Trojan & 32 connections?

I have 2 computers on the same home Xfinity network. My 1 computer said my Norton has expired, tho it wasn't.

A Norton tech was able to get my Norton to work. Turns out I had a trojan on that computer.

But, he also did some sort of scan and showed there were 32 computers using my network. I should have written down what he did, as he erased it when I asked him how he did it. He would only say if I spend $70, that will take care of it. He refused to tell me how he saw those 32.

Should I be concerned about the computer that is working fine?

Anyone know how to check what is connected to my network? Under devices it just shows my computers and bluetooth. Nothing suspicious, so I'm wondering if I did the wrong thing checking the 32 connections he referred to that way.

Thanks.

Hi jimlau,
My name is Dennis and I will assist you with your computer problems.
Please read through these guidelines before we start.

• Back up any important data, as a precaution before starting this process.
• If you are unsure about anything then please ask. This makes the task much easier in the long run.
• Do not run any other tools or make changes to your system during the removal process.
• Please do not start a new topic and keep all replies in this thread.
• Follow the instructions in the sequence advised.
• Copy and paste the logs into the reply. I will advise if anything needs to be added as an attachment.
• Here at Bleeping Computer we are mostly volunteers, so please be patient with us. I’ll try to respond within 24 hours. You will be advised if it is expected to be longer than 48 hours.
• Please let me know if you are going to be delayed in responding. If you do not reply after 5 days, I’ll assume you do not want to continue and will close the topic.
• Sometimes things might seem to be resolved, but there may still need to be more checks necessary, so please wait until I give the all clear.

Firstly I'd like you to follow the steps outlined here: Preparation Guide
Section 6 covers how to download and run the Farbar Recovery Scan Tool (FRST).
Note: If you receive a warning about the download, it is a false positive and you can safely ignore it.
Please copy and paste both FRST logs into your reply. If you get an error message advising that the content is too long, you should post 2 separate replies.

Dennis

Hi jimlau,
My name is Dennis and I will assist you with your computer problems.
Please read through these guidelines before we start.

• Back up any important data, as a precaution before starting this process.
• If you are unsure about anything then please ask. This makes the task much easier in the long run.
• Do not run any other tools or make changes to your system during the removal process.
• Please do not start a new topic and keep all replies in this thread.
• Follow the instructions in the sequence advised.
• Copy and paste the logs into the reply. I will advise if anything needs to be added as an attachment.
• Here at Bleeping Computer we are mostly volunteers, so please be patient with us. I’ll try to respond within 24 hours. You will be advised if it is expected to be longer than 48 hours.
• Please let me know if you are going to be delayed in responding. If you do not reply after 5 days, I’ll assume you do not want to continue and will close the topic.
• Sometimes things might seem to be resolved, but there may still need to be more checks necessary, so please wait until I give the all clear.

Firstly I'd like you to follow the steps outlined here: Preparation Guide
Section 6 covers how to download and run the Farbar Recovery Scan Tool (FRST).
Note: If you receive a warning about the download, it is a false positive and you can safely ignore it.
Please copy and paste both FRST logs into your reply. If you get an error message advising that the content is too long, you should post 2 separate replies.

Dennis

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.04.2024 01
Ran by laure (administrator) on DESKTOP-GVU2Q55 (HP HP Slimline Desktop PC 270-a0xx) (08-04-2024 19:51:06)
Running from C:\Users\laure\Downloads\FRST64.exe
Loaded Profiles: laure
Platform: Microsoft Windows 10 Home Version 1903 18362.1256 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(BellCraft.com) [File not signed] C:\Program Files (x86)\BellCraft.com\DeskBot\DeskBot.exe
(C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CA238A60-FBA5-45A8-96B2-C8471F49A028}\MicrosoftEdge_X64_123.0.2420.81_123.0.2420.65.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CA238A60-FBA5-45A8-96B2-C8471F49A028}\EDGEMITMP_FC70D.tmp\setup.exe <2>
(C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CA238A60-FBA5-45A8-96B2-C8471F49A028}\MicrosoftEdge_X64_123.0.2420.81_123.0.2420.65.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe ->) (The Qt Company Ltd.) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\QtWebEngineProcess.exe <2>
(CompatTelRunner.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atieclxx.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <36>
(services.exe ->) (Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atiesrxx.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (Native Instruments GmbH) [File not signed] C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.24.2.6\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.24.2.6\nsWscSvc.exe
(services.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(services.exe ->) (RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(services.exe ->) (Tonalio GmbH -> sandboxie-plus.com) C:\Program Files\Sandboxie\SbieSvc.exe
(services.exe ->) (Virtual Desktop, Inc. -> Virtual Desktop, Inc.) C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe <2>
(svchost.exe ->) (Microsoft Corporation) [File not signed] C:\Windows\MSAGENT\AgentSvr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotification.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TEDDYSOFT OOD -> StreamingVideoProvider) C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\update\realsched.exe [353064 2019-04-03] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => c:\program files (x86)\real\RealDownloader\downloader2.exe [1263400 2019-02-20] (RealNetworks, Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\Run: [DeskBot] => C:\Program Files (x86)\BellCraft.com\DeskBot\DeskBot.exe [339968 2007-10-23] (BellCraft.com) [File not signed]
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3383520 2021-06-15] (Tonalio GmbH -> sandboxie-plus.com)
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45285792 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [408976 2021-08-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\Run: [MicrosoftEdgeAutoLaunch_B7C8B5C106AFC246B825A1ED4AA8DAE3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4063800 2024-03-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\Run: [ScreenRec] => C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe [7265112 2023-03-01] (TEDDYSOFT OOD -> StreamingVideoProvider)
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\MountPoints2: {0225992d-857b-11e9-9d24-40a3cce3c4d3} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\MountPoints2: {eaf5de2a-ff39-11e8-9d19-40a3cce3c4d3} - "D:\LaunchU3.exe" -a
HKLM\...\Windows x64\Print Processors\Canon MG2500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBX.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2500 series: C:\WINDOWS\system32\CNMLMBX.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2019-04-03]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc. -> RealNetworks, Inc.)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {533077E9-FE46-46E6-9C9C-77BED91C53E5} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {37D3F35F-8048-4752-972C-3C19DEA8E0E9} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-laurel3655@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {7113C4D9-8255-4749-8D71-8A97E0443F69} - System32\Tasks\ASCOM - Update Earth Rotation Data => C:\Program Files (x86)\ASCOM\Platform 6\Tools\EarthRotationUpdate.exe [45880 2022-01-14] (Peter Simpson -> ASCOM)
Task: {685CACC1-ED63-49B2-A802-45E0341F4297} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\26.0.1.222\WatchDog.exe  -> C:\Program Files\Bitdefender Agent\26.0.1.222\repair
Task: {885F4C6F-5B52-40C3-A52E-B5121C49B708} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {F13BEF45-A8FB-4285-8077-0EAD6FEBA367} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "d739c2d7-6141-4908-a441-ded43a2a4710" --version "6.22.10977" --silent
Task: {FE0E6F26-12B7-46D3-AC47-1663C1969A08} - System32\Tasks\CCleanerSkipUAC - laure => C:\Program Files\CCleaner\CCleaner.exe [39024544 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {61E36428-C234-4A2C-93FE-2941A467D590} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\laure\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-07-10] (ESET, spol. s r.o. -> ESET)
Task: {26804B38-3C4B-43F8-9C74-FC91ED25DAF2} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\laure\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [18007968 2021-07-10] (ESET, spol. s r.o. -> ESET)
Task: {614EF296-DADE-4DC4-A353-E6375C247265} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {F4D4A7DA-7EBF-4496-A2DF-BF36872DFBE5} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe  (No File)
Task: {C0721527-4710-463F-AFF7-71D6D9CB4A3C} - System32\Tasks\Microsoft\Windows\rempl\shell => %ProgramFiles%\rempl\sedlauncher.exe  (No File)
Task: {CC972818-9B7A-4814-81A4-FE994262DEFF} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-04-07] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {4411E98D-CF40-4AC0-854F-56B72632000F} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2765946157-3510292698-4281767184-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-04-07] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {151F1CA8-4A91-4CF9-A7BD-1BAEB6442402} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-04-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {739D8B9B-D464-4116-A695-ED1B5766FEBD} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {F326AFA1-CF16-4F86-A411-6E103042B3C9} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {7B8A05F7-466A-4827-BE26-56E6815B85C3} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.24.2.6\symerr.exe [379024 2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {FDFB29CD-F51E-43B1-9317-02D0760BA963} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.24.2.6\WSCStub.exe [646520 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {AED138F9-2978-4027-8C4F-2352476D6C63} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2765946157-3510292698-4281767184-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
Task: {B1451B80-0E59-4B78-BD91-95EE3024809C} - System32\Tasks\RealDownloader Update Check => c:\program files (x86)\Real\RealDownloader\downloader2.exe [1263400 2019-02-20] (RealNetworks, Inc. -> )
Task: {B44C2F2A-3826-4FF7-B225-C2279975ABC9} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2765946157-3510292698-4281767184-1001 => c:\program files (x86)\Real\RealDownloader\recordingmanager.exe [959784 2019-02-20] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {B73FBA75-379E-4EAC-8AD8-4CFBD60C858E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2765946157-3510292698-4281767184-1001 => C:\program files (x86)\Real\RealDownloader\RealUpgrade.exe [135464 2019-02-20] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {F14FBCA0-6335-4FFA-9D7D-E70899F7B33B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2765946157-3510292698-4281767184-1001 => C:\program files (x86)\Real\RealDownloader\RealUpgrade.exe [135464 2019-02-20] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {C2C759F9-330E-4380-AF3B-7114041E2000} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {ADFB2935-3C90-480E-BA72-DCA382D3C447} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279544 2018-09-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {9526F689-2CF1-430D-B514-A143A47F7890} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {28247154-1ADC-4AB5-A3FC-B0CB71CFAC7A} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{51377662-5579-45a5-b3f7-7b6ef65d4d1d}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9a06834e-4ca4-439a-8c9f-2f12e6cff034}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{e59bd7b7-faf1-481a-8ddb-c55e03156759}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{e59bd7b7-faf1-481a-8ddb-c55e03156759}: [DhcpDomain] hsd1.pa.comcast.net.
Tcpip\..\Interfaces\{e59bd7b7-faf1-481a-8ddb-c55e03156759}\3597E6353616E6F533361683: [DhcpNameServer] 192.168.4.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\laure\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-24]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\laure\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-11-23]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: avj8ss6w.default
FF ProfilePath: C:\Users\laure\AppData\Roaming\Mozilla\Firefox\Profiles\avj8ss6w.default [2024-04-08]
FF Homepage: Mozilla\Firefox\Profiles\avj8ss6w.default -> hxxps://webmail1.earthlink.net/folders/INBOX
FF Session Restore: Mozilla\Firefox\Profiles\avj8ss6w.default -> is enabled.
FF Extension: (Malwarebytes Browser Guard) - C:\Users\laure\AppData\Roaming\Mozilla\Firefox\Profiles\avj8ss6w.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-10-06]
FF Extension: (McAfee® WebAdvisor) - C:\Users\laure\AppData\Roaming\Mozilla\Firefox\Profiles\avj8ss6w.default\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2024-03-04] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF Extension: (Capital One Shopping: Save Now) - C:\Users\laure\AppData\Roaming\Mozilla\Firefox\Profiles\avj8ss6w.default\Extensions\{aff8af88-06a9-4eee-b383-3af08c47b8c8}.xpi [2024-04-07]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-08-10] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [File not signed]
FF Plugin-x32: @real.com/nppl3260;version=18.1.16.215 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2019-04-03] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.16.215 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2019-04-03] (RealNetworks, Inc. -> RealPlayer)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2019-11-18] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2019-11-18] <==== ATTENTION

