:\WINDOWS\system32\Tasks\Apple Diagnostics
2022-07-24 14:14 - 2021-10-30 09:21 - 000002254 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - cruss
2022-07-24 14:14 - 2021-10-30 09:21 - 000002086 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - SYSTEM
2022-07-24 14:14 - 2021-10-30 09:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-07-24 14:14 - 2019-11-03 18:09 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2022-07-24 14:14 - 2019-11-03 18:09 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2022-07-24 13:52 - 2022-02-09 11:51 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-24 13:51 - 2019-11-03 17:46 - 000000000 ____D C:\Users\cruss\AppData\LocalLow\Mozilla
2022-07-24 12:41 - 2021-11-02 16:11 - 000000000 ____D C:\Users\cruss\AppData\Local\Deployment
2022-07-24 12:09 - 2019-11-03 22:59 - 000000000 ____D C:\Users\cruss\AppData\Local\AVAST Software
2022-07-24 11:08 - 2022-06-07 17:25 - 000000000 ____D C:\Users\cruss\AppData\Roaming\DropboxElectron
2022-07-24 11:08 - 2019-11-03 18:09 - 000000000 ____D C:\Users\cruss\AppData\Local\Dropbox
2022-07-24 11:07 - 2019-11-03 15:00 - 000000000 ___RD C:\Users\cruss\OneDrive
2022-07-24 11:06 - 2019-11-03 14:58 - 000000000 __SHD C:\Users\cruss\IntelGraphicsProfiles
2022-07-24 09:11 - 2019-11-03 22:54 - 000000000 ____D C:\Program Files\CCleaner
2022-07-24 05:18 - 2021-06-05 08:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-24 05:18 - 2020-06-13 08:42 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-24 05:18 - 2020-06-13 08:42 - 000002286 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-23 20:39 - 2021-06-05 08:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-23 20:31 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-07-23 20:18 - 2021-10-30 08:51 - 000000000 ____D C:\Program Files\MSBuild
2022-07-23 20:18 - 2021-10-30 08:51 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-07-23 20:18 - 2021-06-05 08:09 - 000000000 ____D C:\WINDOWS\INF
2022-07-23 19:56 - 2021-10-30 09:17 - 000945632 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-23 19:49 - 2022-06-20 09:26 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2022-07-23 19:49 - 2021-10-30 09:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-23 19:49 - 2021-06-10 09:39 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-07-23 19:49 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\ServiceState
2022-07-23 19:49 - 2021-06-05 08:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-23 19:49 - 2020-08-14 12:51 - 000012288 ___SH C:\DumpStack.log.tmp
2022-07-23 19:49 - 2019-11-03 22:57 - 000000000 ____D C:\ProgramData\AVAST Software
2022-07-23 19:49 - 2019-10-07 16:02 - 000000000 ____D C:\Intel
2022-07-23 19:06 - 2021-05-11 17:19 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-23 19:04 - 2019-11-03 15:14 - 000000000 ____D C:\ProgramData\Packages
2022-07-23 19:04 - 2019-11-03 14:58 - 000000000 ____D C:\Users\cruss\AppData\Local\Packages
2022-07-23 10:04 - 2019-11-08 18:03 - 000000000 ____D C:\Users\cruss\AppData\Local\ElevatedDiagnostics
2022-07-23 00:03 - 2019-11-03 20:11 - 000000000 ____D C:\Users\cruss\AppData\Local\D3DSCache
2022-07-22 23:47 - 2021-10-30 09:21 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-07-22 23:08 - 2019-03-19 00:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-07-22 23:07 - 2021-03-31 12:05 - 000000000 ____D C:\Users\cruss\Downloads\FRST-OlderVersion
2022-07-22 21:00 - 2022-06-20 09:31 - 000000000 ____D C:\Program Files\Recuva
2022-07-22 10:46 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-07-21 16:24 - 2021-10-30 09:06 - 000000000 ____D C:\Users\cruss
2022-07-21 12:11 - 2021-05-11 17:13 - 000000000 ____D C:\Program Files\Microsoft Office
2022-07-21 09:16 - 2020-02-13 17:23 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-21 09:16 - 2020-02-13 17:23 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-21 09:14 - 2020-10-30 11:47 - 000000000 ____D C:\Users\cruss\OneDrive\Documents\CCleaner registry backups
2022-07-21 09:14 - 2019-11-03 18:09 - 000000000 ____D C:\Program Files (x86)\Dro

