Hi Gary,
Thanks for helping me with this. My name is Rich.
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-03-2022
Ran by arnegund (administrator) on GDC-SURFACE (Microsoft Corporation Surface Pro 7) (30-03-2022 08:14:28)
Running from C:UsersarnegundDocumentsConnectWiseControlTemp
Loaded Profiles: arnegund
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1620 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:Program Files (x86)DropboxClientDropbox.exe ->) (Dropbox, Inc -> The Qt Company Ltd.) C:Program Files (x86)DropboxClient144.4.4491QtWebEngineProcess.exe <2>
(C:Program Files (x86)gundersendentalcaremainoffice-4.6.6402NinjaRMMAgent.exe ->) (ninjaRMM LLC -> NinjaRMM, LLC) C:Program Files (x86)gundersendentalcaremainoffice-4.6.6402NinjaRMMProxyProcess64.exe
(C:Program Files (x86)gundersendentalcaremainoffice-4.6.6402NinjaRMMAgent.exe ->) (NinjaRMM, LLC -> NinjaRMM, LLC) C:Program Files (x86)gundersendentalcaremainoffice-4.6.6402njbar.exe
(C:Program Files (x86)gundersendentalcaremainoffice-4.6.6402NinjaRMMAgentPatcher.exe ->) (NinjaRMM, LLC -> NinjaRMM, LLC) C:Program Files (x86)gundersendentalcaremainoffice-4.6.6402NinjaRMMAgent.exe
(C:Program Files (x86)ScreenConnect Client (48314664b66d5895)ScreenConnect.ClientService.exe ->) (ConnectWise, LLC -> ScreenConnect Software) C:Program Files (x86)ScreenConnect Client (48314664b66d5895)ScreenConnect.WindowsClient.exe <2>
(C:Program FilesBitdefenderBitdefender Endpoint Securityepsecurityservice.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Endpoint Securityepconsole.exe
(C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MpCopyAccelerator.exe
(C:UsersarnegundAppDataLocalProgramsMessengerMessenger.exe ->) (Facebook, Inc. -> ) C:UsersarnegundAppDataLocalProgramsMessengerCrashpadHandlerWindows.exe
(Dropbox, Inc -> Dropbox, Inc.) C:Program Files (x86)DropboxClientDropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:Program Files (x86)DropboxUpdateDropboxUpdate.exe
(explorer.exe ->) (Apple Inc.) C:Program FilesWindowsAppsAppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqaiCloudiCloudPhotos.exe
(explorer.exe ->) (Apple Inc.) C:Program FilesWindowsAppsAppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqaiCloudiCloudServices.exe
(explorer.exe ->) (Apple Inc.) C:Program FilesWindowsAppsAppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe
(explorer.exe ->) (BlueNote Software, LLC -> BlueNote Software, LLC) C:Program Files (x86)BlueNote Communicator LightsBlueNoteCL.exe
(explorer.exe ->) (Facebook, Inc. -> Facebook Inc.) C:UsersarnegundAppDataLocalProgramsMessengerMessenger.exe
(Henry Schein Practice Solutions, Inc. -> Henry Schein ONE) C:Program Files (x86)DentrixUMNotification.exe
(Microsoft Corporation -> Microsoft Corporation) C:WindowsMicrosoft.NETFrameworkv4.0.30319aspnet_compiler.exe
(Protected Trust, LLC) [File not signed] C:Program Files (x86)Protected TrustOutlook Add-inProtectedTrust.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:Program FilesBonjourmDNSResponder.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Endpoint Securitybdredline.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Endpoint Securityepintegrationservice.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Endpoint Securityepprotectedservice.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Endpoint Securityepsecurityservice.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:Program FilesBitdefenderBitdefender Endpoint Securityepupdateservice.exe
(services.exe ->) (ConnectWise, LLC -> ) C:Program Files (x86)ScreenConnect Client (48314664b66d5895)ScreenConnect.ClientService.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:WindowsSystem32DbxSvc.exe
(services.exe ->) (Henry Schein Practice Solutions Inc. -> Labnet Dental Lab Systems) C:Program Files (x86)DDXbinDDX.Service.exe
(services.exe ->) (Henry Schein Practice Solutions, Inc. -> Henry Schein ONE) C:Program Files (x86)DentrixUpdater_ServiceDentrixClientService.exe
(services.exe ->) (Henry Schein Practice Solutions, Inc. -> Henry Schein ONE) C:Program Files (x86)DentrixUpdater_ServiceDentrixUpdaterService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorycui_dch.inf_amd64_23cd4a524b85fcc6igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositorydptf_cpu.inf_amd64_4a3ae74cfa6c37d6esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_d73f88d32ddb95d3IntelCpHDCPSvc.exe
(services.exe ->) (Microsoft Corporation -> ) C:Program Files (x86)MicrosoftMicrosoft Search in BingMicrosoftSearchInBing.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedClickToRunOfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:Program FilesMicrosoft Update Health Toolsuhssvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0NisSrv.exe
(services.exe ->) (NinjaRMM, LLC -> NinjaRMM, LLC) C:Program Files (x86)gundersendentalcaremainoffice-4.6.6402NinjaRMMAgentPatcher.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:WindowsSystem32DriverStoreFileRepositoryhdxsstm2.inf_amd64_fe727f67b6d438e2RtkAudUService64.exe <2>
(services.exe ->) (Servably, Inc. -> ) C:ProgramDataSyncrobinSyncro.Overmind.Service.exe
(services.exe ->) (Smart Sound Technology -> Intel) C:WindowsSystem32cAVSIASIntelAudioService.exe
(services.exe ->) (Softland SRL -> Microsoft) C:Program FilesSoftlandnovaPDF 8Servernovapdfs.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:Program Files (x86)TeamViewerTeamViewer_Service.exe
(sihost.exe ->) (Microsoft Corporation) C:Program FilesWindowsAppsMicrosoft.SurfaceHub_61.3036.139.0_x64__8wekyb3d8bbweSurfaceAppDtSurfaceAppDt.exe
(svchost.exe ->) (Apple Inc.) C:Program FilesWindowsAppsAppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqaiCloudAPSDaemon.exe
(svchost.exe ->) (Apple Inc.) C:Program FilesWindowsAppsAppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqaiCloudsecd.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:Program Files (x86)MicrosoftEdgeUpdateMicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsImmersiveControlPanelSystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32gpupdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:WindowsSystem32wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM...Run: [RtkAudUService] => C:WINDOWSSystem32DriverStoreFileRepositoryhdxsstm2.inf_amd64_fe727f67b6d438e2RtkAudUService64.exe [835904 2020-04-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM...Run: [Logitech Download Assistant] => C:WindowsSystem32LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32...Run: [Dropbox] => C:Program Files (x86)DropboxClientDropbox.exe [10585376 2022-03-14] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32...Run: [WindowsClient] => C:Program Files (x86)Protected TrustOutlook Add-inProtectedTrust.exe [195584 2019-03-15] (Protected Trust, LLC) [File not signed]
HKUS-1-5-21-3039035032-4122823133-1544021328-1126...Run: [com.squirrel.Teams.Teams] => C:UsersarnegundAppDataLocalMicrosoftTeamsUpdate.exe [1801840 2020-01-27] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKUS-1-5-21-3039035032-4122823133-1544021328-1126...Run: [BlueNote Communicator Lights] => C:Program Files (x86)BlueNote Communicator LightsBlueNoteCL.exe [4903424 2019-12-14] (BlueNote Software, LLC -> BlueNote Software, LLC)
HKUS-1-5-21-3039035032-4122823133-1544021328-1126...Run: [CiscoMeetingDaemon] => C:UsersarnegundAppDataLocalWebExciscowebexstart.exe [4937544 2021-11-05] (Cisco WebEx LLC -> Cisco Webex LLC)
HKUS-1-5-21-3039035032-4122823133-1544021328-1126...Run: [_DTXStartupApp.exe] => C:Program Files (x86)DentrixUpdater_Service_DTXStartupApp.exe [82256 2021-12-15] (Henry Schein Practice Solutions, Inc. -> Henry Schein ONE)
HKUS-1-5-21-3039035032-4122823133-1544021328-1126...Run: [com.messenger] => "C:UsersarnegundAppDataLocalProgramsMessengerMessenger.exe" messenger://openAtLogin (No File)
HKUS-1-5-21-539722387-2612857779-3550696916-1001...Run: [com.squirrel.Teams.Teams] => C:Usersadg-supportAppDataLocalMicrosoftTeamsUpdate.exe [1801840 2020-01-23] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM...Windows x64Print Processorshpzpplhn: C:WindowsSystem32spoolprtprocsx64hpzpplhn.dll [109080 2018-12-06] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM...PrintMonitorsDYMO LabelWriter Monitor: C:WINDOWSsystem32LW400MON.DLL [16384 2019-11-11] (Microsoft Windows Hardware Compatibility Publisher -> DYMO Corp.)