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1081248 2024-03-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4816272 2021-08-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8882936 2024-04-08] (Malwarebytes Inc. -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [889400 2024-04-07] (McAfee, LLC -> McAfee, LLC)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.24.2.6\NortonSecurity.exe [344888 2024-03-04] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.24.2.6\nsWscSvc.exe [1059176 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [38032 2019-02-20] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [990856 2019-04-03] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [335080 2021-06-15] (Tonalio GmbH -> sandboxie-plus.com)
R2 VirtualDesktop.Service.exe; C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe [1889192 2019-05-10] (Virtual Desktop, Inc. -> Virtual Desktop, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.23.3.8\Definitions\BASHDefs\20240408.001\BHDrvx64.sys [1706496 2024-04-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\ccSetx64.sys [198288 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2021-08-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2021-08-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527832 2022-09-19] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2023-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.23.3.8\Definitions\IPSDefs\20240405.064\IDSvia64.sys [1554432 2024-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-05-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-03-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\nsvst.sys [57120 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [197120 2021-06-15] (Microsoft Windows Hardware Compatibility Publisher -> sandboxie-plus.com)
S3 Ser2pl; C:\WINDOWS\system32\DRIVERS\ser2pl64.sys [303000 2021-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Prolific Technology Inc.)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\SRTSP64.SYS [960640 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\SRTSPX64.SYS [52864 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\SYMEFASI64.SYS [2180248 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\SymELAM.sys [36016 2024-03-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [100344 2023-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.23.3.8\SymPlatform\SymEvnt.sys [934912 2024-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\Ironx64.SYS [306872 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\symnets.sys [492720 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 vdvad_WaveExtensible; C:\WINDOWS\System32\drivers\vdvad.sys [41072 2019-05-14] (Virtual Desktop, Inc. -> Virtual Desktop)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20928 2024-03-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [603416 2024-03-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-30] (Microsoft Windows -> Microsoft Corporation)
R1 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1618020.006\wpCtrlDrv.sys [1016792 2024-03-04] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-08 19:51 - 2024-04-08 19:54 - 000027757 _____ C:\Users\laure\Downloads\FRST.txt
2024-04-08 19:38 - 2024-04-08 19:52 - 000000000 ____D C:\FRST
2024-04-08 19:37 - 2024-04-08 19:37 - 002393600 _____ (Farbar) C:\Users\laure\Downloads\FRST64.exe
2024-04-08 19:34 - 2024-04-08 19:34 - 005455480 _____ (ESET) C:\Users\laure\Downloads\eset_smart_security_premium_live_installer_eos.exe
2024-04-08 19:34 - 2024-04-08 19:34 - 005455480 _____ (ESET) C:\Users\laure\Downloads\eset_smart_security_premium_live_installer_eos(1).exe
2024-04-07 22:17 - 2024-04-07 22:19 - 064164264 _____ C:\Users\laure\Downloads\Wet Pussy Takes Cum Inside Outdoor - Reislin.mp4
2024-04-07 22:02 - 2024-04-07 22:07 - 156991577 _____ C:\Users\laure\Downloads\Cuckold Groom Films Slutty Bride Receiving Cum From Wedding Photographer.mp4
2024-04-07 21:55 - 2024-04-07 22:02 - 214104350 _____ C:\Users\laure\Downloads\Stepmom caught me jerking off - and helped me cum on her face.mp4
2024-04-07 21:53 - 2024-04-07 21:54 - 024473703 _____ C:\Users\laure\Downloads\Photoshoot lingerie MILF white pawg big natural breasts boobs tits body brunette hot wife slutty.mp4
2024-04-07 21:50 - 2024-04-07 21:50 - 000000000 ___HD C:\$WINDOWS.~BT
2024-04-07 21:49 - 2024-04-07 21:52 - 107039298 _____ C:\Users\laure\Downloads\Kate Ross getting a taste of big cock in public.mp4
2024-04-07 21:31 - 2024-04-07 21:35 - 141415616 _____ C:\Users\laure\Downloads\BoxTruckSex - Big ass Latina's bleep and sucking in a public street.zY_H7e3W.mp4.part
2024-04-07 21:31 - 2024-04-07 21:31 - 000000000 _____ C:\Users\laure\Downloads\BoxTruckSex - Big ass Latina's bleep and sucking in a public street.mp4
2024-04-07 21:25 - 2024-04-07 21:30 - 154706705 _____ C:\Users\laure\Downloads\Hot Cloe lets her boyfriend bleep her in front of our camera.mp4
2024-04-07 21:08 - 2024-04-07 21:08 - 000000000 ___HD C:\$WinREAgent
2024-04-07 17:01 - 2024-04-07 17:01 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2024-04-07 16:57 - 2024-04-07 16:57 - 000000000 _____ C:\Users\laure\Desktop\NORTON SUPPORT.txt
2024-04-07 16:51 - 2024-04-07 16:54 - 000000000 ____D C:\Users\laure\AppData\Roaming\AnyDesk
2024-04-07 16:50 - 2024-04-07 16:50 - 005323592 _____ (AnyDesk Software GmbH) C:\Users\laure\Downloads\AnyDesk.exe
2024-04-07 16:25 - 2024-04-07 21:06 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-04-07 16:22 - 2024-04-07 15:55 - 000000025 _____ C:\Users\laure\Desktop\vvvvv.txt
2024-03-30 21:39 - 2024-03-30 21:39 - 000000000 ____D C:\Users\laure\PPTube
2024-03-30 21:38 - 2024-03-30 21:39 - 000000000 ____D C:\Users\laure\AppData\Local\PPTube
2024-03-30 21:37 - 2024-03-30 21:37 - 000001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPTube.lnk
2024-03-30 21:37 - 2024-03-30 21:37 - 000001045 _____ C:\Users\Public\Desktop\PPTube.lnk
2024-03-30 21:36 - 2024-03-30 21:37 - 000000000 ____D C:\Program Files (x86)\PPTube
2024-03-30 21:36 - 2024-03-30 21:36 - 000000000 ____D C:\ProgramData\ConfigData
2024-03-30 20:48 - 2024-03-30 20:48 - 000000000 ____D C:\ProgramData\Piriform
2024-03-30 20:43 - 2024-04-08 19:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360
2024-03-30 20:34 - 2024-04-08 19:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2024-03-30 20:34 - 2024-03-30 20:34 - 000003374 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-04-08 19:51 - 2022-07-04 07:29 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-04-08 19:51 - 2022-07-04 07:29 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-04-08 19:44 - 2023-05-14 21:22 - 000002397 _____ C:\Users\Public\Desktop\Norton Security.lnk
2024-04-08 19:44 - 2018-10-31 14:46 - 000000000 ____D C:\Users\laure\AppData\Local\D3DSCache
2024-04-08 19:40 - 2023-05-14 20:57 - 000000000 ____D C:\Users\laure\AppData\Local\Malwarebytes
2024-04-08 19:35 - 2022-06-28 20:33 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-04-08 19:35 - 2022-06-28 20:33 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-08 19:32 - 2022-06-28 20:33 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-04-08 19:32 - 2022-06-28 20:25 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-04-08 19:32 - 2019-03-19 00:50 - 000000000 ____D C:\WINDOWS\INF
2024-04-07 22:53 - 2019-03-19 00:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-04-07 22:48 - 2023-05-19 21:54 - 000000000 ____D C:\Users\laure\AppData\Local\Norton
2024-04-07 21:58 - 2022-06-28 17:30 - 000000000 ___DC C:\WINDOWS\Panther
2024-04-07 21:06 - 2022-06-28 20:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-04-07 21:06 - 2018-10-31 12:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-04-07 21:05 - 2019-03-19 00:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-04-07 21:05 - 2018-10-31 12:24 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2024-04-07 21:04 - 2022-06-28 20:33 - 000003858 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2024-04-07 21:04 - 2022-06-28 20:33 - 000003416 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2024-04-07 21:03 - 2021-07-10 18:25 - 000001382 _____ C:\Users\laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-04-07 20:56 - 2022-06-28 20:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-04-07 19:06 - 2018-10-31 12:43 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-04-07 18:59 - 2019-03-19 00:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-04-07 16:22 - 2023-05-14 21:31 - 000000000 ____D C:\Users\laure\AppData\LocalLow\Norton
2024-04-07 16:20 - 2019-03-19 00:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-04-01 22:44 - 2022-06-15 20:54 - 000000000 ____D C:\Users\laure\Downloads\crall
2024-04-01 22:30 - 2023-03-01 22:49 - 000000666 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2024-04-01 22:30 - 2021-07-20 18:17 - 000000000 ____D C:\Program Files\CCleaner
2024-03-30 22:30 - 2021-07-10 18:25 - 000001276 _____ C:\Users\laure\Desktop\ESET Online Scanner.lnk
2024-03-30 21:39 - 2022-06-28 20:15 - 000000000 ____D C:\Users\laure
2024-03-30 21:17 - 2023-05-19 21:57 - 000000000 ____D C:\Program Files\Common Files\AV
2024-03-30 20:51 - 2018-10-31 17:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-03-30 20:40 - 2019-07-08 21:13 - 000000000 ____D C:\Users\laure\AppData\Roaming\Microsoft\Paint
2024-03-30 20:37 - 2023-03-01 22:49 - 000003382 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2024-03-30 20:36 - 2018-10-31 17:44 - 190470136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-03-30 20:34 - 2023-05-14 21:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2024-03-30 19:11 - 2018-10-31 15:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