#10 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 159 posts

Posted 24 July 2022 - 04:12 PM

here you go....thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-07-2022
Ran by cruss (administrator) on DESKTOP-RA8BHB0 (Microsoft Corporation Surface Laptop 3) (24-07-2022 17:57:23)
Running from C:\Users\cruss\Downloads
Loaded Profiles: cruss
Platform: Microsoft Windows 11 Pro Version 21H2 22000.795 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(C:\Program Files\AVAST Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe ->) () [File not signed] C:\Program Files\TechSmith\Snagit 2020\crashpad_handler.exe <2>
(C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\SnagitEditor.exe
(C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\SnagPriv.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.545.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.62\msedgewebview2.exe <6>
(DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxEMN.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\dptf_helper.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7>
(dwm.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ISM.exe
(explorer.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) (TechSmith Corporation -> TechSmith Corporation) C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(services.exe ->) () [File not signed] C:\ActConnectLink\nssm-x64.exe
(services.exe ->) () [File not signed] C:\Program Files (x86)\ACT\Act.Web.API\bin\act.web.api.hosting.exe
(services.exe ->) (Act! LLC) [File not signed] C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Driver Updater\DriverUpdSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine VPN\VpnSvc.exe
(services.exe ->) (Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\103.0.5060.46\remoting_host.exe <2>
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23cd4a524b85fcc6\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_1da48d5885266bb7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_d73f88d32ddb95d3\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.37.139.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe
(services.exe ->) (Piriform Software Ltd -> ) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files (x86)\Kamo\KamoSvc.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_549ec1e4af1ff178\RtkAudUService64.exe <2>
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(services.exe ->) (Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectPnPService.exe
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(svchost.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.822.6271.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.545.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\hdxsstm2.inf_amd64_549ec1e4af1ff178\RtkAudUService64.exe [835680 2021-06-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213760 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [TechSmithSnagit] => C:\Program Files\TechSmith\Snagit 2020\Snagit32.exe [9094872 2022-02-25] (TechSmith Corporation -> TechSmith Corporation)
HKLM\...\Run: [DriverUpdUI.exe] => C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe [4560720 2022-05-25] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11186440 2022-07-16] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [HeimdalAgentLoader] => C:\Program Files (x86)\Heimdal\Heimdal.AgentLoader.exe [43224 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
HKLM-x32\...\Run: [Zwift] => C:\Program Files (x86)\Zwift\ZwiftLauncher.exe [18040192 2022-01-05] (Zwift, Inc. -> Zwift, Inc)
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\Act!.exe [272504 2021-02-24] (Act! LLC -> Act! LLC)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM-x32\...\Run: [DYMOWebApi] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe [181230592 2022-02-24] (Sanford, L.P. -> DYMO.WebApi.Win.Host)
HKLM-x32\...\Run: [DymoOfficeHelper] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.OfficeHelper.exe [63488 2022-02-24] () [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2640272 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2640272 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2640272 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [37054552 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1866544 2013-03-05] (Sanford, L.P. -> Sanford, L.P.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [AvastBrowserAutoLaunch_38E8DBE963846923F5008B0D528FC97A] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2793640 2022-07-05] (Avast Software s.r.o. -> AVAST Software)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [ZoomInfo Contact Contributor] => C:\Users\cruss\AppData\Local\ZoomInfoCEUtility\launch.bat [108 2021-01-11] () [File not signed]
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [Nextcloud] => C:\Program Files\Nextcloud\nextcloud.exe [3825944 2022-03-18] (Nextcloud GmbH -> Nextcloud GmbH)
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [] => [X]
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [DYMOConnectLauncher] => C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectLauncher.exe [163968 2022-02-24] (Sanford, L.P. -> )
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Run: [MicrosoftEdgeAutoLaunch_88CD0AC2E08AC39BA3E5773C80221B99] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601832 2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP 5912 Status Monitor: C:\WINDOWS\system32\hpinksts5912LM.dll [331664 2012-06-18] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8600): C:\WINDOWS\system32\HPDiscoPM5912.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\rica5Xlm: C:\WINDOWS\system32\rica5Xlm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.83\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\103.0.17593.114\Installer\chrmstp.exe [2022-07-13] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-21] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\cruss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2022-07-24]
ShortcutAndArgument: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN36QDXGHQ05KC;CONNECTION=NW;MONITOR=1;
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0565D503-41ED-405D-89F6-192A6930C1AA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {061ECEA6-3924-4AF9-9653-4A5F1BEEC43E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {07666173-3780-4E7D-8088-420A5C8E4109} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-03] (Google Inc -> Google LLC)
Task: {0BAF53F1-AF06-457D-89A4-7BA1D0129EBF} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
Task: {201FD886-3793-4EA8-972D-547FC18F51CB} - System32\Tasks\G2MUploadTask-S-1-5-21-3941208988-4064051922-1525667148-1001 => C:\Users\cruss\AppData\Local\GoToMeeting\19932\g2mupload.exe [31176 2021-11-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {2699BFE8-133C-4FA4-A84E-38F20A0783BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-03] (Google Inc -> Google LLC)
Task: {27BACBBE-3A05-4788-B144-5EFDF97E71AC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4938496 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
Task: {2A6199A1-F252-4C33-B4A4-5ECA328726AC} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
Task: {32DC7478-72FF-4E26-8FEF-16BC293099E9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {368FEC66-27BD-41E3-BC1A-26BEBD11F6F7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {3AFF63AA-19DA-4282-AFE5-3DFCAB6693FF} - System32\Tasks\CCleanerSkipUAC - cruss => C:\Program Files\CCleaner\CCleaner.exe [31101528 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {48322853-9738-4EB9-9D00-AF706023EB04} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
Task: {486F2677-B1E8-4D04-B40B-3169F9542749} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2793640 2022-07-05] (Avast Software s.r.o. -> AVAST Software)
Task: {6DB332C7-887E-4873-B721-0EADE023BFD3} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3941208988-4064051922-1525667148-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {6FB855B8-FFD4-4808-A9F3-E71510B0C20A} - System32\Tasks\G2MUpdateTask-S-1-5-21-3941208988-4064051922-1525667148-1001 => C:\Users\cruss\AppData\Local\GoToMeeting\19932\g2mupdate.exe [31176 2021-11-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {72A8C9D0-EECE-475B-8B67-C982B4589E3D} - System32\Tasks\Avast Software\Avast Driver Updater BugReport => C:\Program Files\Avast Software\Driver Updater\AvBugReport.exe [4613456 2022-05-25] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 148 --programpath "C:\Program Files\Avast Software\Driver Updater\Setup\.." --configpath "C:\Program Files\Avast Software\Driver Updater\Setup" --path "C:\ProgramData\Avast Software\Driver Updater\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --guid f49bcb77-354e-4fa1-b521-40b247cda57e
Task: {768B3DD0-DBF6-4C43-8F13-EE3307FDB9B7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {7ACE9DAD-8BF7-4079-8594-9C959A60037E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {87BD8628-3366-49F5-ABFE-E10276366CA1} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2250576 2022-05-24] (Avast Software s.r.o. -> Avast Software)
Task: {8A719E06-0979-4368-BC11-1416F687E6D5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {8DE917F7-843D-4D40-8ADC-C98B92F4EA31} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe [6634776 2022-05-30] (Avast Software s.r.o. -> Avast Software)
Task: {8E9CA863-2CA8-42FE-BB85-4B0F9C273B36} - System32\Tasks\CCleanerSkipUAC - SYSTEM => C:\Program Files\CCleaner\CCleaner.exe [31101528 2022-07-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {93142CA3-3C0A-4BDB-8524-421373C6C6C2} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [1689600 2018-01-31] (Informer Technologies, Inc.) [File not signed]
Task: {93E9AC07-AE04-4A30-90D5-81963064F261} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {946652F4-765F-41A9-BE4D-6D5E9B4E4C8E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {9A4F3AE5-7736-450A-8BE0-7166FAB7A106} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe [1197392 2022-06-20] (Avast Software s.r.o. -> AVAST Software)
Task: {9BB1E02E-2C4B-47A0-8F2F-CFB7062734E9} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145304 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0ACD289-6C75-4D8F-BBB1-167DE9645166} - System32\Tasks\Heimdal Security Service Monitor => C:\WINDOWS\SysWOW64\Heimdal Security\Heimdal Jobs\Heimdal.MonitorServices.exe [42200 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
Task: {A614C253-0A36-4DFC-B80A-5DA18FE27BA8} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2793640 2022-07-05] (Avast Software s.r.o. -> AVAST Software)
Task: {A8FED30C-F165-48A3-8798-F34A6147049B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-07-18] (Piriform Software Ltd -> Piriform)
Task: {ADDD1D7B-3CF6-4901-90CE-70159106305D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {B380C96F-9963-48CA-BDFA-96D0086D0791} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B9070784-2B80-4E30-84D2-70668FB5F701} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {BCAEC4FE-76EC-4F3B-AA26-5DCBBC44B718} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe [6667600 2022-05-19] (Avast Software s.r.o. -> Avast Software)
Task: {C114B5D9-C346-4868-8530-0EFDFF9655CD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145304 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {C444747D-7C2B-436E-BB18-3D41B42E3CA1} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe [4615504 2022-06-20] (Avast Software s.r.o. -> AVAST Software) -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 8555d14e-76f8-43de-ac00-c5de57528bcf
Task: {ED28E857-ECBE-4FBB-AD39-6981C08DF2C4} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64416 2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {FDB74472-960A-4135-BE0B-BC444461608E} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3941208988-4064051922-1525667148-1001.job => C:\Users\cruss\AppData\Local\GoToMeeting\19932\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3941208988-4064051922-1525667148-1001.job => C:\Users\cruss\AppData\Local\GoToMeeting\19932\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 130.253.2.14 130.253.3.39
Tcpip\..\Interfaces\{1939fd7b-6712-4265-a4c3-e6b48f2ce4ff}: [DhcpNameServer] 192.168.1.1 8.8.8.8
Tcpip\..\Interfaces\{269921a4-7ec5-48ad-b2f9-364948796d67}: [DhcpNameServer] 192.168.1.1 8.8.8.8
Tcpip\..\Interfaces\{bdc3331c-8528-4de9-8d66-c7bb011ef40b}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{e5e98d18-3337-4e3d-b67d-43a7156029e8}: [DhcpNameServer] 130.253.2.14 130.253.3.39

