Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

It's been too long - general cleanup and service [Solved]

Started by daveBB , Jun 19 2023 08:40 AM

  • This topic is locked This topic is locked

#16
daveBB
Posted 03 July 2023 - 12:49 PM

daveBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2023
Ran by info (administrator) on LAPTOP-QBAAO188 (ASUSTeK COMPUTER INC. VivoBook_ASUSLaptop X430FA_S430FA) (03-07-2023 20:43:00)
Running from C:\Users\info\Desktop\FRST-OlderVersion\FRST64english.exe
Loaded Profiles: info
Platform: Microsoft Windows 11 Home Version 22H2 22621.1848 (X64) Language: Nederlands (Nederland)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\ATKOSD2.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <4>
(C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe ->) (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBox.Agent.exe
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16501.20210.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.EXE ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16501.20210.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.16501.20210.0_x86__8wekyb3d8bbwe\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ai.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23119.304.2165.4533_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.67\msedgewebview2.exe <12>
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSoftwareManager\AsusSoftwareManager.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe
(DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe ->) (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsMonStartupTask64.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2304.26.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16501.20210.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler64.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkRemote\AsusLinkRemote.exe
(services.exe ->) (ASUSTek Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\AsusAppService\AsusAppService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkNear\AsusLinkNear.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\AsusOptimization\AsusOptimization.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSoftwareManager\AsusSoftwareManager.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSwitch\AsusSwitch.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemAnalysis\AsusSystemAnalysis.exe
(services.exe ->) (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe
(services.exe ->) (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELANFPService.exe
(services.exe ->) (ICEpower a/s -> ICEpower A/S) C:\Windows\System32\DriverStore\FileRepository\icesoundapo64.inf_amd64_db704b106aae3892\ICEsoundService64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e9b40d45ab4dc6b8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e9b40d45ab4dc6b8\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_a2fcfdfc3497e17c\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Intel) C:\Windows\System32\cAVS\Intel® Audio Service\IntelAudioService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(sihost.exe ->) (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTek Computer Inc.) C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy\ATK Package\HControl.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2324.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\SpotifyWidgetProvider.exe
(svchost.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxext.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.16501.20210.0_x86__8wekyb3d8bbwe\Office16\SDXHelperBgt.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.1771_none_e92b991042f36e5c\TiWorker.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [256952 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Zwift] => C:\Program Files (x86)\Zwift\ZwiftLauncher.exe [18038304 2023-03-16] (Zwift, Inc. -> Zwift, Inc)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [278440 2019-12-05] (Canon Inc. -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS3400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDGF.DLL [525824 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3400 series: C:\WINDOWS\system32\CNMLMGF.DLL [962560 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.199\Installer\chrmstp.exe [2023-06-29] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0491F4E0-867F-4923-9EA4-48EE9A0B00F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {10BF01BC-42BA-401E-AC23-45DE3FE39E61} - System32\Tasks\RtkAudUService64_BG => C:\Windows\system32\RtkAudUService64.exe [874184 2020-12-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {1A75CD0A-6F99-4012-8144-016738526CF6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-07] (Google Inc -> Google LLC)
Task: {22D0360A-F612-456A-852D-853E1D46E5A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-07] (Google Inc -> Google LLC)
Task: {6312717F-E59E-4D54-B496-CE8175085E23} - System32\Tasks\ASUS Update Checker 2.0 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSoftwareManager\AsusUpdateChecker.exe [797832 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {73C8F0B6-F299-4271-82F2-2770A9FB54B6} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2172344 2023-04-13] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {771370F6-1948-4F56-88E1-B595220D33F7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4922296 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {F677D99A-6D44-43AD-9E94-28D5FB5337F7} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3860576 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {FBE9C792-71B0-4E4F-AD1C-90853357C53D} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHotkeyExec64.exe [176064 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35fe1c02-7b75-4a5a-9d5d-ca0f7b63d258}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ae8c850e-d435-4025-b5d4-a77d43bf0440}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e74f76e7-cafb-4d86-8bd0-43fc384d236e}: [DhcpNameServer] 40.53.1.12
 
Edge: 
=======
DownloadDir: C:\Users\info\Downloads
Edge Profile: C:\Users\info\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-09]
Edge DownloadDir: Default -> C:\Users\info\Downloads
 
FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-06-14] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-06-29]
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-07-03]
CHR Notifications: Profile 1 -> hxxps://calendar.google.com; hxxps://www.letour.fr; hxxps://yaktribe.games; hxxps://zwiftinsider.com
CHR Extension: (Honey: automatische bonnen en beloningen) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2023-07-03]
CHR Extension: (Adblock Plus - gratis adblocker) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-06-17]
CHR Extension: (Elevate for Strava) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhiaggccakkgdfcadnklkbljcgicpckn [2022-05-26]
CHR Extension: (Offline Documenten) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-18]
CHR Extension: (AVG SafePrice | prijsvergelijking, aanbiedingen, waardebonnen) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2023-04-22]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-13]
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-06-29]
CHR Extension: (Offline Documenten) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-16]
CHR Extension: (AVG SafePrice | prijsvergelijking, aanbiedingen, waardebonnen) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2023-04-16]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-04-16]
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\System Profile [2023-06-29]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 AsHidService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe [173504 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 ASLDRService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe [227776 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 AsusAppService; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\AsusAppService\AsusAppService.exe [1174672 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSLinkNear; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkNear\AsusLinkNear.exe [1637472 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkRemote\AsusLinkRemote.exe [783968 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
R2 ASUSLiveUpdateAgent; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSoftwareManager\AsusSoftwareManager.exe [1125520 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSOptimization; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\AsusOptimization\AsusOptimization.exe [206472 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSwitch; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSwitch\AsusSwitch.exe [641168 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3860576 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [526256 2023-05-17] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [619448 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [620472 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8851384 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-05-31] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 GiftBox.Service; C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe [299320 2019-04-09] (ASUSTek Computer Inc. -> ASUSTeK Computer Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [445432 2021-04-19] (Canon Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9266864 2023-06-29] (Malwarebytes Inc. -> Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2909208 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AsusPTPDrv; C:\WINDOWS\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_314b5cb6bf57f471\AsusPTPFilter.sys [116712 2021-12-02] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R3 AsusSAIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemAnalysis\AsusSAIO.sys [46736 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\atkwmiacpi64.sys [36368 2019-03-04] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [31408 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [236440 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [392360 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [297872 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [96464 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [25064 2022-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [39640 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [271544 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [556104 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [105240 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [80408 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [943448 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [703792 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [212672 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [319552 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-24] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [44480 2019-10-10] (Akeo Consulting -> hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-06-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [233216 2023-07-03] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77752 2023-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181984 2023-07-03] (Malwarebytes Inc. -> Malwarebytes)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [48536 2022-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [438544 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [90384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-07-03 14:17 - 2023-07-03 14:17 - 000804920 _____ C:\WINDOWS\system32\perfh013.dat
2023-07-03 14:17 - 2023-07-03 14:17 - 000160452 _____ C:\WINDOWS\system32\perfc013.dat
2023-07-03 14:09 - 2023-07-03 14:09 - 000233216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2023-07-03 14:09 - 2023-07-03 14:09 - 000181984 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-07-03 13:53 - 2023-07-03 13:53 - 000021050 _____ C:\Users\info\Downloads\3908674781859.pdf
2023-07-03 13:50 - 2023-07-03 13:50 - 000160026 _____ C:\Users\info\Downloads\Zakelijke-factuur-NL21INGB0007719775-20230401-20230430.pdf
2023-07-03 13:50 - 2023-07-03 13:50 - 000158449 _____ C:\Users\info\Downloads\Zakelijke-factuur-NL21INGB0007719775-20230501-20230531.pdf
2023-07-03 13:50 - 2023-07-03 13:50 - 000158414 _____ C:\Users\info\Downloads\Zakelijke-factuur-NL21INGB0007719775-20230301-20230331.pdf
2023-07-03 13:45 - 2023-07-03 13:45 - 000018363 _____ C:\Users\info\Downloads\T-Mobile Thuis Factuur - TMT1032353924 - DEFAULT.pdf
2023-07-03 13:45 - 2023-07-03 13:45 - 000018350 _____ C:\Users\info\Downloads\T-Mobile Thuis Factuur - TMT1030944048 - DEFAULT.pdf
2023-07-03 13:44 - 2023-07-03 13:44 - 000018367 _____ C:\Users\info\Downloads\T-Mobile Thuis Factuur - TMT1031641830 - DEFAULT.pdf
2023-07-03 13:41 - 2023-07-03 13:41 - 000025408 _____ C:\Users\info\Downloads\Tele2_Factuur_0623474211_20230518.pdf
2023-07-03 13:41 - 2023-07-03 13:41 - 000025408 _____ C:\Users\info\Downloads\Tele2_Factuur_0623474211_20230518 (1).pdf
2023-07-03 13:41 - 2023-07-03 13:41 - 000023656 _____ C:\Users\info\Downloads\Tele2_Factuur_0623474211_20230418.pdf
2023-07-03 13:40 - 2023-07-03 13:40 - 000023716 _____ C:\Users\info\Downloads\Tele2_Factuur_0623474211_20230620.pdf
2023-06-30 06:22 - 2023-07-03 12:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2023-06-29 22:53 - 2023-07-03 14:11 - 000000000 ____D C:\Users\info\AppData\Local\Malwarebytes
2023-06-29 22:53 - 2023-06-29 22:53 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-06-29 22:53 - 2023-06-29 22:53 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-06-29 22:53 - 2023-06-29 22:53 - 000000000 ____D C:\Users\info\AppData\Local\mbam
2023-06-29 22:52 - 2023-06-29 22:52 - 002649072 _____ (Malwarebytes) C:\Users\info\Downloads\MBSetup.exe
2023-06-29 22:52 - 2023-06-29 22:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-06-29 22:52 - 2023-06-29 22:52 - 000000000 ____D C:\Program Files\Malwarebytes
2023-06-29 22:36 - 2023-07-03 14:09 - 000000000 ____D C:\AdwCleaner
2023-06-29 22:31 - 2023-06-29 22:31 - 008791352 _____ (Malwarebytes) C:\Users\info\Downloads\AdwCleaner.exe
2023-06-27 20:02 - 2023-06-27 20:02 - 000737096 _____ C:\Users\info\Desktop\20230626 email1.pdf
2023-06-27 20:01 - 2023-06-27 20:02 - 000842946 _____ C:\Users\info\Desktop\20230626 email2.pdf
2023-06-27 20:01 - 2023-06-27 20:01 - 000737099 _____ C:\Users\info\Desktop\2.pdf
2023-06-19 16:55 - 2023-06-19 16:55 - 000041467 _____ C:\Users\info\Downloads\pensioenoverzicht-geen-bsn (2).pdf
2023-06-19 16:52 - 2023-06-19 16:52 - 000042043 _____ C:\Users\info\Downloads\pensioenoverzicht-geen-bsn (1).pdf
2023-06-19 16:25 - 2023-07-03 20:43 - 000000000 ____D C:\FRST
2023-06-19 16:25 - 2023-07-03 14:33 - 000000000 ____D C:\Users\info\Desktop\FRST-OlderVersion
2023-06-14 08:43 - 2023-06-14 08:43 - 000000000 ___HD C:\$WinREAgent
2023-06-08 22:43 - 2023-06-08 22:43 - 000313272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2023-06-05 14:09 - 2023-06-05 14:09 - 000545088 _____ C:\Users\info\Downloads\114342778.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-07-03 20:43 - 2022-09-28 13:30 - 000003750 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2023-07-03 20:40 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-03 19:54 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-07-03 19:54 - 2019-08-07 14:12 - 000000000 ____D C:\Program Files (x86)\Google
2023-07-03 14:29 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-03 14:22 - 2022-09-28 13:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-03 14:21 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-07-03 14:17 - 2022-09-28 13:29 - 001803066 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-03 14:17 - 2022-05-07 07:22 - 000000000 ____D C:\WINDOWS\INF
2023-07-03 14:13 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-07-03 14:13 - 2021-01-15 12:03 - 000000000 ____D C:\Users\info\AppData\Local\D3DSCache
2023-07-03 14:10 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-03 14:10 - 2019-08-07 12:27 - 000000000 __SHD C:\Users\info\IntelGraphicsProfiles
2023-07-03 14:09 - 2022-09-28 13:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-07-03 14:09 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-07-03 14:09 - 2022-05-07 07:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-07-03 14:09 - 2020-09-30 21:59 - 000012288 ___SH C:\DumpStack.log.tmp
2023-07-03 14:09 - 2019-08-11 12:46 - 000000000 ____D C:\ProgramData\AVG
2023-07-03 14:09 - 2018-12-21 07:36 - 000000000 ____D C:\Program Files (x86)\ASUS
2023-07-03 14:09 - 2018-12-21 07:26 - 000000000 ___HD C:\Intel
2023-07-03 12:53 - 2022-09-28 13:30 - 000003658 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-03 12:53 - 2022-09-28 13:30 - 000003504 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-07-03 12:53 - 2022-09-28 13:30 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-07-03 12:53 - 2022-09-28 13:30 - 000003434 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-03 12:53 - 2022-09-28 13:30 - 000003280 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-07-03 12:53 - 2022-09-28 13:30 - 000003250 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2023-07-03 12:53 - 2022-09-28 13:30 - 000003114 _____ C:\WINDOWS\system32\Tasks\ASUS Update Checker 2.0
2023-07-03 12:53 - 2022-09-28 13:30 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2140152316-3761713159-350972558-1001
2023-07-03 12:53 - 2022-09-28 13:30 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2140152316-3761713159-350972558-1001
2023-07-03 11:39 - 2023-05-01 16:25 - 000000000 ____D C:\Users\info\Documents\foto
2023-07-01 06:41 - 2021-06-30 15:38 - 000000000 ____D C:\ProgramData\CanonIJPLM
2023-07-01 06:41 - 2021-04-16 23:50 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-01 00:46 - 2019-08-12 18:50 - 000000000 ____D C:\Users\info\AppData\Local\CrashDumps
2023-06-29 22:53 - 2022-05-07 07:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-06-29 19:58 - 2019-09-27 19:47 - 000000000 ____D C:\Users\info\AppData\LocalLow\Temp
2023-06-29 06:20 - 2019-08-07 14:14 - 000002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-06-27 22:01 - 2022-10-12 20:02 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-06-27 22:01 - 2022-10-12 20:02 - 000002063 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-06-26 22:19 - 2020-09-30 22:00 - 000002380 _____ C:\Users\info\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-06-24 07:37 - 2019-08-12 18:48 - 000000000 ____D C:\ProgramData\Packages
2023-06-16 07:05 - 2022-09-28 13:25 - 000302192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\WUModels
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\UUS
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-06-16 07:04 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\servicing
2023-06-14 08:46 - 2022-09-28 13:26 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-06-14 08:30 - 2021-02-09 20:30 - 000000000 ____D C:\Users\info\AppData\Local\MyASUS Update Messenger
2023-06-14 08:07 - 2019-08-11 12:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-06-14 08:05 - 2019-08-11 12:21 - 170078616 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-06-14 04:51 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-06-08 22:43 - 2020-10-23 15:05 - 000271544 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2023-06-08 22:43 - 2020-06-16 16:46 - 000556104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000943448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000703792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000392360 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000319552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000297872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000236440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000105240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000096464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000080408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000039640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000031408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2023-06-08 17:45 - 2019-08-07 12:27 - 000000000 ____D C:\Users\info\AppData\Local\Packages
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2023
Ran by info (03-07-2023 20:45:36)
Running from C:\Users\info\Desktop\FRST-OlderVersion
Microsoft Windows 11 Home Version 22H2 22621.1848 (X64) (2022-09-28 11:30:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2140152316-3761713159-350972558-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2140152316-3761713159-350972558-503 - Limited - Disabled)
Gast (S-1-5-21-2140152316-3761713159-350972558-501 - Limited - Disabled)
info (S-1-5-21-2140152316-3761713159-350972558-1001 - Administrator - Enabled) => C:\Users\info
WDAGUtilityAccount (S-1-5-21-2140152316-3761713159-350972558-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1043-1033-7760-BC15014EA700}) (Version: 23.003.20215 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.8.4 - ICEpower a/s)
AVG AntiVirus Free (HKLM\...\AVG Antivirus) (Version: 23.5.3286 - AVG Technologies)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.15.2 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.61.1.10 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.6.0.2 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.4.0 - Canon Inc.)
Canon TS3400 series Driver (HKLM\...\{1199FAD5-9546-44F3-81CF-FFDB8040B7BF}_Canon_TS3400_series) (Version: 1.02 - Canon Inc.)
Elevate 7.0.0-beta.5 (HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\6548da05-a4bc-57ed-8c01-06101fc8d1df) (Version: 7.0.0-beta.5 - Thomas Champagne)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.199 - Google LLC)
Intel® Serial IO (HKLM\...\{72759DFB-9080-46A5-ACCF-5BA26A6FF3FD}) (Version: 30.100.1727.1 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{88667F43-B63E-4046-AF02-35E5412B8FAF}) (Version: 16.5.1.1030 - Intel Corporation)
Malwarebytes version 4.5.32.271 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.32.271 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.67 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\OneDriveSetup.exe) (Version: 23.122.0611.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\Teams) (Version: 1.4.00.8872 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Paradox Launcher v2 (HKLM\...\{986898D9-7C26-4E7F-814C-9B5472FA3209}) (Version: 2.0.0.0 - Paradox Interactive)
Printerregistratie (HKLM-x32\...\Canon EISRegistration) (Version: 1.9.0 - Canon Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
Windows Pc-statuscontrole (HKLM\...\{D1F16371-7951-41EB-A367-507D779F1E64}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows-stuurprogrammapakket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Zwift Activity Monitor 1.2.5 (HKLM-x32\...\Zwift Activity Monitor) (Version: 1.2.5 - Kevin Ruff p/b EnJoy Fitness)
Zwift version 1.1.6 (HKLM-x32\...\{E4DA422A-82AB-44A4-B3A5-0AF60F47B7AB}_is1) (Version: 1.1.6 - Zwift, LLC)
 