HKLM...PrintMonitorsHP BC11 Status Monitor: C:WINDOWSsystem32hpinkstsBC11LM.dll [329576 2012-04-02] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM...PrintMonitorsnovaPDF OEM 7 Monitor: C:WINDOWSsystem32novamnv7.dll [33056 2014-06-16] (Softland S.R.L. -> Softland)
HKLM...PrintMonitorsnovaPDF Port Monitor: C:WINDOWSsystem32novamn8.dll [18944 2016-03-03] (Softland) [File not signed]
HKLM...PrintMonitorsSHARP ST0E PCL6 Language Monitor: C:WINDOWSsystem32ST0ELMON.DLL [82432 2008-10-29] (Microsoft Windows Hardware Compatibility Publisher -> SHARP CORPORATION)
HKLMSoftwareMicrosoftActive SetupInstalled Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:Program Files (x86)GoogleChromeApplication99.0.4844.74Installerchrmstp.exe [2022-03-20] (Google LLC -> Google LLC)
HKLMSoftwareWow6432NodeMicrosoftActive SetupInstalled Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:Program Files (x86)AdobeAcrobat Reader DCEslAiodLite.dll [2019-12-17] (Adobe Inc. -> Adobe Systems, Inc.)
Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupDDX.lnk [2020-08-03]
ShortcutTarget: DDX.lnk -> C:Program Files (x86)DDXDDX.exe (Henry Schein Practice Solutions Inc. -> Labnet Dental Lab Systems <[email protected]>)
Startup: C:ProgramDataMinuStartupFox.vbs [2022-03-29] () [File not signed]
GroupPolicyUser: Restriction ? <==== ATTENTION
Policies: C:ProgramDataNTUSER.pol: Restriction <==== ATTENTION
HKLMSOFTWAREPoliciesGoogle: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03EFC173-BD4E-426D-BD0A-D9D71C662A28} - System32TasksTechSmith Updater => C:Program Files (x86)Common FilesTechSmith SharedUpdaterTSCUpdClt.exe [56192 2013-10-04] (TechSmith Corporation -> TechSmith Corporation)
Task: {0A5F22A5-D003-4138-946E-77865B487513} - System32TasksMicrosoftOfficeOffice Feature Updates => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [137072 2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {157D6929-8F97-452A-B31B-82EC6BD25534} - System32TasksMicrosoftOfficeOfficeTelemetryAgentFallBack2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [8307120 2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {2228C886-3673-4FEA-A91D-18E1E56E487B} - System32TasksMicrosoftOfficeOffice Automatic Updates 2.0 => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22580696 2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {2E9694D8-D040-4E76-96EA-DBEFB1896245} - System32TasksMicrosoftWindowstermsrvRemoteFXRemoteFXvGPUDisableTask => C:WINDOWSSystem32RemoteFXvGPUDisablement.exe Disable (No File)
Task: {32E6E524-D22B-4CE6-B33E-C6E7F1919A2F} - System32TasksProtected Trust Outlook Add-in Update => C:Program Files (x86)Protected TrustOutlook Add-inptoutlookaddinupdate.exe [1526784 2019-03-15] (Protected Trust, LLC) [File not signed]
Task: {43FBB920-5D65-4ACF-B465-E93DA23A72A3} - System32TasksAdobe Acrobat Update Task => C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [1240656 2019-09-11] (Adobe Inc. -> Adobe Systems)
Task: {6563CB61-8999-4BFD-BDBC-5AFEA9C7BDAA} - System32TasksMicrosoftOfficeOfficeTelemetryAgentLogOn2016 => C:Program FilesMicrosoft OfficerootOffice16msoia.exe [8307120 2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {65716460-731F-4B5A-8057-B0114DACD303} - System32TasksG2MUploadTask-S-1-5-21-3039035032-4122823133-1544021328-1126 => C:UsersarnegundAppDataLocalGoToMeeting19932g2mupload.exe [31176 2021-11-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {70F18774-B89E-468C-B4E7-C0FE6AFC2F9E} - System32TasksMicrosoftWindowstermsrvRemoteFXRemoteFXWarningTask => C:WINDOWSSystem32RemoteFXvGPUDisablement.exe Warning (No File)
Task: {8116ADBC-9D18-4B59-B91B-DA8BDC1B57A5} - System32TasksMicrosoftOfficeOffice Feature Updates Logon => C:Program FilesMicrosoft OfficerootOffice16sdxhelper.exe [137072 2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {8CE320E9-84AC-4808-BBA4-99DAE417DBAD} - System32TasksMicrosoftWindowsWindows DefenderWindows Defender Scheduled Scan => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {93EF0F0B-B8E1-4E1A-9E7E-B19AC8C2B499} - System32TasksDropboxUpdateTaskMachineCore => C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {9D66B73F-FFFF-4286-B58D-6C0787A2CFCC} - System32TasksMicrosoftWindowsGroupPolicy{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:WINDOWSsystem32gpupdate.exe [30720 2021-09-04] (Microsoft Windows -> Microsoft Corporation)
Task: {A058603D-51F3-4616-9658-C1CEE404555E} - System32TasksGoogleUpdateTaskMachineCore => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-01-24] (Google LLC -> Google LLC)
Task: {A8F8B9DE-E42E-437B-A5CF-A478973F6AE6} - System32TasksMicrosoftWindowsGroupPolicy{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:WINDOWSsystem32gpupdate.exe [30720 2021-09-04] (Microsoft Windows -> Microsoft Corporation)
Task: {AAE96537-1F60-4DFA-B4E5-6AC344C91AFA} - System32TasksMicrosoftWindowsWindows DefenderWindows Defender Verification => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B651695F-C6F7-44F6-8C43-0490B9F47957} - System32TasksMicrosoftOfficeOffice Performance Monitor => C:Program FilesMicrosoft OfficerootVFSProgramFilesCommonX64Microsoft SharedOffice16operfmon.exe [59232 2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {C323357E-0B69-41E3-A359-6645E24C12EE} - System32TasksMicrosoftOfficeOffice ClickToRun Service Monitor => C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeC2RClient.exe [22580696 2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5766B41-4192-48EA-899E-3B5F714EF072} - System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cleanup => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C5BE6E14-B9F1-496D-B3B0-42A2642CDEAD} - System32TasksMicrosoftWindowsWindows DefenderWindows Defender Cache Maintenance => C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MpCmdRun.exe [979568 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CD262222-AB74-4D21-9D70-31E324F26C23} - System32TasksGoogleUpdateTaskMachineUA => C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [156104 2020-01-24] (Google LLC -> Google LLC)
Task: {D0161563-F5CB-4272-973D-21EE9F38BDF3} - System32TasksDropboxUpdateTaskMachineUA => C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
Task: {D48A15D3-4F12-45B3-97D7-89FBACC4404E} - System32TasksG2MUpdateTask-S-1-5-21-3039035032-4122823133-1544021328-1126 => C:UsersarnegundAppDataLocalGoToMeeting19932g2mupdate.exe [31176 2021-11-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:WINDOWSTasksDropboxUpdateTaskMachineCore.job => C:Program Files (x86)DropboxUpdateDropboxUpdate.exe
Task: C:WINDOWSTasksDropboxUpdateTaskMachineUA.job => C:Program Files (x86)DropboxUpdateDropboxUpdate.exe
Task: C:WINDOWSTasksG2MUpdateTask-S-1-5-21-3039035032-4122823133-1544021328-1126.job => C:UsersarnegundAppDataLocalGoToMeeting19932g2mupdate.exe
Task: C:WINDOWSTasksG2MUploadTask-S-1-5-21-3039035032-4122823133-1544021328-1126.job => C:UsersarnegundAppDataLocalGoToMeeting19932g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
TcpipParameters: [DhcpNameServer] 192.168.16.3
Tcpip..Interfaces{35f8f315-a3b8-4e36-85b9-e94c487d153c}: [DhcpNameServer] 192.168.165.1
Tcpip..Interfaces{9060edd4-1270-4456-bb7c-e20bd2cc0dbe}: [DhcpNameServer] 10.0.0.1
Tcpip..Interfaces{ae02c798-b5c9-4d9d-a8d1-ab0cb15475db}: [DhcpNameServer] 192.168.16.3
Tcpip..Interfaces{bda8c006-6e0d-42ac-ac66-f24dd44f24f1}: [DhcpNameServer] 192.168.16.3
Tcpip..Interfaces{c163b754-89d1-472d-a9c9-f31abe3019f9}: [DhcpNameServer] 172.22.255.68 172.22.255.86 172.22.255.206 172.22.255.204
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:windowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsAutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:windowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsBookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:windowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsLearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:windowsSystemAppsMicrosoft.MicrosoftEdge_8wekyb3d8bbweAssetsHostExtensionsPinJSAPI [not found]
Edge Profile: C:UsersarnegundAppDataLocalMicrosoftEdgeUser DataDefault [2022-03-28]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootOffice16NPSPWRAP.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Mozilla Firefoxpluginsnpmeetingjoinpluginoc.dll [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16NPSPWRAP.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:Program Files (x86)AdobeAcrobat Reader DCReaderAIRnppdf32.dll [2019-12-17] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKUS-1-5-21-3039035032-4122823133-1544021328-1126: @ringcentral.com/RingCentralMeetingsPlugin -> C:UsersarnegundAppDataRoamingRingCentralMeetingsbinnprcmsplugin.dll [2020-04-15] (RingCentral, Inc. -> RingCentral Video Communications, Inc. and RingCentral Inc.)