Edge:
=======
DownloadDir: C:\Users\cruss\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\cruss\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-22]
Edge HomePage: Default -> hxxps://www.bing.com/?pc=U528
Edge StartupUrls: Default -> "hxxps://www.bing.com/?pc=U528"
Edge Extension: (Dashlane - Password Manager) - C:\Users\cruss\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gehmmocbbkpblljhkekmfhjpfbkclbph [2022-07-12]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\cruss\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-06-28]
Edge Extension: (Capital One Shopping: Add to Edge for Free) - C:\Users\cruss\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2022-07-15]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: g5xy1w6g.default
FF ProfilePath: C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\g5xy1w6g.default [2022-06-21]
FF user.js: detected! => C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\g5xy1w6g.default\user.js [2022-06-21]
FF ProfilePath: C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046 [2022-07-24]
FF user.js: detected! => C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\user.js [2022-06-21]
FF Homepage: Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046 -> hxxps://www.bing.com/?pc=U528
FF Notifications: Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046 -> hxxps://zwiftinsider.com; hxxps://www.youtube.com; hxxps://www.overstock.com; hxxps://www.statista.com
FF HomepageOverride: Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046 -> Enabled: {3e06d96e-26f5-4a68-ac64-2b6bc583a35d}
FF Extension: (Cisco Webex Extension) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\ciscowebexstart1@cisco.com.xpi [2022-07-23]
FF Extension: (iCloud Bookmarks) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\firefoxdav@icloud.com.xpi [2020-02-13]
FF Extension: (Dashlane) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\jetpack-extension@dashlane.com.xpi [2022-07-12] [UpdateUrl:hxxps://ws1.dashlane.com/5/binaries/query?logins=&platform=firefox&target=ff_web_extension&format=json&version=]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\sp@avast.com.xpi [2022-06-27]
FF Extension: (Avast Online Security & Privacy) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\wrc@avast.com.xpi [2022-07-21]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-06-28]
FF Extension: (Microsoft Bing Homepage and Search Engine) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{3e06d96e-26f5-4a68-ac64-2b6bc583a35d}.xpi [2022-03-09] [UpdateUrl:hxxps://browserdefaults.microsoft.com/FirefoxExtn/updateextension.json]
FF Extension: (Capital One Shopping: Online Coupon Tool) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{aff8af88-06a9-4eee-b383-3af08c47b8c8}.xpi [2022-07-10]
FF Extension: (Zoom Scheduler) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}.xpi [2022-06-06]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-07-05]
FF Extension: (Safe Search powered by Yahoo) - C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\Extensions\{fd299ce1-1602-4490-b659-f45504f9324c}.xpi [2021-08-03] [UpdateUrl:hxxps://addons.safetybrowsing.com/gyff/updates.json]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-07-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2013-03-05] (Sanford, L.P. ->  Sanford L.P.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin ProgramFiles/Appdata: C:\Users\cruss\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-04-01]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default [2022-07-24]
CHR Notifications: Default -> hxxps://zwiftinsider.com
CHR HomePage: Default -> hxxps://www.bing.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Bitmoji) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfgdeiadkckfbkeigkoncpdieiiefpig [2022-01-21]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-07-05]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-06-14]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2022-06-27]
CHR Extension: (Dashlane - Password Manager) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2022-07-24]
CHR Extension: (Chrome Remote Desktop) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-11-03]
CHR Extension: (Google Docs Offline) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-27]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-06-29]
CHR Extension: (Chrome Remote Desktop) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2019-11-03]
CHR Extension: (Disconnect) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2020-10-08]
CHR Extension: (Cisco Webex Extension) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2022-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ActConnectLink; C:\ActConnectLink\nssm-x64.exe [331264 2014-08-31] () [File not signed]
R2 ActService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [26624 2021-02-24] (Act! LLC) [File not signed]
R2 ActSmartTaskService; C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [26624 2021-02-24] (Act! LLC) [File not signed]
R2 ActWebApiService; C:\Program Files (x86)\ACT\Act.Web.API\bin\act.web.api.hosting.exe [22528 2021-05-17] () [File not signed]
S4 ActWebHookMessengerService; C:\Program Files (x86)\ACT\act.webhook.notifications\bin\act.webhook.notifications.exe [93696 2021-05-17] () [File not signed]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8486968 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [590080 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2009344 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [589056 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\103.0.17593.114\elevation_service.exe [1991960 2022-07-05] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-02] (Avast Software s.r.o. -> AVAST Software)
R2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1081432 2022-06-14] (Piriform Software Ltd -> )
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\103.0.5060.46\remoting_host.exe [73104 2022-06-09] (Google LLC -> Google LLC)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111288 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46864 2022-07-16] (Dropbox, Inc -> Dropbox, Inc.)
S4 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [1051136 2021-10-13] (wondershare) [File not signed]
R2 DriverUpdSvc; C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe [7680336 2022-05-25] (Avast Software s.r.o. -> AVAST Software)
R2 DYMOConnectPnPService; C:\Program Files (x86)\DYMO\DYMO Connect\DYMOConnectPnPService.exe [26112 2022-02-24] (Sanford, L.P.) [File not signed]
S4 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P. -> Sanford, L.P.)
S4 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\ElevationService.exe [907776 2021-09-23] () [File not signed]
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncHelper.exe [3387808 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
S4 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1702\g2ax_service.exe [614856 2022-02-09] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 Heimdal Admin Privilege; C:\Program Files (x86)\Heimdal\Heimdal.AdminPrivilege.exe [162008 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Antivirus; C:\Program Files (x86)\Heimdal\Heimdal.Antivirus.exe [345304 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Client Host; C:\Program Files (x86)\Heimdal\Heimdal.ClientHost.exe [132824 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal DarkLayer Guard; C:\Program Files (x86)\Heimdal\Heimdal.DarkLayerGuard.exe [221912 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Firewall; C:\Program Files (x86)\Heimdal\Heimdal.Firewall.exe [75480 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Insights; C:\Program Files (x86)\Heimdal\Heimdal.Insights.exe [74968 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal MailSentry; C:\Program Files (x86)\Heimdal\Heimdal.MailSentry.exe [85720 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Monitor; C:\Program Files (x86)\Heimdal\Heimdal.Monitor.exe [53976 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal ProcessLock; C:\Program Files (x86)\Heimdal\Heimdal.ProcessLock.exe [112856 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal RemoteDesktop; C:\Program Files (x86)\Heimdal\Heimdal.RemoteDesktop.exe [59608 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Update Service; C:\Program Files (x86)\Heimdal\Heimdal.UpdateService.exe [59464 2020-06-25] (Heimdal Security A/S -> Heimdal Security)
S4 Heimdal Uptime Checker; C:\Program Files (x86)\Heimdal\Heimdal.UptimeChecker.exe [63192 2022-02-11] (Heimdal Security A/S -> Heimdal Security)
R2 KamoSvc; C:\Program Files (x86)\Kamo\KamoSvc.exe [1974528 2022-06-28] (Piriform Software Ltd -> Piriform Software Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8683336 2022-07-15] (Malwarebytes Inc. -> Malwarebytes)
R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\sqlservr.exe [370368 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.141.0703.0002\OneDriveUpdaterService.exe [3827616 2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
S4 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13921616 2021-07-01] (Adlice -> )
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SecureLine; C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe [9762128 2022-06-20] (Avast Software s.r.o. -> AVAST Software)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6207688 2022-06-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SQLAgent$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL12.ACT7\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-10] (Microsoft Corporation -> Microsoft Corporation)
R2 SurfaceExperienceService-5.37; C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.37.139.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8726944 2022-07-14] (Microsoft Corporation -> Microsoft)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [14585248 2022-06-23] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WMIRegistrationService; C:\WINDOWS\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2021-07-25] (Intel Corporation -> Intel Corporation)
S4 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262880 2021-10-14] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\DriverInstall.exe [124424 2021-09-23] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Default\AppData\Roaming\Zoom"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [235584 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [385560 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [258072 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [104976 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25048 2022-06-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [47976 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [274536 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [553928 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [113984 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [89056 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [860416 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [668208 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [221528 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [324864 2022-07-14] (Avast Software s.r.o. -> AVAST Software)
S3 aswVpnRdr; C:\WINDOWS\System32\drivers\aswVpnRdr.sys [65944 2022-06-20] (Avast Software s.r.o. -> Avast Software)
R3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [37104 2022-06-20] (Avast Software s.r.o. -> WireGuard LLC)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-07-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 iaLPSS2_GPIO2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_icl.inf_amd64_90beccc7e046abab\iaLPSS2_GPIO2_ICL.sys [132872 2021-05-25] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_icl.inf_amd64_c8c0638291b9b209\iaLPSS2_I2C_ICL.sys [200456 2021-05-25] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_ICL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_icl.inf_amd64_b535659b9405201a\iaLPSS2_UART2_ICL.sys [312600 2021-05-25] (Intel Corporation -> Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\DriverStore\FileRepository\intcaudiobus.inf_amd64_2b27d88d994fb23c\IntcAudioBus.sys [300864 2021-01-27] ((PREPRODUCTION USE ONLY) Smart Sound Technology -> Intel® Corporation)
R3 IntcOED; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_687314a06853d3c2\IntcOED.sys [1278272 2021-01-27] ((PREPRODUCTION USE ONLY) Smart Sound Technology -> Intel® Corporation)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2019-06-18] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-07-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-23] (Malwarebytes Inc. -> Malwarebytes)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [116296 2022-06-20] (Piriform Software Ltd -> Windows ® Win 7 DDK provider)