Packages:
=========
ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.2.4.0_x64__qmba6cd70vzyy [2022-09-29] (ASUSTeK COMPUTER INC.)
ASUS Keyboard Hotkeys -> C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy [2019-09-18] (ASUSTeK COMPUTER INC.) [Startup Task]
Audiotonic Pro -> C:\Program Files\WindowsApps\BluskySoftwareInc.AudiotonicPro_2.0.4.0_x86__61yk12x6sxn40 [2021-09-10] (Blusky Software Inc.)
AudioWizard -> C:\Program Files\WindowsApps\ICEpower.AudioWizard_1.5.28.0_x64__dxp88312j1fgj [2023-06-12] (ICEpower)
eManual -> C:\Program Files\WindowsApps\B9ECED6F.eManual_2.0.3.0_x86__qmba6cd70vzyy [2018-12-21] (ASUSTeK COMPUTER INC.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_146.3.1087.0_x64__v10z8vjag6ke6 [2023-06-21] (HP Inc.)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-04-01] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-06-10] (Apple Inc.) [Startup Task]
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.4.0_x64__w1wdnht996qgy [2023-06-24] (LinkedIn)
Media-engine-invoegtoepassing voor Foto's -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-01] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-03] (Microsoft Corp.)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
ms-resource:AppDisplayName -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy [2023-06-14] (ASUSTeK COMPUTER INC.)
ms-resource:PkgDisplayName -> C:\Program Files\WindowsApps\64404Softuna.TotalDiskCleaner_2.1.10.0_x64__r1b4jsc7ddp3p [2023-06-20] (Total PC Cleaner)
ms-resource:System_Item_Title_IntelGraphicsControlPanel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-02] (INTEL CORP) [Startup Task]
MuseScore 3 -> C:\Program Files\WindowsApps\64051MuseScoreBVBA.MuseScoreNotationSoftware_3.3.4.0_x64__pz631wrhsw9tj [2020-01-22] (MuseScore BVBA)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-11-16] (Adobe Systems Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.172.0_x64__dt26b99r8h8gj [2019-08-12] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0 [2023-06-26] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2324.6.0_x64__cv1g1gvanyjgm [2023-07-03] (WhatsApp Inc.) [Startup Task]
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-06-27] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-06-27] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2140152316-3761713159-350972558-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\info\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2140152316-3761713159-350972558-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\info\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-2140152316-3761713159-350972558-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\info\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-06-13] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-29] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-06-13] () [File not signed] [File is in use]
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-29] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\info\Desktop\tanja\Persoon 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\info\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2022-07-30 14:54 - 2019-12-05 16:17 - 000104448 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2022-07-30 14:54 - 2019-12-05 16:17 - 000009216 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_NLD.DLL
2018-06-13 06:01 - 2018-06-13 06:01 - 000125952 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
2021-02-07 00:32 - 2021-02-07 00:37 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\info\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\MER02948.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "Focusrite Notifier"
HKLM\...\StartupApproved\Run32: => "Zwift"
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{896FB7AB-F868-445B-8E70-047C3B351511}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{3E5A8DF4-ADA6-4195-9AF2-400C686151F1}] => (Allow) C:\Program Files\AVG\Antivirus\AVGUI.exe (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{B19D1D19-2AF5-46CE-9650-675C49D45F4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe (Days of Wonder, Inc.) [File not signed]
FirewallRules: [{D2E10484-C3F2-4B94-ADFA-CBEABDD252D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe (Days of Wonder, Inc.) [File not signed]
FirewallRules: [{057C2CC6-259D-4D9A-81C5-E84DFC61737E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carcassonne The Official Board Game\Carcassonne.exe () [File not signed]
FirewallRules: [{9140BF03-E70F-4335-86C1-8F3D9458F96E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carcassonne The Official Board Game\Carcassonne.exe () [File not signed]
FirewallRules: [UDP Query User{355494F5-6EB0-4674-B0BE-26B76845D098}C:\program files (x86)\zwift\zwiftapp.exe] => (Allow) C:\program files (x86)\zwift\zwiftapp.exe (Zwift, Inc. -> )
FirewallRules: [TCP Query User{B7A35808-C55B-4559-9525-401AA0D8757D}C:\program files (x86)\zwift\zwiftapp.exe] => (Allow) C:\program files (x86)\zwift\zwiftapp.exe (Zwift, Inc. -> )
FirewallRules: [{8572A005-A524-4BA0-B168-CC33AED09624}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scythe Digital Edition\Scythe.exe () [File not signed]
FirewallRules: [{7FE449E0-815D-4E85-AB20-6F4324D2A5E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scythe Digital Edition\Scythe.exe () [File not signed]
FirewallRules: [UDP Query User{693EFBB5-FACE-441F-B77A-8A0CB015DEAB}C:\users\info\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\info\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6BA16B67-C888-49E3-9E5D-F53B909A0A64}C:\users\info\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\info\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1850A575-8881-433A-B13B-823F459EE9D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wingspan\Wingspan.exe (Unity Technologies ApS) [File not signed]
FirewallRules: [{1166B07A-301B-4591-B707-1701110FEA2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wingspan\Wingspan.exe (Unity Technologies ApS) [File not signed]
FirewallRules: [UDP Query User{4FD0DDE7-71AC-467D-8013-C027C8DB1EF7}C:\users\info\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\info\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3CCBFA1B-F909-43B5-A74B-303876364292}C:\users\info\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\info\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{66E45CC8-6D69-4B65-B269-AAFF7B717E88}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23CB10F3-4C1D-437F-BF8C-4478229F6CAF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D9F26FFC-7A26-4DB7-8919-723F1180F43C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1ADEEF01-A616-4651-85AF-924BA15D728D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E9A26FA7-FA22-4B00-A436-7EE59DBEC211}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D32E50BC-D28B-447A-9923-EB9046795962}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D6F0D809-38F0-4BE8-9251-C944DF978506}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B8BFC2A3-1F96-4A73-9340-160BD70ACD7E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5FA50336-0910-4BC1-A4C3-68229F564BA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{E35E223D-54A4-4302-8C53-A73304FD53A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{11FA1CAA-D45F-4EEE-862B-6D8486EAD29B}C:\program files (x86)\zwift\zwiftapp.exe] => (Allow) C:\program files (x86)\zwift\zwiftapp.exe (Zwift, Inc. -> )
FirewallRules: [UDP Query User{A8AB8CBF-BCA2-43FD-B306-BBDBB6CB459B}C:\program files (x86)\zwift\zwiftapp.exe] => (Allow) C:\program files (x86)\zwift\zwiftapp.exe (Zwift, Inc. -> )
FirewallRules: [{5D5B44B6-EED9-4FE8-A410-BE37F6C3257D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Bowl 3\BB3.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{6E76A8AC-6449-4828-AF91-EAFD15C6A3B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Bowl 3\BB3.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{064DDDD9-640C-4D91-88F8-1299BD6DA804}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B056385D-A065-480E-A3EB-481D7D351F89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0F7E2278-F57C-4007-ABB8-B734AF21602E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{6C555034-6DA4-4699-B190-1CDF328BA59F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{154D2EC3-110F-4556-A49E-CE4CCDF2AF9A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B48A9AC2-AA62-4301-AC57-DC28E0F05D9B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0CBCC94E-8CA8-4909-A49C-FD59846BFC2B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{D5B59D6A-80BC-4334-80F7-2564AB0C3E22}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{9FECAD59-570B-4E08-87B7-33C74D4399FD}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{6ADE9A78-19F6-473D-88E0-7C8218CD54DB}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{60EDD709-1DC5-461A-9BB6-98680D4F7873}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{48F37BE0-DFEC-4805-AD6D-2C7A2281A8FD}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{824740D6-FC9F-41A5-AF71-464D06F0B418}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E62BA368-2D55-4EBE-B16D-F904C8AFA45B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FABC4701-DD29-4F21-945E-91BDF9D5B9D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8AF28E44-8BAB-478D-9B0A-9043CB029876}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2E322E3C-5A21-409F-AD77-AC87E9021E77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B48B7E43-952F-46EE-9840-46C0100E6DF2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3FCC5914-9F5B-4756-A468-80AF88204551}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7EB3904F-BB21-49C5-BEFE-E750AFAFF1C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2BFCD96D-D10E-4263-885F-C56717CA6B41}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6B3F178B-F7BB-4E72-A7D5-091CABC32725}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F9755E66-1277-4034-91C7-BA4CC61BBF5F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16501.20210.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{26C216A5-7A95-4C03-A668-EA7D99121388}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.304.2165.4533_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FAC23CFA-5E02-4724-9A82-9CAFAAE29C14}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.304.2165.4533_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68567F2B-13B4-423B-93AD-1F398201D193}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{966D750D-9D71-4243-B792-81F649544B2D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3D486559-CDF5-4633-864E-2868E31E20EA}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSwitch\AsusSwitchNet.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{0A72AD4B-54B4-43D9-A557-9676DDFB4FD1}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{B76A662D-289A-47A4-86DA-CE3F18043FDE}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSwitch\AsusSwitchNetMDNS.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{3DE7ABC4-B450-42F3-B7BB-E4CBB0C61FC4}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{9738DB9C-C7A5-4DD2-B4E5-48A49E16FBFD}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
 
==================== Restore Points =========================
 
01-07-2023 07:39:46 Gepland controlepunt
03-07-2023 14:08:55 AdwCleaner_BeforeCleaning_03/07/2023_14:08:55
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/01/2023 12:46:21 AM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-QBAAO188)
Description: Naam van toepassing met fout: Acrobat.exe, versie: 23.3.20215.0, tijdstempel: 0x648a1657
Naam van module met fout: ntdll.dll, versie: 10.0.22621.1848, tijdstempel: 0x48d14984
Uitzonderingscode: 0xc0000374
Foutmarge: 0x000000000010be19
Id van proces met fout: 0x0x3d44
Starttijd van toepassing met fout: 0x0x1d9aba4b022d82d
Pad naar toepassing met fout: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Pad naar module met fout: C:\WINDOWS\SYSTEM32\ntdll.dll
Rapport-id: 4b342621-b9fc-40f9-8fd6-c27c49a4fee3
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (06/29/2023 07:53:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine QueryFullProcessImageNameW.  hr = 0x8007001f, Een apparaat dat op het systeem is aangesloten, werkt niet.
.
 
 
Bewerking:
   Asynchrone bewerking uitvoeren
 
Context:
   Huidige status: DoSnapshotSet
 
Error: (06/29/2023 07:53:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {dc7e264b-13b8-4108-a366-d2334a061c86}
 
Error: (06/26/2023 02:50:34 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: Programma WidgetService.exe versie 0.0.0.0 communiceert niet meer met Windows en is gesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, controleert u de probleemgeschiedenis in het configuratiescherm van Beveiliging en onderhoud.
 