==================== Files in the root of some directories ========

2021-07-10 17:55 - 2021-07-10 17:55 - 000332952 _____ () C:\Users\laure\AppData\Local\ars.cache
2021-07-10 17:56 - 2021-07-10 17:56 - 000807238 _____ () C:\Users\laure\AppData\Local\census.cache
2021-07-10 17:34 - 2021-07-10 17:34 - 000000036 _____ () C:\Users\laure\AppData\Local\housecall.guid.cache
2018-10-31 12:54 - 2021-07-17 15:20 - 000001435 _____ () C:\Users\laure\AppData\Local\oobelibMkey.log
2021-07-10 17:43 - 2021-07-10 17:43 - 000000010 _____ () C:\Users\laure\AppData\Local\sponge.last.runtime.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.04.2024 01
Ran by laure (08-04-2024 19:55:17)
Running from C:\Users\laure\Downloads
Microsoft Windows 10 Home Version 1903 18362.1256 (X64) (2022-06-29 00:34:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2765946157-3510292698-4281767184-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2765946157-3510292698-4281767184-503 - Limited - Disabled)
Guest (S-1-5-21-2765946157-3510292698-4281767184-501 - Limited - Disabled)
laure (S-1-5-21-2765946157-3510292698-4281767184-1001 - Administrator - Enabled) => C:\Users\laure
WDAGUtilityAccount (S-1-5-21-2765946157-3510292698-4281767184-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {45F99686-298C-6438-2141-488A96022C47}
FW: Norton 360 (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader (HKLM\...\{A92F76E7-1E4F-40F1-93DD-B4280856DFE6}) (Version: 4.27.1.5590 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{0a98897a-479a-4fe4-9c4e-7189ba714328}) (Version: 4.20.4.4870 - Open Media LLC)
7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
ActivePresenter (HKLM\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 8.0.2 - Atomi Systems, Inc.)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_0_0) (Version: 15.0.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.6.0.384 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_1) (Version: 20.0.1 - Adobe Systems Incorporated)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2020.0821.1329.24282 - Advanced Micro Devices, Inc.)
ASCOM DSLR.Camera Camera Driver 0.5.302.0 (HKLM-x32\...\{64931281-9e67-4d94-bc2a-083a023714fd}_is1) (Version: 0.5.302.0 - Cesar Mattos <cesar.mattos@gmail.com>)
ASCOM Platform 6.6 (HKLM-x32\...\{8961E141-B307-4882-ABAD-77A3E76A40C1}) (Version: 6.6.0.3444 - ASCOM Initiative) Hidden
ASCOM Platform 6.6 (HKLM-x32\...\ASCOM Platform 6.6) (Version: 6.6.0.3444 - ASCOM Initiative)
ASTAP (HKLM\...\ASTAP, the Astrometric STAcking Program, astrome~478BFEE4_is1) (Version:  - Han Kleijn)
ASTAP h18 star dabase up to mag 18, version eDR3 (HKLM\...\ASTAP h18 star database up to magnitude 18_is1) (Version:  - Han Kleijn)
BandLab Assistant 8.1.1 (HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\9b08bea4-021c-5f9d-a74e-ac0ceb51fb28) (Version: 8.1.1 - BandLab Technologies)
Bitwar 6.42 (HKLM-x32\...\Bitwar) (Version: 6.42 - 廈門市百勝通軟件技術有限公司)
Cakewalk by BandLab (HKLM\...\Cakewalk Core_is1) (Version: 27.06.0.053 - BandLab Singapore Pte Ltd.)
Cakewalk Studio Instruments Suite (HKLM\...\Studio Instruments Suite_is1) (Version: 1.0.0.70 - BandLab Singapore Pte Ltd.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.02 - Canon Inc.)
Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.22 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.14.0.1762 - Disc Soft Ltd)
DeskBot (HKLM-x32\...\DeskBot_is1) (Version: 2.6 - BellCraft Technologies)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.0 - Toontrack)
iMyFone AnyRecover 4.5.0.4 (HKLM-x32\...\{89DFCC5A-39CC-4AE7-8313-1ED6553E1ADD}_is1) (Version: 4.5.0.4 - Shenzhen iMyFone Technology Co., Ltd.)
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Malwarebytes version 4.6.11.320 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.11.320 - Malwarebytes)
Melodyne 5 (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 5.01.01003 - Celemony Software GmbH)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 123.0.2420.81 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-US) (HKLM-x32\...\{66D57636-BD4B-402F-9E7D-5E89C28C8136}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, Helen) (HKLM-x32\...\{8466EAED-7024-4AEE-9D13-F3A55B98D114}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{8A6AB459-CB4B-4D09-8C1E-337FB59135C4}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.26.28720 (HKLM-x32\...\{2F69FB2B-2C48-491C-B249-22C1BDCE1117}) (Version: 14.26.28720 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.26.28720 (HKLM-x32\...\{31C9EB3A-5F0C-49E7-8E6C-D404E48F433D}) (Version: 14.26.28720 - Microsoft Corporation) Hidden
Mocha Plug-ins 2019 for Adobe (HKLM\...\{CD78A62C-CCAB-4DC6-B595-56A506DE83DF}) (Version: 6.0.0 - BorisFX)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 124.0.2 (x64 en-US)) (Version: 124.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0 - Mozilla)
MSVCRT (HKLM-x32\...\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (HKLM-x32\...\{D0B44725-3666-492D-BEF6-587A14BD9BD9}) (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (HKLM-x32\...\{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}) (Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (HKLM\...\{E9FA781F-3E80-4399-825A-AD3E11C28C77}) (Version: 16.4.1109.0912 - Microsoft) Hidden
N.I.N.A. - Nighttime Imaging 'N' Astronomy (HKLM\...\{19DD475C-C2FD-43E7-BC4C-822C88941CC2}) (Version: 2.0.1.2013 - N.I.N.A.) Hidden
N.I.N.A. - Nighttime Imaging 'N' Astronomy (HKLM-x32\...\{c0e33246-4ec1-42ee-807a-595463a5b34e}) (Version: 2.0.1.2013 - N.I.N.A.)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Kontakt (HKLM-x32\...\Native Instruments Kontakt) (Version: 6.2.2.51 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.24.2.6 - NortonLifeLock Inc)
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
PHD 2 version 2.6.11dev1 (HKLM-x32\...\PHD 2_is1) (Version: 2.6.11dev1 - )
Photo Common (HKLM-x32\...\{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PPTube version 7.4.2 (HKLM\...\{EE5D77DE-C240-4266-8C33-4171E211AF9C}_is1) (Version: 7.4.2 - PPTube Studio.)
qBittorrent 4.3.6 (HKLM-x32\...\qBittorrent) (Version: 4.3.6 - The qBittorrent project)
RealDownloader (HKLM-x32\...\{2C1A45EC-8ED5-4CFF-B8B4-417DA850F67E}) (Version: 18.1.16.215 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.16 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8536 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remo Recover 5.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 5.0.0.52 - Remo Software)
Sandboxie 5.50.2 (64-bit) (HKLM\...\Sandboxie) (Version: 5.50.2 - sandboxie-plus.com)
ScreenRec (HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\ScreenRec) (Version: 00.01.00.60 - StreamingVideoProvider)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{0746492E-47B6-4251-940C-44462DFD74BB}) (Version: 2.55.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{3800CCFC-4006-4B30-A103-416AF26A885C}) (Version: 2.71.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{76A22428-2400-4521-96AF-7AC4A6174CA5}) (Version: 1.25.0.0 - Microsoft Corporation) Hidden
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Virtual Desktop Service (HKLM\...\{403D4671-D123-4DD2-B882-1F551F0DDE61}) (Version: 1.17.0 - Virtual Desktop, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.4 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.883 - McAfee, LLC)
Webcam Utility (HKLM\...\{4FD70465-39C6-41EE-ABA0-2FA2EE198905}) (Version: 1.1.1.30000 - Nikon Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23214 - Microsoft Corporation)
Windows Live Communications Platform (HKLM-x32\...\{41C61308-6CFD-4D54-AB6A-7136ED08A18E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\{66B5819D-DE70-42BE-B40F-978FBA12452E}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Installer (HKLM-x32\...\{659CB81C-B54E-4DF1-B618-F35777393A54}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (HKLM-x32\...\{BAD27F0E-5165-49A5-BE66-AF5BF73F2FEE}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (HKLM\...\{25058321-C33E-496B-8915-6FD64D362CAF}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (HKLM-x32\...\{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (HKLM-x32\...\{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (HKLM-x32\...\{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (HKLM-x32\...\{D1893000-EA77-493C-8DDD-E262436E959B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (HKLM-x32\...\{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (HKLM-x32\...\{6522F5F9-411B-4513-A75B-CEA00395F032}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (HKLM-x32\...\{714E162E-CD4F-4F1B-8302-7F5179409C25}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (HKLM-x32\...\{0F974770-76EB-4C38-986E-E7BDD9C0DFC4}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Wondershare Data Recovery(Build 6.0.0.31) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 6.0.0.31 - Wondershare Software Co.,Ltd.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)