S4 RsFx0300; C:\WINDOWS\System32\DRIVERS\RsFx0300.sys [247488 2014-02-21] (Microsoft Corporation -> Microsoft Corporation)
S3 rtump63x64; C:\WINDOWS\System32\drivers\rtump63x64.sys [971360 2021-12-21] (Realtek Semiconductor Corp. -> Realtek Corporation)
S3 rtump64x64; C:\WINDOWS\System32\drivers\rtump64x64.sys [1073608 2022-05-13] (Realtek Semiconductor Corp. -> Realtek Corporation)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows ® Win 7 DDK provider)
R3 SurfaceBattery; C:\WINDOWS\System32\DriverStore\FileRepository\surfacebattery.inf_amd64_a712aac0e2f441e0\SurfaceBattery.sys [377208 2021-06-02] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceHotPlug; C:\WINDOWS\System32\DriverStore\FileRepository\surfacehotplug.inf_amd64_969ca64342a7b9bf\SurfaceHotPlug.sys [426840 2021-06-24] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceLightSensor; C:\WINDOWS\System32\DriverStore\FileRepository\surfacelightsensor.inf_amd64_2e1054954bf6a237\SurfaceLightSensor.sys [244216 2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfacePowerTrackerCore; C:\WINDOWS\System32\DriverStore\FileRepository\surfacepowertrackercore.inf_amd64_617dc1f6160f71ab\SurfacePowerTrackerCore.sys [405872 2021-07-01] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSerialHubDriver; C:\WINDOWS\System32\DriverStore\FileRepository\surfaceserialhubdriver.inf_amd64_0fbecbb6d745fcec\SurfaceSerialHubDriver.sys [395640 2021-06-24] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceTconDriver; C:\WINDOWS\System32\DriverStore\FileRepository\surfacetcondriver.inf_amd64_ffe66823cceccded\SurfaceTconDriver.sys [308600 2021-05-25] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceVirtualFunctionEnum; C:\WINDOWS\System32\DriverStore\FileRepository\surfacevirtualfunctionenum.inf_amd64_2fa2ee1a8b7bba84\SurfaceVirtualFunctionEnum.sys [199536 2021-06-20] (Microsoft Corporation -> Microsoft Corporation)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-05-26] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-11-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435424 2021-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-19] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-24 17:57 - 2022-07-24 17:59 - 000051271 _____ C:\Users\cruss\Downloads\FRST.txt
2022-07-23 20:34 - 2022-07-23 20:34 - 000000000 ___HD C:\$WinREAgent
2022-07-23 19:49 - 2022-07-23 19:49 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-23 19:49 - 2022-07-23 19:49 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-23 19:49 - 2022-07-23 19:49 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-23 19:19 - 2022-07-23 19:19 - 000000870 _____ C:\Users\cruss\Downloads\Documents - Shortcut.lnk
2022-07-23 19:18 - 2022-07-23 19:18 - 002369536 _____ (Farbar) C:\Users\cruss\Downloads\FRST64.exe
2022-07-22 23:45 - 2022-07-22 23:45 - 000000008 __RSH C:\ProgramData\ntuser.pol
2022-07-22 23:07 - 2022-07-23 19:45 - 000040941 _____ C:\Users\cruss\Downloads\Fixlog.txt
2022-07-22 21:01 - 2022-07-22 21:01 - 000000847 _____ C:\Users\Public\Desktop\Speccy.lnk
2022-07-22 21:00 - 2022-07-22 21:00 - 000001709 _____ C:\Users\Public\Desktop\Recuva.lnk
2022-07-22 21:00 - 2022-07-22 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2022-07-21 09:13 - 2022-07-21 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2022-07-16 21:10 - 2022-07-16 21:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2022-07-16 21:10 - 2022-07-16 21:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2022-07-16 21:10 - 2022-07-16 21:10 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2022-07-16 21:10 - 2022-07-16 21:10 - 000046864 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2022-07-15 10:36 - 2022-07-22 23:07 - 002369536 _____ (Farbar) C:\Users\cruss\Downloads\FRST64(1).exe
2022-07-15 10:27 - 2022-07-15 10:27 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\cruss\Downloads\rkill.exe
2022-07-15 10:18 - 2022-07-15 10:18 - 002556344 _____ (Malwarebytes) C:\Users\cruss\Downloads\MBSetup-37335.37335.exe
2022-07-15 10:05 - 2022-07-15 10:05 - 051296144 _____ C:\Users\cruss\Downloads\IMG_7020.MOV
2022-07-14 18:13 - 2022-07-14 18:13 - 000000000 ____D C:\Users\cruss\Downloads\Surface Pro 3 AssetTag
2022-07-14 18:12 - 2022-07-14 18:12 - 000002729 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Surface Pro 3 TPM Update Tool.lnk
2022-07-14 18:12 - 2022-07-14 18:12 - 000000000 ____D C:\Program Files\Microsoft Surface Pro 3 TPM Update Tool
2022-07-14 18:10 - 2022-07-14 18:10 - 007911935 _____ C:\Users\cruss\Downloads\Surface Pro 3 KB2978002.zip
2022-07-14 18:10 - 2022-07-14 18:10 - 001998848 _____ C:\Users\cruss\Downloads\Microsoft_Surface_Pro_3_Tpm_Update_Tool_Setup.msi
2022-07-14 18:10 - 2022-07-14 18:10 - 000491520 _____ C:\Users\cruss\Downloads\Surface Firmware Tool.msi
2022-07-14 18:10 - 2022-07-14 18:10 - 000061094 _____ C:\Users\cruss\Downloads\Surface Pro 3 AssetTag.zip
2022-07-14 18:07 - 2022-07-14 18:11 - 689688576 _____ C:\Users\cruss\Downloads\SurfacePro7_Win11_22000_22.032.19761.0.msi
2022-07-14 18:04 - 2022-07-14 18:04 - 000000000 ____D C:\ProgramData\SurfaceExperienceService
2022-07-14 11:12 - 2022-07-14 11:12 - 000270592 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2022-07-14 11:12 - 2022-07-14 11:12 - 000221528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2022-07-12 17:35 - 2022-07-15 10:19 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-12 17:25 - 2022-07-12 17:25 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-07-12 17:25 - 2022-07-12 17:25 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-07-12 17:25 - 2022-07-12 17:25 - 000015040 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-07-11 13:37 - 2022-07-11 13:37 - 001214328 _____ C:\Users\cruss\Downloads\110_Webb_Street_Flyer_For_Lease.pdf
2022-07-11 13:27 - 2022-07-11 13:27 - 009741490 _____ C:\Users\cruss\Downloads\104_Spreadsheets_2018-12-27-1.zip
2022-07-10 13:27 - 2022-07-12 17:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-07-07 10:16 - 2022-07-07 10:16 - 000000000 ____D C:\Users\cruss\OneDrive\Documents\RingCentral
2022-07-01 16:09 - 2022-07-01 16:09 - 006248819 _____ C:\Users\cruss\Downloads\60WellingtonCBCSaleBrochureL (1).pdf
2022-06-28 09:50 - 2022-06-28 09:50 - 000335872 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-06-27 09:18 - 2022-06-27 09:18 - 000025048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-24 18:01 - 2021-06-05 08:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-24 17:58 - 2020-02-11 14:07 - 000000000 ____D C:\FRST
2022-07-24 17:56 - 2019-11-03 15:02 - 000000000 ____D C:\Users\cruss\OneDrive\Documents\Outlook Files
2022-07-24 17:49 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-07-24 17:24 - 2019-11-03 22:21 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-24 15:55 - 2021-10-30 09:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-24 15:42 - 2021-10-30 09:21 - 000004168 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{7EA3E303-AC99-4D7B-B3DC-AF46E45FE8F3}
2022-07-24 15:38 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-24 14:16 - 2019-11-04 14:34 - 000000000 ___RD C:\Users\cruss\Dropbox
2022-07-24 14:14 - 2022-02-09 17:47 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-07-24 14:14 - 2021-12-13 10:44 - 000003070 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3941208988-4064051922-1525667148-1001
2022-07-24 14:14 - 2021-11-18 10:34 - 000003270 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7cd90abf56afd
2022-07-24 14:14 - 2021-10-30 09:21 - 000003520 _____ C:\WINDOWS\system32\Tasks\Heimdal Security Service Monitor
2022-07-24 14:14 - 2021-10-30 09:21 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-24 14:14 - 2021-10-30 09:21 - 000003350 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2022-07-24 14:14 - 2021-10-30 09:21 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-07-24 14:14 - 2021-10-30 09:21 - 000003194 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-07-24 14:14 - 2021-10-30 09:21 - 000003184 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-24 14:14 - 2021-10-30 09:21 - 000003126 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2022-07-24 14:14 - 2021-10-30 09:21 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-07-24 14:14 - 2021-10-30 09:21 - 000002716 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-07-24 14:14 - 2021-10-30 09:21 - 000002644 _____ C:\WINDOWS\system32\Tasks\Apple Diagnostics
2022-07-24 14:14 - 2021-10-30 09:21 - 000002254 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - cruss
2022-07-24 14:14 - 2021-10-30 09:21 - 000002086 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - SYSTEM
2022-07-24 14:14 - 2021-10-30 09:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2022-07-24 14:14 - 2019-11-03 18:09 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2022-07-24 14:14 - 2019-11-03 18:09 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2022-07-24 13:52 - 2022-02-09 11:51 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-24 13:51 - 2019-11-03 17:46 - 000000000 ____D C:\Users\cruss\AppData\LocalLow\Mozilla
2022-07-24 12:41 - 2021-11-02 16:11 - 000000000 ____D C:\Users\cruss\AppData\Local\Deployment
2022-07-24 12:09 - 2019-11-03 22:59 - 000000000 ____D C:\Users\cruss\AppData\Local\AVAST Software
2022-07-24 11:08 - 2022-06-07 17:25 - 000000000 ____D C:\Users\cruss\AppData\Roaming\DropboxElectron
2022-07-24 11:08 - 2019-11-03 18:09 - 000000000 ____D C:\Users\cruss\AppData\Local\Dropbox
2022-07-24 11:07 - 2019-11-03 15:00 - 000000000 ___RD C:\Users\cruss\OneDrive
2022-07-24 11:06 - 2019-11-03 14:58 - 000000000 __SHD C:\Users\cruss\IntelGraphicsProfiles
2022-07-24 09:11 - 2019-11-03 22:54 - 000000000 ____D C:\Program Files\CCleaner
2022-07-24 05:18 - 2021-06-05 08:10 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-24 05:18 - 2020-06-13 08:42 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-24 05:18 - 2020-06-13 08:42 - 000002286 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-23 20:39 - 2021-06-05 08:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-23 20:31 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-07-23 20:18 - 2021-10-30 08:51 - 000000000 ____D C:\Program Files\MSBuild
2022-07-23 20:18 - 2021-10-30 08:51 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-07-23 20:18 - 2021-06-05 08:09 - 000000000 ____D C:\WINDOWS\INF
2022-07-23 19:56 - 2021-10-30 09:17 - 000945632 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-07-23 19:49 - 2022-06-20 09:26 - 000004028 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2022-07-23 19:49 - 2021-10-30 09:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-23 19:49 - 2021-06-10 09:39 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-07-23 19:49 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\ServiceState
2022-07-23 19:49 - 2021-06-05 08:01 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-23 19:49 - 2020-08-14 12:51 - 000012288 ___SH C:\DumpStack.log.tmp
2022-07-23 19:49 - 2019-11-03 22:57 - 000000000 ____D C:\ProgramData\AVAST Software
2022-07-23 19:49 - 2019-10-07 16:02 - 000000000 ____D C:\Intel
2022-07-23 19:06 - 2021-05-11 17:19 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-23 19:04 - 2019-11-03 15:14 - 000000000 ____D C:\ProgramData\Packages
2022-07-23 19:04 - 2019-11-03 14:58 - 000000000 ____D C:\Users\cruss\AppData\Local\Packages
2022-07-23 10:04 - 2019-11-08 18:03 - 000000000 ____D C:\Users\cruss\AppData\Local\ElevatedDiagnostics
2022-07-23 00:03 - 2019-11-03 20:11 - 000000000 ____D C:\Users\cruss\AppData\Local\D3DSCache
2022-07-22 23:47 - 2021-10-30 09:21 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2022-07-22 23:08 - 2019-03-19 00:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-07-22 23:07 - 2021-03-31 12:05 - 000000000 ____D C:\Users\cruss\Downloads\FRST-OlderVersion
2022-07-22 21:00 - 2022-06-20 09:31 - 000000000 ____D C:\Program Files\Recuva
2022-07-22 10:46 - 2021-06-05 08:10 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-07-21 16:24 - 2021-10-30 09:06 - 000000000 ____D C:\Users\cruss
2022-07-21 12:11 - 2021-05-11 17:13 - 000000000 ____D C:\Program Files\Microsoft Office
2022-07-21 09:16 - 2020-02-13 17:23 - 000002311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-21 09:16 - 2020-02-13 17:23 - 000002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-07-21 09:14 - 2020-10-30 11:47 - 000000000 ____D C:\Users\cruss\OneDrive\Documents\CCleaner registry backups
2022-07-21 09:14 - 2019-11-03 18:09 - 000000000 ____D C:\Program Files (x86)\Dropbox
202