Error: (06/26/2023 02:49:39 AM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-QBAAO188)
Description: Naam van toepassing met fout: OUTLOOK.exe, versie: 16.0.16327.20248, tijdstempel: 0x644cd312
Naam van module met fout: WWLIB.DLL, versie: 16.0.16327.20248, tijdstempel: 0x644cd366
Uitzonderingscode: 0xc0000005
Foutmarge: 0x004636e7
Id van proces met fout: 0x0x4ca0
Starttijd van toepassing met fout: 0x0x1d9a7abd5c97258
Pad naar toepassing met fout: C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16327.20248.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe
Pad naar module met fout: C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.16327.20248.0_x86__8wekyb3d8bbwe\Office16\WWLIB.DLL
Rapport-id: f385adaa-29d1-459d-9267-33dc7de27e38
Volledige pakketnaam met fout: Microsoft.Office.Desktop_16051.16327.20248.0_x86__8wekyb3d8bbwe
Relatieve toepassings-id van pakket met fout: Outlook
 
Error: (06/19/2023 04:31:14 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Fout in de Volume Shadow Copy-service: de I/O-schrijfbewerkingen kunnen niet worden vastgelegd tijdens het maken van de schaduwkopie op volume \\?\Volume{584bea99-6542-4539-9603-0e057ba53116}\.
De volume-index in de set met schaduwkopieën is 0. Foutdetails: Openen [0x00000000, De bewerking is voltooid.
], Leegmaken[0x00000000, De bewerking is voltooid.
], Vrijgeven[0x80042314, Er heeft een time-out bij de provider van schaduwkopieën plaats gevonden bij het opslaan van schrijfbewerkingen op het volume waarvan een schaduwkopie wordt gemaakt. Dit komt waarschijnlijk door overmatige activiteit op het volume, veroorzaakt door een toepassing of systeemservice. Probeer het opnieuw zodra de activiteit op het volume is verminderd.
], Uitvoeren[0x00000000, De bewerking is voltooid.
].
 
 
Bewerking:
   Asynchrone bewerking uitvoeren
 
Context:
   Huidige status: DoSnapshotSet
 
Error: (05/19/2023 09:39:21 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: LAPTOP-QBAAO188)
Description: Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy-2147023878
 
Error: (05/18/2023 05:20:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine CoCreateInstance.  hr = 0x8007045b, Systeem wordt afgesloten.
.
 
 
System errors:
=============
Error: (07/03/2023 02:13:04 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QBAAO188)
Description: De server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (07/03/2023 02:09:14 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QBAAO188)
Description: De server Microsoft.AAD.BrokerPlugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (07/03/2023 02:09:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Intel® Audio Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (07/03/2023 02:09:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De ASUS Optimization-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (07/03/2023 02:09:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De ASUS Software Manager-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 0 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (07/03/2023 02:09:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Realtek Bluetooth Device Manager Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (07/03/2023 02:09:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: De ASUS App Service-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 0 milliseconden worden uitgevoerd: Service opnieuw starten.
 
Error: (07/03/2023 02:09:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Intel® Dynamic Application Loader Host Interface Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
 
CodeIntegrity:
===============
Date: 2023-07-03 15:10:58
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. 
 
Date: 2023-07-03 14:29:29
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. X430FA.308 05/28/2019
Motherboard: ASUSTeK COMPUTER INC. X430FA
Processor: Intel® Core™ i5-8265U CPU @ 1.60GHz
Percentage of memory in use: 81%
Total physical RAM: 8043.61 MB
Available physical RAM: 1467.89 MB
Total Virtual: 9579.61 MB
Available Virtual: 1505.46 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:237.42 GB) (Free:60.06 GB) (Model: INTEL SSDSCKKW256G8) NTFS
 
\\?\Volume{54e95cf9-9493-4202-8beb-a6fc7d552267}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.16 GB) NTFS
\\?\Volume{f0180894-28fc-4771-89f4-efa7f35c2201}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 9929D3AC)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

Advertisements

#17
daveBB
Posted 03 July 2023 - 12:51 PM

daveBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

decided to delete them all.

Laptop is running nicely, as far as I can tell.

AVG is still giving warnings though, and as per your very first reply I decided to get rid of it, it ís redirecting towards a shop, basically.


  • 0

#18
DR M
Posted 04 July 2023 - 10:55 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,430 posts

AVG is still giving warnings though, and as per your very first reply I decided to get rid of it, it ís redirecting towards a shop, basically.

 
Hi, Dave. 
 
Since you decided to uninstall AVG, I won't review the logs now, but after the uninstall. Perhaps remnants will be present and we will need to remove them.
 
To uninstall AVG as effectively as we can, please do the following:

  • Download the Revo Uninstaller (Free Download) and save it on your Desktop.
  • Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
  • Double click the program's icon to open it.
  • Write in the search area, on the top left, the following program:
AVG AntiVirus Free
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the AVG items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.

 

After the above, I'll need fresh FRST logs, Addition and FRST. 


  • 0

#19
daveBB
Posted 06 July 2023 - 04:12 PM

daveBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

AVG is rather large so it seems, I may not have selected all the files as I chose only to select the ones with 'AVG' in them, somewhere be it either the folder-path or name. Maybe some more deleting is in order?

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2023
Ran by info (administrator) on LAPTOP-QBAAO188 (ASUSTeK COMPUTER INC. VivoBook_ASUSLaptop X430FA_S430FA) (07-07-2023 00:04:40)
Running from C:\Users\info\Desktop\FRST-OlderVersion\FRST64english.exe
Loaded Profiles: info
Platform: Microsoft Windows 11 Home Version 22H2 22621.1848 (X64) Language: Nederlands (Nederland)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\ATKOSD2.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(C:\Program Files\AVG\Antivirus\AVGSvc.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16501.20210.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.EXE ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16501.20210.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.16501.20210.0_x86__8wekyb3d8bbwe\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ai.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23119.304.2165.4533_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.67\msedgewebview2.exe <6>
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe ->) (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsMonStartupTask64.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\GfxDownloadWrapper.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16501.20210.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler64.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkRemote\AsusLinkRemote.exe
(services.exe ->) (ASUSTek Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\AsusAppService\AsusAppService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkNear\AsusLinkNear.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\AsusOptimization\AsusOptimization.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSoftwareManager\AsusSoftwareManager.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSwitch\AsusSwitch.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemAnalysis\AsusSystemAnalysis.exe
(services.exe ->) (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe
(services.exe ->) (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(services.exe ->) (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELANFPService.exe
(services.exe ->) (ICEpower a/s -> ICEpower A/S) C:\Windows\System32\DriverStore\FileRepository\icesoundapo64.inf_amd64_db704b106aae3892\ICEsoundService64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e9b40d45ab4dc6b8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e9b40d45ab4dc6b8\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_a2fcfdfc3497e17c\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Intel) C:\Windows\System32\cAVS\Intel® Audio Service\IntelAudioService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(sihost.exe ->) (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTek Computer Inc.) C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy\ATK Package\HControl.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(svchost.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxext.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.1771_none_e92b991042f36e5c\TiWorker.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [256952 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Zwift] => C:\Program Files (x86)\Zwift\ZwiftLauncher.exe [18038304 2023-03-16] (Zwift, Inc. -> Zwift, Inc)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [278440 2019-12-05] (Canon Inc. -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS3400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDGF.DLL [525824 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3400 series: C:\WINDOWS\system32\CNMLMGF.DLL [962560 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.199\Installer\chrmstp.exe [2023-06-29] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0491F4E0-867F-4923-9EA4-48EE9A0B00F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {10BF01BC-42BA-401E-AC23-45DE3FE39E61} - System32\Tasks\RtkAudUService64_BG => C:\Windows\system32\RtkAudUService64.exe [874184 2020-12-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {1A75CD0A-6F99-4012-8144-016738526CF6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-07] (Google Inc -> Google LLC)
Task: {22D0360A-F612-456A-852D-853E1D46E5A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-07] (Google Inc -> Google LLC)
Task: {6312717F-E59E-4D54-B496-CE8175085E23} - System32\Tasks\ASUS Update Checker 2.0 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSoftwareManager\AsusUpdateChecker.exe [797832 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {73C8F0B6-F299-4271-82F2-2770A9FB54B6} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2172344 2023-04-13] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {771370F6-1948-4F56-88E1-B595220D33F7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4922296 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {F677D99A-6D44-43AD-9E94-28D5FB5337F7} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3860576 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {FBE9C792-71B0-4E4F-AD1C-90853357C53D} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHotkeyExec64.exe [176064 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35fe1c02-7b75-4a5a-9d5d-ca0f7b63d258}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ae8c850e-d435-4025-b5d4-a77d43bf0440}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e74f76e7-cafb-4d86-8bd0-43fc384d236e}: [DhcpNameServer] 40.53.1.12
 
Edge: 
=======
DownloadDir: C:\Users\info\Downloads
Edge Profile: C:\Users\info\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-09]
Edge DownloadDir: Default -> C:\Users\info\Downloads
 
FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-06-14] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-06-29]
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-07-07]
CHR Notifications: Profile 1 -> hxxps://calendar.google.com; hxxps://www.letour.fr; hxxps://yaktribe.games; hxxps://zwiftinsider.com
CHR Extension: (Honey: automatische bonnen en beloningen) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2023-07-03]
CHR Extension: (Adblock Plus - gratis adblocker) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-06-17]
CHR Extension: (Elevate for Strava) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhiaggccakkgdfcadnklkbljcgicpckn [2022-05-26]
CHR Extension: (Offline Documenten) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-18]
CHR Extension: (AVG SafePrice | prijsvergelijking, aanbiedingen, waardebonnen) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2023-04-22]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-13]
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-06-29]
CHR Extension: (Offline Documenten) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-16]
CHR Extension: (AVG SafePrice | prijsvergelijking, aanbiedingen, waardebonnen) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2023-04-16]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-04-16]
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\System Profile [2023-06-29]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 AsHidService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe [173504 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 ASLDRService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe [227776 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 AsusAppService; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\AsusAppService\AsusAppService.exe [1174672 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSLinkNear; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkNear\AsusLinkNear.exe [1637472 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkRemote\AsusLinkRemote.exe [783968 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
R2 ASUSLiveUpdateAgent; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSoftwareManager\AsusSoftwareManager.exe [1125520 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSOptimization; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\AsusOptimization\AsusOptimization.exe [206472 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSwitch; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSwitch\AsusSwitch.exe [641168 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3860576 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [526256 2023-05-17] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [619448 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8851384 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-05-31] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 GiftBox.Service; C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe [299320 2019-04-09] (ASUSTek Computer Inc. -> ASUSTeK Computer Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [445432 2021-04-19] (Canon Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9266864 2023-06-29] (Malwarebytes Inc. -> Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2909208 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AsusPTPDrv; C:\WINDOWS\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_314b5cb6bf57f471\AsusPTPFilter.sys [116712 2021-12-02] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R3 AsusSAIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemAnalysis\AsusSAIO.sys [46736 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\atkwmiacpi64.sys [36368 2019-03-04] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [31408 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [236440 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [392360 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [297872 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [96464 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [25064 2022-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [39640 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [271544 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [556104 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [105240 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [80408 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [943448 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [703792 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [212672 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [319552 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-24] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [44480 2019-10-10] (Akeo Consulting -> hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-06-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [233216 2023-07-07] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77752 2023-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181984 2023-07-07] (Malwarebytes Inc. -> Malwarebytes)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [48536 2022-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [438544 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [90384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-07-07 00:03 - 2023-07-07 00:03 - 000233216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2023-07-07 00:03 - 2023-07-07 00:03 - 000181984 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-07-07 00:03 - 2023-07-07 00:03 - 000000000 ____D C:\Users\info\AppData\LocalLow\IGDump
2023-07-06 23:44 - 2023-07-06 23:44 - 000001081 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2023-07-06 23:44 - 2023-07-06 23:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2023-07-06 23:44 - 2023-07-06 23:44 - 000000000 ____D C:\Program Files\VS Revo Group
2023-07-06 23:43 - 2023-07-06 23:44 - 006970144 _____ (VS Revo Group ) C:\Users\info\Desktop\revosetup.exe
2023-07-03 14:17 - 2023-07-03 14:17 - 000804920 _____ C:\WINDOWS\system32\perfh013.dat
2023-07-03 14:17 - 2023-07-03 14:17 - 000160452 _____ C:\WINDOWS\system32\perfc013.dat
2023-07-03 13:53 - 2023-07-03 13:53 - 000021050 _____ C:\Users\info\Downloads\3908674781859.pdf
2023-07-03 13:50 - 2023-07-03 13:50 - 000160026 _____ C:\Users\info\Downloads\Zakelijke-factuur-NL21INGB0007719775-20230401-20230430.pdf
2023-07-03 13:50 - 2023-07-03 13:50 - 000158449 _____ C:\Users\info\Downloads\Zakelijke-factuur-NL21INGB0007719775-20230501-20230531.pdf
2023-07-03 13:50 - 2023-07-03 13:50 - 000158414 _____ C:\Users\info\Downloads\Zakelijke-factuur-NL21INGB0007719775-20230301-20230331.pdf
2023-07-03 13:45 - 2023-07-03 13:45 - 000018363 _____ C:\Users\info\Downloads\T-Mobile Thuis Factuur - TMT1032353924 - DEFAULT.pdf
2023-07-03 13:45 - 2023-07-03 13:45 - 000018350 _____ C:\Users\info\Downloads\T-Mobile Thuis Factuur - TMT1030944048 - DEFAULT.pdf
2023-07-03 13:44 - 2023-07-03 13:44 - 000018367 _____ C:\Users\info\Downloads\T-Mobile Thuis Factuur - TMT1031641830 - DEFAULT.pdf
2023-07-03 13:41 - 2023-07-03 13:41 - 000025408 _____ C:\Users\info\Downloads\Tele2_Factuur_0623474211_20230518.pdf
2023-07-03 13:41 - 2023-07-03 13:41 - 000025408 _____ C:\Users\info\Downloads\Tele2_Factuur_0623474211_20230518 (1).pdf
2023-07-03 13:41 - 2023-07-03 13:41 - 000023656 _____ C:\Users\info\Downloads\Tele2_Factuur_0623474211_20230418.pdf
2023-07-03 13:40 - 2023-07-03 13:40 - 000023716 _____ C:\Users\info\Downloads\Tele2_Factuur_0623474211_20230620.pdf
2023-06-30 06:22 - 2023-07-06 07:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2023-06-29 22:53 - 2023-07-07 00:03 - 000000000 ____D C:\Users\info\AppData\Local\Malwarebytes
2023-06-29 22:53 - 2023-06-29 22:53 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-06-29 22:53 - 2023-06-29 22:53 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-06-29 22:53 - 2023-06-29 22:53 - 000000000 ____D C:\Users\info\AppData\Local\mbam
2023-06-29 22:52 - 2023-06-29 22:52 - 002649072 _____ (Malwarebytes) C:\Users\info\Downloads\MBSetup.exe
2023-06-29 22:52 - 2023-06-29 22:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-06-29 22:52 - 2023-06-29 22:52 - 000000000 ____D C:\Program Files\Malwarebytes
2023-06-29 22:36 - 2023-07-03 14:09 - 000000000 ____D C:\AdwCleaner
2023-06-29 22:31 - 2023-06-29 22:31 - 008791352 _____ (Malwarebytes) C:\Users\info\Downloads\AdwCleaner.exe
2023-06-27 20:02 - 2023-06-27 20:02 - 000737096 _____ C:\Users\info\Desktop\20230626 email1.pdf
2023-06-27 20:01 - 2023-06-27 20:02 - 000842946 _____ C:\Users\info\Desktop\20230626 email2.pdf
2023-06-27 20:01 - 2023-06-27 20:01 - 000737099 _____ C:\Users\info\Desktop\2.pdf
2023-06-19 16:55 - 2023-06-19 16:55 - 000041467 _____ C:\Users\info\Downloads\pensioenoverzicht-geen-bsn (2).pdf
2023-06-19 16:52 - 2023-06-19 16:52 - 000042043 _____ C:\Users\info\Downloads\pensioenoverzicht-geen-bsn (1).pdf
2023-06-19 16:25 - 2023-07-07 00:05 - 000000000 ____D C:\FRST
2023-06-19 16:25 - 2023-07-07 00:04 - 000000000 ____D C:\Users\info\Desktop\FRST-OlderVersion
2023-06-14 08:43 - 2023-06-14 08:43 - 000000000 ___HD C:\$WinREAgent
2023-06-08 22:43 - 2023-06-08 22:43 - 000313272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-07-07 00:06 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-07-07 00:06 - 2022-05-07 07:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-07-07 00:05 - 2019-08-07 14:12 - 000000000 ____D C:\Program Files (x86)\Google
2023-07-07 00:04 - 2022-09-28 13:30 - 000003750 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2023-07-07 00:03 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-07 00:03 - 2019-08-12 18:50 - 000000000 ____D C:\Users\info\AppData\Local\CrashDumps
2023-07-07 00:02 - 2022-09-28 13:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-07-07 00:02 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-07-07 00:02 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-07-07 00:02 - 2022-05-07 07:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-07-07 00:02 - 2020-09-30 21:59 - 000012288 ___SH C:\DumpStack.log.tmp
2023-07-07 00:02 - 2019-08-11 12:46 - 000000000 ____D C:\ProgramData\AVG
2023-07-07 00:02 - 2019-08-07 12:27 - 000000000 __SHD C:\Users\info\IntelGraphicsProfiles
2023-07-07 00:02 - 2018-12-21 07:26 - 000000000 ___HD C:\Intel
2023-07-06 23:42 - 2022-09-28 13:30 - 000003730 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-06 23:42 - 2022-09-28 13:30 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-06 07:35 - 2022-09-28 13:30 - 000003504 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-07-06 07:35 - 2022-09-28 13:30 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-07-06 07:35 - 2022-09-28 13:30 - 000003280 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-07-06 07:35 - 2022-09-28 13:30 - 000003250 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2023-07-06 07:35 - 2022-09-28 13:30 - 000003114 _____ C:\WINDOWS\system32\Tasks\ASUS Update Checker 2.0
2023-07-06 07:35 - 2022-09-28 13:30 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2140152316-3761713159-350972558-1001
2023-07-06 07:35 - 2022-09-28 13:30 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2140152316-3761713159-350972558-1001
2023-07-05 22:35 - 2022-09-28 13:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-05 22:33 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-05 22:33 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-07-04 20:56 - 2020-09-30 22:00 - 000002380 _____ C:\Users\info\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-07-03 14:29 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-03 14:17 - 2022-09-28 13:29 - 001803066 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-03 14:17 - 2022-05-07 07:22 - 000000000 ____D C:\WINDOWS\INF
2023-07-03 14:13 - 2021-01-15 12:03 - 000000000 ____D C:\Users\info\AppData\Local\D3DSCache
2023-07-03 14:09 - 2018-12-21 07:36 - 000000000 ____D C:\Program Files (x86)\ASUS
2023-07-03 11:39 - 2023-05-01 16:25 - 000000000 ____D C:\Users\info\Documents\foto
2023-07-01 06:41 - 2021-06-30 15:38 - 000000000 ____D C:\ProgramData\CanonIJPLM
2023-07-01 06:41 - 2021-04-16 23:50 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-06-29 22:53 - 2022-05-07 07:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-06-29 19:58 - 2019-09-27 19:47 - 000000000 ____D C:\Users\info\AppData\LocalLow\Temp
2023-06-29 06:20 - 2019-08-07 14:14 - 000002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-06-27 22:01 - 2022-10-12 20:02 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-06-27 22:01 - 2022-10-12 20:02 - 000002063 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-06-24 07:37 - 2019-08-12 18:48 - 000000000 ____D C:\ProgramData\Packages
2023-06-16 07:05 - 2022-09-28 13:25 - 000302192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\WUModels
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\UUS
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-06-16 07:04 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-06-16 07:04 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\servicing
2023-06-14 08:46 - 2022-09-28 13:26 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-06-14 08:30 - 2021-02-09 20:30 - 000000000 ____D C:\Users\info\AppData\Local\MyASUS Update Messenger
2023-06-14 08:07 - 2019-08-11 12:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-06-14 08:05 - 2019-08-11 12:21 - 170078616 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-06-14 04:51 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-06-08 22:43 - 2020-10-23 15:05 - 000271544 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2023-06-08 22:43 - 2020-06-16 16:46 - 000556104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000943448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000703792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000392360 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000319552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000297872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000236440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000105240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000096464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000080408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000039640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000031408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2023-06-08 17:45 - 2019-08-07 12:27 - 000000000 ____D C:\Users\info\AppData\Local\Packages
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2023
Ran by info (07-07-2023 00:07:36)
Running from C:\Users\info\Desktop\FRST-OlderVersion
Microsoft Windows 11 Home Version 22H2 22621.1848 (X64) (2022-09-28 11:30:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2140152316-3761713159-350972558-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2140152316-3761713159-350972558-503 - Limited - Disabled)
Gast (S-1-5-21-2140152316-3761713159-350972558-501 - Limited - Disabled)
info (S-1-5-21-2140152316-3761713159-350972558-1001 - Administrator - Enabled) => C:\Users\info
WDAGUtilityAccount (S-1-5-21-2140152316-3761713159-350972558-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1043-1033-7760-BC15014EA700}) (Version: 23.003.20215 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.8.4 - ICEpower a/s)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.15.2 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.61.1.10 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.6.0.2 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.4.0 - Canon Inc.)
Canon TS3400 series Driver (HKLM\...\{1199FAD5-9546-44F3-81CF-FFDB8040B7BF}_Canon_TS3400_series) (Version: 1.02 - Canon Inc.)
Elevate 7.0.0-beta.5 (HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\6548da05-a4bc-57ed-8c01-06101fc8d1df) (Version: 7.0.0-beta.5 - Thomas Champagne)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.199 - Google LLC)
Intel® Serial IO (HKLM\...\{72759DFB-9080-46A5-ACCF-5BA26A6FF3FD}) (Version: 30.100.1727.1 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{88667F43-B63E-4046-AF02-35E5412B8FAF}) (Version: 16.5.1.1030 - Intel Corporation)
Malwarebytes version 4.5.32.271 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.32.271 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.67 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.67 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\OneDriveSetup.exe) (Version: 23.127.0618.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\Teams) (Version: 1.4.00.8872 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Paradox Launcher v2 (HKLM\...\{986898D9-7C26-4E7F-814C-9B5472FA3209}) (Version: 2.0.0.0 - Paradox Interactive)
Printerregistratie (HKLM-x32\...\Canon EISRegistration) (Version: 1.9.0 - Canon Inc.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
Windows Pc-statuscontrole (HKLM\...\{D1F16371-7951-41EB-A367-507D779F1E64}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows-stuurprogrammapakket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Zwift Activity Monitor 1.2.5 (HKLM-x32\...\Zwift Activity Monitor) (Version: 1.2.5 - Kevin Ruff p/b EnJoy Fitness)
Zwift version 1.1.6 (HKLM-x32\...\{E4DA422A-82AB-44A4-B3A5-0AF60F47B7AB}_is1) (Version: 1.1.6 - Zwift, LLC)
 
Packages:
=========
ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.2.4.0_x64__qmba6cd70vzyy [2022-09-29] (ASUSTeK COMPUTER INC.)
ASUS Keyboard Hotkeys -> C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy [2019-09-18] (ASUSTeK COMPUTER INC.) [Startup Task]
Audiotonic Pro -> C:\Program Files\WindowsApps\BluskySoftwareInc.AudiotonicPro_2.0.4.0_x86__61yk12x6sxn40 [2021-09-10] (Blusky Software Inc.)
AudioWizard -> C:\Program Files\WindowsApps\ICEpower.AudioWizard_1.5.28.0_x64__dxp88312j1fgj [2023-06-12] (ICEpower)
eManual -> C:\Program Files\WindowsApps\B9ECED6F.eManual_2.0.3.0_x86__qmba6cd70vzyy [2018-12-21] (ASUSTeK COMPUTER INC.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_146.3.1087.0_x64__v10z8vjag6ke6 [2023-06-21] (HP Inc.)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-04-01] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-06-10] (Apple Inc.) [Startup Task]
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.4.0_x64__w1wdnht996qgy [2023-06-24] (LinkedIn)
Media-engine-invoegtoepassing voor Foto's -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-01] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-03] (Microsoft Corp.)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.16501.20210.0_x86__8wekyb3d8bbwe [2023-06-30] (Microsoft Corporation)
ms-resource:AppDisplayName -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy [2023-06-14] (ASUSTeK COMPUTER INC.)
ms-resource:PkgDisplayName -> C:\Program Files\WindowsApps\64404Softuna.TotalDiskCleaner_2.1.10.0_x64__r1b4jsc7ddp3p [2023-06-20] (Total PC Cleaner)
ms-resource:System_Item_Title_IntelGraphicsControlPanel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-02] (INTEL CORP) [Startup Task]
MuseScore 3 -> C:\Program Files\WindowsApps\64051MuseScoreBVBA.MuseScoreNotationSoftware_3.3.4.0_x64__pz631wrhsw9tj [2020-01-22] (MuseScore BVBA)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-11-16] (Adobe Systems Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.172.0_x64__dt26b99r8h8gj [2019-08-12] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0 [2023-06-26] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2324.6.0_x64__cv1g1gvanyjgm [2023-07-03] (WhatsApp Inc.) [Startup Task]
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-06-27] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-06-27] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2140152316-3761713159-350972558-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\info\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2140152316-3761713159-350972558-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\info\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-2140152316-3761713159-350972558-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\info\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-06-13] () [File not signed] [File is in use]
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-29] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-06-13] () [File not signed] [File is in use]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-29] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\info\Desktop\tanja\Persoon 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\info\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2022-07-30 14:54 - 2019-12-05 16:17 - 000104448 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2022-07-30 14:54 - 2019-12-05 16:17 - 000009216 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_NLD.DLL
2021-06-30 15:38 - 2020-03-04 17:08 - 000123904 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJPLM\CNMPU.DLL
2018-06-13 06:01 - 2018-06-13 06:01 - 000125952 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\info\Desktop\revosetup.exe:MBAM.Zone.Identifier [141]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
2021-02-07 00:32 - 2021-02-07 00:37 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\info\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\MER02948.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "Focusrite Notifier"
HKLM\...\StartupApproved\Run32: => "Zwift"
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B19D1D19-2AF5-46CE-9650-675C49D45F4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe (Days of Wonder, Inc.) [File not signed]
FirewallRules: [{D2E10484-C3F2-4B94-ADFA-CBEABDD252D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe (Days of Wonder, Inc.) [File not signed]
FirewallRules: [{057C2CC6-259D-4D9A-81C5-E84DFC61737E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carcassonne The Official Board Game\Carcassonne.exe () [File not signed]
FirewallRules: [{9140BF03-E70F-4335-86C1-8F3D9458F96E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carcassonne The Official Board Game\Carcassonne.exe () [File not signed]
FirewallRules: [UDP Query User{355494F5-6EB0-4674-B0BE-26B76845D098}C:\program files (x86)\zwift\zwiftapp.exe] => (Allow) C:\program files (x86)\zwift\zwiftapp.exe (Zwift, Inc. -> )
FirewallRules: [TCP Query User{B7A35808-C55B-4559-9525-401AA0D8757D}C:\program files (x86)\zwift\zwiftapp.exe] => (Allow) C:\program files (x86)\zwift\zwiftapp.exe (Zwift, Inc. -> )
FirewallRules: [{8572A005-A524-4BA0-B168-CC33AED09624}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scythe Digital Edition\Scythe.exe () [File not signed]
FirewallRules: [{7FE449E0-815D-4E85-AB20-6F4324D2A5E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scythe Digital Edition\Scythe.exe () [File not signed]
FirewallRules: [UDP Query User{693EFBB5-FACE-441F-B77A-8A0CB015DEAB}C:\users\info\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\info\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6BA16B67-C888-49E3-9E5D-F53B909A0A64}C:\users\info\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\info\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1850A575-8881-433A-B13B-823F459EE9D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wingspan\Wingspan.exe (Unity Technologies ApS) [File not signed]
FirewallRules: [{1166B07A-301B-4591-B707-1701110FEA2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wingspan\Wingspan.exe (Unity Technologies ApS) [File not signed]
FirewallRules: [UDP Query User{4FD0DDE7-71AC-467D-8013-C027C8DB1EF7}C:\users\info\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\info\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3CCBFA1B-F909-43B5-A74B-303876364292}C:\users\info\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\info\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{66E45CC8-6D69-4B65-B269-AAFF7B717E88}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23CB10F3-4C1D-437F-BF8C-4478229F6CAF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D9F26FFC-7A26-4DB7-8919-723F1180F43C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1ADEEF01-A616-4651-85AF-924BA15D728D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E9A26FA7-FA22-4B00-A436-7EE59DBEC211}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D32E50BC-D28B-447A-9923-EB9046795962}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D6F0D809-38F0-4BE8-9251-C944DF978506}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B8BFC2A3-1F96-4A73-9340-160BD70ACD7E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5FA50336-0910-4BC1-A4C3-68229F564BA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{E35E223D-54A4-4302-8C53-A73304FD53A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{11FA1CAA-D45F-4EEE-862B-6D8486EAD29B}C:\program files (x86)\zwift\zwiftapp.exe] => (Allow) C:\program files (x86)\zwift\zwiftapp.exe (Zwift, Inc. -> )
FirewallRules: [UDP Query User{A8AB8CBF-BCA2-43FD-B306-BBDBB6CB459B}C:\program files (x86)\zwift\zwiftapp.exe] => (Allow) C:\program files (x86)\zwift\zwiftapp.exe (Zwift, Inc. -> )
FirewallRules: [{5D5B44B6-EED9-4FE8-A410-BE37F6C3257D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Bowl 3\BB3.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{6E76A8AC-6449-4828-AF91-EAFD15C6A3B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Bowl 3\BB3.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{064DDDD9-640C-4D91-88F8-1299BD6DA804}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B056385D-A065-480E-A3EB-481D7D351F89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0F7E2278-F57C-4007-ABB8-B734AF21602E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{6C555034-6DA4-4699-B190-1CDF328BA59F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{154D2EC3-110F-4556-A49E-CE4CCDF2AF9A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B48A9AC2-AA62-4301-AC57-DC28E0F05D9B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0CBCC94E-8CA8-4909-A49C-FD59846BFC2B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{D5B59D6A-80BC-4334-80F7-2564AB0C3E22}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{9FECAD59-570B-4E08-87B7-33C74D4399FD}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{6ADE9A78-19F6-473D-88E0-7C8218CD54DB}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{60EDD709-1DC5-461A-9BB6-98680D4F7873}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{48F37BE0-DFEC-4805-AD6D-2C7A2281A8FD}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{824740D6-FC9F-41A5-AF71-464D06F0B418}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E62BA368-2D55-4EBE-B16D-F904C8AFA45B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FABC4701-DD29-4F21-945E-91BDF9D5B9D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8AF28E44-8BAB-478D-9B0A-9043CB029876}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2E322E3C-5A21-409F-AD77-AC87E9021E77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B48B7E43-952F-46EE-9840-46C0100E6DF2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3FCC5914-9F5B-4756-A468-80AF88204551}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7EB3904F-BB21-49C5-BEFE-E750AFAFF1C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2BFCD96D-D10E-4263-885F-C56717CA6B41}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6B3F178B-F7BB-4E72-A7D5-091CABC32725}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.214.1149.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F9755E66-1277-4034-91C7-BA4CC61BBF5F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16501.20210.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{26C216A5-7A95-4C03-A668-EA7D99121388}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.304.2165.4533_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FAC23CFA-5E02-4724-9A82-9CAFAAE29C14}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23119.304.2165.4533_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68567F2B-13B4-423B-93AD-1F398201D193}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{966D750D-9D71-4243-B792-81F649544B2D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2473CEA4-DF88-4962-90C4-505830223B6A}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{D9D59208-C9EF-458B-AEAB-5602DDAB1182}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{2BFA5916-9674-4FEA-8181-E9F6042A695B}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
 