Chrome:
=======
CHR Profile: C:UsersarnegundAppDataLocalGoogleChromeUser DataDefault [2022-03-29]
CHR Notifications: Default -> hxxps://book.lufthansa.com; hxxps://calendar.google.com; hxxps://www.facebook.com
CHR Extension: (Slides) - C:UsersarnegundAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2020-01-27]
CHR Extension: (Docs) - C:UsersarnegundAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2020-01-27]
CHR Extension: (Google Drive) - C:UsersarnegundAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:UsersarnegundAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-27]
CHR Extension: (Sheets) - C:UsersarnegundAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2020-01-27]
CHR Extension: (iCloud Bookmarks) - C:UsersarnegundAppDataLocalGoogleChromeUser DataDefaultExtensionsfkepacicchenbjecpbpbclokcabebhah [2020-01-27]
CHR Extension: (Google Docs Offline) - C:UsersarnegundAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-22]
CHR Extension: (Chrome Web Store Payments) - C:UsersarnegundAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:UsersarnegundAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR HKLM-x32...ChromeExtension: [ekdanjdjiocafhlghmdbakplcicppbfj] - C:Program Files (x86)AlignClinCheckApplicationbinNSAlignCC.crx [2011-05-03]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bnclupdate; C:Program Files (x86)BlueNote Communicator Lightsbnclupdate.exe [889344 2019-12-14] (BlueNote Software, LLC -> BlueNote Software, LLC)
R2 ClickToRunSvc; C:Program FilesCommon FilesMicrosoft SharedClickToRunOfficeClickToRun.exe [11649952 2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:Program Files (x86)DropboxUpdateDropboxUpdate.exe [130320 2021-11-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:WINDOWSsystem32DbxSvc.exe [44328 2022-03-14] (Dropbox, Inc -> Dropbox, Inc.)
R2 DDX; C:Program Files (x86)DDXbinDDX.Service.exe [348048 2019-03-11] (Henry Schein Practice Solutions Inc. -> Labnet Dental Lab Systems)
R2 DtxClientSrvc; C:Program Files (x86)DentrixUpdater_ServiceDentrixClientService.exe [32592 2021-12-15] (Henry Schein Practice Solutions, Inc. -> Henry Schein ONE)
R2 DtxUpdaterSrv; C:Program Files (x86)DentrixUpdater_ServiceDentrixUpdaterService.exe [59216 2021-12-15] (Henry Schein Practice Solutions, Inc. -> Henry Schein ONE)
R2 EPIntegrationService; C:Program FilesBitdefenderBitdefender Endpoint SecurityEPIntegrationService.exe [355168 2022-02-10] (Bitdefender SRL -> Bitdefender)
R2 EPProtectedService; C:Program FilesBitdefenderBitdefender Endpoint SecurityEPProtectedService.exe [367384 2022-02-10] (Bitdefender SRL -> Bitdefender)
R2 EPRedline; C:Program FilesBitdefenderBitdefender Endpoint Securitybdredline.exe [3119976 2022-02-10] (Bitdefender SRL -> Bitdefender)
R2 EPSecurityService; C:Program FilesBitdefenderBitdefender Endpoint SecurityEPSecurityService.exe [367384 2022-02-10] (Bitdefender SRL -> Bitdefender)
R2 EPUpdateService; C:Program FilesBitdefenderBitdefender Endpoint SecurityEPUpdateService.exe [355168 2022-02-10] (Bitdefender SRL -> Bitdefender)
R2 MicrosoftSearchInBing; C:Program Files (x86)MicrosoftMicrosoft Search in BingMicrosoftSearchInBing.exe [21376 2020-04-20] (Microsoft Corporation -> )
R2 NinjaRMMAgent; C:Program Files (x86)gundersendentalcaremainoffice-4.6.6402NinjaRMMAgentPatcher.exe [25673208 2022-01-14] (NinjaRMM, LLC -> NinjaRMM, LLC)
R2 NovaPdfServer; C:Program FilesSoftlandnovaPDF 8Servernovapdfs.exe [50600 2016-03-03] (Softland SRL -> Microsoft)
R2 ScreenConnect Client (48314664b66d5895); C:Program Files (x86)ScreenConnect Client (48314664b66d5895)ScreenConnect.ClientService.exe [93344 2022-03-22] (ConnectWise, LLC -> )
S3 Sense; C:Program FilesWindows Defender Advanced Threat ProtectionMsSense.exe [6254864 2022-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Syncro; C:Program FilesRepairTechSyncroSyncro.Service.Runner.exe [34480 2020-07-31] (Servably, Inc. -> RepairTech, Inc.)
R2 SyncroOvermind; C:ProgramDataSyncrobinSyncro.Overmind.Service.exe [776352 2021-10-17] (Servably, Inc. -> )
R2 TeamViewer; C:Program Files (x86)TeamViewerTeamViewer_Service.exe [13216272 2020-03-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0NisSrv.exe [3046608 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MsMpEng.exe [132504 2022-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmUStor; C:WINDOWSsystem32driversAmUStorU.sys [136760 2019-05-07] (Alcorlink Corp. -> )
S0 BDElam; C:WINDOWSSystem32driversbdelam.sys [22976 2021-10-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
S3 BthA2dp; C:WINDOWSSystem32driversBthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:WINDOWSSystem32driversbthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dlcdcncm; C:WINDOWSSystem32driversdlcdcncm62_x64.sys [90336 2021-08-26] (DISPLAYLINK (UK) LIMITED -> DisplayLink Corp.)
R3 MpKslf08c8c23; C:ProgramDataMicrosoftWindows DefenderDefinition Updates{60933C25-C35A-49AA-9F22-E775F4B61621}MpKslDrv.sys [137464 2022-03-29] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:WINDOWSSystem32driversnetaapl64.sys [23040 2019-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 SurfaceSerialHubDriver; C:WINDOWSSystem32DriverStoreFileRepositorysurfaceserialhubdriver.inf_amd64_f531483c52451822SurfaceSerialHubDriver.sys [366056 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
R2 trufos; C:WINDOWSSystem32DRIVERStrufos.sys [623008 2022-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 USBAAPL64; C:WINDOWSSystem32Driversusbaapl64.sys [54784 2019-10-07] (Apple, Inc.) [File not signed]
R3 UsbFltr; C:WINDOWSSystem32DriversUsbFltr.sys [12288 2007-04-09] (Microsoft Windows Hardware Compatibility Publisher -> Waytech Development, Inc.)