#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,428 posts

Posted 25 July 2022 - 07:23 AM

HI,

 

Sorry by you posted twice the FRST.TXT logs.

 

In the Download folder in bold  Running from C:\Users\cruss\Downloads you will find the Addition.txt log.

please post it in your next reply.


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#12 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 159 posts

Posted 25 July 2022 - 07:42 AM

Sorry about that

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2022
Ran by cruss (24-07-2022 18:02:21)
Running from C:\Users\cruss\Downloads
Microsoft Windows 11 Pro Version 21H2 22000.795 (X64) (2021-10-30 13:22:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-3941208988-4064051922-1525667148-500 - Administrator - Disabled)
cruss (S-1-5-21-3941208988-4064051922-1525667148-1001 - Administrator - Enabled) => C:\Users\cruss
DefaultAccount (S-1-5-21-3941208988-4064051922-1525667148-503 - Limited - Disabled)
Guest (S-1-5-21-3941208988-4064051922-1525667148-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3941208988-4064051922-1525667148-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
FW: Avast Antivirus (Enabled) {D322394B-73F7-C65E-BBB0-3B81E063D6D4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Act! (HKLM-x32\...\{6A93E8A5-1B85-40B5-B61B-599C75E2DF92}) (Version: 23.0.156.0 - Act! LLC) Hidden
Act! Connect Link version 1.1.13 (HKLM\...\{CBDA6D20-FF3D-48F5-8EC7-3B89BD47C24D}_is1) (Version: 1.1.13 - Cloud Elements)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 22.001.20169 - Adobe)
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avast Driver Updater (HKLM\...\Avast Driver Updater) (Version: 22.2.2466.9268 - Avast Software)
Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 22.6.6022 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 103.0.17593.114 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.02 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{E7E53EC0-2C01-48FA-B719-91D9F0C04021}) (Version: 103.0.5060.46 - Google LLC)
Cisco Webex Meetings (HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\ActiveTouchMeetingClient) (Version: 40.4.7 - Cisco Webex LLC)
Dashlane (HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\Dashlane) (Version: 6.2131.0.48583 - Dashlane, Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Dropbox (HKLM-x32\...\Dropbox) (Version: 153.4.3932 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.583.1 - Dropbox, Inc.) Hidden
DYMO Connect (HKLM-x32\...\{FF7123C2-7770-4E7C-8E61-CB73689FA2EA}) (Version: 1.4.3.131 - DYMO)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.0.1751 - Sanford, L.P.)
DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)
EaseUS MobiMover 5.0.1 (HKLM-x32\...\EaseUS MobiMover_is1) (Version:  - EaseUS)
Family Tree Maker 2017 (HKLM\...\{6BEF69F9-92AA-4BCC-8529-DA42F585EC36}) (Version: 23.3.1570 - Software MacKiev)
GDR 2269 for SQL Server 2014 (KB3045324) (64-bit) (HKLM\...\KB3045324) (Version: 12.0.2269.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\{B2155AB8-BF4F-31DB-8408-E2EB1E1BADFB}) (Version: 103.0.5060.134 - Google LLC)
Google Earth Pro (HKLM\...\{DE181B35-ACEF-4DB0-86D9-731D5767ABB1}) (Version: 7.3.4.8642 - Google)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToAssist Customer 4.8.0.1702 (HKLM-x32\...\GoToAssist Express Customer) (Version: 4.8.0.1702 - LogMeIn, Inc.)
GoToMeeting 10.18.0.19932 (HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\GoToMeeting) (Version: 10.18.0.19932 - LogMeIn, Inc.)
Harmony Remote Update (HKLM-x32\...\HarmonyRemoteUpdate) (Version: 7.7.1 - Logitech - HarmonyRemoteClient)
Heimdal Thor Agent (HKLM-x32\...\{A61B52B9-F086-4205-AEAE-817FAE268F12}) (Version: 2.5.398 - Heimdal Security)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.16.310 - SurfRight B.V.)
HP 10bII+ Virtual Calculator (HKLM-x32\...\{C6ABAE79-1C6E-45DF-84DA-ADA90740F2FB}) (Version: 1.3.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{77d93eea-f5c2-4db5-9c2d-25bc5a2e0ec9}) (Version: 28.0.1316.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Integration Services Patch for Act! (HKLM-x32\...\{CEC4BAB8-240F-4D5D-B5E7-78E2A9C52FB8}) (Version: 1.0.1177.0 - Integration Services Patch for Act!)
Kamo (HKLM-x32\...\Kamo) (Version: 4.2.468.892 - Piriform)
Malwarebytes version 4.5.11.202 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.11.202 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.15330.20266 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.71 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.62 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.141.0703.0002 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 RsFx Driver (HKLM\...\{E62D73B2-78F3-4009-BA70-79B14B3BC4F0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{37C44B5C-E839-4A9D-9E20-A93E1B2FD35A}) (Version: 12.0.2269.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\f9a89bd2a46a7606) (Version: 17.0.3711.5 - Microsoft Corporation)
Microsoft Surface Pro 3 TPM Update Tool (HKLM\...\{13B858EA-0733-409F-8C93-188517DE0458}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112 (HKLM-x32\...\{0f770e99-3916-4b0c-8f9b-83822826bcbf}) (Version: 14.27.29112.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29112 (HKLM\...\{1B4EDD59-90CE-4BDE-8520-630981088165}) (Version: 14.27.29112 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29112 (HKLM\...\{37BB1766-C587-49AE-B2DB-618FBDEAB88C}) (Version: 14.27.29112 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30133 (HKLM-x32\...\{42667D2E-B054-46C1-9D46-2EE1332C14C1}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30133 (HKLM-x32\...\{EC9807DE-B577-47B1-A024-0251805ACF24}) (Version: 14.29.30133 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{7C0242A3-8B66-35D1-9FE0-13B426ACB609}) (Version: 10.0.60729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.0.2000.8 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0.1 (x64 en-US)) (Version: 102.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 99.0.1 - Mozilla)
MyHarmony (HKLM-x32\...\{2AD8F8A1-ECE5-4890-BCC2-B4396370A0D4}) (Version: 1.0.308 - Logitech)
Nextcloud (HKLM\...\{9BD3E5E5-D9C0-423E-87E7-FCB6FE082121}) (Version: 3.4.4.20220318 - Nextcloud GmbH)
Node.js (HKLM\...\{6FBA594E-4BEA-4BA0-A310-A74291707D0E}) (Version: 14.16.0 - Node.js Foundation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
RogueKiller version 15.0.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.0.6.0 - Adlice Software)
Shuffle for PowerPoint (HKLM-x32\...\{6B802AFC-4C59-4BED-9051-F2A6A1CF526A}) (Version: 3.0.2 - PowerPoint Alchemy)
Snagit 2020 (HKLM\...\{46DF39C3-F6AC-47FA-A1F5-D91ACB82530D}) (Version: 20.1.8 - TechSmith Corporation) Hidden
Snagit 2020 (HKLM-x32\...\{8e06da60-b3fd-48c1-bf2d-d677cc66dfc9}) (Version: 20.1.8.16558 - TechSmith Corporation)
Snagit 2021 (HKLM\...\{18CF1664-3AC5-43BA-A730-520FE482DDB6}) (Version: 21.2.1 - TechSmith Corporation) Hidden
Snagit 2021 (HKLM-x32\...\{9e510ccf-44fa-4bee-9c7a-467f5dd38736}) (Version: 21.2.1.8746 - TechSmith Corporation)
Snagit 9.1.3 (HKLM-x32\...\{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}) (Version: 9.1.3.19 - TechSmith Corporation)
Software Informer 1.5.1334.0 (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
SQL Server 2014 Common Files (HKLM\...\{BD1CD96B-FE4B-4EAE-83D4-6EF55AB5779C}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM\...\{F7012F84-80F5-4C25-852E-B1BA03276FE6}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{17531BCD-C627-46A2-9F1E-7CC920E0E94A}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM\...\{5082A9F3-AEE5-4639-9BA7-C19661BA7331}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{ACC530B8-B6B4-40D6-B59B-152468CF47D0}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM\...\{D1B847A9-B06B-4264-9EF0-78E6E1571E65}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.0.2000.8 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{6476DB81-F263-4C04-8574-AAD31136C304}) (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
Surface Pro 3 Firmware Tools (HKLM\...\{AB8DFA6A-4577-4607-A058-013C648CCD97}) (Version: 1.00.00.0 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.31.5 - TeamViewer)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - RemoteControl (RemoteControlUSBLAN) Net  (06/02/2016 02.04.10.001) (HKLM\...\A14D4158722037A4DD816446D7339B41F11276D9) (Version: 06/02/2016 02.04.10.001 - RemoteControl)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Wondershare Dr.Fone (Version 10.8.5) (HKLM-x32\...\{E8F86DA8-B8E4-42C7-AFD4-EBB692AC43FD}_is1) (Version: 10.8.5.334 - Wondershare Technology Co.,Ltd.)
Zoom(64bit) (HKLM\...\{AC8ED55F-4CF8-464D-96DF-DF379E6D545A}) (Version: 5.10.4420 - Zoom)
ZoomInfo Contact Contributor (HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\ZoomInfo Contact Contributor) (Version: 62 - )
Zwift version 1.1.1 (HKLM-x32\...\{E4DA422A-82AB-44A4-B3A5-0AF60F47B7AB}_is1) (Version: 1.1.1 - Zwift, LLC)