==================== Restore Points =========================
 
03-07-2023 14:08:55 AdwCleaner_BeforeCleaning_03/07/2023_14:08:55
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/07/2023 12:03:14 AM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-QBAAO188)
Description: Naam van toepassing met fout: backgroundTaskHost.exe, versie: 10.0.22621.1, tijdstempel: 0x004687c2
Naam van module met fout: twinapi.appcore.dll, versie: 10.0.22621.1778, tijdstempel: 0x8a05c015
Uitzonderingscode: 0xc000027b
Foutmarge: 0x00000000000c07f3
Id van proces met fout: 0x0x2bf8
Starttijd van toepassing met fout: 0x0x1d9b055a46f2010
Pad naar toepassing met fout: C:\WINDOWS\system32\backgroundTaskHost.exe
Pad naar module met fout: C:\Windows\System32\twinapi.appcore.dll
Rapport-id: 2812cab9-34c7-4514-8f83-a19361834682
Volledige pakketnaam met fout: Microsoft.YourPhone_1.23052.121.0_x64__8wekyb3d8bbwe
Relatieve toepassings-id van pakket met fout: App
 
Error: (07/07/2023 12:02:33 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informatie voor de Volume Shadow Copy-service: de COM-server met CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} en de naam CEventSystem kan niet worden gestart. [0x8007045b, Systeem wordt afgesloten.
]
 
Error: (07/06/2023 11:47:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine QueryFullProcessImageNameW.  hr = 0x80070006, De ingang is ongeldig.
.
 
 
Bewerking:
   Asynchrone bewerking uitvoeren
 
Context:
   Huidige status: DoSnapshotSet
 
Error: (07/06/2023 11:46:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {a9186580-5257-436d-aa82-c0dea8459c80}
 
Error: (07/01/2023 12:46:21 AM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-QBAAO188)
Description: Naam van toepassing met fout: Acrobat.exe, versie: 23.3.20215.0, tijdstempel: 0x648a1657
Naam van module met fout: ntdll.dll, versie: 10.0.22621.1848, tijdstempel: 0x48d14984
Uitzonderingscode: 0xc0000374
Foutmarge: 0x000000000010be19
Id van proces met fout: 0x0x3d44
Starttijd van toepassing met fout: 0x0x1d9aba4b022d82d
Pad naar toepassing met fout: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Pad naar module met fout: C:\WINDOWS\SYSTEM32\ntdll.dll
Rapport-id: 4b342621-b9fc-40f9-8fd6-c27c49a4fee3
Volledige pakketnaam met fout: 
Relatieve toepassings-id van pakket met fout:
 
Error: (06/29/2023 07:53:41 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine QueryFullProcessImageNameW.  hr = 0x8007001f, Een apparaat dat op het systeem is aangesloten, werkt niet.
.
 
 
Bewerking:
   Asynchrone bewerking uitvoeren
 
Context:
   Huidige status: DoSnapshotSet
 
Error: (06/29/2023 07:53:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {dc7e264b-13b8-4108-a366-d2334a061c86}
 
Error: (06/26/2023 02:50:34 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: Programma WidgetService.exe versie 0.0.0.0 communiceert niet meer met Windows en is gesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar is, controleert u de probleemgeschiedenis in het configuratiescherm van Beveiliging en onderhoud.
 
 
System errors:
=============
Error: (07/07/2023 12:05:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Microsoft Defender Antivirus Service-service is gestopt met de volgende foutcode: 
Algemene toegangsfout
.
 
Error: (07/06/2023 11:45:06 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QBAAO188)
Description: De server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (07/06/2023 06:34:59 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QBAAO188)
Description: De server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (07/05/2023 10:33:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x80073d02: 9NKSQGP7F2NH-5319275A.WhatsAppDesktop.
 
Error: (07/05/2023 12:16:38 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QBAAO188)
Description: De server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (07/03/2023 02:13:04 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QBAAO188)
Description: De server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (07/03/2023 02:09:14 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QBAAO188)
Description: De server Microsoft.AAD.BrokerPlugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (07/03/2023 02:09:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De Intel® Audio Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
 
CodeIntegrity:
===============
Date: 2023-07-07 00:06:08
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e9b40d45ab4dc6b8\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements. 
 
Date: 2023-07-06 23:51:48
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. 
 
Date: 2023-07-06 23:43:35
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. X430FA.308 05/28/2019
Motherboard: ASUSTeK COMPUTER INC. X430FA
Processor: Intel® Core™ i5-8265U CPU @ 1.60GHz
Percentage of memory in use: 66%
Total physical RAM: 8043.61 MB
Available physical RAM: 2710.55 MB
Total Virtual: 9579.61 MB
Available Virtual: 4078.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:237.42 GB) (Free:57.8 GB) (Model: INTEL SSDSCKKW256G8) NTFS
 
\\?\Volume{54e95cf9-9493-4202-8beb-a6fc7d552267}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.16 GB) NTFS
\\?\Volume{f0180894-28fc-4771-89f4-efa7f35c2201}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 9929D3AC)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#20
DR M
Posted 07 July 2023 - 10:15 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,430 posts

I'm surprised with the AVG stuff still in the system. I doubt you ran the Revo Uninstaller following exactly my instructions.
 
Let's see what we can do now.
 
1. Remove Chrome extensions

  • Open Chrome.
  • At the top right choose More (the three vertical dots) > More Tools > Extensions
  • Find AVG SafePrice, and remove it, clicking on Remove.
  • Confirm the action by clicking Remove once again.

Do the above for the 2 profiles you have in Chrome: Profile 1 and Profile 2.
 
 
2. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [256952 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {73C8F0B6-F299-4271-82F2-2770A9FB54B6} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2172344 2023-04-13] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {771370F6-1948-4F56-88E1-B595220D33F7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4922296 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [619448 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8851384 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-05-31] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [31408 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [236440 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [392360 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [297872 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [96464 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [25064 2022-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [39640 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [271544 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [556104 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [105240 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [80408 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [943448 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [703792 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [212672 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [319552 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
2023-06-30 06:22 - 2023-07-06 07:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2023-06-08 22:43 - 2023-06-08 22:43 - 000313272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2023-07-07 00:02 - 2019-08-11 12:46 - 000000000 ____D C:\ProgramData\AVG
2023-06-08 22:43 - 2020-10-23 15:05 - 000271544 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2023-06-08 22:43 - 2020-06-16 16:46 - 000556104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000943448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000703792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000392360 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000319552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000297872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000236440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000105240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000096464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000080408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000039640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000031408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
C:\WINDOWS\System32\drivers\avgStm.sys 
C:\WINDOWS\System32\drivers\avgElam.sys
C:\Program Files\AVG
C:\Program Files\Common Files\AVG
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
CustomCLSID: HKU\S-1-5-21-2140152316-3761713159-350972558-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\info\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

In your next reply please post:

  1. If removing the extensions ran smoothly
  2. The fixlog.txt

  • 0

#21
DR M
Posted 10 July 2023 - 09:59 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,430 posts

Dave,

 

Three days passed since my last reply. Please let me know if you still need my assistance, otherwise I'll close the topic again.


  • 0

#22
daveBB
Posted 10 July 2023 - 03:51 PM

daveBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Sorry, was away from the weekend and planned to post that here but forgot due to unexpected stuff popping up.

 

The extensions were removed quite smoothly.

 

fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-07-2023
Ran by info (10-07-2023 23:46:04) Run:3
Running from C:\Users\info\Desktop\FRST-OlderVersion
Loaded Profiles: info
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [256952 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {73C8F0B6-F299-4271-82F2-2770A9FB54B6} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2172344 2023-04-13] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {771370F6-1948-4F56-88E1-B595220D33F7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4922296 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [619448 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8851384 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-05-31] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [31408 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [236440 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [392360 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [297872 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [96464 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [25064 2022-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [39640 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [271544 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [556104 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [105240 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [80408 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [943448 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [703792 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [212672 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [319552 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
2023-06-30 06:22 - 2023-07-06 07:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2023-06-08 22:43 - 2023-06-08 22:43 - 000313272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2023-07-07 00:02 - 2019-08-11 12:46 - 000000000 ____D C:\ProgramData\AVG
2023-06-08 22:43 - 2020-10-23 15:05 - 000271544 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2023-06-08 22:43 - 2020-06-16 16:46 - 000556104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000943448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000703792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000392360 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000319552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000297872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000236440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000105240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000096464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000080408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000039640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000031408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
C:\WINDOWS\System32\drivers\avgStm.sys 
C:\WINDOWS\System32\drivers\avgElam.sys
C:\Program Files\AVG
C:\Program Files\Common Files\AVG
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
CustomCLSID: HKU\S-1-5-21-2140152316-3761713159-350972558-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\info\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
EmptyTemp:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AVGUI.exe => Error = 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{73C8F0B6-F299-4271-82F2-2770A9FB54B6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73C8F0B6-F299-4271-82F2-2770A9FB54B6}" => removed successfully
C:\WINDOWS\System32\Tasks\AVG\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\Overseer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{771370F6-1948-4F56-88E1-B595220D33F7}" => not found
C:\WINDOWS\System32\Tasks\Antivirus Emergency Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Antivirus Emergency Update" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn => removed successfully
AVG Antivirus => Unable to stop service.
HKLM\System\CurrentControlSet\Services\AVG Antivirus => could not remove, key could be protected
avgbIDSAgent => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgbIDSAgent => could not remove, key could be protected
AvgWscReporter => Unable to stop service.
HKLM\System\CurrentControlSet\Services\AvgWscReporter => could not remove, key could be protected
avgArDisk => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgArDisk => removed successfully
avgArDisk => service removed successfully
HKLM\System\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}\\UpperFilters avgArDisk => value removed successfully
avgArPot => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgArPot => could not remove, key could be protected
avgbidsdriver => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgbidsdriver => could not remove, key could be protected
avgbidsh => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgbidsh => could not remove, key could be protected
avgbuniv => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgbuniv => could not remove, key could be protected
avgElam => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgElam => could not remove, key could be protected
avgKbd => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgKbd => removed successfully
avgKbd => service removed successfully
HKLM\System\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}\\UpperFilters avgKbd => value removed successfully
avgMonFlt => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgMonFlt => could not remove, key could be protected
avgNetHub => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgNetHub => could not remove, key could be protected
avgRdr => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgRdr => could not remove, key could be protected
avgRvrt => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\avgRvrt => could not remove, key could be protected
avgSnx => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgSnx => could not remove, key could be protected
avgSP => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgSP => could not remove, key could be protected
avgStm => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgStm => could not remove, key could be protected
avgVmm => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgVmm => could not remove, key could be protected
C:\WINDOWS\system32\Tasks\AVAST Software => moved successfully
Could not move "C:\WINDOWS\system32\avgBoot.exe" => Scheduled to move on reboot.
 
"C:\ProgramData\AVG" folder move:
 
Could not move "C:\ProgramData\AVG" => Scheduled to move on reboot.
 
Could not move "C:\WINDOWS\system32\Drivers\avgMonFlt.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgNetHub.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgSnx.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgSP.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgbidsdriver.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgVmm.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgbidsh.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgArPot.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgRdr2.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgbuniv.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgRvrt.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgKbd.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgArDisk.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\System32\drivers\avgStm.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\System32\drivers\avgElam.sys" => Scheduled to move on reboot.
 
"C:\Program Files\AVG" folder move:
 
Could not move "C:\Program Files\AVG" => Scheduled to move on reboot.
 
 
"C:\Program Files\Common Files\AVG" folder move:
 
Could not move "C:\Program Files\Common Files\AVG" => Scheduled to move on reboot.
 
"AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}" => removed successfully
"AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}" => removed successfully
HKU\S-1-5-21-2140152316-3761713159-350972558-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24} => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => could not remove, key could be protected
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => could not remove, key could be protected
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10556881 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 263067 B
Edge => 0 B
Chrome => 592224945 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 18784 B
NetworkService => 22060 B
info => 192330179 B
 
RecycleBin => 127915925 B
EmptyTemp: => 880.6 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-07-2023 23:48:28)
 
C:\WINDOWS\system32\avgBoot.exe => Could not move
C:\ProgramData\AVG => Could not move
C:\WINDOWS\system32\Drivers\avgMonFlt.sys => Could not move
C:\WINDOWS\system32\Drivers\avgNetHub.sys => Could not move
C:\WINDOWS\system32\Drivers\avgSnx.sys => Could not move
C:\WINDOWS\system32\Drivers\avgSP.sys => Could not move
C:\WINDOWS\system32\Drivers\avgbidsdriver.sys => Could not move
C:\WINDOWS\system32\Drivers\avgVmm.sys => Could not move
C:\WINDOWS\system32\Drivers\avgbidsh.sys => Could not move
C:\WINDOWS\system32\Drivers\avgArPot.sys => Could not move
C:\WINDOWS\system32\Drivers\avgRdr2.sys => Could not move
C:\WINDOWS\system32\Drivers\avgbuniv.sys => Could not move
C:\WINDOWS\system32\Drivers\avgRvrt.sys => Could not move
C:\WINDOWS\system32\Drivers\avgKbd.sys => Could not move
C:\WINDOWS\system32\Drivers\avgArDisk.sys => Could not move
C:\WINDOWS\System32\drivers\avgStm.sys => Could not move
C:\WINDOWS\System32\drivers\avgElam.sys => Could not move
C:\Program Files\AVG => Is moved successfully
C:\Program Files\Common Files\AVG => Is moved successfully
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\AVG Antivirus => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbIDSAgent => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\AvgWscReporter => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgArPot => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbidsdriver => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbidsh => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbuniv => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgElam => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgMonFlt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgNetHub => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgRdr => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgRvrt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgSnx => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgSP => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgStm => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgVmm => could not remove, key could be protected
HKLM\Software\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => could not remove, key could be protected
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => could not remove, key could be protected
 
==== End of Fixlog 23:48:31 ====

  • 0

#23
DR M
Posted 11 July 2023 - 05:30 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,430 posts

Hi, Dave. No need to apologize. But have in mind that we solve an issue more effectively when there is a frequent communication. I reply as soon as I have your reply, so it would be beneficial if you checked the topic in a daily base, if it's possible.  :)

 

The fix didn't run properly, at least for most of the included items. We need to run it again in Safe mode.