R0 vlflt; C:WINDOWSSystem32DRIVERSvlflt.sys [485792 2022-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S0 WdBoot; C:WINDOWSSystem32driverswdWdBoot.sys [49600 2022-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:WINDOWSSystem32driverswdWdFilter.sys [439544 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:WINDOWSSystem32driverswdWdNisDrv.sys [90360 2022-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:Program FilesRepairTechLiveAgentapp-0.0.60OpenHardwareMonitorLib.sys [14544 2020-09-10] (Noriyuki MIYAZAKI -> OpenLibSys.org)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-30 08:14 - 2022-03-30 08:14 - 000000000 ____D C:FRST
2022-03-29 19:45 - 2022-03-29 19:45 - 000854016 _____ C:UsersarnegundDownloadsOrder-BILLED-ID9523502.iso
2022-03-29 19:45 - 2022-03-29 19:45 - 000000000 ____D C:ProgramDataMinu
2022-03-29 19:45 - 2022-03-29 19:45 - 000000000 ____D C:ProgramDataFox
2022-03-25 20:11 - 2022-03-25 20:11 - 000162816 _____ C:WINDOWSsystem32DataStoreCacheDumpTool.exe
2022-03-25 20:11 - 2022-03-25 20:11 - 000048640 _____ (Adobe Systems) C:WINDOWSsystem32atmlib.dll
2022-03-25 20:11 - 2022-03-25 20:11 - 000039936 _____ (Adobe Systems) C:WINDOWSSysWOW64atmlib.dll
2022-03-25 20:11 - 2022-03-25 20:11 - 000011791 _____ C:WINDOWSsystem32DrtmAuthTxt.wim
2022-03-25 20:05 - 2022-03-25 20:05 - 000000000 ___HD C:$WinREAgent
2022-03-23 11:05 - 2022-03-23 11:05 - 000024931 _____ C:UsersarnegundDownloadsPaycheck_2022-03-06_2022-03-19.pdf
2022-03-23 09:01 - 2022-03-23 09:01 - 000000000 ____D C:Program Files (x86)ScreenConnect Client (48314664b66d5895)
2022-03-18 20:13 - 2022-03-18 20:13 - 002254336 _____ C:WINDOWSsystem32dwmscene.dll
2022-03-18 20:13 - 2022-03-18 20:13 - 000223744 _____ C:WINDOWSSysWOW64TpmTool.exe
2022-03-18 20:13 - 2022-03-18 20:13 - 000195584 _____ C:WINDOWSsystem32uwfcfgmgmt.dll
2022-03-18 20:12 - 2022-03-18 20:12 - 002260992 _____ C:WINDOWSsystem32TextInputMethodFormatter.dll
2022-03-18 20:12 - 2022-03-18 20:12 - 000272896 _____ C:WINDOWSsystem32TpmTool.exe
2022-03-16 12:47 - 2022-03-16 12:47 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsDropbox
2022-03-14 23:36 - 2022-03-14 23:36 - 000047600 _____ (Dropbox, Inc.) C:WINDOWSsystem32Driversdbx-stable.sys
2022-03-14 23:36 - 2022-03-14 23:36 - 000047600 _____ (Dropbox, Inc.) C:WINDOWSsystem32Driversdbx-dev.sys
2022-03-14 23:36 - 2022-03-14 23:36 - 000047600 _____ (Dropbox, Inc.) C:WINDOWSsystem32Driversdbx-canary.sys
2022-03-14 23:36 - 2022-03-14 23:36 - 000047600 _____ (Dropbox, Inc.) C:WINDOWSsystem32Driversdbx.sys
2022-03-14 23:36 - 2022-03-14 23:36 - 000044328 _____ (Dropbox, Inc.) C:WINDOWSsystem32DbxSvc.exe
2022-03-07 20:24 - 2022-03-07 20:24 - 000016236 _____ C:UsersarnegundDownloadsGundersen 2022 (1).xlsx
2022-03-03 11:21 - 2022-03-03 11:21 - 000000441 _____ C:UsersarnegundDownloadstranscript.txt
2022-03-03 11:18 - 2022-03-03 11:18 - 006915267 _____ C:UsersarnegundDownloadsWhitening-Ordering-Quick-Start-Guide.pdf
2022-03-01 13:13 - 2022-03-30 08:15 - 000000000 ____D C:UsersarnegundAppDataRoamingMessenger
2022-03-01 13:13 - 2022-03-30 08:15 - 000000000 ____D C:UsersarnegundAppDataLocalMessenger
2022-03-01 13:13 - 2022-03-01 13:13 - 000002362 _____ C:UsersarnegundAppDataRoamingMicrosoftWindowsStart MenuProgramsMessenger.lnk
2022-03-01 13:13 - 2022-03-01 13:13 - 000002354 _____ C:UsersarnegundDesktopMessenger.lnk
2022-03-01 13:13 - 2022-03-01 13:13 - 000000000 ____D C:UsersarnegundAppDataLocalLowMessenger
2022-03-01 13:13 - 2022-03-01 13:13 - 000000000 ____D C:UsersarnegundAppDataLocalmessenger-updater
2022-03-01 13:12 - 2022-03-01 13:13 - 034491544 _____ (Facebook, Inc.) C:UsersarnegundDownloadsMessenger.142.0.0.6.106.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-30 08:15 - 2020-01-24 09:55 - 000000136 _____ C:WINDOWSsystem32confignetlogon.ftl
2022-03-30 08:15 - 2019-12-07 02:14 - 000000000 ____D C:ProgramDataregid.1991-06.com.microsoft
2022-03-30 08:13 - 2020-04-09 11:05 - 000000000 ____D C:UsersarnegundDocumentsConnectWiseControl
2022-03-30 08:09 - 2020-01-24 09:03 - 000000000 ____D C:Program Files (x86)Google
2022-03-30 08:08 - 2020-01-27 10:39 - 000000000 ____D C:UsersarnegundAppDataLocalDropbox
2022-03-30 08:07 - 2020-01-27 10:41 - 000000000 ___RD C:UsersarnegundOneDrive
2022-03-30 08:07 - 2020-01-24 09:23 - 000000000 ____D C:ProgramDataScreenConnect Client (48314664b66d5895)
2022-03-29 20:08 - 2022-01-03 17:37 - 000000000 ____D C:UsersarnegundDocumentsOutlook Files
2022-03-29 19:45 - 2019-12-07 02:13 - 000000000 ____D C:WINDOWSINF
2022-03-29 19:40 - 2021-09-04 06:44 - 000002448 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Edge.lnk
2022-03-29 19:40 - 2019-12-07 02:14 - 000000000 ___HD C:Program FilesWindowsApps
2022-03-29 19:40 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSAppReadiness
2022-03-29 19:31 - 2021-09-04 06:44 - 000000000 ____D C:WINDOWSsystem32SleepStudy
2022-03-28 12:08 - 2022-02-18 16:14 - 000004162 _____ C:WINDOWSsystem32TasksUser_Feed_Synchronization-{30743539-1241-4FE2-8DAE-EE66CF7E87DE}
2022-03-26 07:05 - 2020-01-27 08:27 - 000000000 ____D C:WINDOWSFirmware
2022-03-26 01:15 - 2021-09-04 06:49 - 000795802 _____ C:WINDOWSsystem32PerfStringBackup.INI
2022-03-26 01:07 - 2020-10-21 22:08 - 000001058 _____ C:WINDOWSSysWOW64smbios.bin
2022-03-26 01:07 - 2020-08-24 09:58 - 000000000 ____D C:ProgramDataNinjaRMMAgent
2022-03-26 01:06 - 2021-09-04 06:51 - 000000006 ____H C:WINDOWSTasksSA.DAT
2022-03-26 01:06 - 2021-09-04 06:44 - 000440776 _____ C:WINDOWSsystem32FNTCACHE.DAT
2022-03-26 01:06 - 2021-09-04 06:44 - 000008192 ___SH C:DumpStack.log.tmp
2022-03-26 01:06 - 2021-06-15 20:07 - 000000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsBitdefender Endpoint Security
2022-03-26 01:06 - 2020-04-01 15:56 - 000000000 ____D C:Program Files (x86)TeamViewer
2022-03-26 01:06 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSServiceState
2022-03-26 01:06 - 2019-10-15 09:54 - 000000000 ____D C:Intel
2022-03-26 01:01 - 2019-12-07 02:54 - 000000000 ____D C:Program FilesWindows Defender Advanced Threat Protection
2022-03-26 01:01 - 2019-12-07 02:14 - 000000000 ___RD C:WINDOWSImmersiveControlPanel
2022-03-26 01:01 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSSysWOW64Dism
2022-03-26 01:01 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSSystemResources
2022-03-26 01:01 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSsystem32oobe
2022-03-26 01:01 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSsystem32Dism
2022-03-26 01:01 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSShellExperiences
2022-03-26 01:01 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSProvisioning
2022-03-26 01:01 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSPolicyDefinitions
2022-03-26 01:01 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSbcastdvr
2022-03-26 01:01 - 2019-12-07 02:03 - 001048576 _____ C:WINDOWSsystem32configBBI
2022-03-25 20:14 - 2019-12-07 02:03 - 000000000 ____D C:WINDOWSCbsTemp
2022-03-25 14:33 - 2019-12-07 02:54 - 000000000 ___SD C:WINDOWSsystem32AppV
2022-03-25 14:33 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSsystem32WinBioPlugIns
2022-03-25 14:33 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSsystem32migwiz
2022-03-25 14:33 - 2019-12-07 02:03 - 000000000 ____D C:WINDOWSservicing
2022-03-24 11:47 - 2020-01-27 10:39 - 000000000 ____D C:UsersarnegundAppDataLocalPackages
2022-03-20 17:13 - 2020-01-24 09:04 - 000002311 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk
2022-03-18 20:50 - 2021-12-11 09:33 - 000003592 _____ C:WINDOWSsystem32TasksOneDrive Reporting Task-S-1-5-21-3039035032-4122823133-1544021328-1126
2022-03-18 20:50 - 2021-09-04 06:51 - 000003374 _____ C:WINDOWSsystem32TasksOneDrive Standalone Update Task-S-1-5-21-3039035032-4122823133-1544021328-1126
2022-03-18 20:50 - 2021-09-04 06:45 - 000002402 _____ C:UsersarnegundAppDataRoamingMicrosoftWindowsStart MenuProgramsOneDrive.lnk
2022-03-18 20:24 - 2020-01-27 08:26 - 000000000 ____D C:WINDOWSsystem32MRT
2022-03-18 20:20 - 2020-01-27 08:26 - 145666720 ____C (Microsoft Corporation) C:WINDOWSsystem32MRT.exe
2022-03-18 20:16 - 2020-10-11 17:04 - 000000000 ____D C:Program FilesMicrosoft Update Health Tools
2022-03-18 20:12 - 2021-09-04 06:45 - 002877952 _____ (Microsoft Corporation) C:WINDOWSSysWOW64PrintConfig.dll
2022-03-16 12:48 - 2020-01-24 09:11 - 000000000 ____D C:Program Files (x86)Dropbox
2022-03-15 07:54 - 2019-09-03 14:01 - 000000000 ____D C:WINDOWSsystem32Driverswd
2022-03-13 18:59 - 2020-01-24 09:11 - 000000942 _____ C:WINDOWSTasksDropboxUpdateTaskMachineUA.job
2022-03-13 18:59 - 2020-01-24 09:11 - 000000938 _____ C:WINDOWSTasksDropboxUpdateTaskMachineCore.job
2022-03-13 18:58 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSsystem32et-EE
2022-03-13 18:58 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSsystem32es-MX
2022-03-13 18:58 - 2019-12-07 02:14 - 000000000 ____D C:WINDOWSsystem32appraiser
2022-03-13 17:59 - 2021-09-04 06:45 - 000000000 ____D C:Usersarnegund
2022-03-11 08:53 - 2021-09-04 06:51 - 000003900 _____ C:WINDOWSsystem32TasksDropboxUpdateTaskMachineUA
2022-03-11 08:53 - 2021-09-04 06:51 - 000003668 _____ C:WINDOWSsystem32TasksDropboxUpdateTaskMachineCore
2022-03-11 08:44 - 2019-09-03 14:10 - 000000000 ____D C:Program FilesMicrosoft Office
2022-03-10 08:32 - 2021-10-05 08:18 - 000003480 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineUA
2022-03-10 08:32 - 2021-10-05 08:18 - 000003386 _____ C:WINDOWSsystem32TasksMicrosoftEdgeUpdateTaskMachineCore1d7a193c84fe289
==================== Files in the root of some directories ========
2022-02-18 15:59 - 2022-02-18 16:41 - 000032742 _____ () C:UsersarnegundAppDataLocalHSPS.ePrescribe.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-03-2022
Ran by arnegund (30-03-2022 08:16:18)
Running from C:UsersarnegundDocumentsConnectWiseControlTemp
Microsoft Windows 10 Pro Version 21H2 19044.1620 (X64) (2021-09-04 13:51:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
adg-support (S-1-5-21-539722387-2612857779-3550696916-1001 - Administrator - Enabled) => C:Usersadg-support
Administrator (S-1-5-21-539722387-2612857779-3550696916-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-539722387-2612857779-3550696916-503 - Limited - Disabled)
Guest (S-1-5-21-539722387-2612857779-3550696916-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-539722387-2612857779-3550696916-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Endpoint Security Antimalware (Disabled - Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC MUI (HKLM-x32...{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Align Support (HKLM-x32...{5EE5E472-A39A-486A-A26E-E918C79050A5}) (Version: 1.0.1.20 - Cadent)
Amazon Kindle (HKUS-1-5-21-3039035032-4122823133-1544021328-1126...Amazon Kindle) (Version: 1.30.0.59056 - Amazon)
Apple Application Support (32-bit) (HKLM-x32...{C3A282C9-4C8B-4A63-B449-3A064FB378D7}) (Version: 8.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM...{CC046FB9-E84E-4092-B924-DBE33DA2BE75}) (Version: 8.2 - Apple Inc.)
Bitdefender Endpoint Security (HKLM...Endpoint Security) (Version: 7.4.3.146 - Bitdefender)
BlueNote Communicator Lights (HKLM-x32...{D48A434C-C916-4BB1-9F96-6D4CB2F73EC6}) (Version: 7.11.6 - BlueNote Software, LLC) Hidden
BlueNote Communicator Lights (HKLM-x32...BlueNote Communicator Lights 7.11.6) (Version: 7.11.6 - BlueNote Software, LLC)
Bonjour (HKLM...{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco Webex Meetings (HKUS-1-5-21-3039035032-4122823133-1544021328-1126...ActiveTouchMeetingClient) (Version: 41.9.5 - Cisco Webex LLC)
ClinCheck (HKLM-x32...{E45D1CA0-C70E-4FF4-B46B-1F6ED85501F9}) (Version: 3.1.0.25 - Align Technology, Inc.) Hidden
ClinCheck (HKLM-x32...InstallShield_{E45D1CA0-C70E-4FF4-B46B-1F6ED85501F9}) (Version: 3.1.0.25 - Align Technology, Inc.)
ClinCheck Pro (HKUS-1-5-21-3039035032-4122823133-1544021328-1126...{ACEF76B4-4CF1-48E3-93EF-1B2782D8DB59}) (Version: 5.7.4.71 - Align Technology, Inc.)
DDX 1.3.14 (HKLM-x32...DDX Desktop) (Version: 1.3.14 - Labnet Dental Lab Systems)
DDX Desktop (HKLM-x32...{680665B1-8897-45DC-B731-55208EBF91E1}) (Version: 0.6.1 - Digital Dental Exchange)
DefaultPackMSI (HKLM-x32...{D066B018-448B-40C5-9034-259BBCC49351}) (Version: 4.6.2.0 - Microsoft) Hidden
Dentrix G7.5 (HKLM-x32...{D9C6F5F5-9A0A-40AA-BE24-B9F07154312D}) (Version: 17.5.91.0 - Henry Schein ONE) Hidden
Dentrix G7.5 (HKLM-x32...InstallShield_{D9C6F5F5-9A0A-40AA-BE24-B9F07154312D}) (Version: 17.5.91.0 - Henry Schein ONE)
Dentrix Smart Image 2.5 (HKLM-x32...Dentrix Smart Image) (Version: 2.5.7920.31369 - RealCloud Imaging Inc)
Dropbox (HKLM-x32...Dropbox) (Version: 144.4.4491 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32...{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.583.1 - Dropbox, Inc.) Hidden
DTX_LMAddIn (HKUS-1-5-21-3039035032-4122823133-1544021328-1126...BA63237B87E90BE1CCB44E36F39B01E806DCACE5) (Version: 2.0.0.1 - Dentrix Dental Systems, Inc.)
EDIdEv Framework EDI (32-bit) (HKLM-x32...EDIdEv (32-bit)) (Version: 5.6.742.455 - Edidev)
Google Chrome (HKLM...{1A5FCC6F-E52F-3B3A-8E77-E04407D739F4}) (Version: 99.0.4844.74 - Google LLC)
GoTo Opener (HKLM-x32...{227328A3-A434-449C-8074-010A45EE5E57}) (Version: 1.0.540 - LogMeIn, Inc.)
GoToMeeting 10.18.0.19932 (HKUS-1-5-21-3039035032-4122823133-1544021328-1126...GoToMeeting) (Version: 10.18.0.19932 - LogMeIn, Inc.)
GPL Ghostscript (HKLM...GPL Ghostscript 9.50) (Version: 9.50 - Artifex Software Inc.)
Invisalign Outcome Simulator (HKLM-x32...{B69EDF1F-BFF1-494D-8A13-B2A71360B3CF}) (Version: 4.2.1.22 - Align Technology, Inc.)
Messenger (HKUS-1-5-21-3039035032-4122823133-1544021328-1126...c1b3adcf-2068-5e8d-b25d-30ce588e3a4c) (Version: 142.0.353127249 - Facebook, Inc.)
Microsoft 365 Apps for enterprise - en-us (HKLM...O365ProPlusRetail - en-us) (Version: 16.0.14931.20132 - Microsoft Corporation)
Microsoft Edge (HKLM-x32...Microsoft Edge) (Version: 99.0.1150.55 - Microsoft Corporation)
Microsoft Office Home and Business 2019 - en-us (HKLM...HomeBusiness2019Retail - en-us) (Version: 16.0.14931.20132 - Microsoft Corporation)
Microsoft OneDrive (HKUS-1-5-21-3039035032-4122823133-1544021328-1126...OneDriveSetup.exe) (Version: 22.045.0227.0004 - Microsoft Corporation)
Microsoft OneDrive (HKUS-1-5-21-539722387-2612857779-3550696916-1001...OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Search in Bing (HKLM-x32...{C17F6DEF-D34C-4B75-97E1-D81062408B4A}) (Version: 2.0.2 - Microsoft Corporation)
Microsoft Teams (HKUS-1-5-21-3039035032-4122823133-1544021328-1126...Teams) (Version: 1.2.00.10168 - Microsoft Corporation)
Microsoft Teams (HKUS-1-5-21-539722387-2612857779-3550696916-1001...Teams) (Version: 1.2.00.10168 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM...{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM...{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32...{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32...{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
NinjaRMMAgent (HKLM-x32...{B93ED554-3F59-475C-93EC-91F77394C603}) (Version: 5.3.2848 - NinjaRMM LLC)
NinjaRMMAgent (HKLM-x32...NinjaRMMAgent 4.6.6402) (Version: 5.3.2848 - NinjaRMM LLC) Hidden
novaPDF 8 Printer Driver (HKLM...{F9F62525-05B6-4AD7-8D30-0D872CC1FB3C}) (Version: 8.5.940 - Softland)
Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20094 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM...{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Protected Trust (All Users) (HKLM-x32...{DC099F1B-478B-437C-91BF-DC914E4FC418}) (Version: 5.2.24.0 - Protected Trust, LLC)
Protected Trust PDF Printer (HKLM...{BF0A7BAD-D4ED-44EB-AEB8-BA43B1DA9964}) (Version: 8.5.940 - Softland)
RingCentral Meetings (HKUS-1-5-21-3039035032-4122823133-1544021328-1126...RingCentralMeetings) (Version: 19.4 - Zoom Video Communications, Inc. and RingCentral Inc.)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32...{8D6181F3-CACB-4B48-8B08-981F3A7F318B}) (Version: 13.0.0.99 - SAP)
ScreenConnect Client (48314664b66d5895) (HKLM-x32...{61F4CFB5-2E0D-4F3B-B8D9-D127FD21CF94}) (Version: 22.2.7294.8116 - ScreenConnect Software)
Send to Dentrix Document Center (novaPDF OEM 7.7 printer) (HKLM...Send to Dentrix Document Center_is1) (Version: 7.7.400 - Softland)
SHARP MX-C250/C300 Series PCL/PS Printer Driver (HKLM-x32...SHARP MX-C250 C300 PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
Slitheris Network Discovery 1.1.287 (HKLM-x32...Slitheris_is1) (Version: 1.1.287 - Komodo Laboratories LLC)
Snagit 11 (HKLM-x32...{90D0FC4B-D653-4F49-BB97-A48C74A52E71}) (Version: 11.4.3 - TechSmith Corporation)
Syncro (HKLM...Syncro) (Version: 1.0.119.0 - Servably, Inc.)
Teams Machine-Wide Installer (HKLM-x32...{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.10168 - Microsoft Corporation)
TeamViewer (HKLM-x32...TeamViewer) (Version: 15.4.4445 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM...{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 - Microsoft Corporation)
Zoom (HKUS-1-5-21-3039035032-4122823133-1544021328-1126...ZoomUMX) (Version: 5.8.4 (1736) - Zoom Video Communications, Inc.)
Packages:
=========
HP Smart -> C:Program FilesWindowsAppsAD2F1837.HPPrinterControl_135.1.385.0_x64__v10z8vjag6ke6 [2022-03-22] (HP Inc.)
iCloud -> C:Program FilesWindowsAppsAppleInc.iCloud_13.0.201.0_x86__nzyj5cx40ttqa [2022-01-05] (Apple Inc.) [Startup Task]
iTunes -> C:Program FilesWindowsAppsAppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqa [2022-03-11] (Apple Inc.) [Startup Task]
Microsoft Solitaire Collection -> C:Program FilesWindowsAppsMicrosoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-29] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:Program FilesWindowsAppsMicrosoft.Whiteboard_52.10201.5809.0_x64__8wekyb3d8bbwe [2022-02-03] (Microsoft Corporation)
MPEG-2 Video Extension -> C:Program FilesWindowsAppsMicrosoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-26] (Microsoft Corporation)
Photos Add-on -> C:Program FilesWindowsAppsMicrosoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation)
Photos Media Engine Add-on -> C:Program FilesWindowsAppsMicrosoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-14] (Microsoft Corporation)
Realtek Audio Control -> C:Program FilesWindowsAppsRealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2021-09-04] (Realtek Semiconductor Corp)
Surface -> C:Program FilesWindowsAppsMicrosoft.SurfaceHub_61.3036.139.0_x64__8wekyb3d8bbwe [2022-03-29] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKUS-1-5-21-3039035032-4122823133-1544021328-1126_ClassesCLSID{1019ADC7-17CB-4489-AFD5-6642C7400ACE}localserver32 -> C:UsersarnegundAppDataLocalWebexWebexApplicationsptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKUS-1-5-21-3039035032-4122823133-1544021328-1126_ClassesCLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}InprocServer32 -> C:UsersarnegundAppDataLocalMicrosoftTeamsMeetingAddin1.0.19098.3x64Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-3039035032-4122823133-1544021328-1126_ClassesCLSID{81F2992E-1D7E-45E7-A9D7-93E87B295E52} -> [iCloud Photos] => C:UsersarnegundPicturesiCloud PhotosPhotos [2022-01-08 10:32]
CustomCLSID: HKUS-1-5-21-3039035032-4122823133-1544021328-1126_ClassesCLSID{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}InprocServer32 -> C:UsersarnegundAppDataLocalGoToMeeting19228G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKUS-1-5-21-3039035032-4122823133-1544021328-1126_ClassesCLSID{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}InprocServer32 -> C:UsersarnegundAppDataLocalMicrosoftTeamsMeetingAddin1.0.19098.3x64Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKUS-1-5-21-3039035032-4122823133-1544021328-1126_ClassesCLSID{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [Gundersen Dental Dropbox] => C:UsersarnegundGundersen Dental Dropbox [2020-01-27 11:00]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:Program Files (x86)TechSmithSnagit 11DLLx64SnagitShellExt64.dll [2014-04-18] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:Program Files (x86)TechSmithSnagit 11DLLx64SnagitShellExt64.dll [2014-04-18] (TechSmith Corporation -> TechSmith Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:Program Files (x86)DropboxClientDropboxExt64.52.0.dll [2022-01-18] (Dropbox, Inc -> Dropbox, Inc.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:UsersPublicDesktopInvisalign Doctor Site.lnk -> C:Program Files (x86)Internet Exploreriexplore.exe (Microsoft Corporation) -> hxxp://www.invisalign.com/vip
==================== Loaded Modules (Whitelisted) =============
2022-02-15 08:48 - 2022-02-15 08:48 - 002306560 _____ (Newtonsoft) [File not signed] C:WINDOWSassemblyNativeImages_v4.0.30319_32Newtonsoft.Json2f6018a2567a95120e59c8a2ecee41aNewtonsoft.Json.ni.dll
2016-03-03 17:18 - 2016-03-03 17:18 - 000018944 _____ (Softland) [File not signed] C:WINDOWSSystem32novamn8.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:UsersarnegundDocumentsA Comprehensive structure for Marriage Ministry.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:UsersarnegundDocumentsDiscipleship to Jesus.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:UsersarnegundDocumentsQuiet time guide#5-Focus of love.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:UsersarnegundDocumentsQuiet time guide#6-Focus of Love.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:UsersarnegundDocumentsSacred Story Simplification for marriage discipleship.docx:com.dropbox.attrs [54]
AlternateDataStreams: C:UsersarnegundDocumentsThe Case for Marriage.docx:com.dropbox.attrs [54]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkDtxClientSrvc => ""="Service"
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkDtxUpdaterSrv => ""="Service"
HKLMSYSTEMCurrentControlSetControlSafeBootNetworkScreenConnect Client (48314664b66d5895) => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootOffice16OCHelper.dll [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16OCHelper.dll [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:Program FilesMicrosoft OfficerootOffice16MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:Program FilesMicrosoft OfficerootVFSProgramFilesX86Microsoft OfficeOffice16MSOSB.DLL [2022-03-08] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-18 21:49 - 2019-03-18 21:49 - 000000824 _____ C:WINDOWSsystem32driversetchosts
2020-01-24 16:24 - 2021-02-22 13:26 - 000000374 _____ C:WINDOWSsystem32driversetchosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKUS-1-5-21-3039035032-4122823133-1544021328-1126Control PanelDesktop\Wallpaper -> C:UsersarnegundAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper
HKUS-1-5-21-539722387-2612857779-3550696916-1001Control PanelDesktop\Wallpaper -> C:windowswebwallpaperSurfaceSurface.jpg
DNS Servers: 192.168.16.3
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM...StartupApprovedStartupFolder: => "DDX.lnk"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{4D6585B2-A70C-4E52-8727-0F12F554275E}C:usersarnegundappdataroamingzoombinzoom.exe] => (Block) C:usersarnegundappdataroamingzoombinzoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{E9839227-BA4C-4A35-B2B3-F75E873644DB}C:usersarnegundappdataroamingzoombinzoom.exe] => (Block) C:usersarnegundappdataroamingzoombinzoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{D6B939C2-6195-4C91-ADC1-6D56CC552F1B}C:usersarnegundappdataroamingspotifyspotify.exe] => (Block) C:usersarnegundappdataroamingspotifyspotify.exe => No File
FirewallRules: [TCP Query User{5D621F0E-DB0D-4483-9996-C7A021D8A306}C:usersarnegundappdataroamingspotifyspotify.exe] => (Block) C:usersarnegundappdataroamingspotifyspotify.exe => No File
FirewallRules: [UDP Query User{C59E318A-EFF9-42C1-A9B9-69A1C8E9CC63}C:usersarnegundappdataroamingspotifyspotify.exe] => (Block) C:usersarnegundappdataroamingspotifyspotify.exe => No File
FirewallRules: [TCP Query User{D4635E75-66F5-4EDE-BBD8-BE129F8BC3F1}C:usersarnegundappdataroamingspotifyspotify.exe] => (Block) C:usersarnegundappdataroamingspotifyspotify.exe => No File
FirewallRules: [UDP Query User{6E1B2653-9568-4902-9B0F-0094F36C3CAE}C:usersarnegundappdataroamingspotifyspotify.exe] => (Allow) C:usersarnegundappdataroamingspotifyspotify.exe => No File
FirewallRules: [TCP Query User{5183405D-79D0-47F2-A643-21CC7B7E03B3}C:usersarnegundappdataroamingspotifyspotify.exe] => (Allow) C:usersarnegundappdataroamingspotifyspotify.exe => No File
FirewallRules: [{A04C6B23-E28E-4DD7-8AE6-AFE4D5B942F6}] => (Allow) LPort=8298
FirewallRules: [{98D9681F-5912-4C5C-AB32-6C411C57C0AC}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6BB55BE6-C2EB-41FB-89DD-1365CF9092AB}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B608D6DA-C0CA-436E-90A2-AB7653880E75}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6C157D7D-5D86-44B7-818D-6E3C4584FD6B}] => (Allow) C:Program Files (x86)TeamViewerTeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{ACB0C384-0E32-4BF9-815D-D1886CB9BE42}] => (Allow) LPort=8501
FirewallRules: [{774CEA47-6816-4170-9906-B70189C19045}] => (Allow) LPort=8501
FirewallRules: [{ADA4CDB1-1C9A-41E9-8ABB-E456522F0A40}] => (Allow) C:Program Files (x86)BlueNote Communicator LightsBlueNoteCL.exe (BlueNote Software, LLC -> BlueNote Software, LLC)
FirewallRules: [UDP Query User{39BC2551-2302-453F-BAFD-AB431F5775AC}\gundersent330dataimagexlimagexl.exe] => (Allow) \gundersent330dataimagexlimagexl.exe (Apteryx, Inc. -> Apteryx, Inc.)
FirewallRules: [TCP Query User{18B9185B-1C13-4628-B710-316387719F46}\gundersent330dataimagexlimagexl.exe] => (Allow) \gundersent330dataimagexlimagexl.exe (Apteryx, Inc. -> Apteryx, Inc.)
FirewallRules: [{B4FACEE2-671F-4DF3-AAEB-999556018F7B}] => (Allow) C:Program Files (x86)Komodo LabsSlitherisSlitheris.exe (Komodo Laboratories LLC -> Komodo Laboratories LLC)
FirewallRules: [{97C7806B-13FC-4B21-8A65-A7D8BF3C9A19}] => (Allow) C:Program Files (x86)Komodo LabsSlitherisSlitheris.exe (Komodo Laboratories LLC -> Komodo Laboratories LLC)
FirewallRules: [{F44A023F-F1A0-43AC-93E8-A9A8F736DCBE}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D617A4A2-2203-4467-9105-F93350F77D68}] => (Allow) C:Program Files (x86)BonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{729784C4-9185-4DC1-8D21-5DB70AB87120}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1D3FE49A-7784-4580-9214-BEFC9D6BFBC4}] => (Allow) C:Program FilesBonjourmDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{22E0F27C-20CF-404B-99A9-356846C4C78D}] => (Allow) C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F974E830-F3B8-4564-AFBD-7E58D137D751}] => (Allow) C:Program FilesRepairTechLiveAgentSyncroLive.Service.Runner.exe => No File
FirewallRules: [{E4EB446E-AF1C-4112-AEDE-90E864865C6B}] => (Allow) C:Program FilesRepairTechLiveAgentSyncroLive.Service.Runner.exe => No File
FirewallRules: [{23C89562-9FE6-495A-8205-60D9A5E19253}] => (Allow) C:Program FilesRepairTechLiveAgentSyncroLive.Agent.Runner.exe => No File
FirewallRules: [{8C7663A1-67A4-408E-AB08-4E2A0DA70BC6}] => (Allow) C:Program FilesRepairTechLiveAgentSyncroLive.Agent.Runner.exe => No File
FirewallRules: [{0ea55f74-6520-4b11-8059-7f2437ce4e6a}] => (Allow) LPort=6600
FirewallRules: [{920bc1d4-72f2-4bfd-875e-9d55bd1f1578}] => (Allow) LPort=6610
FirewallRules: [{0461a81d-17c3-416e-9a3e-4f69f933400c}] => (Allow) LPort=6600
FirewallRules: [{1b106d9e-5333-4a05-a6f5-587c82c5ba5e}] => (Allow) LPort=6610
FirewallRules: [{99B68F0C-A188-47CF-9E53-01424059B899}] => (Allow) C:Program FilesRepairTechSyncroSyncro.Service.Runner.exe (Servably, Inc. -> RepairTech, Inc.)
FirewallRules: [{75939EEE-210A-4837-9B56-1C1FC42A5557}] => (Allow) C:Program FilesRepairTechSyncroSyncro.Service.Runner.exe (Servably, Inc. -> RepairTech, Inc.)
FirewallRules: [{AD105FF3-E4C1-4DF0-876E-267E7625FF80}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1EC359A1-57A8-4664-B69C-17ABC0B595EF}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E7AFA37B-F6A4-4AA1-92F8-CC6627E3349D}C:usersarnegundappdataroamingzoombinzoom.exe] => (Block) C:usersarnegundappdataroamingzoombinzoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{79BFD1EE-6B74-48EE-9F2D-F0E63AD96541}C:usersarnegundappdataroamingzoombinzoom.exe] => (Block) C:usersarnegundappdataroamingzoombinzoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{55FBB31C-C74C-4FD7-BE95-D19737D7FFAF}] => (Allow) LPort=6600
FirewallRules: [{74022A1B-39D3-42AC-BB3E-8B4037226469}] => (Allow) LPort=6608
FirewallRules: [{93B18E1E-C8A7-4011-9A4B-49410C615316}] => (Allow) LPort=6597
FirewallRules: [{097C8EE6-D9EA-4C72-BC84-6189C73E406B}] => (Allow) LPort=6600
FirewallRules: [{C951EC6E-B0FC-4024-9CDB-F57661708AFB}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DE983DEC-0DAB-4755-BC92-815C2EB8582F}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A203A02E-CE87-4AE6-9454-1BB0C0215743}] => (Allow) C:Program FilesMicrosoft OfficerootOffice16UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{97E6444B-58DF-4E61-BEBC-8A081E721025}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{91FFC8E3-326D-4706-B5C2-114B4D0345ED}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CE5560B1-2168-4C54-B869-86325D219FDD}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E3D8E1EA-6912-4D51-B66C-E6130321E0AC}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqaiTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F2EF09B5-31E9-4ED4-B90D-3396ABF1BFBC}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{829917EC-8A43-4BA6-A1AB-8A2D3287BE0D}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D179E847-7B00-417B-A36B-70CFA440DF55}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{662BD085-B34B-4C72-A8BE-00DFD67CC263}] => (Allow) C:Program FilesWindowsAppsAppleInc.iTunes_12123.5.56009.0_x64__nzyj5cx40ttqaAMDS64AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{69EE7169-3DFF-4C71-B1DB-67B32B423994}] => (Allow) C:Program Files (x86)DropboxClientDropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{6384AB6D-49DF-4170-8A8A-A9A040A4539E}] => (Allow) C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google LLC -> Google LLC)
FirewallRules: [{45CEA96C-748B-4C22-8BE2-F7E62EBC3970}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1AF35B3F-837A-48D3-B850-B885C9A0CD7E}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C74EB231-6F19-4FFB-A106-9039FC683986}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{83572BC6-5A97-4208-99D4-43C7554A09DE}] => (Allow) C:Program FilesWindowsAppsMicrosoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5cSkypeSkype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
25-03-2022 08:00:50 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/30/2022 08:15:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Faulting module name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Exception code: 0xc0000409
Fault offset: 0x021f6834
Faulting process id: 0x2d8c
Faulting application start time: 0x01d84449090cce67
Faulting application path: C:Program Files (x86)TeamViewerTeamViewer.exe
Faulting module path: C:Program Files (x86)TeamViewerTeamViewer.exe
Report Id: 0ae94aab-f2a1-40ab-b751-bf5deb5fe469
Faulting package full name:
Faulting package-relative application ID:
Error: (03/30/2022 08:13:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Faulting module name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Exception code: 0xc0000409
Fault offset: 0x021f6834
Faulting process id: 0x4534
Faulting application start time: 0x01d84448be1c0f1f
Faulting application path: C:Program Files (x86)TeamViewerTeamViewer.exe
Faulting module path: C:Program Files (x86)TeamViewerTeamViewer.exe
Report Id: d9bddd33-31fc-496a-bba5-9966736fba21
Faulting package full name:
Faulting package-relative application ID:
Error: (03/30/2022 08:11:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Faulting module name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Exception code: 0xc0000409
Fault offset: 0x021f6834
Faulting process id: 0x4eec
Faulting application start time: 0x01d8444873266a30
Faulting application path: C:Program Files (x86)TeamViewerTeamViewer.exe
Faulting module path: C:Program Files (x86)TeamViewerTeamViewer.exe
Report Id: 7f04c812-7875-448d-a682-7072352e6da9
Faulting package full name:
Faulting package-relative application ID:
Error: (03/30/2022 08:11:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Faulting module name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Exception code: 0xc0000409
Fault offset: 0x021f6834
Faulting process id: 0x3e3c
Faulting application start time: 0x01d844486f71b54f
Faulting application path: C:Program Files (x86)TeamViewerTeamViewer.exe
Faulting module path: C:Program Files (x86)TeamViewerTeamViewer.exe
Report Id: 7856b1da-606e-41f7-ac37-9beaef0a0e12
Faulting package full name:
Faulting package-relative application ID:
Error: (03/30/2022 08:11:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Faulting module name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Exception code: 0xc0000409
Fault offset: 0x021f6834
Faulting process id: 0x4900
Faulting application start time: 0x01d844486f355999
Faulting application path: C:Program Files (x86)TeamViewerTeamViewer.exe
Faulting module path: C:Program Files (x86)TeamViewerTeamViewer.exe
Report Id: 59be392f-21f7-4662-bda0-bfcd0f9683f2
Faulting package full name:
Faulting package-relative application ID:
Error: (03/30/2022 08:11:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Faulting module name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Exception code: 0xc0000409
Fault offset: 0x021f6834
Faulting process id: 0x4970
Faulting application start time: 0x01d844486ec30b39
Faulting application path: C:Program Files (x86)TeamViewerTeamViewer.exe
Faulting module path: C:Program Files (x86)TeamViewerTeamViewer.exe
Report Id: 5262434c-6a3f-47cb-8201-6e7d8137b81a
Faulting package full name:
Faulting package-relative application ID:
Error: (03/30/2022 08:11:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Faulting module name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Exception code: 0xc0000409
Fault offset: 0x021f6834
Faulting process id: 0x4f04
Faulting application start time: 0x01d844486e446b40
Faulting application path: C:Program Files (x86)TeamViewerTeamViewer.exe
Faulting module path: C:Program Files (x86)TeamViewerTeamViewer.exe
Report Id: 07747022-7ce4-48bb-bbcc-26f7e53135cc
Faulting package full name:
Faulting package-relative application ID:
Error: (03/30/2022 08:11:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Faulting module name: TeamViewer.exe, version: 15.4.4445.0, time stamp: 0x5e7475ff
Exception code: 0xc0000409
Fault offset: 0x021f6834
Faulting process id: 0x200
Faulting application start time: 0x01d844486dd61cdf
Faulting application path: C:Program Files (x86)TeamViewerTeamViewer.exe
Faulting module path: C:Program Files (x86)TeamViewerTeamViewer.exe
Report Id: 67ffa7e7-cae0-48f3-84c9-8ac9db8ac482
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (03/30/2022 08:07:33 AM) (Source: SurfaceTconDriver) (EventID: 13) (User: )
Description: Surface Tcon Driver TP Read fails, Status = 0xc0000186
Error: (03/30/2022 08:07:33 AM) (Source: SurfaceTconDriver) (EventID: 12) (User: )
Description: Surface Tcon Driver TP Write fails, Status = 0xc0000186
Error: (03/30/2022 08:07:33 AM) (Source: SurfaceTconDriver) (EventID: 13) (User: )
Description: Surface Tcon Driver TP Read fails, Status = 0xc0000186
Error: (03/30/2022 08:07:22 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: GUNDERSEN)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (03/30/2022 08:06:58 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {a19b595f-8f41-4504-98dd-080752ea61a7}, had event 74
Error: (03/29/2022 08:08:40 PM) (Source: DCOM) (EventID: 10010) (User: GUNDERSEN)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
Error: (03/29/2022 07:51:29 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: GUNDERSEN)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (03/29/2022 07:51:09 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {a19b595f-8f41-4504-98dd-080752ea61a7}, had event 74
Windows Defender:
================
Date: 2022-03-29 08:11:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-28 08:19:31
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-25 09:59:49
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-24 08:04:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-23 08:07:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2022-03-28 07:58:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.773.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2022-03-28 07:58:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.773.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2022-03-28 07:58:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.773.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2022-03-28 07:58:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.773.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2022-03-28 07:58:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.361.773.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.19000.8
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===============
Date: 2022-03-30 08:06:59
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MsMpEng.exe) attempted to load DeviceHarddiskVolume3WindowsSystem32DriverStoreFileRepositoryiigd_dch.inf_amd64_d73f88d32ddb95d3igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-03-28 07:53:52
Description:
Code Integrity determined that a process (DeviceHarddiskVolume3ProgramDataMicrosoftWindows DefenderPlatform4.18.2202.4-0MsMpEng.exe) attempted to load DeviceHarddiskVolume3Program FilesMicrosoft OfficerootvfsProgramFilesCommonX64Microsoft SharedOFFICE16MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Microsoft Corporation 13.101.140 12/14/2021
Motherboard: Microsoft Corporation Surface Pro 7
Processor: Intel(R) Core(TM) i5-1035G4 CPU @ 1.10GHz
Percentage of memory in use: 71%
Total physical RAM: 7778.18 MB
Available physical RAM: 2226.52 MB
Total Virtual: 18530.18 MB
Available Virtual: 12015.81 MB
==================== Drives ================================
Drive c: (Local Disk) (Fixed) (Total:237.33 GB) (Free:101.32 GB) NTFS
Drive d: (ID_Invoice______________________) (CDROM) (Total:0 GB) (Free:0 GB) UDF
\?Volume{64ef4237-0662-42b5-b671-8624d156c56c} (Windows RE tools) (Fixed) (Total:0.76 GB) (Free:0.23 GB) NTFS
\?Volume{c65ca922-8421-48e8-ac24-98dd32d8a6fd} (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 7088CD4B)
Partition: GPT.
==================== End of Addition.txt =======================
Source: https://www.bleepingcomputer.com/forums/t/770435/infected-with-a-variant-of-msilagentcfq-trojan/