Packages:
=========

Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2640.4.0_x64__kgqvnymyfvs32 [2023-10-27] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.255.400.0_x64__kgqvnymyfvs32 [2023-11-06] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.19.954.0_x64__rz1tebttyb220 [2023-11-06] (Dolby Laboratories)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.64.6400.0_x86__ytsefhwckbdv6 [2023-11-06] (G5 Entertainment AB)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-14] (Microsoft Corporation) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-10-27] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-11-06] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2765946157-3510292698-4281767184-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-08-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-08-22] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-13] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2019-04-03] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.2.6\buShell.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-13] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.2.6\NavShExt.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-07-14 17:32 - 2020-07-14 17:32 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-08-21 13:19 - 2020-08-21 13:19 - 001562624 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 012245504 _____ (FFmpeg Project) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\avcodec-57.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 000137728 _____ (FFmpeg Project) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\avdevice-57.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 002206208 _____ (FFmpeg Project) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\avfilter-6.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 002073600 _____ (FFmpeg Project) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\avformat-57.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 000508928 _____ (FFmpeg Project) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\avutil-55.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 000135168 _____ (FFmpeg Project) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\postproc-54.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 000124928 _____ (FFmpeg Project) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\swresample-2.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 000529408 _____ (FFmpeg Project) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\swscale-4.dll
1998-09-15 18:54 - 1998-09-15 18:54 - 000163905 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\msagent\AgentCtl.dll
1999-01-12 15:19 - 1999-01-12 15:19 - 000851456 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\SpeechEngines\TTS\MSTTSSYN.dll
1998-09-15 18:51 - 1998-09-15 18:51 - 000061505 _____ (Microsoft Corporation) [File not signed] C:\Windows\msagent\AgentDP2.dll
1998-09-15 18:55 - 1998-09-15 18:55 - 000061505 _____ (Microsoft Corporation) [File not signed] C:\Windows\msagent\AgentMPx.dll
1999-01-12 11:12 - 1999-01-12 11:12 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\msagent\AgentSR.dll
1999-01-12 16:19 - 1999-01-12 16:19 - 000562176 _____ (Microsoft Corporation) [File not signed] C:\Windows\speech\Speech.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 000055808 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\libwinpthread-1.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 002696704 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\libcrypto-1_1-x64.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 000642560 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\libssl-1_1-x64.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-08-21 13:28 - 2020-08-21 13:28 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-07-14 17:32 - 2020-07-14 17:32 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-08-21 13:28 - 2020-08-21 13:28 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 000376832 _____ (The Qt Company Ltd.) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\Qt5WebEngine.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 104697344 _____ (The Qt Company Ltd.) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\Qt5WebEngineCore.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 000103936 _____ (The Qt Company Ltd.) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\QtWebEngine\qtwebengineplugin.dll
2023-03-01 23:02 - 2023-03-01 23:02 - 002189662 _____ (x264 project) [File not signed] C:\Users\laure\AppData\Local\StreamingVideoProvider\ScreenRec_app\libx264-148.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2019-02-20] (RealNetworks, Inc. -> RealDownloader)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.24.2.6\coIEPlg.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
BHO-x32: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2019-02-20] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.24.2.6\coIEPlg.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2022-07-20] (McAfee, LLC -> McAfee, LLC)
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.24.2.6\coIEPlg.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Toolbar: HKLM-x32 - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.24.2.6\coIEPlg.dll [2024-03-04] (NortonLifeLock Inc. -> Gen Digital Inc.)
Toolbar: HKU\S-1-5-21-2765946157-3510292698-4281767184-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 19:38 - 2022-06-15 16:25 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B7C8B5C106AFC246B825A1ED4AA8DAE3"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3C2A1E28-AF7D-43E6-A807-6BE367ED3F37}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{DE651A77-C08F-4D84-90B1-ABD3D235BCC5}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{713C343D-270B-4FB3-8311-BC5654D0976B}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{1BC7A536-B514-4801-960F-B2947F35CF09}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{70722F6A-537A-49E0-B821-D6C6C35CB13C}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [{615DCF1A-26AE-41F8-BF5D-4237D8F5FA23}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe (BandLab Singapore Pte Ltd. -> BandLab Singapore Pte Ltd.)
FirewallRules: [{D276D3C8-6127-4D41-B0D4-F54E668F2E07}] => (Allow) LPort=1900
FirewallRules: [{6AE0F772-800C-4875-83E8-45C04EC2359A}] => (Allow) LPort=2869
FirewallRules: [{06803415-3263-4F8E-B434-19D4C10AB61A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D058B92D-2937-4FB8-BEF6-76B8B1594EB7}] => (Allow) LPort=57209
FirewallRules: [{7C3D95B5-7D2F-4579-995A-5D6708FDA0D6}] => (Allow) LPort=57209
FirewallRules: [{2675FC9C-0871-40E8-9DC6-A25DE0133741}] => (Allow) C:\Program Files\ATOMI\ActivePresenter\rlactivator.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.)
FirewallRules: [{33F52AB4-D295-436A-9273-B7D9320777EA}] => (Allow) C:\Program Files\ATOMI\ActivePresenter\ActivePresenter.exe (ATOMI SYSTEMS, INC. -> Atomi Systems, Inc.)
FirewallRules: [{8CBFCB71-ECB3-4E05-A62F-EBAF28AC1FFD}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [{33FEE764-1FCA-4114-ABED-C17F04A1DB18}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2E1877A8-770E-4C31-99F4-A853866FB0E5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{76B64BB0-4E82-4260-A54E-83F3E3FFE680}] => (Allow) C:\Program Files (x86)\PHDGuiding2\phd2.exe () [File not signed]
FirewallRules: [{1C3C0988-5B6F-499F-A5B7-82874D839C1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{14312241-1BDE-46BB-80F3-EC0B9789332E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CBAF9E42-E46D-4805-9966-3D084CD3E889}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BA474227-1D97-420F-8BD6-BA56E6B947C9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.100.3203.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D82F4683-1591-46EA-9F7F-63B4AB945A04}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8C2FC48B-B7C4-4839-ADD2-4209AF29CC80}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5AAB8244-0CBB-4CE1-8AE9-7B8EA36F9ABD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{07A87CA0-C718-4641-B7C9-93652776C61A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.106.3212.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{5C44875F-026B-45D9-AE9D-37F46A67D532}C:\users\laure\downloads\anydesk.exe] => (Allow) C:\users\laure\downloads\anydesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [UDP Query User{8CF885CD-737F-4493-B63E-A2E74A2C20EC}C:\users\laure\downloads\anydesk.exe] => (Allow) C:\users\laure\downloads\anydesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{67B505C1-4482-4C50-9700-206C45466374}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.81\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

04-03-2024 14:41:38 Scheduled Checkpoint
30-03-2024 19:32:23 Scheduled Checkpoint
07-04-2024 19:30:56 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/08/2024 07:52:11 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13548,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/08/2024 07:44:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{2C1A45EC-8ED5-4CFF-B8B4-417DA850F67E}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2024 07:39:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: usocoreworker.exe, version: 10.0.18362.1237, time stamp: 0xca877e47
Faulting module name: usocoreworker.exe, version: 10.0.18362.1237, time stamp: 0xca877e47
Exception code: 0xc0000005
Fault offset: 0x000000000000c70f
Faulting process id: 0x14c4
Faulting application start time: 0x01da8a0df1ab70a6
Faulting application path: C:\Windows\System32\usocoreworker.exe
Faulting module path: C:\Windows\System32\usocoreworker.exe
Report Id: adadd10b-9143-4b13-b263-2b5af4cd4f4b
Faulting package full name:
Faulting package-relative application ID:

Error: (04/08/2024 07:32:51 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{2C1A45EC-8ED5-4CFF-B8B4-417DA850F67E}\recordingmanager.exe".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/07/2024 10:32:15 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14308,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/07/2024 10:26:56 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3648,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/07/2024 10:10:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11456,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/07/2024 10:04:37 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1540,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (04/07/2024 09:04:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Sync Host_9f74fc service terminated with the following error:
Access is denied.

Error: (04/07/2024 09:04:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_9f74fc service terminated with the following error:
A system shutdown is in progress.

Error: (04/07/2024 09:04:44 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} did not register with DCOM within the required timeout.

Error: (04/07/2024 09:04:44 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} did not register with DCOM within the required timeout.

Error: (04/07/2024 09:04:43 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} did not register with DCOM within the required timeout.

Error: (04/07/2024 07:40:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (04/07/2024 07:40:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\laure\AppData\Local\Temp\ehdrv.sys

Error: (04/07/2024 07:40:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading


Windows Defender:
================
Date: 2022-06-30 09:11:13.598
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Keygen&threatid=2147593794&enterprise=0
Name: HackTool:Win32/Keygen
Severity: High
Category: Tool
Path: containerfile:_C:\Users\laure\Downloads\EZDrummer(Complete)\Update & Keygen\Keygen 1.11\Keygen.exe; file:_C:\Users\laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Keygen.lnk; file:_C:\Users\laure\Downloads\EZDrummer(Complete)\Update & Keygen\Keygen 1.11\Keygen.exe->(FSG-v1.33); startup:_C:\Users\laure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Keygen.lnk
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.289.1184.0, AS: 1.289.1184.0, NIS: 1.289.1184.0
Engine Version: AM: 1.1.15700.9, NIS: 1.1.15700.9
Event[0]:

Date: 2024-03-02 22:40:21.405
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.405.957.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24010.10
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2024-03-02 22:27:28.506
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.389.1287.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.20300.3
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2023-02-23 14:11:14.793
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.369.595.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19300.2
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: AMI F.21 11/03/2017
Motherboard: HP 82FF
Processor: AMD A9-9430 RADEON R5, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 65%
Total physical RAM: 7628.81 MB
Available physical RAM: 2651.91 MB
Total Virtual: 9932.81 MB
Available Virtual: 2811.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.91 GB) (Free:469.65 GB) (Model: WDC WD10EZEX-60WN4A0) NTFS

\\?\Volume{a3269c98-7496-4b79-9f3e-1302ca8e1a1d}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
\\?\Volume{9177525b-7d91-4cb6-927d-46143e98a7dd}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0758636B)

Partition: GPT.

==================== End of Addition.txt =======================

That seemed a surprising response from Norton, but you can easily check the active connections as follows.

• Click the Start button.
• Type cmd into the search bar to open a command prompt window.
• Enter netstat -a to view current connections.
• Then netstat -b to see the programs using connections.

In view of these concerns we can reset the firewall, as it showing some open ports. These could be genuine, so you may need to re-allow some connections afterwards.
---------------------------------------------------------------
I have checked your logs and although there is no obvious signs of malware there are some items I'd like to check.
We can also do some clean-up.
Firstly I have some observations for your consideration.
1) Please check your Downloads folder and remove anything that you do not recognise or are unsure about.
2) I see that you have Peer 2 Peer torrent software installed. It is likely that if you continue to use this, you will become infected, as malicious Worms, Trojans & Ransomware can spread across P2P file sharing networks
It would be wise to uninstall Peer 2 Peer programs, but that choice is up to you. If you choose to remove the program, you can do so via Start > Windows System  > Control Panel > Programs and Features.
However if you still wish to keep it, please do not use until we are finished and your computer is clean and updated.
3) Also you have Real Player installed, which I remember from many years ago as being quite intrusive with its advertisements. Maybe it's better now, but if you don't need it I would suggest you consider uninstalling. Also I think it may be the source of some errors in the log.
-------------------------------------------------------------------
Could you please run this FRST script next.
As a part of this I have included the The Emptytemp: command.
Note: This will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
Important: This script was written specifically for you, for use only on this machine. Running this on another machine may cause damage to your operating system

• Right click on the FRST icon and select Run as administrator.
• Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
• It is not necessary to paste the information anywhere as FRST will do this for you.

Start::
CreateRestorePoint:
CloseProcesses:
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController
Folder: C:\ProgramData\ConfigData
Folder: C:\ProgramData\Piriform
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Task: {685CACC1-ED63-49B2-A802-45E0341F4297} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\26.0.1.222\WatchDog.exe  -> C:\Program Files\Bitdefender Agent\26.0.1.222\repair
C:\Program Files\Bitdefender Agent
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found
IE trusted site: HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\webcompanion.com -> hxxp://webcompanion.com
Task: {F4D4A7DA-7EBF-4496-A2DF-BF36872DFBE5} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe  (No File)
Task: {C0721527-4710-463F-AFF7-71D6D9CB4A3C} - System32\Tasks\Microsoft\Windows\rempl\shell => %ProgramFiles%\rempl\sedlauncher.exe  (No File)
Task: {AED138F9-2978-4027-8C4F-2352476D6C63} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2765946157-3510292698-4281767184-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
BHO: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File
BHO-x32: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKLM-x32 - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKU\S-1-5-21-2765946157-3510292698-4281767184-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
Emptytemp:
End::

• Click on the Fix button just once and wait.
• If the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
Also advise how your computer is running now.

That seemed a surprising response from Norton, but you can easily check the active connections as follows.

• Click the Start button.
• Type cmd into the search bar to open a command prompt window.
• Enter netstat -a to view current connections.
• Then netstat -b to see the programs using connections.

In view of these concerns we can reset the firewall, as it showing some open ports. These could be genuine, so you may need to re-allow some connections afterwards.
---------------------------------------------------------------
I have checked your logs and although there is no obvious signs of malware there are some items I'd like to check.
We can also do some clean-up.
Firstly I have some observations for your consideration.
1) Please check your Downloads folder and remove anything that you do not recognise or are unsure about.
2) I see that you have Peer 2 Peer torrent software installed. It is likely that if you continue to use this, you will become infected, as malicious Worms, Trojans & Ransomware can spread across P2P file sharing networks
It would be wise to uninstall Peer 2 Peer programs, but that choice is up to you. If you choose to remove the program, you can do so via Start > Windows System  > Control Panel > Programs and Features.
However if you still wish to keep it, please do not use until we are finished and your computer is clean and updated.
3) Also you have Real Player installed, which I remember from many years ago as being quite intrusive with its advertisements. Maybe it's better now, but if you don't need it I would suggest you consider uninstalling. Also I think it may be the source of some errors in the log.
-------------------------------------------------------------------
Could you please run this FRST script next.
As a part of this I have included the The Emptytemp: command.
Note: This will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
Important: This script was written specifically for you, for use only on this machine. Running this on another machine may cause damage to your operating system

• Right click on the FRST icon and select Run as administrator.
• Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
• It is not necessary to paste the information anywhere as FRST will do this for you.

Start::
CreateRestorePoint:
CloseProcesses:
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController
Folder: C:\ProgramData\ConfigData
Folder: C:\ProgramData\Piriform
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Task: {685CACC1-ED63-49B2-A802-45E0341F4297} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\26.0.1.222\WatchDog.exe  -> C:\Program Files\Bitdefender Agent\26.0.1.222\repair
C:\Program Files\Bitdefender Agent
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found
IE trusted site: HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\webcompanion.com -> hxxp://webcompanion.com
Task: {F4D4A7DA-7EBF-4496-A2DF-BF36872DFBE5} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe  (No File)
Task: {C0721527-4710-463F-AFF7-71D6D9CB4A3C} - System32\Tasks\Microsoft\Windows\rempl\shell => %ProgramFiles%\rempl\sedlauncher.exe  (No File)
Task: {AED138F9-2978-4027-8C4F-2352476D6C63} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2765946157-3510292698-4281767184-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
BHO: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File
BHO-x32: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKLM-x32 - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKU\S-1-5-21-2765946157-3510292698-4281767184-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
Emptytemp:
End::

• Click on the Fix button just once and wait.
• If the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
Also advise how your computer is running now.

 

I will post all this from my problematic computer. Just wanted to post netstat -a result from my main computer. Not sure if these are normal amounts.

~30 Listening, ~20 Time Wait, ~30 Established, 1 SYN_SENT

They are similar values to my computer and do not look abnormal.

That seemed a surprising response from Norton, but you can easily check the active connections as follows.

• Click the Start button.
• Type cmd into the search bar to open a command prompt window.
• Enter netstat -a to view current connections.
• Then netstat -b to see the programs using connections.

In view of these concerns we can reset the firewall, as it showing some open ports. These could be genuine, so you may need to re-allow some connections afterwards.
---------------------------------------------------------------
I have checked your logs and although there is no obvious signs of malware there are some items I'd like to check.
We can also do some clean-up.
Firstly I have some observations for your consideration.
1) Please check your Downloads folder and remove anything that you do not recognise or are unsure about.
2) I see that you have Peer 2 Peer torrent software installed. It is likely that if you continue to use this, you will become infected, as malicious Worms, Trojans & Ransomware can spread across P2P file sharing networks
It would be wise to uninstall Peer 2 Peer programs, but that choice is up to you. If you choose to remove the program, you can do so via Start > Windows System  > Control Panel > Programs and Features.
However if you still wish to keep it, please do not use until we are finished and your computer is clean and updated.
3) Also you have Real Player installed, which I remember from many years ago as being quite intrusive with its advertisements. Maybe it's better now, but if you don't need it I would suggest you consider uninstalling. Also I think it may be the source of some errors in the log.
-------------------------------------------------------------------
Could you please run this FRST script next.
As a part of this I have included the The Emptytemp: command.
Note: This will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
Important: This script was written specifically for you, for use only on this machine. Running this on another machine may cause damage to your operating system

• Right click on the FRST icon and select Run as administrator.
• Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
• It is not necessary to paste the information anywhere as FRST will do this for you.

Start::
CreateRestorePoint:
CloseProcesses:
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController
Folder: C:\ProgramData\ConfigData
Folder: C:\ProgramData\Piriform
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Task: {685CACC1-ED63-49B2-A802-45E0341F4297} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\26.0.1.222\WatchDog.exe  -> C:\Program Files\Bitdefender Agent\26.0.1.222\repair
C:\Program Files\Bitdefender Agent
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found
IE trusted site: HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\webcompanion.com -> hxxp://webcompanion.com
Task: {F4D4A7DA-7EBF-4496-A2DF-BF36872DFBE5} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe  (No File)
Task: {C0721527-4710-463F-AFF7-71D6D9CB4A3C} - System32\Tasks\Microsoft\Windows\rempl\shell => %ProgramFiles%\rempl\sedlauncher.exe  (No File)
Task: {AED138F9-2978-4027-8C4F-2352476D6C63} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2765946157-3510292698-4281767184-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
BHO: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File
BHO-x32: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKLM-x32 - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKU\S-1-5-21-2765946157-3510292698-4281767184-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
Emptytemp:
End::

• Click on the Fix button just once and wait.
• If the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
Also advise how your computer is running now.

 

Results:

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.04.2024 01
Ran by laure (09-04-2024 19:58:01) Run:1
Running from C:\Users\laure\Downloads
Loaded Profiles: laure
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController
Folder: C:\ProgramData\ConfigData
Folder: C:\ProgramData\Piriform
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Task: {685CACC1-ED63-49B2-A802-45E0341F4297} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\26.0.1.222\WatchDog.exe  -> C:\Program Files\Bitdefender Agent\26.0.1.222\repair
C:\Program Files\Bitdefender Agent
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi => not found
IE trusted site: HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\...\webcompanion.com -> hxxp://webcompanion.com
Task: {F4D4A7DA-7EBF-4496-A2DF-BF36872DFBE5} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe  (No File)
Task: {C0721527-4710-463F-AFF7-71D6D9CB4A3C} - System32\Tasks\Microsoft\Windows\rempl\shell => %ProgramFiles%\rempl\sedlauncher.exe  (No File)
Task: {AED138F9-2978-4027-8C4F-2352476D6C63} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2765946157-3510292698-4281767184-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
BHO: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File
BHO-x32: No Name -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> No File
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKLM-x32 - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Toolbar: HKU\S-1-5-21-2765946157-3510292698-4281767184-1001 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
Emptytemp:
End::
*****************

Restore point was successfully created.
Processes closed successfully.
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController]
"LastOobeRun"="6f400c01508bd801"
"RunsBlocked"="0"
"LastNormalRun"="6a81dd460d8ada01"
"LastMaintenanceRun"="ba64446b4389da01"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\Appraiser]
"Command"="%windir%\system32\CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun"
"Nightly"="1"
"Sku"="1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\AppraiserServer]
"Command"="%windir%\system32\CompatTelRunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun"
"Maintenance"="1"
"Sku"="2"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\AvStatus]
"Command"="%windir%\system32\CompatTelRunner.exe -m:appraiser.dll -f:UpdateAvStatus"
"Nightly"="1"
"Sku"="1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\DevInv]
"Command"="%windir%\system32\CompatTelRunner.exe -m:devinv.dll -f:CreateDeviceInventory"
"Oobe"="1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\Encapsulation]
"Command"="%windir%\system32\CompatTelRunner.exe -m:pcasvc.dll -f:QueryEncapsulationSettings"
"Maintenance"="1"
"Nightly"="1"
"Oobe"="1"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController\InvAgent]
"Command"="%windir%\system32\CompatTelRunner.exe -m:invagent.dll -f:RunUpdate"
"Maintenance"="1"
"Oobe"="1"

=== End of ExportKey ===

========================= Folder: C:\ProgramData\ConfigData ========================

2024-03-30 21:36 - 2024-03-30 21:36 - 000000046 ____A [7E9BEFF85C3631541A5B5C8FF9223756] () C:\ProgramData\ConfigData\setting.ini

====== End of Folder: ======


========================= Folder: C:\ProgramData\Piriform ========================

2024-03-30 20:48 - 2024-03-30 20:48 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Piriform\CCleaner
2024-03-30 20:48 - 2024-03-30 20:57 - 000131072 ____A [F7EDBB86F85B9B468E80699A4327A9BE] () C:\ProgramData\Piriform\CCleaner\CCleanerProgramDeactivator.db
2024-03-30 20:48 - 2024-03-30 20:56 - 000167936 ____A [7F68C64799F0EE7210D33908EC69DFD6] () C:\ProgramData\Piriform\CCleaner\CCleanerProgramDeactivatorCache.db
2024-03-30 20:48 - 2024-03-30 20:48 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Piriform\CCleaner\burger_client
2024-03-30 20:48 - 2024-03-30 20:48 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Piriform\CCleaner\burger_client\825E3DD4-926B-4EB9-A66E-9F88AAD28A0F
2024-03-30 20:48 - 2024-03-30 20:49 - 000000000 ____D [00000000000000000000000000000000] C:\ProgramData\Piriform\CCleaner\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417
2024-03-30 20:48 - 2024-03-30 20:48 - 000000125 ____A [32AB0CB94A25512C4995C2E228824E34] () C:\ProgramData\Piriform\CCleaner\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF

====== End of Folder: ======

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{685CACC1-ED63-49B2-A802-45E0341F4297}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{685CACC1-ED63-49B2-A802-45E0341F4297}" => removed successfully
C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864" => not found
"C:\Program Files\Bitdefender Agent" => not found
"HKLM\Software\Mozilla\Firefox\Extensions\\bdwtwe@bitdefender.com" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\bdwtwe@bitdefender.com" => removed successfully
HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4D4A7DA-7EBF-4496-A2DF-BF36872DFBE5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4D4A7DA-7EBF-4496-A2DF-BF36872DFBE5}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CUAssistant\CULauncher" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0721527-4710-463F-AFF7-71D6D9CB4A3C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0721527-4710-463F-AFF7-71D6D9CB4A3C}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\rempl\shell => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\rempl\shell" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AED138F9-2978-4027-8C4F-2352476D6C63}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AED138F9-2978-4027-8C4F-2352476D6C63}" => removed successfully
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2765946157-3510292698-4281767184-1001 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task-S-1-5-21-2765946157-3510292698-4281767184-1001" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => removed successfully
"HKU\S-1-5-21-2765946157-3510292698-4281767184-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}" => removed successfully

========= netsh advfirewall reset =========

Ok.



========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.



========= End of CMD: =========


=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53753096 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 8616967 B
Edge => 145179 B
Firefox => 1205539424 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 1247305 B
systemprofile32 => 1247305 B
LocalService => 1571259 B
NetworkService => 11577407 B
laure => 25652968 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:04:40 ====