 

To start with Safe mode: See here for Windows 10 and From Settings

 

After you sign in with Safe mode, run the fix above again. When it finishes, let the system restart in normal mode and post the fixlog.txt here again. 


  • 0

#24
daveBB
Posted 12 July 2023 - 01:38 AM

daveBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

it was a bit of a puzzle to get to the script in safe mode but I think I worked out a good way

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-07-2023
Ran by info (12-07-2023 09:32:53) Run:4
Running from C:\Users\info\Desktop\FRST-OlderVersion
Loaded Profiles: info
Boot Mode: Safe Mode (minimal)
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [256952 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {73C8F0B6-F299-4271-82F2-2770A9FB54B6} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2172344 2023-04-13] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {771370F6-1948-4F56-88E1-B595220D33F7} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4922296 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [619448 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8851384 2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [109480 2021-05-31] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [31408 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [236440 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [392360 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [297872 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [96464 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [25064 2022-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [39640 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [271544 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [556104 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [105240 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [80408 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [943448 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [703792 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [212672 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [319552 2023-06-08] (Microsoft Windows Hardware Compatibility Publisher -> AVG Technologies CZ, s.r.o.)
2023-06-30 06:22 - 2023-07-06 07:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2023-06-08 22:43 - 2023-06-08 22:43 - 000313272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2023-07-07 00:02 - 2019-08-11 12:46 - 000000000 ____D C:\ProgramData\AVG
2023-06-08 22:43 - 2020-10-23 15:05 - 000271544 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2023-06-08 22:43 - 2020-06-16 16:46 - 000556104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000943448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000703792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000392360 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000319552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000297872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000236440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000105240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000096464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000080408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000039640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2023-06-08 22:43 - 2019-08-11 12:48 - 000031408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
C:\WINDOWS\System32\drivers\avgStm.sys 
C:\WINDOWS\System32\drivers\avgElam.sys
C:\Program Files\AVG
C:\Program Files\Common Files\AVG
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
CustomCLSID: HKU\S-1-5-21-2140152316-3761713159-350972558-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\info\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20091.2\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2023-06-08] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
EmptyTemp:
End::
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AVGUI.exe => Error = 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => not found
HKLM\SOFTWARE\Policies\Mozilla => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73C8F0B6-F299-4271-82F2-2770A9FB54B6}" => not found
"C:\WINDOWS\System32\Tasks\AVG\Overseer" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG\Overseer" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{771370F6-1948-4F56-88E1-B595220D33F7}" => not found
"C:\WINDOWS\System32\Tasks\Antivirus Emergency Update" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Antivirus Emergency Update" => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn => not found
HKLM\System\CurrentControlSet\Services\AVG Antivirus => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbIDSAgent => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\AvgWscReporter => could not remove, key could be protected
avgArDisk => service not found.
HKLM\System\CurrentControlSet\Services\avgArPot => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbidsdriver => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbidsh => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbuniv => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgElam => could not remove, key could be protected
avgKbd => service not found.
HKLM\System\CurrentControlSet\Services\avgMonFlt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgNetHub => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgRdr => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgRvrt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgSnx => could not remove, key could be protected
avgSP => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgSP => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgStm => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgVmm => could not remove, key could be protected
"C:\WINDOWS\system32\Tasks\AVAST Software" => not found
Could not move "C:\WINDOWS\system32\avgBoot.exe" => Scheduled to move on reboot.
 
"C:\ProgramData\AVG" folder move:
 
Could not move "C:\ProgramData\AVG" => Scheduled to move on reboot.
 
Could not move "C:\WINDOWS\system32\Drivers\avgMonFlt.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgNetHub.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgSnx.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgSP.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgbidsdriver.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgVmm.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgbidsh.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgArPot.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgRdr2.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgbuniv.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgRvrt.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgKbd.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\system32\Drivers\avgArDisk.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\System32\drivers\avgStm.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\System32\drivers\avgElam.sys" => Scheduled to move on reboot.
"C:\Program Files\AVG" => not found
"C:\Program Files\Common Files\AVG" => not found
"AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}" => not found
"AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}" => not found
HKU\S-1-5-21-2140152316-3761713159-350972558-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => not found
HKLM\Software\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => not found
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => could not remove, key could be protected
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => could not remove, key could be protected
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8422359 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 744604 B
Edge => 0 B
Chrome => 196707202 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7596 B
NetworkService => 15112 B
info => 174132619 B
 
RecycleBin => 0 B
EmptyTemp: => 363.7 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-07-2023 09:36:53)
 
C:\WINDOWS\system32\avgBoot.exe => Could not move
C:\ProgramData\AVG => Could not move
C:\WINDOWS\system32\Drivers\avgMonFlt.sys => Could not move
C:\WINDOWS\system32\Drivers\avgNetHub.sys => Could not move
C:\WINDOWS\system32\Drivers\avgSnx.sys => Could not move
C:\WINDOWS\system32\Drivers\avgSP.sys => Could not move
C:\WINDOWS\system32\Drivers\avgbidsdriver.sys => Could not move
C:\WINDOWS\system32\Drivers\avgVmm.sys => Could not move
C:\WINDOWS\system32\Drivers\avgbidsh.sys => Could not move
C:\WINDOWS\system32\Drivers\avgArPot.sys => Could not move
C:\WINDOWS\system32\Drivers\avgRdr2.sys => Could not move
C:\WINDOWS\system32\Drivers\avgbuniv.sys => Could not move
C:\WINDOWS\system32\Drivers\avgRvrt.sys => Could not move
C:\WINDOWS\system32\Drivers\avgKbd.sys => Could not move
C:\WINDOWS\system32\Drivers\avgArDisk.sys => Could not move
C:\WINDOWS\System32\drivers\avgStm.sys => Could not move
C:\WINDOWS\System32\drivers\avgElam.sys => Could not move
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\AVG Antivirus => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbIDSAgent => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\AvgWscReporter => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgArPot => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbidsdriver => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbidsh => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgbuniv => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgElam => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgMonFlt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgNetHub => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgRdr => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgRvrt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgSnx => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgSP => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgStm => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\avgVmm => could not remove, key could be protected
HKLM\Software\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => could not remove, key could be protected
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => could not remove, key could be protected
 
==== End of Fixlog 09:36:55 ====

  • 0

#25
DR M
Posted 13 July 2023 - 10:29 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,430 posts

AVG is not removed.

 

We will try this: Install AVG again. Then follow exactly my instructions to remove it.

 

1. Install AVG Free Antivirus: Free Antivirus Download for PC | AVG Virus Protection Software

 

2. Remove AVG Antivirus: Follow exactly the instructions here, to download and run the AVG Removal Tool, to uninstall the product. 

 

Let me know if you encountered any issue during the procedure. 


  • 0

Advertisements

#26
daveBB
Posted 15 July 2023 - 10:58 PM

daveBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

Got there quite smoothly. Also got a present called 'AVG Secure Browser' but for the rest AVG seems to be gone.

Will remove the browser now and then run a fixlog??


  • 0

#27
DR M
Posted 16 July 2023 - 01:56 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,430 posts

Hi, Dave.

 

Use the AVG Removal Tool to uninstall the AVG Secure Browser. Let me know if all went well.

 

After that, no, do not run the fix. 

 

I'll wait for your reply before I tell you what is next. 


  • 0

#28
daveBB
Posted 18 July 2023 - 07:59 AM

daveBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts

The removal tool doesn't really start ór has quietly deleted the secure browser. It starts loading and then .. nothing.

 

I cannot find the secure browser in the app-list so I assume it is gone.


  • 0

#29
DR M
Posted 18 July 2023 - 08:05 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,430 posts

Please give me fresh FRST logs to check, Addition and FRST. We are going to check what is deleted and what not. 


  • 0

#30
daveBB
Posted 18 July 2023 - 11:03 AM

daveBB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 63 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2023
Ran by info (administrator) on LAPTOP-QBAAO188 (ASUSTeK COMPUTER INC. VivoBook_ASUSLaptop X430FA_S430FA) (18-07-2023 18:56:43)
Running from C:\Users\info\Desktop\FRST-OlderVersion\FRST64english.exe
Loaded Profiles: info
Platform: Microsoft Windows 11 Home Version 22H2 22621.1992 (X64) Language: Nederlands (Nederland)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\ATKOSD2.exe
(C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe ->) (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBox.Agent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16529.20182.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.16529.20182.0_x86__8wekyb3d8bbwe\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ai.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.86\msedgewebview2.exe <12>
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSoftwareManager\AsusSoftwareManager.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe
(DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe ->) (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsMonStartupTask64.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxEM.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16529.20182.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.EXE
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.272\GoogleCrashHandler64.exe
(Intel\DPTF\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\info\AppData\Local\Microsoft\OneDrive\23.137.0702.0001\Microsoft.SharePoint.exe
(SearchIndexer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkRemote\AsusLinkRemote.exe
(services.exe ->) (ASUSTek Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\AsusAppService\AsusAppService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkNear\AsusLinkNear.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\AsusOptimization\AsusOptimization.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSoftwareManager\AsusSoftwareManager.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSwitch\AsusSwitch.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemAnalysis\AsusSystemAnalysis.exe
(services.exe ->) (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe
(services.exe ->) (ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELANFPService.exe
(services.exe ->) (ICEpower a/s -> ICEpower A/S) C:\Windows\System32\DriverStore\FileRepository\icesoundapo64.inf_amd64_db704b106aae3892\ICEsoundService64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxCUIService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e9b40d45ab4dc6b8\IntelCpHDCPSvc.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e9b40d45ab4dc6b8\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_a2fcfdfc3497e17c\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Intel) C:\Windows\System32\cAVS\Intel® Audio Service\IntelAudioService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(sihost.exe ->) (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTek Computer Inc.) C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy\ATK Package\HControl.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(svchost.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b8e01d9e8716d2a7\igfxext.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Zwift] => C:\Program Files (x86)\Zwift\ZwiftLauncher.exe [18038304 2023-03-16] (Zwift, Inc. -> Zwift, Inc)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [278440 2019-12-05] (Canon Inc. -> CANON INC.)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.86\Installer\setup.exe [4065176 2023-07-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\info\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\info\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\RunOnce: [Uninstall 23.132.0625.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\info\AppData\Local\Microsoft\OneDrive\23.132.0625.0001"
HKLM\...\Windows x64\Print Processors\Canon TS3400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDGF.DLL [525824 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS3400 series: C:\WINDOWS\system32\CNMLMGF.DLL [962560 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.199\Installer\chrmstp.exe [2023-06-29] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {718718D2-81F4-48A7-9859-9E6A67C16090} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {D3B258C6-249C-4409-98C6-870BCC20D4F8} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe  (No File)
Task: {6312717F-E59E-4D54-B496-CE8175085E23} - System32\Tasks\ASUS Update Checker 2.0 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSoftwareManager\AsusUpdateChecker.exe [797832 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {F677D99A-6D44-43AD-9E94-28D5FB5337F7} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3860576 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {FBE9C792-71B0-4E4F-AD1C-90853357C53D} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHotkeyExec64.exe [176064 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {27B487FE-B698-49B8-AC1A-CA49D46D9662} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe  /from_scheduler:1 (No File)
Task: {1A75CD0A-6F99-4012-8144-016738526CF6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-07] (Google Inc -> Google LLC)
Task: {22D0360A-F612-456A-852D-853E1D46E5A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-07] (Google Inc -> Google LLC)
Task: {D077B71C-44E7-40A0-81BD-F7EAFCBC9DA8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-07-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D67311BB-7871-4EAE-96D6-BF3086AEDA55} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-07-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3D868ED0-0360-4C02-8F42-844B841E6D9E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-07-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4DC4C1AA-CC40-4B04-BA70-0A98CE9D826F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe [1650040 2023-07-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {10BF01BC-42BA-401E-AC23-45DE3FE39E61} - System32\Tasks\RtkAudUService64_BG => C:\Windows\system32\RtkAudUService64.exe [874184 2020-12-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35fe1c02-7b75-4a5a-9d5d-ca0f7b63d258}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ae8c850e-d435-4025-b5d4-a77d43bf0440}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e74f76e7-cafb-4d86-8bd0-43fc384d236e}: [DhcpNameServer] 40.53.1.12
 
Edge: 
=======
DownloadDir: C:\Users\info\Downloads
Edge Profile: C:\Users\info\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-09]
Edge DownloadDir: Default -> C:\Users\info\Downloads
 