Packages:
=========
Dashlane - Password Manager -> C:\Program Files\WindowsApps\Dashlane.DashlaneEdgeExtension_6.2047.2.0_neutral__ks9qrcqmdm1bm [2022-07-14] (Dashlane)
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2022-07-21] (0)
Free Timer -> C:\Program Files\WindowsApps\35527Liquid47.FreeTimer_2.0.0.4_neutral__y1fzmhwcb5c58 [2022-07-14] (Family Apps)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_137.1.291.0_x64__v10z8vjag6ke6 [2022-07-14] (HP Inc.)
Japanese Landscapes -> C:\Program Files\WindowsApps\Microsoft.JapaneseLandscapes_1.0.0.0_neutral__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation) [MS Ad]
Microsoft Sudoku -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSudoku_2.8.10203.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.74.51921.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_52.10620.425.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-07-14] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.103.0_x64__pwbj9vvecjh7j [2022-07-21] (Amazon Development Centre (London) Ltd)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.29.256.0_x64__dt26b99r8h8gj [2022-07-14] (Realtek Semiconductor Corp)
RICOH Driver Utility -> C:\Program Files\WindowsApps\3EA2211E.RICOHDriverUtility_4.7.0.0_x86__fxme7667cy4q4 [2022-07-14] (Ricoh Company, Ltd.)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.15.163.0_x64__43tkc6nmykmb6 [2022-07-14] (Ookla)
Stravalyzer -> C:\Program Files\WindowsApps\17946AndyCopson.Stravalyzer_3.1.39.0_x64__ajtehxq21kfky [2022-07-14] (Andy Copson) [MS Ad]
Surface -> C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.6067.139.0_x64__8wekyb3d8bbwe [2022-07-23] (Microsoft Corporation)
Surface Diagnostic Toolkit -> C:\Program Files\WindowsApps\Microsoft.SurfaceDiagnostics_2.180.139.0_x64__8wekyb3d8bbwe [2022-07-15] (Microsoft Corporation) [Startup Task]
Surface Management Extension -> C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.37.139.0_x64__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation)
US National Parks -> C:\Program Files\WindowsApps\Microsoft.USNationalParks_1.0.0.0_neutral__8wekyb3d8bbwe [2022-07-14] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\cruss\AppData\Local\GoToMeeting\19796\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\cruss\Dropbox [2019-11-04 14:34]
CustomCLSID: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001_Classes\CLSID\{f8462e0c-b478-47f6-813c-397d79d52d53} -> [Nextcloud] => C:\Users\cruss\Nextcloud [2022-02-09 17:36]
ShellIconOverlayIdentifiers: [                 OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [                 OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [                 OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [                 OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [                 OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [                 OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [                 OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [                NextcloudError] -> {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2022-03-18] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [                NextcloudOK] -> {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2022-03-18] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [                NextcloudOKShared] -> {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2022-03-18] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [                NextcloudSync] -> {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2022-03-18] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [                NextcloudWarning] -> {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2022-03-18] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-07-14] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [                 OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [                 OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [                 OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [                 OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [                 OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [                 OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [                 OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-07-14] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-07-14] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 2021\DLLx64\SnagItShellExt64.dll [2021-03-09] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-07-14] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [NextcloudContextMenuHandler] -> {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\shellext\NCContextMenu.dll [2022-03-18] (Nextcloud GmbH -> Nextcloud GmbH)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-06-15] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files\TechSmith\Snagit 2021\DLLx64\SnagItShellExt64.dll [2021-03-09] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-07-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2022-07-14] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-07-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-06-15] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\cruss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=efmjfjelnicpmdcmfikempdhlmainjcb
ShortcutWithArgument: C:\Users\cruss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) =============

2018-08-14 14:49 - 2018-08-14 14:49 - 001874432 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\cairo.dll
2018-08-14 14:49 - 2018-08-14 14:49 - 000790528 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\fontconfig.dll
2018-08-14 14:49 - 2018-08-14 14:49 - 001041920 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\harfbuzz-vs14.dll
2018-08-14 14:49 - 2018-08-14 14:49 - 000060928 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\iconv.dll
2018-12-11 15:09 - 2018-12-11 15:09 - 000790016 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\libhpdf.dll
2018-08-14 14:49 - 2018-08-14 14:49 - 000257536 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\libpng16.dll
2018-08-14 14:49 - 2018-08-14 14:49 - 001294336 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\libxml2.dll
2019-07-01 16:23 - 2019-07-01 16:23 - 016857600 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\opencv_core410.dll
2019-07-01 16:23 - 2019-07-01 16:23 - 046091264 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\opencv_imgproc410.dll
2018-08-14 14:49 - 2018-08-14 14:49 - 000086528 _____ () [File not signed] C:\Program Files\TechSmith\Snagit 2020\zlib1.dll
2022-07-22 23:23 - 2022-07-22 23:23 - 000033792 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Composi287a2193#\8d954c4fba1484c05a69bdac303c6a01\Act.CompositeExtensions.Unity.ni.dll
2022-07-22 23:23 - 2022-07-22 23:23 - 000088576 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Data.ActDb\9d644025239f911c95f414b4b7204311\Act.Data.ActDb.ni.dll
2022-05-26 11:51 - 2022-05-26 11:51 - 002344448 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Data.Resources\7e4869c9ca3b721b20aec52498312986\Act.Data.Resources.ni.dll
2022-07-22 23:23 - 2022-07-22 23:23 - 000127488 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Data\3bd1a1bf94cc5a12b8f552be86e026c2\Act.Data.ni.dll
2022-07-22 23:24 - 2022-07-22 23:24 - 000750592 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Framewo2acccfe4#\73a8906412f23bdd3a60ed4b79fd5ed9\Act.Framework.BusinessLink.LinkConnector.ni.dll
2022-07-22 23:25 - 2022-07-22 23:25 - 000566784 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Framewoa7c82375#\910b3ea4067d7d1414a60c0803d3baa6\Act.Framework.BusinessLink.Synchronization.ni.dll
2022-07-22 23:25 - 2022-07-22 23:25 - 002216960 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Framewob25cef3d#\7b5c4758b3795f8f8bbf3f1a5fa57763\Act.Framework.Synchronization.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 000136704 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Securita982c6d3#\033a48e2693bd333431b67b059d46148\Act.Security.Cryptography.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 000129024 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Shared.3cd8e10e#\52102891764247acba656f02ee9a80dc\Act.Shared.Diagnostics.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 000120832 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Shared.4c707719#\30a94d7f708a9f676305234a02f48c08\Act.Shared.Localization.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 000030720 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Shared.7319adae#\7b0350d304416d488a0db59b64c4429f\Act.Shared.UI.Utilities.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 000161792 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Shared.7f9f27da#\ebf02ec3b742430b82d6bbc8f4329098\Act.Shared.ComponentModel.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 000328192 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Shared.85fb1d61#\1de456d4c1f597f98f941ffb1f7ef5e5\Act.Shared.Wpf.Controls.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 000337920 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Shared.936fb0dd#\4f1e8dea919cb27863f1bf55b710890c\Act.Shared.LicProvider.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 000210432 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Shared.c5db5c3f#\d652cd398104114a9ba5ce4ba359349c\Act.Shared.Collections.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 000088064 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Shared.Config\74e6d6766f578b6ac4ed6dd0b6b3eb7a\Act.Shared.Config.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 004393984 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Shared.dbaddaae#\857207fc11f83d666688c513699ab0ce\Act.Shared.Windows.Forms.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 020119552 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Shared.Images\3aca40f124f559d3a48f9e5b3d873c86\Act.Shared.Images.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 000033792 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Shared.Licensing\e9c349110d7ffd5e7e3eb424cd19ea51\Act.Shared.Licensing.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 000223744 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Shared.Utilities\707abafbc45e40fcb79d135a6ace79aa\Act.Shared.Utilities.ni.dll
2022-07-22 23:26 - 2022-07-22 23:26 - 000703488 _____ (Act! LLC) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Act.Shared.Win32\a245457f3c3c73970ee14634574ac1e0\Act.Shared.Win32.ni.dll
2018-08-14 14:49 - 2018-08-14 14:49 - 000088576 _____ (Free Software Foundation) [File not signed] C:\Program Files\TechSmith\Snagit 2020\intl.dll
2016-01-08 13:28 - 2016-01-08 13:28 - 000356352 _____ (hxxp://hunspell.sourceforge.net/) [File not signed] C:\Program Files\TechSmith\Snagit 2020\libhunspell.dll
2022-07-22 23:34 - 2022-07-22 23:34 - 000331264 _____ (Infragistics, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Infragisticaa8fcf78#\c25d4002bfc2a247f0c775d813b5abf5\Infragistics.Act.Shared.ni.dll
2022-07-22 23:34 - 2022-07-22 23:34 - 002700288 _____ (Infragistics, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Infragisticcc7b0f04#\94f14b34695ec7c1d5a5568edc8933c4\Infragistics.Act.Win.UltraWinSchedule.ni.dll
2022-07-22 23:34 - 2022-07-22 23:34 - 003168256 _____ (Infragistics, Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Infragistics.Act.Win\e485b74163f36f2d685ba3d98e356bd4\Infragistics.Act.Win.ni.dll
2020-01-29 10:16 - 2020-01-29 10:16 - 000649552 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\lfCmpX.DLL
2020-01-29 10:16 - 2020-01-29 10:16 - 000175952 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\lfFaxX.DLL
2020-01-29 10:16 - 2020-01-29 10:16 - 000284496 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\lfPngX.DLL
2020-01-29 10:16 - 2020-01-29 10:16 - 000289616 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\lfTifX.DLL
2020-01-29 10:16 - 2020-01-29 10:16 - 000470352 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltdisx.dll
2020-01-29 10:16 - 2020-01-29 10:16 - 000441680 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltefxx.dll
2020-01-29 10:16 - 2020-01-29 10:16 - 000588112 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltfilx.dll
2020-01-29 10:16 - 2020-01-29 10:16 - 000374608 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltimgclrx.dll
2020-01-29 10:16 - 2020-01-29 10:16 - 001983312 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltimgcorx.dll
2020-01-29 10:16 - 2020-01-29 10:16 - 000319312 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltimgefxx.dll
2020-01-29 10:16 - 2020-01-29 10:16 - 000439120 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltimgutlx.dll
2020-01-29 10:16 - 2020-01-29 10:16 - 001515344 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltkrnx.dll
2020-01-29 10:16 - 2020-01-29 10:16 - 000091472 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Ltthunkutlx.dll
2020-01-29 10:16 - 2020-01-29 10:16 - 000341840 _____ (LEAD Technologies, Inc. -> LEAD Technologies, Inc.) [File not signed] C:\Program Files\TechSmith\Snagit 2020\Lttwnx.dll
2018-08-14 14:49 - 2018-08-14 14:49 - 000291840 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2020\pango-1.0.dll
2018-08-14 14:49 - 2018-08-14 14:49 - 000578560 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2020\pangocairo-1.0.dll
2018-08-14 14:49 - 2018-08-14 14:49 - 000605184 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2020\pangoft2-1.0.dll
2018-08-14 14:49 - 2018-08-14 14:49 - 000064512 _____ (Red Hat Software) [File not signed] C:\Program Files\TechSmith\Snagit 2020\pangowin32-1.0.dll
2022-07-22 23:36 - 2022-07-22 23:36 - 003142656 _____ (Soraco Technologies Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\QlmLicenseLib\dd47dd505d1757864dd581b0978eb7db\QlmLicenseLib.ni.dll
2021-03-09 22:06 - 2021-03-09 22:06 - 000185344 _____ (TechSmith Corporation) [File not signed] C:\Program Files\TechSmith\Snagit 2021\SnagItShellExtRes.dll
2018-08-14 14:49 - 2018-08-14 14:49 - 001338368 _____ (The GLib developer community) [File not signed] C:\Program Files\TechSmith\Snagit 2020\glib-2.0.dll
2018-08-14 14:49 - 2018-08-14 14:49 - 000284160 _____ (The GLib developer community) [File not signed] C:\Program Files\TechSmith\Snagit 2020\gobject-2.0.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll [2009-10-15] (TechSmith Corporation -> TechSmith Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll [2009-10-15] (TechSmith Corporation -> TechSmith Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\cruss\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2021-08-02] (Dashlane USA, Inc. -> Dashlane, Inc.)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Program Files (x86)\ACT\Act for Windows\Plugins\Act.UI.InternetExplorer.Plugins.AttachFile.DLL [2021-02-24] (Act! LLC) [File not signed]
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-10-15] (TechSmith Corporation -> TechSmith Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\cruss\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2021-08-02] (Dashlane USA, Inc. -> Dashlane, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-11] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\123simsen.com -> www.123simsen.com

There are 7943 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 00:49 - 2021-04-07 15:31 - 000454656 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15606 more lines.


2019-11-12 15:09 - 2019-11-12 15:09 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cruss\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Y151.jpg
DNS Servers: 130.253.2.14 - 130.253.3.39
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Act! Integration.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Snagit 9.lnk"
HKLM\...\StartupApproved\Run: => "TechSmithSnagit"
HKLM\...\StartupApproved\Run: => "DriverUpdUI.exe"
HKLM\...\StartupApproved\Run32: => "Act! Preloader"
HKLM\...\StartupApproved\Run32: => "Act.Outlook64.Service"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Sophos Home UI"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "ISPA"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "HeimdalAgentLoader"
HKLM\...\StartupApproved\Run32: => "Zwift"
HKLM\...\StartupApproved\Run32: => "DYMOWebApi"
HKLM\...\StartupApproved\Run32: => "DymoOfficeHelper"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_38E8DBE963846923F5008B0D528FC97A"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "DashlanePlugin"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "DymoQuickPrint"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "ZoomInfo Contact Contributor"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "Zoom"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "Nextcloud"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_88CD0AC2E08AC39BA3E5773C80221B99"
HKU\S-1-5-21-3941208988-4064051922-1525667148-1001\...\StartupApproved\Run: => "DYMOConnectLauncher"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A32200EC-7C32-4609-82ED-B98C7B87F0B8}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F10ADEB0-BD61-4611-94C5-3F5AB1DD5C1D}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{C61C894F-C289-49D1-8AB9-CE06AA15F5C7}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{CCB9E05B-978E-443C-A22D-917076C9071C}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{57CF38FA-7CE2-4622-A8E6-92C552426729}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2B0F6B47-4F89-4422-B78E-A89E7C3B71CF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F0A6A76A-5727-45F6-ABC2-94740D3AFB33}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3AE20B5C-B149-4043-B66E-815968166457}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AF3CD67C-8861-4E54-9D3D-F16BE5EF02FF}] => (Allow) C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{5880DBAA-73AE-4465-8D39-6B5CF57D5FAD}] => (Allow) C:\Program Files\Avast Software\Driver Updater\DriverUpdUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{3976A74D-A22C-4D9C-90B3-5073D137F0F4}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{F037EA32-B572-4F43-8AAE-BA32CAABC12A}] => (Block) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{7DD7ED33-8447-4729-95E7-03FC7A60955C}] => (Allow) LPort=57127
FirewallRules: [{01E49554-1E0F-49BA-A91E-C7996C0FE00E}] => (Allow) LPort=57127
FirewallRules: [{D55C2EFA-DF1B-4EF7-8F0C-F014B37F3FA9}] => (Allow) LPort=57127
FirewallRules: [{9701B2D3-C886-4443-86B5-AB6806B19D24}] => (Allow) LPort=8299
FirewallRules: [{2C6C7F64-D55A-4036-BB37-7A215F9C6264}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{11986D9A-F434-4ADF-9F14-2839C248B48E}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe (Act! LLC) [File not signed]
FirewallRules: [{4CAF5AA9-4245-4FE1-8AC1-0354ED6BEFA0}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe (Act! LLC) [File not signed]
FirewallRules: [{39420255-4D5C-410B-B9AC-40C07D06281B}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\Act15.exe (Act! LLC -> Act! LLC)
FirewallRules: [{317D9A19-DB60-4722-92B4-9194EA13EDF3}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\Act15.exe (Act! LLC -> Act! LLC)
FirewallRules: [{5EDAF14D-4444-4596-8CC5-181A92AC4BB5}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\ActEmail.exe (Act! LLC) [File not signed]
FirewallRules: [{FAC0FB4F-557E-4866-8F52-3101E19EECA2}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\ActEmail.exe (Act! LLC) [File not signed]
FirewallRules: [{5718028F-4AAB-4D44-B72A-0DCB8AC7C6A8}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\Act!.exe (Act! LLC -> Act! LLC)
FirewallRules: [{8235948A-D054-482C-84E2-825C5F97278A}] => (Allow) C:\Program Files (x86)\ACT\Act for Windows\Act!.exe (Act! LLC -> Act! LLC)
FirewallRules: [{3137A25A-A6DE-4E29-90DE-7714C9E989FB}] => (Allow) LPort=57127
FirewallRules: [{A31986A4-364B-4C77-BCD0-2B8EB8E4C839}] => (Allow) C:\Program Files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [{972CE62A-5C7D-44C4-8B52-C5B57CC676AE}] => (Allow) C:\Program Files\nodejs\node.exe (OpenJS Foundation -> Node.js)
FirewallRules: [{903A8C7E-40F4-4EAD-9DE3-03F1D6B7C30E}] => (Allow) LPort=57127
FirewallRules: [{126AD7E4-4F80-45B5-A765-DA2494F6B353}] => (Allow) LPort=57127

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,428 posts

Posted 26 July 2022 - 07:55 AM

Hi,
 
Your logs are clean.
 
I can only suggest you execute this scan.
 
Sophos Virus Removal Tool
 
Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
  • Disconnect from the Internet or physically unplug your Internet cable connection.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
    • [/*]
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
    • Note: Whenever necessary, the log will be in the following location:
     
    Windows Vista and above:
    C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
     
    Please post the contents of the log in your next reply and note any errors encountered.
    ===
     
    If the computer is still slow make sure you have the latest Windows Updates.
     
    Hope that helps.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #14 Carlgrus

    Carlgrus

      Advanced Member

    • Full Member
    • PipPipPip
    • 159 posts

    Posted 26 July 2022 - 02:48 PM

    Here you go...thanks again...still a little slow...and having problems updating the Cumulative Update for Windows 11 for x64 based systems (KB5015882), and I think others are having problems with this update.

     

    Sophos Scan & Clean
www.sophos.com

   Computer name . . . . : DESKTOP-RA8BHB0
   Windows . . . . . . . : 10.0.0.22000.X64/8
   User name . . . . . . : DESKTOP-RA8BHB0\cruss
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2022-07-26 16:13:56
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 14m 37s
   Disk access mode  . . : Direct disk access (FsdHigh)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 10

   Objects scanned . . . : 3,358,191
   Files scanned . . . . : 120,352
   Remnants scanned  . . : 989,324 files / 2,248,515 keys

Suspicious files ____________________________________________________________

   C:\Users\cruss\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,298,368 bytes
      Age  . . . . . . . : 482.2 days (2021-03-31 12:09:09)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3D607033FFCD9F07EB28DF4ECF6FBEA8158FCE3902E93E7B76DD2C7669A662E7
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

   C:\Users\cruss\OneDrive\Documents\Downloads\FRST64 (1).exe
      Size . . . . . . . : 2,279,424 bytes
      Age  . . . . . . . : 896.1 days (2020-02-11 14:10:41)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 63203A51EF8DD93F89A33521569DB580E45AA659313CA307AFFDC9C9E7DBF7FE
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

   C:\Users\cruss\OneDrive\Documents\Downloads\FRST64 (2).exe
      Size . . . . . . . : 2,581,504 bytes
      Age  . . . . . . . : 895.3 days (2020-02-12 10:09:48)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : ABB81A0282FDB12FEB11CE89C2D02781895319593558DA0771FC178B11061B07
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

   C:\Users\cruss\OneDrive\Documents\Downloads\FRST64.exe
      Size . . . . . . . : 2,279,424 bytes
      Age  . . . . . . . : 896.0 days (2020-02-11 15:48:17)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 63203A51EF8DD93F89A33521569DB580E45AA659313CA307AFFDC9C9E7DBF7FE
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   askws
   C:\Users\cruss\AppData\Local\Google\Chrome\User Data\Default\Web Data

   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\cookies.sqlite:demdex.net
   C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\cookies.sqlite:dpm.demdex.net
   C:\Users\cruss\AppData\Roaming\Mozilla\Firefox\Profiles\me5mm2m4.default-release-1581612878046\cookies.sqlite:taboola.com

     

    #15 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,428 posts

    Posted 27 July 2022 - 06:31 AM

    Hi,
     
    This is an article published a few days ago.
     
     
    If you are having difficulties with you Star Menu I suggest you download and run the fix suggested on the last line of the article.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760
    Back to Malware Removal


    1. SpywareInfo Forum
    2. Spyware, thiefware, browser hijackers, and other advertising parasites
    3. Malware Removal
    4. Privacy Policy
    Member of UNITE
    Support SpywareInfo Forum - click the button