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            DESKTOP-GVU2Q55:0      LISTENING
  TCP    0.0.0.0:445            DESKTOP-GVU2Q55:0      LISTENING
  TCP    0.0.0.0:5040           DESKTOP-GVU2Q55:0      LISTENING
  TCP    0.0.0.0:7680           DESKTOP-GVU2Q55:0      LISTENING
  TCP    0.0.0.0:20121          DESKTOP-GVU2Q55:0      LISTENING
  TCP    0.0.0.0:45769          DESKTOP-GVU2Q55:0      LISTENING
  TCP    0.0.0.0:49664          DESKTOP-GVU2Q55:0      LISTENING
  TCP    0.0.0.0:49665          DESKTOP-GVU2Q55:0      LISTENING
  TCP    0.0.0.0:49666          DESKTOP-GVU2Q55:0      LISTENING
  TCP    0.0.0.0:49667          DESKTOP-GVU2Q55:0      LISTENING
  TCP    0.0.0.0:49668          DESKTOP-GVU2Q55:0      LISTENING
  TCP    0.0.0.0:49669          DESKTOP-GVU2Q55:0      LISTENING
  TCP    0.0.0.0:49694          DESKTOP-GVU2Q55:0      LISTENING
  TCP    0.0.0.0:49695          DESKTOP-GVU2Q55:0      LISTENING
  TCP    127.0.0.1:20121        DESKTOP-GVU2Q55:49981  TIME_WAIT
  TCP    127.0.0.1:20121        DESKTOP-GVU2Q55:50044  FIN_WAIT_2
  TCP    127.0.0.1:49670        DESKTOP-GVU2Q55:49671  ESTABLISHED
  TCP    127.0.0.1:49671        DESKTOP-GVU2Q55:49670  ESTABLISHED
  TCP    127.0.0.1:49672        DESKTOP-GVU2Q55:49673  ESTABLISHED
  TCP    127.0.0.1:49673        DESKTOP-GVU2Q55:49672  ESTABLISHED
  TCP    127.0.0.1:49674        DESKTOP-GVU2Q55:49675  ESTABLISHED
  TCP    127.0.0.1:49675        DESKTOP-GVU2Q55:49674  ESTABLISHED
  TCP    127.0.0.1:49676        DESKTOP-GVU2Q55:49677  ESTABLISHED
  TCP    127.0.0.1:49677        DESKTOP-GVU2Q55:49676  ESTABLISHED
  TCP    127.0.0.1:49678        DESKTOP-GVU2Q55:49679  ESTABLISHED
  TCP    127.0.0.1:49679        DESKTOP-GVU2Q55:49678  ESTABLISHED
  TCP    127.0.0.1:49680        DESKTOP-GVU2Q55:49681  ESTABLISHED
  TCP    127.0.0.1:49681        DESKTOP-GVU2Q55:49680  ESTABLISHED
  TCP    127.0.0.1:49682        DESKTOP-GVU2Q55:49683  ESTABLISHED
  TCP    127.0.0.1:49683        DESKTOP-GVU2Q55:49682  ESTABLISHED
  TCP    127.0.0.1:49684        DESKTOP-GVU2Q55:49685  ESTABLISHED
  TCP    127.0.0.1:49685        DESKTOP-GVU2Q55:49684  ESTABLISHED
  TCP    127.0.0.1:49686        DESKTOP-GVU2Q55:49687  ESTABLISHED
  TCP    127.0.0.1:49687        DESKTOP-GVU2Q55:49686  ESTABLISHED
  TCP    127.0.0.1:49688        DESKTOP-GVU2Q55:49689  ESTABLISHED
  TCP    127.0.0.1:49689        DESKTOP-GVU2Q55:49688  ESTABLISHED
  TCP    127.0.0.1:49690        DESKTOP-GVU2Q55:49691  ESTABLISHED
  TCP    127.0.0.1:49691        DESKTOP-GVU2Q55:49690  ESTABLISHED
  TCP    127.0.0.1:49692        DESKTOP-GVU2Q55:49693  ESTABLISHED
  TCP    127.0.0.1:49693        DESKTOP-GVU2Q55:49692  ESTABLISHED
  TCP    127.0.0.1:49734        DESKTOP-GVU2Q55:49735  ESTABLISHED
  TCP    127.0.0.1:49735        DESKTOP-GVU2Q55:49734  ESTABLISHED
  TCP    127.0.0.1:49745        DESKTOP-GVU2Q55:49746  ESTABLISHED
  TCP    127.0.0.1:49746        DESKTOP-GVU2Q55:49745  ESTABLISHED
  TCP    127.0.0.1:50044        DESKTOP-GVU2Q55:20121  CLOSE_WAIT
  TCP    192.168.0.15:139       DESKTOP-GVU2Q55:0      LISTENING
  TCP    192.168.0.15:49733     20.25.241.18:https     ESTABLISHED
  TCP    192.168.0.15:49758     82:http                TIME_WAIT
  TCP    192.168.0.15:49759     201:https              TIME_WAIT
  TCP    192.168.0.15:49762     192.229.211.108:http   TIME_WAIT
  TCP    192.168.0.15:49763     93:https               TIME_WAIT
  TCP    192.168.0.15:49764     93:https               ESTABLISHED
  TCP    192.168.0.15:49765     209:https              TIME_WAIT
  TCP    192.168.0.15:49767     102:https              TIME_WAIT
  TCP    192.168.0.15:49771     40.117.192.222:https   ESTABLISHED
  TCP    192.168.0.15:49772     104.20.59.209:https    ESTABLISHED
  TCP    192.168.0.15:49775     104.26.12.6:https      ESTABLISHED
  TCP    192.168.0.15:49780     server-18-238-49-5:https  TIME_WAIT
  TCP    192.168.0.15:49781     server-52-85-61-114:https  TIME_WAIT
  TCP    192.168.0.15:49782     31:https               TIME_WAIT
  TCP    192.168.0.15:49785     lga34s34-in-f6:https   TIME_WAIT
  TCP    192.168.0.15:49786     server-52-85-61-9:https  TIME_WAIT
  TCP    192.168.0.15:49787     239:https              TIME_WAIT
  TCP    192.168.0.15:49793     server-18-238-57-193:http  TIME_WAIT
  TCP    192.168.0.15:49795     112:https              TIME_WAIT
  TCP    192.168.0.15:49796     server-18-173-219-40:https  TIME_WAIT
  TCP    192.168.0.15:49800     ec2-54-184-79-202:https  TIME_WAIT
  TCP    192.168.0.15:49802     113:https              TIME_WAIT
  TCP    192.168.0.15:49803     40.117.192.222:https   ESTABLISHED
  TCP    192.168.0.15:49816     75.75.77.2:https       TIME_WAIT
  TCP    192.168.0.15:49822     afb83dd09526a6517:https  TIME_WAIT
  TCP    192.168.0.15:49833     75.75.77.2:https       TIME_WAIT
  TCP    192.168.0.15:49852     13.107.42.16:https     TIME_WAIT
  TCP    192.168.0.15:49861     server-18-173-219-40:https  TIME_WAIT
  TCP    192.168.0.15:49870     server-18-238-57-193:http  TIME_WAIT
  TCP    192.168.0.15:49871     ec2-100-26-67-190:https  TIME_WAIT
  TCP    192.168.0.15:49877     194:https              TIME_WAIT
  TCP    192.168.0.15:49879     ec2-52-4-51-84:https   TIME_WAIT
  TCP    192.168.0.15:49892     ec2-54-161-154-5:https  TIME_WAIT
  TCP    192.168.0.15:49899     20.135.6.7:https       TIME_WAIT
  TCP    192.168.0.15:49902     server-18-238-49-105:https  ESTABLISHED
  TCP    192.168.0.15:49904     104.18.35.167:https    ESTABLISHED
  TCP    192.168.0.15:49905     51:https               ESTABLISHED
  TCP    192.168.0.15:49908     ec2-52-4-77-74:https   ESTABLISHED
  TCP    192.168.0.15:49910     ec2-44-217-224-7:https  ESTABLISHED
  TCP    192.168.0.15:49915     ec2-13-250-68-177:https  ESTABLISHED
  TCP    192.168.0.15:49923     server-18-238-57-193:http  TIME_WAIT
  TCP    192.168.0.15:49924     server-18-238-57-193:http  TIME_WAIT
  TCP    192.168.0.15:49925     server-18-238-57-193:http  TIME_WAIT
  TCP    192.168.0.15:49927     server-18-238-57-193:http  TIME_WAIT
  TCP    192.168.0.15:49928     69.173.151.100:https   TIME_WAIT
  TCP    192.168.0.15:49931     NET-33-132-192:https   TIME_WAIT
  TCP    192.168.0.15:49932     20.96.52.198:https     TIME_WAIT
  TCP    192.168.0.15:49951     bingforbusiness:https  TIME_WAIT
  TCP    192.168.0.15:49986     104.43.208.106:https   TIME_WAIT
  TCP    192.168.0.15:50037     192.168.0.1:http       TIME_WAIT
  TCP    192.168.0.15:50048     52.142.223.178:http    ESTABLISHED
  TCP    192.168.0.15:50050     20.189.173.11:https    ESTABLISHED
  TCP    192.168.0.15:50051     192.229.211.108:http   ESTABLISHED
  TCP    192.168.0.15:50052     204.79.197.222:https   ESTABLISHED
  TCP    192.168.0.15:50054     4.150.244.254:https    ESTABLISHED
  TCP    192.168.0.15:50057     a23-205-106-73:https   ESTABLISHED
  TCP    [::]:135               DESKTOP-GVU2Q55:0      LISTENING
  TCP    [::]:445               DESKTOP-GVU2Q55:0      LISTENING
  TCP    [::]:7680              DESKTOP-GVU2Q55:0      LISTENING
  TCP    [::]:20121             DESKTOP-GVU2Q55:0      LISTENING
  TCP    [::]:49664             DESKTOP-GVU2Q55:0      LISTENING
  TCP    [::]:49665             DESKTOP-GVU2Q55:0      LISTENING
  TCP    [::]:49666             DESKTOP-GVU2Q55:0      LISTENING
  TCP    [::]:49667             DESKTOP-GVU2Q55:0      LISTENING
  TCP    [::]:49668             DESKTOP-GVU2Q55:0      LISTENING
  TCP    [::]:49669             DESKTOP-GVU2Q55:0      LISTENING
  TCP    [::]:49695             DESKTOP-GVU2Q55:0      LISTENING
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49761  g2600-1405-7000-0000-0000-0000-684b-a370:http  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49773  [2606:4700:4400::6812:26e9]:http  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49776  lga34s40-in-x03:http   TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49783  lga34s40-in-x03:http   TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49788  lga34s40-in-x03:http   TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49799  [2606:4700:10::6816:4ad8]:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49820  [2606:4700:20::ac43:4549]:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49830  lga25s79-in-x0e:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49855  [2606:4700::6812:14ce]:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49857  lga25s79-in-x02:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49859  [2606:4700:20::681a:346]:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49860  lga25s79-in-x01:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49863  lga25s77-in-x01:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49868  [2600:1f18:730:b110:6a33:b3a1:e0fa:d496]:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49869  [2606:4700:10::6816:445]:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49880  [2600:1f18:465f:360a:1c15:77f7:3a2e:9dea]:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49881  [2600:9000:2209:de00:3:3032:d680:93a1]:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49885  [2606:4700:4400::ac40:90a6]:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49886  lga25s77-in-x08:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49888  lga15s43-in-x0a:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49891  lga34s39-in-x03:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49894  [2001:558:feed:443::20]:https  ESTABLISHED
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49895  [2001:558:feed:443::20]:https  ESTABLISHED
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49903  lga25s79-in-x0e:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49909  [2600:9000:2511:bc00:15:6f6c:b180:93a1]:https  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49987  bh-in-f94:https        ESTABLISHED
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50030  [2a04:4e42:79::684]:http  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50045  [2620:1ec:c11::200]:https  ESTABLISHED
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50046  [2620:1ec:c11::200]:https  ESTABLISHED
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50060  [2620:1ec:c11::239]:https  ESTABLISHED
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50062  [2001:558:feed:443::2]:https  ESTABLISHED
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50063  [2620:1ec:12::239]:https  ESTABLISHED
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50064  [2606:2800:21f:fedd:8b7a:88ab:fc7e:fa3b]:https  ESTABLISHED
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50067  [2620:1ec:c11::239]:https  ESTABLISHED
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50068  yl-in-f95:https        ESTABLISHED
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50077  g2600-1408-c400-0485-0000-0000-0000-2c1a:http  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50080  [2600:1901:0:92a9::]:https  ESTABLISHED
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50083  g2600-1408-c400-0485-0000-0000-0000-2c1a:http  TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50088  [2001:558:feed:443::51]:https  ESTABLISHED
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50089  [2620:1ec:bdf::41]:https  ESTABLISHED
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:4500           *:*
  UDP    0.0.0.0:5050           *:*
  UDP    0.0.0.0:5353           *:*
  UDP    0.0.0.0:5355           *:*
  UDP    0.0.0.0:45769          *:*
  UDP    0.0.0.0:64564          *:*
  UDP    127.0.0.1:1900         *:*
  UDP    127.0.0.1:49664        *:*
  UDP    127.0.0.1:65470        *:*
  UDP    192.168.0.15:137       *:*
  UDP    192.168.0.15:138       *:*
  UDP    192.168.0.15:1900      *:*
  UDP    192.168.0.15:65469     *:*
  UDP    [::]:500               *:*
  UDP    [::]:4500              *:*
  UDP    [::]:5353              *:*
  UDP    [::]:5355              *:*
  UDP    [::1]:1900             *:*
  UDP    [::1]:65468            *:*
  UDP    [fe80::e073:1e94:b4e4:c188%20]:1900  *:*
  UDP    [fe80::e073:1e94:b4e4:c188%20]:65467  *:*




Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    127.0.0.1:20121        DESKTOP-GVU2Q55:50127  TIME_WAIT
  TCP    127.0.0.1:20121        DESKTOP-GVU2Q55:50135  FIN_WAIT_2
 [rpdsvc.exe]
  TCP    127.0.0.1:49670        DESKTOP-GVU2Q55:49671  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49671        DESKTOP-GVU2Q55:49670  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49672        DESKTOP-GVU2Q55:49673  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49673        DESKTOP-GVU2Q55:49672  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49674        DESKTOP-GVU2Q55:49675  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49675        DESKTOP-GVU2Q55:49674  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49676        DESKTOP-GVU2Q55:49677  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49677        DESKTOP-GVU2Q55:49676  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49678        DESKTOP-GVU2Q55:49679  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49679        DESKTOP-GVU2Q55:49678  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49680        DESKTOP-GVU2Q55:49681  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49681        DESKTOP-GVU2Q55:49680  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49682        DESKTOP-GVU2Q55:49683  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49683        DESKTOP-GVU2Q55:49682  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49684        DESKTOP-GVU2Q55:49685  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49685        DESKTOP-GVU2Q55:49684  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49686        DESKTOP-GVU2Q55:49687  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49687        DESKTOP-GVU2Q55:49686  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49688        DESKTOP-GVU2Q55:49689  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49689        DESKTOP-GVU2Q55:49688  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49690        DESKTOP-GVU2Q55:49691  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49691        DESKTOP-GVU2Q55:49690  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49692        DESKTOP-GVU2Q55:49693  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49693        DESKTOP-GVU2Q55:49692  ESTABLISHED
 [rpdsvc.exe]
  TCP    127.0.0.1:49734        DESKTOP-GVU2Q55:49735  ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:49735        DESKTOP-GVU2Q55:49734  ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:49745        DESKTOP-GVU2Q55:49746  ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:49746        DESKTOP-GVU2Q55:49745  ESTABLISHED
 [firefox.exe]
  TCP    127.0.0.1:50135        DESKTOP-GVU2Q55:20121  CLOSE_WAIT
 [rpdsvc.exe]
  TCP    192.168.0.15:49733     20.25.241.18:https     ESTABLISHED
  WpnService
 [svchost.exe]
  TCP    192.168.0.15:49764     93:https               ESTABLISHED
 [firefox.exe]
  TCP    192.168.0.15:49771     40.117.192.222:https   ESTABLISHED
 [NortonSecurity.exe]
  TCP    192.168.0.15:49803     40.117.192.222:https   ESTABLISHED
 [NortonSecurity.exe]
  TCP    192.168.0.15:50051     192.229.211.108:http   LAST_ACK
 [SearchUI.exe]
  TCP    192.168.0.15:50057     a23-205-106-73:https   LAST_ACK
 [SearchUI.exe]
  TCP    192.168.0.15:50126     172.64.146.152:https   ESTABLISHED
 [firefox.exe]
  TCP    192.168.0.15:50137     204.79.197.222:https   ESTABLISHED
 [SearchUI.exe]
  TCP    192.168.0.15:50146     20.189.173.11:https    ESTABLISHED
 [SearchUI.exe]
  TCP    192.168.0.15:50149     192.168.0.1:http       TIME_WAIT
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49894  [2001:558:feed:443::20]:https  ESTABLISHED
 [NSc.exe]
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:49895  [2001:558:feed:443::20]:https  ESTABLISHED
 [NSc.exe]
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50132  [2a04:4e42:77::684]:http  ESTABLISHED
  BITS
 [svchost.exe]
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50136  [2606:2800:21f:fedd:8b7a:88ab:fc7e:fa3b]:https  ESTABLISHED
 [SearchUI.exe]
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50138  [2620:1ec:c11::200]:https  ESTABLISHED
 [SearchUI.exe]
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50144  g2600-1405-7000-0000-0000-0000-6874-6541:https  ESTABLISHED
 [SearchUI.exe]
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50151  [2606:2800:11f:17a5:191a:18d5:537:22f9]:https  ESTABLISHED
 [SearchUI.exe]
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50154  [2603:1030:13:201::254]:https  ESTABLISHED
 [SearchUI.exe]
  TCP    [2601:547:1900:aa50:709e:c480:5490:12b]:50156  [2001:558:feed:443::2]:https  TIME_WAIT


 

Please note that there is no need to quote my posts in your replies.
You can check the connections displayed here .
----------------------------------------------------------------------------------------------------------
Please do this next.

• Right click on the FRST icon and select Run as administrator.
• Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
• It is not necessary to paste the information anywhere as FRST will do this for you.

Start::
File: C:\ProgramData\Piriform\CCleaner\CCleanerProgramDeactivator.db
File: C:\ProgramData\Piriform\CCleaner\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9A
VirusTotal: C:\Windows\System32\CompatTelRunner.exe
cmd: type C:\ProgramData\ConfigData\setting.ini
End::

• Click on the Fix button just once and wait.
• When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
-------------------------------------------------------------------------------------------------------
Then please run a full scan with ESET Online Scanner.
If you still have the tool on your computer, you can ignore the first part of the instructions.

• Download ESET Online Scanner from here and save it to your Desktop.
• Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
• Select your desired language from the drop-down menu and click Get started.
• Click Yes if a User Account window appears.
• In the Terms of use screen, click Accept if you agree to the Terms of use.
• Click Get started in the welcome screen.
• Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
• Click Computer scan, in the Welcome back screen.
• Choose Full scan on the next screen.
• Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
• Please note that this process can take several hours to complete.
• At the end of the scan, the Found and resolved detections screen may be displayed. You can click View detailed results to view specific information. Click Continue.
• On the following screen click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
• ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.I suggest that you do not do this for now Click Continue
• You are offered a 30 day trial of ESET Internet Security on the next screen. Click Continue
• On the next screen, you can leave feedback about the program if you wish.
• There is an option to delete the application's data on closing, but we can but we can do this later.
• If you left feedback, click Submit and Close. If not, click Close.
• Copy and paste the contents of the ESETScan.txt file in your next reply.

Eset found no malware. Here is the fixlist

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by laure (11-04-2024 19:57:18) Run:4
Running from C:\Users\laure\Downloads
Loaded Profiles: laure
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
File: C:\ProgramData\Piriform\CCleaner\CCleanerProgramDeactivator.db
File: C:\ProgramData\Piriform\CCleaner\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9A
VirusTotal: C:\Windows\System32\CompatTelRunner.exe
cmd: type C:\ProgramData\ConfigData\setting.ini
End::
*****************


========================= File: C:\ProgramData\Piriform\CCleaner\CCleanerProgramDeactivator.db ========================

C:\ProgramData\Piriform\CCleaner\CCleanerProgramDeactivator.db
File not signed
MD5: F7EDBB86F85B9B468E80699A4327A9BE
Creation and modification date: 2024-03-30 20:48 - 2024-03-30 20:57
Size: 000131072
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
Virusscan: https://virusscan.jotti.org/filescanjob/1vuttfbles

====== End of File: ======


========================= File: C:\ProgramData\Piriform\CCleaner\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9A ========================

"C:\ProgramData\Piriform\CCleaner\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9A" => not found
====== End of File: ======

VirusTotal: C:\Windows\System32\CompatTelRunner.exe => Error: No automatic fix found for this entry.

========= type C:\ProgramData\ConfigData\setting.ini =========

[PPTube]
InstallPath=C:\Program Files (x86)


========= End of CMD: =========


==== End of Fixlog 19:57:21 ====

Very good.
There is a file I would like to check again and although it should be valid, there was an unusual line in the log which caught my attention. I believe that I may have identified the reason, but just to be sure, would you please run this new FRST script.

• Right click on the FRST icon and select Run as administrator.
• Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
• It is not necessary to paste the information anywhere as FRST will do this for you.

Start::
File: C:\Windows\System32\CompatTelRunner.exe
End::

• Click on the Fix button just once and wait.
• When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
Also please advise how your computer is running now and if you have any remaining questions.

Edited by dennis_l, 12 April 2024 - 06:33 AM.

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.04.2024
Ran by laure (12-04-2024 21:38:59) Run:5
Running from C:\Users\laure\Downloads
Loaded Profiles: laure
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
File: C:\Windows\System32\CompatTelRunner.exe
End::
*****************


========================= File: C:\Windows\System32\CompatTelRunner.exe ========================

C:\Windows\System32\CompatTelRunner.exe
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0414~31bf3856ad364e35~amd64~~10.0.18362.1256.cat
File is digitally signed
MD5: 339DE473E8BD33B6A31C264285EFC034
Creation and modification date: 2022-07-01 19:30 - 2022-07-01 19:30
Size: 000160064
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: CompatTelRunner.exe
Original Name: CompatTelRunner.exe
Product: Microsoft® Windows® Operating System
Description: Microsoft Compatibility Telemetry
File Version: 10.0.19645.1016 (WinBuild.160101.0800)
Product Version: 10.0.19645.1016
Copyright: © Microsoft Corporation. All rights reserved.
Virusscan: https://virusscan.jotti.org/filescanjob/2yyr1y7f02

====== End of File: ======


==== End of Fixlog 21:39:03 ====

That checked out ok, so I believe that we are nearly all set now.
Please advise if you have any further questions, before I post some tool/log clean up instructions and information for your future reference.

No further question. Thanks so much!

You are most welcome.

• FRST can now be removed as follows:
• Right-click on FRST64.exe and select Rename.
• Rename the file to Uninstall.exe.
• Double-click on Uninstall.exe.
• FRST and its files/folders will now be deleted.
• A reboot may be needed to complete the process.

These articles offer good advice and information for the future.
Keep your computer secure at home
How your system gets infected.
Ransomware advice.
Choosing Secure Passwords.
Thank you for contacting us at Bleeping Computer.

Dennis

I am closing this topic, as the issues appear to have been resolved.
If you need to continue, would you please send me or any Moderator a Personal Message (PM), advising that you would like it to be re-opened.
Please include a link to the topic in the Personal Message.