FireFox:
========
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-07-03] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-06-29]
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-07-18]
CHR Notifications: Profile 1 -> hxxps://calendar.google.com; hxxps://www.letour.fr; hxxps://yaktribe.games; hxxps://zwiftinsider.com
CHR Extension: (Adblock Plus - gratis adblocker) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-07-14]
CHR Extension: (Elevate for Strava) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhiaggccakkgdfcadnklkbljcgicpckn [2022-05-26]
CHR Extension: (Offline Documenten) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-18]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-13]
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 2 [2023-07-10]
CHR Extension: (Offline Documenten) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-16]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-04-16]
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\System Profile [2023-06-29]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 AsHidService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe [173504 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 ASLDRService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe [227776 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 AsusAppService; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\AsusAppService\AsusAppService.exe [1174672 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSLinkNear; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkNear\AsusLinkNear.exe [1637472 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkRemote\AsusLinkRemote.exe [783968 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
R2 ASUSLiveUpdateAgent; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSoftwareManager\AsusSoftwareManager.exe [1125520 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSOptimization; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\AsusOptimization\AsusOptimization.exe [206472 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSwitch; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSwitch\AsusSwitch.exe [641168 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemAnalysis\AsusSystemAnalysis.exe [3860576 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [526256 2023-05-17] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)
R2 GiftBox.Service; C:\Program Files (x86)\ASUS\ASUS GiftBox Service\GiftBoxService.exe [299320 2019-04-09] (ASUSTek Computer Inc. -> ASUSTeK Computer Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [445432 2021-04-19] (Canon Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9266864 2023-06-29] (Malwarebytes Inc. -> Malwarebytes)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\NisSrv.exe [3232576 2023-07-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MsMpEng.exe [133592 2023-07-11] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AsusPTPDrv; C:\WINDOWS\System32\DriverStore\FileRepository\asusptpfilter.inf_amd64_314b5cb6bf57f471\AsusPTPFilter.sys [116712 2021-12-02] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R3 AsusSAIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSystemAnalysis\AsusSAIO.sys [46736 2023-05-17] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\atkwmiacpi64.sys [36368 2019-03-04] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-24] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
R3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [44480 2019-10-10] (Akeo Consulting -> hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-06-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2023-07-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-07-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99568 2023-07-11] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-07-18 15:53 - 2023-07-18 15:53 - 006246384 _____ C:\Users\info\Downloads\avg_secure_browser_uninstall.exe
2023-07-16 06:59 - 2023-07-16 06:59 - 000804920 _____ C:\WINDOWS\system32\perfh013.dat
2023-07-16 06:59 - 2023-07-16 06:59 - 000160452 _____ C:\WINDOWS\system32\perfc013.dat
2023-07-16 06:53 - 2023-07-16 06:52 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe
2023-07-16 06:49 - 2023-07-16 06:49 - 015285296 _____ (AVG Technologies CZ, s.r.o.) C:\Users\info\Downloads\avgclear.exe
2023-07-16 06:47 - 2023-07-16 06:48 - 000003992 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2023-07-16 06:44 - 2023-07-16 06:44 - 000888600 _____ (Google LLC) C:\Users\Public\Documents\gcapi.dll
2023-07-16 06:44 - 2023-07-16 06:44 - 000234936 _____ (AVG Technologies CZ, s.r.o.) C:\Users\info\Downloads\avg_antivirus_free_setup.exe
2023-07-12 10:19 - 2023-07-12 10:19 - 000120613 _____ C:\Users\info\Downloads\GRNCRD.pdf
2023-07-12 10:18 - 2023-07-12 10:18 - 001106565 _____ C:\Users\info\Downloads\POLSCH.pdf
2023-07-12 10:18 - 2023-07-12 10:18 - 000135742 _____ C:\Users\info\Downloads\Informatieblad.pdf
2023-07-12 10:18 - 2023-07-12 10:18 - 000090723 _____ C:\Users\info\Downloads\renewal.pdf
2023-07-12 09:32 - 2023-07-12 09:36 - 000280224 _____ C:\WINDOWS\ntbtlog.txt
2023-07-12 09:15 - 2023-07-16 06:52 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2023-07-12 09:15 - 2023-07-12 09:15 - 000000000 ____D C:\WINDOWS\pss
2023-07-07 19:28 - 2023-07-07 19:28 - 000021725 _____ C:\Users\info\Downloads\Stager Tickets - Stichting Ruis - Order Nr 8365386.pdf
2023-07-06 23:44 - 2023-07-06 23:44 - 000001081 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2023-07-06 23:44 - 2023-07-06 23:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2023-07-06 23:44 - 2023-07-06 23:44 - 000000000 ____D C:\Program Files\VS Revo Group
2023-07-06 23:43 - 2023-07-06 23:44 - 006970144 _____ (VS Revo Group ) C:\Users\info\Desktop\revosetup.exe
2023-07-03 13:53 - 2023-07-03 13:53 - 000021050 _____ C:\Users\info\Downloads\3908674781859.pdf
2023-07-03 13:50 - 2023-07-03 13:50 - 000160026 _____ C:\Users\info\Downloads\Zakelijke-factuur-NL21INGB0007719775-20230401-20230430.pdf
2023-07-03 13:50 - 2023-07-03 13:50 - 000158449 _____ C:\Users\info\Downloads\Zakelijke-factuur-NL21INGB0007719775-20230501-20230531.pdf
2023-07-03 13:50 - 2023-07-03 13:50 - 000158414 _____ C:\Users\info\Downloads\Zakelijke-factuur-NL21INGB0007719775-20230301-20230331.pdf
2023-07-03 13:45 - 2023-07-03 13:45 - 000018363 _____ C:\Users\info\Downloads\T-Mobile Thuis Factuur - TMT1032353924 - DEFAULT.pdf
2023-07-03 13:45 - 2023-07-03 13:45 - 000018350 _____ C:\Users\info\Downloads\T-Mobile Thuis Factuur - TMT1030944048 - DEFAULT.pdf
2023-07-03 13:44 - 2023-07-03 13:44 - 000018367 _____ C:\Users\info\Downloads\T-Mobile Thuis Factuur - TMT1031641830 - DEFAULT.pdf
2023-07-03 13:41 - 2023-07-03 13:41 - 000025408 _____ C:\Users\info\Downloads\Tele2_Factuur_0623474211_20230518.pdf
2023-07-03 13:41 - 2023-07-03 13:41 - 000025408 _____ C:\Users\info\Downloads\Tele2_Factuur_0623474211_20230518 (1).pdf
2023-07-03 13:41 - 2023-07-03 13:41 - 000023656 _____ C:\Users\info\Downloads\Tele2_Factuur_0623474211_20230418.pdf
2023-07-03 13:40 - 2023-07-03 13:40 - 000023716 _____ C:\Users\info\Downloads\Tele2_Factuur_0623474211_20230620.pdf
2023-06-29 22:53 - 2023-07-18 07:30 - 000000000 ____D C:\Users\info\AppData\Local\Malwarebytes
2023-06-29 22:53 - 2023-06-29 22:53 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-06-29 22:53 - 2023-06-29 22:53 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-06-29 22:53 - 2023-06-29 22:53 - 000000000 ____D C:\Users\info\AppData\Local\mbam
2023-06-29 22:52 - 2023-06-29 22:52 - 002649072 _____ (Malwarebytes) C:\Users\info\Downloads\MBSetup.exe
2023-06-29 22:52 - 2023-06-29 22:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-06-29 22:52 - 2023-06-29 22:52 - 000000000 ____D C:\Program Files\Malwarebytes
2023-06-29 22:36 - 2023-07-03 14:09 - 000000000 ____D C:\AdwCleaner
2023-06-29 22:31 - 2023-06-29 22:31 - 008791352 _____ (Malwarebytes) C:\Users\info\Downloads\AdwCleaner.exe
2023-06-27 20:02 - 2023-06-27 20:02 - 000737096 _____ C:\Users\info\Desktop\20230626 email1.pdf
2023-06-27 20:01 - 2023-06-27 20:02 - 000842946 _____ C:\Users\info\Desktop\20230626 email2.pdf
2023-06-27 20:01 - 2023-06-27 20:01 - 000737099 _____ C:\Users\info\Desktop\2.pdf
2023-06-19 16:55 - 2023-06-19 16:55 - 000041467 _____ C:\Users\info\Downloads\pensioenoverzicht-geen-bsn (2).pdf
2023-06-19 16:52 - 2023-06-19 16:52 - 000042043 _____ C:\Users\info\Downloads\pensioenoverzicht-geen-bsn (1).pdf
2023-06-19 16:25 - 2023-07-18 18:56 - 000000000 ____D C:\Users\info\Desktop\FRST-OlderVersion
2023-06-19 16:25 - 2023-07-18 18:56 - 000000000 ____D C:\FRST
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2023-07-18 18:57 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-07-18 18:55 - 2022-09-28 13:30 - 000003750 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2023-07-18 18:53 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-07-18 18:53 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-18 18:53 - 2019-08-07 14:12 - 000000000 ____D C:\Program Files (x86)\Google
2023-07-18 16:08 - 2022-09-28 13:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-18 16:08 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-18 16:08 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-07-18 11:08 - 2022-09-28 13:30 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2140152316-3761713159-350972558-1001
2023-07-18 11:08 - 2022-09-28 13:30 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2140152316-3761713159-350972558-1001
2023-07-18 11:08 - 2020-09-30 22:00 - 000002380 _____ C:\Users\info\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-07-18 07:30 - 2019-08-07 12:27 - 000000000 __SHD C:\Users\info\IntelGraphicsProfiles
2023-07-17 08:18 - 2021-01-15 12:03 - 000000000 ____D C:\Users\info\AppData\Local\D3DSCache
2023-07-16 07:01 - 2021-05-22 11:17 - 000000000 ____D C:\Zwift Activity Monitor
2023-07-16 06:59 - 2022-09-28 13:29 - 001803066 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-16 06:59 - 2022-05-07 07:22 - 000000000 ____D C:\WINDOWS\INF
2023-07-16 06:54 - 2022-09-28 13:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-07-16 06:54 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-07-16 06:54 - 2022-05-07 07:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-07-16 06:54 - 2020-09-30 21:59 - 000012288 ___SH C:\DumpStack.log.tmp
2023-07-16 06:54 - 2018-12-21 07:26 - 000000000 ___HD C:\Intel
2023-07-16 06:52 - 2019-08-11 12:46 - 000000000 ____D C:\ProgramData\AVG
2023-07-16 06:48 - 2022-05-07 07:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-07-16 06:47 - 2022-09-28 13:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2023-07-15 04:30 - 2021-04-16 23:50 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-14 13:28 - 2022-10-12 20:02 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-07-14 13:28 - 2022-10-12 20:02 - 000002063 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-07-14 13:28 - 2022-09-28 13:30 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-07-14 13:26 - 2019-09-19 19:13 - 000914872 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-07-12 07:45 - 2022-09-28 13:25 - 000303864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-12 07:44 - 2022-05-07 07:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-12 07:44 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\UUS
2023-07-12 07:44 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-12 07:44 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-12 07:44 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-07-12 07:44 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-12 07:44 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-12 07:44 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-12 07:44 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-07-12 07:44 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-07-12 07:44 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-07-12 07:44 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-07-12 07:44 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-12 00:32 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-12 00:29 - 2022-09-28 13:26 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-12 00:19 - 2019-08-11 12:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-12 00:16 - 2019-08-11 12:21 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-11 06:38 - 2022-05-07 07:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-07-11 06:38 - 2018-05-14 22:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-07-10 09:23 - 2022-09-28 13:30 - 000003658 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-10 09:23 - 2022-09-28 13:30 - 000003504 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-07-10 09:23 - 2022-09-28 13:30 - 000003434 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-10 09:23 - 2022-09-28 13:30 - 000003280 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-07-10 09:23 - 2022-09-28 13:30 - 000003114 _____ C:\WINDOWS\system32\Tasks\ASUS Update Checker 2.0
2023-07-07 00:06 - 2022-05-07 07:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-07-07 00:03 - 2019-08-12 18:50 - 000000000 ____D C:\Users\info\AppData\Local\CrashDumps
2023-07-03 14:09 - 2018-12-21 07:36 - 000000000 ____D C:\Program Files (x86)\ASUS
2023-07-03 11:39 - 2023-05-01 16:25 - 000000000 ____D C:\Users\info\Documents\foto
2023-07-01 06:41 - 2021-06-30 15:38 - 000000000 ____D C:\ProgramData\CanonIJPLM
2023-06-29 19:58 - 2019-09-27 19:47 - 000000000 ____D C:\Users\info\AppData\LocalLow\Temp
2023-06-29 06:20 - 2019-08-07 14:14 - 000002323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-06-24 07:37 - 2019-08-12 18:48 - 000000000 ____D C:\ProgramData\Packages
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2023
Ran by info (18-07-2023 18:57:44)
Running from C:\Users\info\Desktop\FRST-OlderVersion
Microsoft Windows 11 Home Version 22H2 22621.1992 (X64) (2022-09-28 11:30:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2140152316-3761713159-350972558-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2140152316-3761713159-350972558-503 - Limited - Disabled)
Gast (S-1-5-21-2140152316-3761713159-350972558-501 - Limited - Disabled)
info (S-1-5-21-2140152316-3761713159-350972558-1001 - Administrator - Enabled) => C:\Users\info
WDAGUtilityAccount (S-1-5-21-2140152316-3761713159-350972558-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1043-1033-7760-BC15014EA700}) (Version: 23.003.20244 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.8.4 - ICEpower a/s)
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1634.4 - AVG Technologies) Hidden
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.15.2 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.61.1.10 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.6.0.2 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.4.0 - Canon Inc.)
Canon TS3400 series Driver (HKLM\...\{1199FAD5-9546-44F3-81CF-FFDB8040B7BF}_Canon_TS3400_series) (Version: 1.02 - Canon Inc.)
Elevate 7.0.0-beta.5 (HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\6548da05-a4bc-57ed-8c01-06101fc8d1df) (Version: 7.0.0-beta.5 - Thomas Champagne)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.199 - Google LLC)
Intel® Serial IO (HKLM\...\{72759DFB-9080-46A5-ACCF-5BA26A6FF3FD}) (Version: 30.100.1727.1 - Intel Corporation) Hidden
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{88667F43-B63E-4046-AF02-35E5412B8FAF}) (Version: 16.5.1.1030 - Intel Corporation)
Malwarebytes version 4.5.32.271 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.32.271 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.82 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.86 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\OneDriveSetup.exe) (Version: 23.137.0702.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\Teams) (Version: 1.4.00.8872 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}) (Version: 5.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Paradox Launcher v2 (HKLM\...\{986898D9-7C26-4E7F-814C-9B5472FA3209}) (Version: 2.0.0.0 - Paradox Interactive)
Printerregistratie (HKLM-x32\...\Canon EISRegistration) (Version: 1.9.0 - Canon Inc.)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
Windows Pc-statuscontrole (HKLM\...\{D1F16371-7951-41EB-A367-507D779F1E64}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows-stuurprogrammapakket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Zwift version 1.1.6 (HKLM-x32\...\{E4DA422A-82AB-44A4-B3A5-0AF60F47B7AB}_is1) (Version: 1.1.6 - Zwift, LLC)
 
Packages:
=========
ASUS GIFTBOX -> C:\Program Files\WindowsApps\B9ECED6F.ASUSGIFTBOX_3.2.4.0_x64__qmba6cd70vzyy [2022-09-29] (ASUSTeK COMPUTER INC.)
ASUS Keyboard Hotkeys -> C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy [2019-09-18] (ASUSTeK COMPUTER INC.) [Startup Task]
Audiotonic Pro -> C:\Program Files\WindowsApps\BluskySoftwareInc.AudiotonicPro_2.0.4.0_x86__61yk12x6sxn40 [2021-09-10] (Blusky Software Inc.)
AudioWizard -> C:\Program Files\WindowsApps\ICEpower.AudioWizard_1.5.28.0_x64__dxp88312j1fgj [2023-07-14] (ICEpower)
eManual -> C:\Program Files\WindowsApps\B9ECED6F.eManual_2.0.3.0_x86__qmba6cd70vzyy [2018-12-21] (ASUSTeK COMPUTER INC.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_147.1.1079.0_x64__v10z8vjag6ke6 [2023-07-14] (HP Inc.)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-04-01] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-06-10] (Apple Inc.) [Startup Task]
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_3.0.4.0_x64__w1wdnht996qgy [2023-06-24] (LinkedIn)
Media-engine-invoegtoepassing voor Foto's -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.16529.20182.0_x86__8wekyb3d8bbwe [2023-07-16] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-01] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-01] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.16529.20182.0_x86__8wekyb3d8bbwe [2023-07-16] (Microsoft Corporation)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-03] (Microsoft Corp.)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.16529.20182.0_x86__8wekyb3d8bbwe [2023-07-16] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16529.20182.0_x86__8wekyb3d8bbwe [2023-07-16] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.16529.20182.0_x86__8wekyb3d8bbwe [2023-07-16] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.16529.20182.0_x86__8wekyb3d8bbwe [2023-07-16] (Microsoft Corporation)
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.16529.20182.0_x86__8wekyb3d8bbwe [2023-07-16] (Microsoft Corporation)
ms-resource:AppDisplayName -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy [2023-06-14] (ASUSTeK COMPUTER INC.)
ms-resource:PkgDisplayName -> C:\Program Files\WindowsApps\64404Softuna.TotalDiskCleaner_2.1.10.0_x64__r1b4jsc7ddp3p [2023-06-20] (Total PC Cleaner)
ms-resource:System_Item_Title_IntelGraphicsControlPanel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt [2023-07-02] (INTEL CORP) [Startup Task]
MuseScore 3 -> C:\Program Files\WindowsApps\64051MuseScoreBVBA.MuseScoreNotationSoftware_3.3.4.0_x64__pz631wrhsw9tj [2020-01-22] (MuseScore BVBA)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-11-16] (Adobe Systems Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.172.0_x64__dt26b99r8h8gj [2019-08-12] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0 [2023-07-11] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2327.6.0_x64__cv1g1gvanyjgm [2023-07-14] (WhatsApp Inc.) [Startup Task]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2140152316-3761713159-350972558-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\info\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2140152316-3761713159-350972558-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\info\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-06-13] () [File not signed] [File is in use]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-29] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-06-13] () [File not signed] [File is in use]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-06-29] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\info\Desktop\tanja\Persoon 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\info\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2022-07-30 14:54 - 2019-12-05 16:17 - 000104448 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2022-07-30 14:54 - 2019-12-05 16:17 - 000009216 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_NLD.DLL
2018-06-13 06:01 - 2018-06-13 06:01 - 000125952 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\info\Desktop\revosetup.exe:MBAM.Zone.Identifier [141]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
2021-02-07 00:32 - 2021-02-07 00:37 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\info\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\MER02948.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "Focusrite Notifier"
HKLM\...\StartupApproved\Run32: => "Zwift"
HKU\S-1-5-21-2140152316-3761713159-350972558-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{B19D1D19-2AF5-46CE-9650-675C49D45F4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe (Days of Wonder, Inc.) [File not signed]
FirewallRules: [{D2E10484-C3F2-4B94-ADFA-CBEABDD252D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ticket to Ride\Ticket to Ride.exe (Days of Wonder, Inc.) [File not signed]
FirewallRules: [{057C2CC6-259D-4D9A-81C5-E84DFC61737E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carcassonne The Official Board Game\Carcassonne.exe () [File not signed]
FirewallRules: [{9140BF03-E70F-4335-86C1-8F3D9458F96E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Carcassonne The Official Board Game\Carcassonne.exe () [File not signed]
FirewallRules: [UDP Query User{355494F5-6EB0-4674-B0BE-26B76845D098}C:\program files (x86)\zwift\zwiftapp.exe] => (Allow) C:\program files (x86)\zwift\zwiftapp.exe (Zwift, Inc. -> )
FirewallRules: [TCP Query User{B7A35808-C55B-4559-9525-401AA0D8757D}C:\program files (x86)\zwift\zwiftapp.exe] => (Allow) C:\program files (x86)\zwift\zwiftapp.exe (Zwift, Inc. -> )
FirewallRules: [{8572A005-A524-4BA0-B168-CC33AED09624}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scythe Digital Edition\Scythe.exe () [File not signed]
FirewallRules: [{7FE449E0-815D-4E85-AB20-6F4324D2A5E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scythe Digital Edition\Scythe.exe () [File not signed]
FirewallRules: [UDP Query User{693EFBB5-FACE-441F-B77A-8A0CB015DEAB}C:\users\info\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\info\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6BA16B67-C888-49E3-9E5D-F53B909A0A64}C:\users\info\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\info\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1850A575-8881-433A-B13B-823F459EE9D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wingspan\Wingspan.exe (Unity Technologies ApS) [File not signed]
FirewallRules: [{1166B07A-301B-4591-B707-1701110FEA2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Wingspan\Wingspan.exe (Unity Technologies ApS) [File not signed]
FirewallRules: [UDP Query User{4FD0DDE7-71AC-467D-8013-C027C8DB1EF7}C:\users\info\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\info\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3CCBFA1B-F909-43B5-A74B-303876364292}C:\users\info\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\info\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{66E45CC8-6D69-4B65-B269-AAFF7B717E88}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{23CB10F3-4C1D-437F-BF8C-4478229F6CAF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D9F26FFC-7A26-4DB7-8919-723F1180F43C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1ADEEF01-A616-4651-85AF-924BA15D728D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E9A26FA7-FA22-4B00-A436-7EE59DBEC211}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D32E50BC-D28B-447A-9923-EB9046795962}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D6F0D809-38F0-4BE8-9251-C944DF978506}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B8BFC2A3-1F96-4A73-9340-160BD70ACD7E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{5FA50336-0910-4BC1-A4C3-68229F564BA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{E35E223D-54A4-4302-8C53-A73304FD53A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{11FA1CAA-D45F-4EEE-862B-6D8486EAD29B}C:\program files (x86)\zwift\zwiftapp.exe] => (Allow) C:\program files (x86)\zwift\zwiftapp.exe (Zwift, Inc. -> )
FirewallRules: [UDP Query User{A8AB8CBF-BCA2-43FD-B306-BBDBB6CB459B}C:\program files (x86)\zwift\zwiftapp.exe] => (Allow) C:\program files (x86)\zwift\zwiftapp.exe (Zwift, Inc. -> )
FirewallRules: [{5D5B44B6-EED9-4FE8-A410-BE37F6C3257D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Bowl 3\BB3.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{6E76A8AC-6449-4828-AF91-EAFD15C6A3B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Blood Bowl 3\BB3.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{064DDDD9-640C-4D91-88F8-1299BD6DA804}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B056385D-A065-480E-A3EB-481D7D351F89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0F7E2278-F57C-4007-ABB8-B734AF21602E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{6C555034-6DA4-4699-B190-1CDF328BA59F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{154D2EC3-110F-4556-A49E-CE4CCDF2AF9A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B48A9AC2-AA62-4301-AC57-DC28E0F05D9B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0CBCC94E-8CA8-4909-A49C-FD59846BFC2B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{D5B59D6A-80BC-4334-80F7-2564AB0C3E22}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{9FECAD59-570B-4E08-87B7-33C74D4399FD}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{6ADE9A78-19F6-473D-88E0-7C8218CD54DB}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{60EDD709-1DC5-461A-9BB6-98680D4F7873}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{48F37BE0-DFEC-4805-AD6D-2C7A2281A8FD}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.1.20.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{68567F2B-13B4-423B-93AD-1F398201D193}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{35470C69-575E-4408-9288-F92CFFC67884}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A88C33ED-6D52-4737-9ABF-64AC25C9C40B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1B0B34C1-4DFC-460B-BF99-431C0B9B98B4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8A5B08F1-7C8E-4E88-86E9-55A0DEF6066C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{9F098F49-3C85-4695-85F3-E7546851ED59}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EFCF7C25-71CC-436F-8445-2D1CDDC10911}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{48942FA7-E24D-4B44-A427-40788093BE29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{234BE968-347C-406C-9613-7F40F1D5E0A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3D0C4910-B2F1-4883-A67E-7D5C64436305}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{884D1C30-1CE9-494A-8C8D-CB5121CA7699}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.215.828.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{025C8D60-F48A-4D1F-99AF-2492CFE21324}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.82\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71145664-7E43-4EEC-90D9-ED4F620E05FD}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSSwitch\AsusSwitchNetMDNS.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{B78122D1-608D-437B-A3C3-508FDF555A1F}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{CC06092F-7AB2-4684-86BD-B1D5E8BBBD70}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{0FB0FA9C-E95C-4A26-BEF7-281CC3113FF1}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci.inf_amd64_fc4a043093a77fa3\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{68FCF8BA-EEBF-47B9-AE23-5F72D6E3322E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.16529.20182.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E79095A1-5977-4385-B90F-987F9B5B2F93}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23167.1300.2174.9186_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FC4F448C-914C-4A30-BA00-E72705572C35}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23167.1300.2174.9186_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{15174FF0-D002-4C9F-BBB5-08E5C7B6E58A}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.86\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
12-07-2023 00:26:18 Installatieprogramma voor Windows-modules
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/16/2023 07:01:15 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Description: A .NET application failed.
Application: ZwiftActivityMonitor.exe
Path: C:\Zwift Activity Monitor\ZwiftActivityMonitor.exe
Message: A fatal error occurred. The required library hostfxr.dll could not be found.
If this is a self-contained application, that library should exist in [C:\Zwift Activity Monitor\].
If this is a framework-dependent application, install the runtime in the global location [C:\Program Files\dotnet] or use the DOTNET_ROOT environment variable to specify the runtime location or register the runtime location in [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x64\InstallLocation].
 
The .NET runtime can be found at:
 
Error: (07/15/2023 01:18:10 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 12) (User: LAPTOP-QBAAO188)
Description: Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy-2147023878
 
Error: (07/10/2023 11:46:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine QueryFullProcessImageNameW.  hr = 0x8007001f, Een apparaat dat op het systeem is aangesloten, werkt niet.
.
 
 
Bewerking:
   Asynchrone bewerking uitvoeren
 
Context:
   Huidige status: DoSnapshotSet
 
Error: (07/10/2023 11:46:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {01d3b062-dfb0-45f0-92ff-13c856821255}
 
Error: (07/07/2023 12:03:14 AM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-QBAAO188)
Description: Naam van toepassing met fout: backgroundTaskHost.exe, versie: 10.0.22621.1, tijdstempel: 0x004687c2
Naam van module met fout: twinapi.appcore.dll, versie: 10.0.22621.1778, tijdstempel: 0x8a05c015
Uitzonderingscode: 0xc000027b
Foutmarge: 0x00000000000c07f3
Id van proces met fout: 0x0x2bf8
Starttijd van toepassing met fout: 0x0x1d9b055a46f2010
Pad naar toepassing met fout: C:\WINDOWS\system32\backgroundTaskHost.exe
Pad naar module met fout: C:\Windows\System32\twinapi.appcore.dll
Rapport-id: 2812cab9-34c7-4514-8f83-a19361834682
Volledige pakketnaam met fout: Microsoft.YourPhone_1.23052.121.0_x64__8wekyb3d8bbwe
Relatieve toepassings-id van pakket met fout: App
 
Error: (07/07/2023 12:02:33 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informatie voor de Volume Shadow Copy-service: de COM-server met CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} en de naam CEventSystem kan niet worden gestart. [0x8007045b, Systeem wordt afgesloten.
]
 
Error: (07/06/2023 11:47:19 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het aanroepen van routine QueryFullProcessImageNameW.  hr = 0x80070006, De ingang is ongeldig.
.
 
 
Bewerking:
   Asynchrone bewerking uitvoeren
 
Context:
   Huidige status: DoSnapshotSet
 
Error: (07/06/2023 11:46:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Fout in de Volume Shadow Copy-service: onverwachte fout bij het uitvoeren van een query voor de IVssWriterCallback-interface. hr = 0x80070005, Toegang geweigerd.
.
Dit wordt vaak veroorzaakt door onjuiste beveiligingsinstellingen in het writer- of requestorproces.
 
 
Bewerking:
   Schrijvergegevens verzamelen
 
Context:
   Klasse-id van schrijver: {e8132975-6f93-4464-a53e-1050253ae220}
   Naam van schrijver: System Writer
   Instantie-id van schrijver: {a9186580-5257-436d-aa82-c0dea8459c80}
 
 
System errors:
=============
Error: (07/18/2023 05:49:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x8024200b: Beveiligingsinformatie-update voor Microsoft Defender Antivirus - KB2267602 (versie 1.393.702.0).
 
Error: (07/18/2023 05:49:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Microsoft Defender Antivirus Service-service is gestopt met de volgende foutcode: 
Algemene toegangsfout
.
 
Error: (07/18/2023 03:49:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x8024200b: Beveiligingsinformatie-update voor Microsoft Defender Antivirus - KB2267602 (versie 1.393.702.0).
 
Error: (07/18/2023 03:49:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Microsoft Defender Antivirus Service-service is gestopt met de volgende foutcode: 
Algemene toegangsfout
.
 
Error: (07/18/2023 07:33:29 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QBAAO188)
Description: De server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (07/17/2023 09:33:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installatiefout: de volgende update kan niet worden geïnstalleerd, foutcode 0x8024200b: Beveiligingsinformatie-update voor Microsoft Defender Antivirus - KB2267602 (versie 1.393.578.0).
 
Error: (07/17/2023 09:33:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: De Microsoft Defender Antivirus Service-service is gestopt met de volgende foutcode: 
Algemene toegangsfout
.
 
Error: (07/17/2023 07:33:03 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-QBAAO188)
Description: De server {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
 
CodeIntegrity:
===============
Date: 2023-07-16 06:52:04
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. 
 
Date: 2023-07-16 06:49:15
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.5-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements. 
 
Date: 2023-07-16 06:48:47
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. X430FA.308 05/28/2019
Motherboard: ASUSTeK COMPUTER INC. X430FA
Processor: Intel® Core™ i5-8265U CPU @ 1.60GHz
Percentage of memory in use: 63%
Total physical RAM: 8043.61 MB
Available physical RAM: 2961.37 MB
Total Virtual: 9515.61 MB
Available Virtual: 4031.34 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:237.42 GB) (Free:54.66 GB) (Model: INTEL SSDSCKKW256G8) NTFS
 
\\?\Volume{54e95cf9-9493-4202-8beb-a6fc7d552267}\ (RECOVERY) (Fixed) (Total:0.78 GB) (Free:0.11 GB) NTFS
\\?\Volume{f0180894-28fc-4771-89f4-efa7f35c2201}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 9929D3AC)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP