Solved Can't get rid of Russian program

Barry · 2022/02/28

When I go into CCleaner -- Tools -- Uninstall, there appears a Russian program that is supposedly published by Microsoft. Every time I uninstall it, it reappears. I don't know what it is or how to get rid of it. The title is in Russian, so I can't even read what it says. Malwarebytes and RogueKiller don't seem to see it. Are you aware of what it is and how to get rid of it? https://u.pcloud.link/publink/show?code=XZT58XVZaMxOScp70PV1IBfrRkjS474Ck3gV

broni · 2022/02/28

Please, complete all steps listed HERE

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Barry · 2022/02/28

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2022
Ran by psyd_ (administrator) on MINE (Gigabyte Technology Co., Ltd. GA-790XTA-UD4) (28-02-2022 08:30:17)
Running from C:\Users\psyd_\Desktop\Computer tools\virus removal
Loaded Profiles: psyd_
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1526 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe" --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bils) [File not signed] F:\Program Files (x86)\PC Equalizer\PCEqualizer.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\Mozilla Firefox\firefox.exe ->) (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(C:\Program Files (x86)\pCloud Drive\pCloud.exe ->) (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe <11>
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(C:\Program Files\Sandboxie\SandboxieRpcSs.exe ->) (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(C:\Program Files\Sandboxie\SbieSvc.exe ->) (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(C:\Program Files\Sandboxie\SbieSvc.exe ->) (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCopyAccelerator.exe
(C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\Videostream.exe ->) (Groupnotes, Inc. -> ) C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\videostream-native\videostream-native.exe <2>
(explorer.exe ->) (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(explorer.exe ->) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\55.0.3.0\crashpad_handler.exe <4>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\55.0.3.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(explorer.exe ->) (Optimilia Studios) C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.30.0_x64__k42naep6bwmrc\Win32\iDownloaderConsole.exe
(explorer.exe ->) (pCloud AG -> pCloud AG) C:\Program Files (x86)\pCloud Drive\pCloud.exe
(F:\Program Files\Internet Download Manager\IDMan.exe ->) (Tonec Inc. -> Tonec Inc.) F:\Program Files\Internet Download Manager\IEMonitor.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Groupnotes, Inc. -> Videostream) C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\Videostream.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <57>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(nvvsvc.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Piriform Software Ltd -> Piriform Software Ltd) F:\Program Files\CCleaner\CCleaner64.exe <2>
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\CCleanerBrowserCrashHandler.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\CCleanerBrowserCrashHandler64.exe
(RuntimeBroker.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Apple Computer, Inc.) [File not signed] C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(services.exe ->) (Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(services.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(services.exe ->) (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe <3>
(services.exe ->) (Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe
(services.exe ->) (Motorola) [File not signed] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(services.exe ->) (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe
(services.exe ->) (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(svchost.exe ->) (Bernardo Zamora) C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8\Solitaire.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\psyd_\AppData\Local\Microsoft\OneDrive\22.022.0130.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Optimilia Studios) C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.30.0_x64__k42naep6bwmrc\iDownloadManager.exe
(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(svchost.exe ->) (Tonec Inc. -> Tonec Inc.) F:\Program Files\Internet Download Manager\IDMan.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1812032 2016-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-30] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952104 2020-09-24] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => F:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => F:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [PCEqualizer] => F:\Program Files (x86)\PC Equalizer\PCEqualizer.exe [6497792 2016-03-17] (Bils) [File not signed]
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\55.0.3.0\GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\55.0.3.0\GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3657560 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe [3424048 2022-01-24] (pCloud AG -> pCloud AG)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [CCleaner Smart Cleaning] => F:\Program Files\CCleaner\CCleaner64.exe [35646080 2022-02-14] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [Videostream] => C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\Videostream.exe [339608 2019-01-17] (Groupnotes, Inc. -> Videostream)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\55.0.3.0\GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [MicrosoftEdgeAutoLaunch_3173782CC43AAF1092A724F27F2433AD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\55.0.3.0\GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port: C:\WINDOWS\system32\AdobePDF64.dll [35928 2007-03-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\WINDOWS\system32\hpz3llhn.dll [36352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PrimoMon: C:\WINDOWS\system32\Primomonnt.dll [95008 2015-09-01] (Nitro PDF Software -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\98.0.14335.105\Installer\chrmstp.exe [2022-02-24] (Piriform Software Ltd -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\98.0.4758.102\Installer\chrmstp.exe [2022-02-16] (Google LLC -> Google LLC)
Startup: C:\Users\psyd_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FAXRX.lnk [2017-06-21]
ShortcutTarget: FAXRX.lnk -> C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14B46AC4-F184-4412-9AFB-71421440A92B} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1112576 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {2692B43A-D651-49B7-94E4-5DA0133970A5} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200600 2022-01-02] (Piriform Software Ltd -> Piriform Software)
Task: {27F51B85-9BA7-4A42-BF11-3B594BDF8DF4} - System32\Tasks\Microsoft\Windows\RestartManager\{2654D9D3-BD16-4b13-8208-E53DAF974B6A} => C:\WINDOWS\system32\rmclient.exe [18432 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {349F3779-0145-4E2A-8B58-7D991C6ED5E6} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2760608 2022-02-15] (Piriform Software Ltd -> Piriform Software)
Task: {67BA7C20-885B-441D-8216-765E7B20B52D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {67CDF4AD-BCFF-450F-9B54-E9063453B139} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {68FF8ABE-0D8C-4F9F-98BB-4A3468D22523} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200600 2022-01-02] (Piriform Software Ltd -> Piriform Software)
Task: {7F0F5CDD-2019-4B98-9FC2-4BB4558B0A5B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {89A92A6F-EC9A-4329-B3E2-B20917FD78C6} - System32\Tasks\CCleanerSkipUAC - psyd_ => F:\Program Files\CCleaner\CCleaner.exe [29764224 2022-02-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8DCA9B5D-DD5D-4CDA-97E4-C8B29570C826} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {991F1667-B5C2-4A46-BBF5-853BE48F1795} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {9E82A441-9211-4CA1-BDC8-9CACCC6FF1DE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B29DE1C8-FA08-47B3-AEED-16D96988431A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2022-01-13] () [File not signed]
Task: {B2E40843-4A42-42C4-8F57-BE678B0C4C17} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B855251C-A392-4BEF-A8A5-E3018891EC33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-29] (Google Inc -> Google Inc.)
Task: {BCB4E65E-9900-4E2C-B7DA-1B4A71432D21} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {E126B770-4A28-45CD-A54F-247567F920F7} - System32\Tasks\CCleaner Update => F:\Program Files\CCleaner\CCUpdate.exe [684976 2022-01-25] (Piriform Software Ltd -> Piriform)
Task: {E46164D7-3124-4D89-82E1-46147027F60C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {EB4E1A91-20FB-4C4E-AA06-AC3B23347FEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-29] (Google Inc -> Google Inc.)
Task: {EB7560E5-D542-4873-AEC3-B4FBCF725943} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {F278240C-ED90-4D7A-8E60-D61150F2C630} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2760608 2022-02-15] (Piriform Software Ltd -> Piriform Software)
Task: {F938B36D-9813-4BEF-B9F3-791407C7B3FD} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f7a6dcc0-a169-49bf-9d5a-c50892ff241e}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\psyd_\Downloads
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2021-11-13]
Edge DefaultProfile: Default
Edge Profile: C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-28]
Edge Extension: (Norton Safe Web) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2021-11-21]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2022-01-16]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-02-20]
Edge Extension: (IDM Integration Module) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2022-01-28]
Edge HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - F:\Program Files\Internet Download Manager\IDMEdgeExt.crx [2022-02-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: hh1qpzfn.default
FF ProfilePath: C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default [2022-02-28]
FF DownloadDir: F:\Downloads
FF Extension: (Test Pilot) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\@testpilot-addon.xpi [2018-10-17] [UpdateUrl:hxxps://testpilot.firefox.com/files/@testpilot-addon/updates.json]
FF Extension: (InvisibleHand) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2022-02-20]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-15]
FF Extension: (IDM Integration Module) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2022-02-20]
FF Extension: (snoozetabs) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\snoozetabs@mozilla.com.xpi [2018-01-20] [UpdateUrl:hxxps://testpilot.firefox.com/files/snoozetabs@mozilla/updates.json]
FF Extension: (TinEye Reverse Image Search) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\tineye@ideeinc.com.xpi [2022-01-02]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-02-20]
FF Extension: (Logitech SetPoint) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{84380428-8c9d-4bdf-913d-b2c34d6562d9}.xpi [2019-12-24]
FF Extension: (WOT Website Security & Browsing Protection) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2022-01-02]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-01-02]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-12-24] [not signed]
FF HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\psyd_\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\psyd_\AppData\Roaming\IDM\idmmzcc5 [2021-08-02] [Legacy] [not signed]
FF HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - F:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - F:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-12-19] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\GlanceGuest\npglance.dll [2018-01-24] (Glance Networks Inc -> Glance Networks, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\npCCleanerBrowserUpdate3.dll [2022-01-02] (Piriform Software Ltd -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\npCCleanerBrowserUpdate3.dll [2022-01-02] (Piriform Software Ltd -> Piriform Software)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default [2022-02-28]
CHR HomePage: Default -> hxxp://www.google.com
CHR Extension: (Slides) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-12]
CHR Extension: (WOT Website Security & Browsing Protection) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2022-02-09]
CHR Extension: (YouTube) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-28]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-01-21]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2019-12-24]
CHR Extension: (Sheets) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-24]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-02-09]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-06-25]
CHR Extension: (IDM Integration Module) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2022-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-25]
CHR Extension: (Gmail) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-12]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2022-02-18]
CHR HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2022-02-18]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2022-02-18]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200600 2022-01-02] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\98.0.14335.105\elevation_service.exe [1893872 2022-02-15] (Piriform Software Ltd -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200600 2022-01-02] (Piriform Software Ltd -> Piriform Software)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-03-21] (Macrovision Europe Ltd.) [File not signed]
R2 HsfXAudioService; C:\WINDOWS\SysWOW64\XAudio64.dll [436736 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe [473352 2017-03-30] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7997112 2022-02-20] (Malwarebytes Inc -> Malwarebytes)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14413808 2022-02-17] (ADLICE -> )
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [319320 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6136536 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe [2909208 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe [128376 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CAXHWBS2; C:\WINDOWS\system32\DRIVERS\CAXHWBS2.sys [411136 2009-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R1 cbfs20; C:\WINDOWS\System32\drivers\cbfs20.sys [447560 2022-01-04] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc. - www.callback.com)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-09] (EldoS Corporation -> /n software, Inc.)
R1 cbfsconnect2017; C:\WINDOWS\system32\drivers\cbfsconnect2017.sys [481296 2020-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbcx64.sys [38400 2016-05-10] (CSR plc.) [File not signed]
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R1 googledrivefs3688; C:\WINDOWS\System32\DRIVERS\googledrivefs3688.sys [381456 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R3 HSF_DPV; C:\WINDOWS\system32\DRIVERS\CAX_DPV.sys [1486848 2009-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221096 2022-02-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-12] (Malwarebytes Inc -> Malwarebytes)
R2 mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [17024 2006-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Conexant)
R3 MODEMCSA; C:\WINDOWS\system32\drivers\MODEMCSA.sys [28160 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [216184 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2022-02-20] (Adlice -> )
R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [20704 2019-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2022-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [438520 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
R3 winachsf; C:\WINDOWS\system32\DRIVERS\CAX_CNXT.sys [740864 2009-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R2 XAudio; C:\WINDOWS\system32\DRIVERS\XAudio64.sys [10240 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-20 19:40 - 2022-02-20 19:41 - 042095856 _____ (Adlice Software ) C:\Users\psyd_\Downloads\RogueKiller_setup (1).exe
2022-02-20 19:27 - 2022-02-20 19:27 - 000221096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-02-20 19:18 - 2022-02-20 19:18 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2022-02-20 19:13 - 2022-02-23 06:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-02-20 19:13 - 2022-02-20 19:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-02-18 09:32 - 2022-02-18 09:33 - 000000022 _____ C:\Users\psyd_\Downloads\2022-02-18 (1).zip
2022-02-18 09:29 - 2022-02-20 19:43 - 000000022 _____ C:\Users\psyd_\Downloads\2022-02-18.zip
2022-02-18 01:30 - 2018-12-19 16:05 - 000229296 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2022-02-16 09:30 - 2022-02-16 10:36 - 000000022 _____ C:\Users\psyd_\Downloads\Photos-001.zip
2022-02-16 09:26 - 2022-02-16 09:26 - 000000022 _____ C:\Users\psyd_\Downloads\2022-02-16 (3).zip
2022-02-16 09:23 - 2022-02-16 09:24 - 000000022 _____ C:\Users\psyd_\Downloads\2022-02-16 (2).zip
2022-02-16 09:21 - 2022-02-16 09:21 - 000000022 _____ C:\Users\psyd_\Downloads\2022-02-16 (1).zip
2022-02-16 09:18 - 2022-02-16 09:18 - 000000022 _____ C:\Users\psyd_\Downloads\2022-02-16.zip
2022-02-15 18:58 - 2022-02-15 18:58 - 034773134 _____ (KLCP ) C:\Users\psyd_\Downloads\K-Lite_Codec_Pack_1680_Standard.exe
2022-02-10 17:51 - 2022-02-10 17:51 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-02-10 17:51 - 2022-02-10 17:51 - 000011813 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-10 17:50 - 2022-02-10 17:50 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-02-10 17:50 - 2022-02-10 17:50 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2022-02-10 17:50 - 2022-02-10 17:50 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-02-10 17:41 - 2022-02-10 17:41 - 000000000 ___HD C:\$WinREAgent
2022-02-09 07:22 - 2022-01-27 23:30 - 000381776 _____ (Cisco WebEx LLC) C:\WINDOWS\SysWOW64\atsckernel.exe
2022-02-09 07:22 - 2022-01-27 23:30 - 000276304 _____ (Cisco WebEx LLC) C:\WINDOWS\SysWOW64\atashost.exe
2022-02-09 07:22 - 2022-01-27 23:24 - 000165200 _____ (Cisco WebEx LLC) C:\WINDOWS\SysWOW64\wbxtrace.dll
2022-02-09 07:21 - 2022-02-09 07:31 - 000000000 ____D C:\ProgramData\WebEx
2022-02-09 07:21 - 2022-02-09 07:22 - 000000000 ____D C:\Users\psyd_\AppData\Local\WebEx
2022-02-09 07:21 - 2022-02-09 07:21 - 000000000 ____D C:\Users\psyd_\AppData\LocalLow\WebEx
2022-02-03 12:03 - 2022-02-03 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STMicroelectronics
2022-02-03 12:03 - 2022-02-03 12:03 - 000000000 ____D C:\Program Files (x86)\STMicroelectronics
2022-02-03 06:53 - 2022-02-10 18:12 - 096993280 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-02-03 06:47 - 2022-02-03 06:52 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-02-02 22:21 - 2022-02-02 22:21 - 000000000 ____D C:\Program Files (x86)\pCloud Drive
2022-02-02 18:28 - 2022-02-02 18:28 - 001234148 _____ C:\Users\psyd_\Desktop\CCF02022022.pdf
2022-02-02 15:22 - 2022-02-28 08:31 - 000000000 ____D C:\FRST
2022-02-02 13:37 - 2022-02-02 13:37 - 000000000 ____D C:\Users\psyd_\Downloads\en.stsw-stm32080_v3.0.6
2022-02-02 12:52 - 2022-02-03 12:07 - 000000000 ____D C:\Users\psyd_\Desktop\tinySA_v1.3-336-gb8215bc.bin
2022-02-02 11:37 - 2022-02-02 11:37 - 007415987 _____ C:\Users\psyd_\Desktop\tinySA Update.pdf
2022-02-01 06:06 - 2022-02-01 06:06 - 042051760 _____ (Adlice Software ) C:\Users\psyd_\Downloads\RogueKiller_setup.exe
2022-01-30 19:19 - 2022-01-30 19:19 - 000219600 _____ C:\Users\psyd_\Downloads\ViewEOB.pdf
2022-01-29 09:36 - 2022-01-29 09:36 - 017274918 _____ C:\Users\psyd_\Desktop\Home Buying 3.bmp
2022-01-29 09:34 - 2022-01-29 09:34 - 003098814 _____ C:\Users\psyd_\Desktop\Home Buying 2.bmp
2022-01-29 09:33 - 2022-01-29 09:33 - 018941886 _____ C:\Users\psyd_\Desktop\Home Buying 1.bmp
2022-01-29 09:31 - 2022-01-29 09:31 - 001634248 _____ C:\Users\psyd_\Desktop\CCF01292022.pdf
2022-01-29 09:28 - 2022-01-29 09:44 - 000057354 _____ C:\Users\psyd_\Desktop\Mortgage Advice.pdf
2022-01-29 09:19 - 2022-01-29 09:19 - 001966796 _____ C:\Users\psyd_\Desktop\CCF01292022_0002.pdf
2022-01-29 09:19 - 2022-01-29 09:19 - 001573019 _____ C:\Users\psyd_\Desktop\CCF01292022_0001.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-28 08:19 - 2016-06-29 12:37 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-28 08:05 - 2022-01-02 16:22 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2022-02-28 08:05 - 2016-12-09 11:07 - 000000000 ____D C:\Users\psyd_\AppData\LocalLow\Mozilla
2022-02-28 08:02 - 2021-09-22 23:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-28 07:55 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-28 07:55 - 2017-12-07 07:32 - 000000000 ____D C:\Users\psyd_\AppData\Local\Packages
2022-02-28 07:54 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-28 07:54 - 2017-12-15 10:07 - 000000000 ____D C:\Users\psyd_\AppData\Local\PlaceholderTileLogoFolder
2022-02-28 06:35 - 2019-02-10 16:05 - 000000000 ____D C:\ProgramData\Mozilla
2022-02-28 06:32 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-27 05:48 - 2016-03-24 07:40 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\IDM
2022-02-26 17:53 - 2016-03-24 07:40 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\DMCache
2022-02-26 17:36 - 2019-01-17 18:00 - 000002396 _____ C:\Users\psyd_\Desktop\Videostream.lnk
2022-02-26 14:19 - 2019-01-17 18:00 - 000000000 ____D C:\Users\psyd_\AppData\Local\SquirrelTemp
2022-02-25 18:30 - 2020-07-05 05:26 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-24 18:51 - 2022-01-02 16:23 - 000002406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2022-02-24 18:51 - 2022-01-02 16:23 - 000002371 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2022-02-21 09:06 - 2017-06-21 10:37 - 000000136 _____ C:\WINDOWS\Brfaxrx.ini
2022-02-21 06:26 - 2021-09-22 23:18 - 000003300 _____ C:\WINDOWS\system32\Tasks\klcp_update
2022-02-21 06:26 - 2020-04-24 08:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2022-02-21 06:26 - 2020-04-24 08:48 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2022-02-21 05:55 - 2019-01-17 18:00 - 000000000 ____D C:\Users\psyd_\AppData\Local\Videostream
2022-02-21 05:55 - 2016-03-21 12:04 - 000000000 ___RD C:\Users\psyd_\OneDrive
2022-02-20 19:44 - 2017-11-25 09:25 - 000000000 ___RD C:\Users\psyd_\Desktop\Computer tools
2022-02-20 19:42 - 2021-12-17 06:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-02-20 19:42 - 2021-12-17 06:02 - 000000000 ____D C:\Program Files\RogueKiller
2022-02-20 19:27 - 2021-07-18 04:58 - 000002040 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-02-20 19:27 - 2020-08-15 04:50 - 000002052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-02-20 19:25 - 2017-10-29 07:16 - 000000000 ____D C:\Program Files\Malwarebytes
2022-02-20 19:25 - 2016-03-23 20:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-02-20 19:23 - 2020-08-30 06:21 - 000000000 ____D C:\Users\psyd_\AppData\Local\CrashDumps
2022-02-20 19:13 - 2021-11-12 18:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-02-20 19:13 - 2016-08-24 20:15 - 000001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-02-20 19:13 - 2016-03-21 12:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-02-20 05:35 - 2021-01-24 05:46 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-02-17 06:39 - 2021-12-11 06:51 - 000003580 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-970927895-26279177-2598225439-1001
2022-02-17 06:39 - 2021-09-22 23:18 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-970927895-26279177-2598225439-1001
2022-02-17 06:39 - 2021-09-22 22:40 - 000002394 _____ C:\Users\psyd_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-02-17 06:15 - 2021-09-22 23:18 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-02-16 15:20 - 2017-05-28 06:26 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-15 05:19 - 2020-04-24 08:54 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\MPC-HC
2022-02-11 05:50 - 2021-09-22 23:17 - 001752884 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-11 05:50 - 2021-09-22 21:49 - 000769904 _____ C:\WINDOWS\system32\perfh019.dat
2022-02-11 05:50 - 2021-09-22 21:49 - 000151462 _____ C:\WINDOWS\system32\perfc019.dat
2022-02-11 05:50 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
2022-02-11 05:43 - 2021-09-22 23:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-11 05:43 - 2020-09-13 21:24 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-11 05:43 - 2017-04-13 09:00 - 000000000 ____D C:\ProgramData\NVIDIA
2022-02-10 18:12 - 2019-12-07 01:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-02-10 18:10 - 2021-09-22 23:07 - 002433344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-02-10 18:09 - 2019-12-07 01:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-10 18:09 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\servicing
2022-02-10 17:54 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-10 17:51 - 2012-07-26 00:18 - 000414870 __RSH C:\bootmgr
2022-02-10 17:50 - 2021-09-22 23:08 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-02-10 17:41 - 2016-03-23 11:38 - 000000000 ___HD C:\WINDOWS\system32\MRT
2022-02-10 17:36 - 2016-03-23 11:38 - 149611728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-02-10 14:51 - 2016-08-25 13:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-02-10 09:18 - 2018-02-22 10:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-02-09 08:38 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-02-04 11:25 - 2017-09-21 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2022-02-03 07:01 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-02-03 06:46 - 2021-09-22 22:40 - 000000000 ____D C:\Users\psyd_
2022-02-03 06:09 - 2021-12-17 05:54 - 000000000 ____D C:\ProgramData\RogueKiller
2022-02-02 22:21 - 2021-06-25 10:16 - 000002499 _____ C:\Users\Public\Desktop\pCloud Drive.lnk
2022-02-02 22:21 - 2021-06-25 10:16 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\pCloud Drive.lnk
2022-02-02 22:21 - 2018-09-03 19:57 - 000000000 ____D C:\ProgramData\Package Cache
2022-02-02 18:30 - 2016-03-21 12:30 - 000001070 _____ C:\WINDOWS\Brpfx04a.ini
2022-02-02 15:35 - 2019-09-04 16:48 - 000001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2022-02-02 15:35 - 2016-04-11 10:04 - 000000000 ____D C:\Program Files (x86)\Notepad++
2022-02-02 13:37 - 2022-01-03 12:57 - 000000000 ____D C:\Users\psyd_\AppData\Local\Downloaded Installations
2022-02-02 12:11 - 2021-07-31 13:19 - 000000398 __RSH C:\ProgramData\ntuser.pol
2022-02-02 12:07 - 2015-10-29 23:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-01-31 05:41 - 2021-09-01 16:03 - 000002076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2022-01-31 05:41 - 2021-09-01 16:03 - 000001918 _____ C:\Users\Default\Desktop\Google Slides.lnk
2022-01-31 05:41 - 2021-09-01 16:03 - 000001918 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2022-01-31 05:41 - 2021-09-01 16:03 - 000001906 _____ C:\Users\Default\Desktop\Google Docs.lnk
2022-01-31 05:41 - 2016-06-29 12:39 - 000001882 _____ C:\Users\psyd_\Desktop\Google Drive.lnk
2022-01-29 09:28 - 2016-04-04 21:37 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\PrimoPDF

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

====

Barry · 2022/02/28

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2022

Ran by psyd_ (28-02-2022 08:32:33)

Running from C:\Users\psyd_\Desktop\Computer tools\virus removal

Microsoft Windows 10 Pro Version 21H1 19043.1526 (X64) (2021-09-23 07:18:23)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-970927895-26279177-2598225439-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-970927895-26279177-2598225439-503 - Limited - Disabled)

Guest (S-1-5-21-970927895-26279177-2598225439-501 - Limited - Disabled)

psyd_ (S-1-5-21-970927895-26279177-2598225439-1001 - Administrator - Enabled) => C:\Users\psyd_

WDAGUtilityAccount (S-1-5-21-970927895-26279177-2598225439-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)

Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)

Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)

AHV content for Acrobat and Flash (HKLM-x32\...\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}) (Version: 1 - Adobe Systems Incorporated) Hidden

Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.21.170501 - )

Backup and Sync from Google (HKLM\...\{696895F7-52C7-4C9E-998B-C7E0CC907092}) (Version: 3.57.4256.0809 - Google, Inc.)

Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)

Brother MFL-Pro Suite MFC-J5910DW (HKLM-x32\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.1.1.0 - Brother Industries, Ltd.)

CCleaner (HKLM\...\CCleaner) (Version: 5.90 - Piriform)

CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 98.0.14335.105 - Piriform Software)

CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1187.1 - Piriform Software) Hidden

Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12334.0 - Cisco Consumer Products LLC)

Convert PDF To Word Plus 1.0 (HKLM-x32\...\Convert PDF To Word Plus) (Version: 1.0 - pdftowordstudio.com)

Data Lifeguard Diagnostic for Windows 1.29 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)

DfuSe v3.0.6 (HKLM-x32\...\{61D44ABF-A11F-4FA4-98E6-C05BBBD0B52A}) (Version: 3.0.6 - STMicroelectronics)

EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)

EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)

EaseUS Todo Backup Free 9.1 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.1 - CHENGDU YIWO Tech Development Co., Ltd)

Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.2 - )

FILE RECOVERY for Windows (HKLM-x32\...\FILE RECOVERY for WindowsNSIS) (Version: 1.0.180 - Seagate)

GlanceGuest version 4.17.1.19 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.17.1.19 - Glance Networks, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 98.0.4758.102 - Google LLC)

Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 55.0.3.0 - Google LLC)

Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.40.8 - Tonec Inc.)

IrfanView 4.54 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.54 - Irfan Skiljan)

K-Lite Codec Pack 16.8.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.8.0 - KLCP)

Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13225.3 - Linksys LLC)

Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.126 - Logitech)

Malwarebytes version 4.5.4.168 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.4.168 - Malwarebytes)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.62 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\OneDriveSetup.exe) (Version: 22.022.0130.0001 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{16E50919-B07A-4B4E-994A-476D4773F5BF}) (Version: 3.65.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)

Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)

Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden

Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)

Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 97.0.1 (x64 en-US)) (Version: 97.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 97.0.1.8082 - Mozilla)

Mozilla Thunderbird (x86 en-US) (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Mozilla Thunderbird 91.6.1 (x86 en-US)) (Version: 91.6.1 - Mozilla)

Mozilla Thunderbird 38.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.0 (x86 en-US)) (Version: 38.7.0 - Mozilla)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.2.1 - Notepad++ Team)

Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)

NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)

NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)

NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)

PC Equalizer (HKLM-x32\...\PC Equalizer) (Version: 1.1.7 - Bils)

PCI SoftV92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.5.0 - Conexant Systems)

pCloud Drive (HKLM-x32\...\{28F20387-1C43-4B18-9683-D99E342870EC}) (Version: 3.11.10.0 - pCloud AG) Hidden

pCloud Drive (HKLM-x32\...\{879bff10-faea-435f-826b-5a242eadc3c8}) (Version: 3.11.10.0 - pCloud AG)

PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden

PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)

RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 7 - Philipp Winterberg)

RogueKiller version 15.3.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.3.0.0 - Adlice Software)

Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)

Sandboxie 5.33.6 (64-bit) (HKLM\...\Sandboxie) (Version: 5.33.6 - Sandboxie Holdings, LLC)

SolveigMM AVI Trimmer+ version 5.0.1603.23 (HKLM-x32\...\SolveigMM AVI Trimmer_is1) (Version: 5.0.1603.23 - Solveig Multimedia)

SolveigMM Video Splitter Home Edition (HKLM-x32\...\SolveigMM Video Splitter Home Edition 5.0.1509.11) (Version: 5.0.1509.11 - Solveig Multimedia)

Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)

Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)

TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)

TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)

TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)

TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)

TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)

TurboTax 2020 (HKLM-x32\...\TurboTax 2020) (Version: 2020.0 - Intuit, Inc)

TurboTax 2021 (HKLM-x32\...\{19F2745D-A94D-40AB-A983-E9D0A57B1E50}) (Version: 021.000.0407 - Intuit Inc.)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)

Videostream (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Videostream) (Version: 0.3.5 - Videostream)

VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)

wcaiperStateIS (HKLM-x32\...\{5887AC3E-5182-4897-BED4-57FA33B53976}) (Version: 021.000.0118 - Intuit Inc.) Hidden

Windows PC Health Check (HKLM\...\{00DC4B60-5FC9-4629-8147-EF81ADF0EEA6}) (Version: 2.3.2106.25001 - Microsoft Corporation)

Zoom (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\ZoomUMX) (Version: 5.8.0 (1324) - Zoom Video Communications, Inc.)

Barry · 2022/02/28

Packages:

=========

Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2021-11-13] (eyeo GmbH)

FreeCell HD -> C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8 [2020-11-25] (Bernardo Zamora)

IDM Integration Module -> C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.38.19.0_neutral__e7b5mm5d3r6v2 [2021-11-13] (Tonec FZE)

iDownload Manager (iDM) - High speed file downloader -> C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.30.0_x64__k42naep6bwmrc [2021-11-13] (Optimilia Studios) [MS Ad] [Startup Task]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-09-22] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-09-22] (Microsoft Corporation) [MS Ad]

Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp [2021-05-26] (NortonLifeLock Inc.)

Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-10] (Microsoft Corporation)

Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-11-13] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

SSODL: EldosMountNotificator-cbfs6 - {B7038158-4D4C-4084-ADCC-802971A84145} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)

SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {1948F7D8-6849-437D-AF14-C3C14E0C1E54} - C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)

SSODL-x32: EldosMountNotificator-cbfs6 - {B7038158-4D4C-4084-ADCC-802971A84145} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)

SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {1948F7D8-6849-437D-AF14-C3C14E0C1E54} - C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)

ShellServiceObjects: Virtual Storage Mount Notification -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54} => C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)

ShellServiceObjects: Virtual Storage Mount Notification -> {B7038158-4D4C-4084-ADCC-802971A84145} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)

ShellServiceObjects-x32: Virtual Storage Mount Notification -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54} => C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)

ShellServiceObjects-x32: Virtual Storage Mount Notification -> {B7038158-4D4C-4084-ADCC-802971A84145} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)

ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => F:\Program Files\Internet Download Manager\IDMShellExt64.dll [2021-03-02] (Tonec Inc. -> Tonec FZE)

ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)

ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)

ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)

ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)

ShellIconOverlayIdentifiers: [ pCloudINPROGRESS] -> {D8BFAFBD-B670-4252-9C17-9CF1C64C2BAF} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]

ShellIconOverlayIdentifiers: [ pCloudINSYNC] -> {8D0C0582-552A-4A6B-9455-DA63E1F329C0} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]

ShellIconOverlayIdentifiers: [ pCloudNOSYNC] -> {3858ED1B-8F1C-42ED-A8A9-FDBF591E3C6B} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)

ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {830A9813-8D13-4E32-86D2-E3D6428399AB} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)

ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {830A9813-8D13-4E32-86D2-E3D6428399AB} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-10] (Adobe Systems Inc.) [File not signed]

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] (Notepad++ -> )

ContextMenuHandlers1: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files (x86)\pCloud Drive\ContextMenuHandler64.dll [2022-01-24] (pCloud AG) [File not signed] [File is in use]

ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)

ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)

ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]

ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

ContextMenuHandlers4: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files (x86)\pCloud Drive\ContextMenuHandler64.dll [2022-01-24] (pCloud AG) [File not signed] [File is in use]

ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)

ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)

ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]

ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-10] (Adobe Systems Inc.) [File not signed]

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [wave2] => C:\WINDOWS\system32\serwvdrv.dll [25600 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

HKLM\...\Drivers32: [wave2] => C:\Windows\SysWOW64\serwvdrv.dll [18944 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Barry · 2022/02/28

Shortcut: C:\Users\psyd_\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat ()

ShortcutWithArgument: C:\Users\psyd_\New folder\programs\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl

ShortcutWithArgument: C:\Users\psyd_\Desktop\programs\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl

ShortcutWithArgument: C:\Users\psyd_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2017-06-21 10:37 - 2005-02-02 12:38 - 000024576 ____N () [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\brrunpp.dll

2017-06-21 10:37 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2022-01-24 16:53 - 2022-01-24 16:53 - 001900032 _____ () [File not signed] C:\Program Files (x86)\pCloud Drive\pSyncLib.dll

2021-07-24 05:46 - 2021-07-24 05:46 - 033991168 _____ () [File not signed] C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.30.0_x64__k42naep6bwmrc\iDownloadManager.dll

2020-11-25 07:19 - 2020-11-25 07:20 - 015057408 _____ () [File not signed] C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8\Solitaire.dll

2016-03-21 12:29 - 2005-04-21 20:36 - 000143360 ____H () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll

2007-01-19 04:23 - 2007-05-10 23:18 - 001560576 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll

2006-08-02 07:52 - 2006-08-02 07:52 - 000126976 ____R (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\asneu.dll

2006-10-23 01:10 - 2006-10-23 01:10 - 000467555 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\ImageViewer.API

2016-03-21 13:56 - 2007-05-11 02:47 - 000674816 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\ACE.dll

2007-03-20 17:26 - 2007-03-20 17:26 - 000214528 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_caps.dll

2006-09-14 23:20 - 2006-09-14 23:20 - 000212992 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll

2006-09-14 23:46 - 2006-09-14 23:46 - 000208896 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll

2006-09-14 23:20 - 2006-09-14 23:20 - 000346112 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll

2006-10-11 01:06 - 2006-10-11 01:06 - 000466944 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeLinguistic.dll

2016-03-21 13:56 - 2007-05-11 02:46 - 004905472 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AGM.dll

2016-03-21 13:56 - 2007-05-11 02:55 - 000098816 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\BIB.dll

2016-03-21 13:56 - 2007-05-11 02:48 - 002281472 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\CoolType.dll

2016-03-21 13:56 - 2007-05-11 02:37 - 000355427 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Accessibility.api

2016-03-21 13:56 - 2007-05-11 02:40 - 008648803 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\AcroForm.api

2006-10-23 01:09 - 2006-10-23 01:09 - 000067683 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\ADBC.api

2016-03-21 13:56 - 2007-05-11 02:38 - 004124259 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Annots.api

2016-03-21 13:56 - 2007-05-11 02:37 - 000225379 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Catalog.api

2016-03-21 13:56 - 2007-05-11 02:37 - 000838755 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Checkers.api

2016-03-21 13:56 - 2007-05-11 02:37 - 001148515 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\DigSig.api

2016-03-21 13:56 - 2007-05-11 02:37 - 000090211 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\DistillerPI.api

2006-10-23 01:10 - 2006-10-23 01:10 - 000125027 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\DVA.api

2016-03-21 13:56 - 2007-05-11 02:38 - 000051299 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\eBook.api

2016-03-21 13:56 - 2007-05-11 02:38 - 002982499 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Editor.api

2016-03-21 13:56 - 2007-05-11 02:40 - 001381987 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Escript.api

2016-03-21 13:56 - 2007-05-11 02:42 - 000125027 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\EWH32.api

2006-10-23 01:10 - 2006-10-23 01:10 - 000051299 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\HLS.api

2016-03-21 13:56 - 2007-05-11 02:43 - 002179683 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\HTML2PDF.api

2016-03-21 13:56 - 2007-05-11 02:39 - 000084067 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\IA32.api

2016-03-21 13:56 - 2007-05-11 02:38 - 000843363 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\ImageConversion.api

2016-03-21 13:56 - 2007-05-11 02:38 - 000392291 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\InDesignPI.api

2016-03-21 13:56 - 2007-05-11 02:40 - 000778339 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\JDFProdDef.api

2016-03-21 13:56 - 2007-05-11 02:38 - 002034787 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\MakeAccessible.api

2016-03-21 13:56 - 2007-05-11 02:39 - 001347171 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Multimedia.api

2016-03-21 13:56 - 2007-05-11 02:41 - 000168547 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\PaperCapture.api

2006-10-23 01:19 - 2006-10-23 01:19 - 000397411 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\PDDom.api

2016-03-21 13:56 - 2007-05-11 02:46 - 005770339 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\PPKLite.api

2016-03-21 13:56 - 2007-05-11 02:38 - 000106595 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\ReadOutLoud.api

2016-03-21 13:56 - 2007-05-11 02:42 - 000363107 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\reflow.api

2016-03-21 13:56 - 2007-05-11 02:38 - 000300643 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\SaveAsRTF.api

2006-10-23 01:20 - 2006-10-23 01:20 - 000335459 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\SaveAsXML.api

2016-03-21 13:56 - 2007-05-11 02:39 - 000741987 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Scan.api

2016-03-21 13:56 - 2007-05-11 02:43 - 000352867 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Search.api

2016-03-21 13:56 - 2007-05-11 02:43 - 000085603 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Search5.api

2016-03-21 13:56 - 2007-05-11 02:39 - 000124515 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\SendMail.api

2016-03-21 13:56 - 2007-05-11 02:43 - 000268387 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Spelling.api

2016-03-21 13:56 - 2007-05-11 02:43 - 000124003 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\TablePicker.api

2016-03-21 13:56 - 2007-05-11 02:39 - 001815651 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\TouchUp.api

2016-03-21 13:56 - 2007-05-11 02:44 - 000165475 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Updater.api

2016-03-21 13:56 - 2007-05-11 02:37 - 000182883 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\weblink.api

2016-03-21 13:56 - 2007-05-11 02:44 - 000671331 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Webpdf.api

2016-03-21 13:56 - 2007-05-11 02:47 - 001491555 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\XPS2PDF.api

2016-03-21 13:56 - 2007-05-11 02:45 - 002457600 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Adobelm.dll

2007-03-20 17:27 - 2007-03-20 17:27 - 000270336 _____ (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\BridgeTalkClient.api

2005-09-07 13:03 - 2005-09-07 13:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll

2017-06-21 10:37 - 2009-10-13 15:59 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\BrMuSNMP.dll

2017-06-21 10:37 - 2011-12-22 17:25 - 000010752 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\Lang\PCFaxRxLangUsa.dll

2017-06-21 10:37 - 2012-04-23 14:03 - 000380928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll

2017-06-21 10:37 - 2010-09-29 16:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll

2017-06-21 10:37 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll

2017-06-21 10:37 - 2012-01-11 13:39 - 000626688 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll

2017-06-21 10:37 - 2012-09-06 20:02 - 000155648 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll

2017-06-21 10:37 - 2012-07-06 12:33 - 000098304 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll

2017-06-21 10:37 - 2012-07-06 12:33 - 017694720 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll

2017-06-21 10:37 - 2012-07-17 12:36 - 000090112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll

2016-03-21 12:29 - 2012-07-05 03:32 - 000084480 ____H (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll

2017-06-21 10:37 - 2011-04-25 12:14 - 000118784 ____N (Brother Industries,LTD.) [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\brMfNt.dll

2016-03-21 13:56 - 2007-04-17 09:31 - 000554083 ____R (callas software gmbh) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Preflight.api

2016-03-24 07:48 - 2015-12-10 05:04 - 000025128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll

2016-03-24 07:48 - 2016-02-24 16:59 - 000131856 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll

2016-03-24 07:48 - 2016-02-24 16:59 - 000023824 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000443944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll

2016-03-24 07:48 - 2016-02-24 16:59 - 000042256 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000072232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000169512 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll

2016-03-24 07:48 - 2016-02-24 16:59 - 000177424 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll

2016-03-24 07:48 - 2016-02-24 16:59 - 000020752 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll

2016-03-24 07:48 - 2016-02-24 16:59 - 000191248 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll

2016-03-24 07:48 - 2016-02-24 16:59 - 000027408 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000080936 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000089640 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000020520 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000138792 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000027176 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000353832 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000030760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000281128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000193064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000201768 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000148008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000032296 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000769064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000061992 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000076840 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000111656 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000050216 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000024616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000158248 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 001296424 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000068136 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000059944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000056360 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000207912 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000146984 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000064040 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000224808 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000501800 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000043048 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000088616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll

2016-03-24 07:48 - 2016-02-24 16:59 - 000058640 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000034856 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll

2016-03-24 07:48 - 2016-01-26 07:27 - 000427560 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000139816 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000136232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000060968 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll

2016-03-24 07:48 - 2016-02-24 16:59 - 000539920 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmdManager.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ControlPxe.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000689704 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EMail.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000044584 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuPipe.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000221224 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackup.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000100904 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackupSize.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000591400 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlImgFile.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000044072 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlSearchImg.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000159272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Ftp.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FTPTest.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000079400 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImageFileInfo.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000293928 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFileHlp.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000153128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MatchStr.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000026664 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Options.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000093224 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\PolicyManage.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000121896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Thread.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Transmit.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000042536 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\XmlWrapper.dll

2016-03-24 07:48 - 2015-12-10 05:05 - 000303656 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000898088 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll

2016-03-24 07:48 - 2015-12-10 05:04 - 000050216 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MFC90ENU.DLL

2016-03-24 07:48 - 2015-12-10 05:04 - 003779624 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\mfc90u.dll

2018-08-18 18:52 - 2017-03-30 16:49 - 000087040 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppCollect.dll

2018-08-18 18:52 - 2017-03-30 16:49 - 000197632 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppCommon.dll

2016-03-21 13:56 - 2007-05-11 02:45 - 002531328 _____ (Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcrobatFNP.dll

2006-09-15 13:58 - 2006-09-15 13:58 - 000934400 ____R (Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll

2008-08-25 21:50 - 2008-08-25 21:50 - 000155648 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\1033\VBE6INTL.DLL

2021-09-22 23:11 - 2021-09-22 23:11 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll

2017-06-22 12:08 - 2016-03-15 06:16 - 004116480 _____ (Microsoft) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\Skin\win.8.msstyles

2018-08-18 18:52 - 2015-02-27 09:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\Newtonsoft.Json.dll

2021-09-22 23:08 - 2016-11-14 01:45 - 001220424 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll

2021-09-22 23:08 - 2016-11-14 01:45 - 001408200 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll

2015-07-02 16:44 - 2015-07-02 16:44 - 000057344 _____ (Open Source Software community LGPL) [File not signed] C:\Program Files (x86)\pCloud Drive\pthreadVSE2.dll

2016-03-24 07:48 - 2016-01-26 07:27 - 002454016 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\python27.dll

2017-06-22 12:08 - 2010-06-07 07:42 - 000088576 _____ (Reteset) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\SliderEx\SliderEx.apo

2017-10-23 17:28 - 2017-10-23 17:28 - 000342016 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll

2017-06-22 12:08 - 2010-11-19 10:21 - 000204800 _____ (TODO: <Company name>) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\Download\Download.lmd

2017-06-22 12:08 - 2011-04-16 10:14 - 000172032 _____ (TODO: <Company name>) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\Tray\Tray.lmd

2017-06-22 12:08 - 2010-07-05 11:46 - 000319488 _____ (TODO: <Company name>) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\WinApi\WinApi.lmd

Barry · 2022/02/28

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-970927895-26279177-2598225439-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.popularwoodworking.com/winshop#/

SearchScopes: HKLM-x32 -> DefaultScope value is missing

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> F:\Program Files\Internet Download Manager\IDMIECC64.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)

BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> F:\Program Files\Internet Download Manager\IDMIECC.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-29 23:24 - 2015-10-29 23:21 - 000000824 ____H C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-970927895-26279177-2598225439-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\psyd_\OneDrive\Pictures\Saved Pictures\darren & kendall mvp.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"

HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"

HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"

HKLM\...\StartupApproved\Run32: => "EaseUS TB Tray Agent"

HKLM\...\StartupApproved\Run32: => "PaperPort PTD"

HKLM\...\StartupApproved\Run32: => "PPort12reminder"

HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\StartupFolder: => "FAXRX.lnk"

HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B6B1848498DE69800140E7F655A96C3C"

HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "IDMan"

HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "SandboxieControl"

HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{6BC0EC32-0153-455A-A833-02892252B0B8}C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe] => (Allow) C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe (Piriform Software Ltd -> Piriform Software)

FirewallRules: [UDP Query User{F21EC2A8-732B-4CDA-BCDA-4AA657F8D2D0}C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe] => (Allow) C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe (Piriform Software Ltd -> Piriform Software)

FirewallRules: [{F8FDBE52-07C2-4DCD-8FFB-601729A86A2F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

FirewallRules: [{7273AA3B-F442-495B-B7EC-F356D5775A67}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

FirewallRules: [{11F9B313-CEC2-42C2-AA13-1E540CD00FBA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

FirewallRules: [{FA932504-81D3-4915-B0AB-2043D57A8756}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

FirewallRules: [TCP Query User{6708A947-528D-4C2F-9EB3-61E96D42CB6B}C:\program files (x86)\pcloud drive\pcloud.exe] => (Allow) C:\program files (x86)\pcloud drive\pcloud.exe (pCloud AG -> pCloud AG)

FirewallRules: [UDP Query User{41886623-D8E2-41C5-8E29-7DB37EBF40DB}C:\program files (x86)\pcloud drive\pcloud.exe] => (Allow) C:\program files (x86)\pcloud drive\pcloud.exe (pCloud AG -> pCloud AG)

FirewallRules: [TCP Query User{715F5A3A-1657-4165-BC84-0804BC453DDF}C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe] => (Allow) C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> )

FirewallRules: [UDP Query User{ACB0337B-F835-4513-8B9C-11FCC4363A6A}C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe] => (Allow) C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> )

FirewallRules: [{7A23E683-ED6D-461A-89EA-6986F6846104}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{D8A85DCF-90BB-482F-B819-EED680883C13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [TCP Query User{FFBA38F7-C9CE-4233-8864-7C976622DCF1}C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe] => (Block) C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe (Piriform Software Ltd -> Piriform Software)

FirewallRules: [UDP Query User{2BECCFF1-B65B-4BD5-AA12-26BC33EEDE5D}C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe] => (Block) C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe (Piriform Software Ltd -> Piriform Software)

FirewallRules: [TCP Query User{33D89437-5B80-4444-895E-EC1CC3F8C1CC}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [UDP Query User{C262B989-0353-44D0-B1A2-A82F9DD436B8}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [TCP Query User{82022284-9E7A-4C73-89C8-D26154FA933F}C:\program files (x86)\brother\brmfl11b\faxrx.exe] => (Allow) C:\program files (x86)\brother\brmfl11b\faxrx.exe (Brother Industries, Ltd.) [File not signed]

FirewallRules: [UDP Query User{850D5C4E-3A69-4366-A5B1-37BD633F8C9F}C:\program files (x86)\brother\brmfl11b\faxrx.exe] => (Allow) C:\program files (x86)\brother\brmfl11b\faxrx.exe (Brother Industries, Ltd.) [File not signed]

FirewallRules: [{672C60AD-3462-4C92-9DF1-D8B3E6920E8D}] => (Allow) C:\Program Files (x86)\TurboTax\Individual 2021\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)

FirewallRules: [{79E72082-AECD-4552-BF9F-24713B653042}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)

FirewallRules: [{B46FCA43-0ECA-4D0F-87C7-7DEC4154A13C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

FirewallRules: [{76CFCC00-E114-4E4B-B5B3-452CDF1F2929}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

FirewallRules: [{B063D280-D2AF-4B54-8CB2-2766974D136A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

FirewallRules: [{23C9CBF6-A195-4F1B-8F0F-DAB4364478E2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

FirewallRules: [{7A35EDAA-7B8A-4890-B162-12FBC0D3DA74}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

FirewallRules: [{29A3FFEC-7F52-48F6-8D6B-E5623C9B3EFD}] => (Allow) C:\Program Files (x86)\pCloud Drive\pCloud.exe (pCloud AG -> pCloud AG)

FirewallRules: [{16FE3C0D-09E0-4CBB-84CE-8BAC7991AC2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

FirewallRules: [{66EF91EF-44A9-4EEC-8B69-EE519273BEB9}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)

==================== Restore Points =========================

10-02-2022 17:42:07 Windows Modules Installer

18-02-2022 08:00:04 Scheduled Checkpoint

27-02-2022 07:27:17 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (02/25/2022 07:16:48 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on 160GB Storage (H because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/25/2022 07:16:29 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on 750 Storage (F because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/25/2022 07:16:17 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on 750 Win 8 Pro (D because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/25/2022 07:15:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on extra (E because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/25/2022 07:15:53 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on 750 Extended Storage (M because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/25/2022 07:15:25 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on 160 Win 8 Pro (G because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/20/2022 07:23:09 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Solitaire.exe, version: 1.0.0.0, time stamp: 0x5fbd6666

Faulting module name: chakra.dll, version: 11.0.19041.1526, time stamp: 0x2ac3fc7e

Exception code: 0xc0000005

Fault offset: 0x000000000020ab04

Faulting process id: 0x349c

Faulting application start time: 0x01d82071bf52b5e9

Faulting application path: C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8\Solitaire.exe

Faulting module path: C:\WINDOWS\SYSTEM32\chakra.dll

Report Id: ba87f738-7cab-4d0d-86ff-a7c7d24ff60d

Faulting package full name: 32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8

Faulting package-relative application ID: App

Error: (02/18/2022 08:00:00 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

Description: The storage optimizer couldn't complete retrim on 160GB Storage (H because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

System errors:

=============

Error: (02/28/2022 06:33:43 AM) (Source: LsaSrv) (EventID: 6033) (User: NT AUTHORITY)

Description: An anonymous session connected from MINE has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller.

The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1.

This message will be logged at most once a day.

Error: (02/27/2022 06:16:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

Error: (02/27/2022 05:48:03 AM) (Source: DCOM) (EventID: 10000) (User: MINE)

Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:

"2147942767"

Happened while starting this command:

C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/26/2022 07:12:10 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

Error: (02/26/2022 06:19:58 AM) (Source: LsaSrv) (EventID: 6033) (User: NT AUTHORITY)

Description: An anonymous session connected from MINE has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller.

The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1.

This message will be logged at most once a day.

Error: (02/25/2022 07:14:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

Error: (02/25/2022 08:19:16 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

Error: (02/25/2022 06:15:01 AM) (Source: DCOM) (EventID: 10000) (User: MINE)

Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:

"2147942767"

Happened while starting this command:

C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Barry · 2022/02/28

Windows Defender:

================

Date: 2022-02-27 09:46:06

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2022-02-25 19:14:20

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2022-02-24 09:47:25

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2022-02-23 19:01:21

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2022-02-22 19:53:45

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Quick Scan

CodeIntegrity:

===============

Date: 2022-02-20 19:27:09

Description:

Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\cbfsNetRdr6.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-02-20 19:27:09

Description:

Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\cbfsconnectNetRdr2017.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Award Software International, Inc. F2 12/03/2009

Motherboard: Gigabyte Technology Co., Ltd. GA-790XTA-UD4

Processor: AMD Phenom(tm) II X4 955 Processor

Percentage of memory in use: 65%

Total physical RAM: 16382.49 MB

Available physical RAM: 5643.97 MB

Total Virtual: 32365.14 MB

Available Virtual: 10702.56 MB

==================== Drives ================================

Drive c: (Samsung 850 EVO SSD) (Fixed) (Total:232.37 GB) (Free:127.21 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Drive d: (750 Win 8 Pro) (Fixed) (Total:55.03 GB) (Free:6.27 GB) NTFS

Drive e: (extra) (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS

Drive f: (750 Storage) (Fixed) (Total:72.95 GB) (Free:23.61 GB) NTFS

Drive g: (160 Win 8 Pro) (Fixed) (Total:28.31 GB) (Free:3.9 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive h: (160GB Storage) (Fixed) (Total:120.73 GB) (Free:65.82 GB) NTFS

Drive k: (Google Drive) (Fixed) (Total:15 GB) (Free:7.59 GB) FAT32

Drive m: (750 Extended Storage) (Fixed) (Total:570.64 GB) (Free:121.16 GB) NTFS

Drive p: (pCloud Drive) (Removable) (Total:10 GB) (Free:8.73 GB) exFAT

\\?\Volume{fd0610f8-0000-0000-0000-e0173a000000}\ () (Fixed) (Total:0.51 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: BC336398)

Partition 1: (Active) - (Size=28.3 GB) - (Type=06)

Partition 2: (Not Active) - (Size=120.7 GB) - (Type=07 NTFS)

==========================================================

Disk: 1 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 10F510F4)

Partition 1: (Not Active) - (Size=128 GB) - (Type=0F Extended)

Partition 2: (Not Active) - (Size=570.6 GB) - (Type=07 NTFS)

==========================================================

Disk: 2 (Size: 232.9 GB) (Disk ID: FD0610F8)

Partition 1: (Active) - (Size=232.4 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=519 MB) - (Type=27)

==================== End of Addition.txt ===================

broni · 2022/02/28

1. Please DO NOT create new topic to post logs.
2. In the future please use Notepad instead of Wordpad to open logs.
Wordpad creates an extra space and all logs are twice as long and harder for me to read.
Thank you

********************************************************************************************

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Double click on downloaded setup.exe file to install the program.

Click on Start Scan button.

Click on another Start Scan button.

Wait until the Status box shows Scan Finished

Click on Remove Selected.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.

Then click Finish.

Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.

If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.

When the scan is complete, make sure that all Threats are selected, and click Remove Selected.

Restart your computer when prompted to do so.

The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8/10 users right-click and select Run As Administrator

The tool will start to update the database if one is required.

Click on the Scan button.

AdwCleaner will begin...be patient as the scan may take some time to complete.

After the scan has finished, click on the Logfile button.

A window will open which lists the logs of your scans.

Click on the Scan tab.

Double-click the most recent scan which will be at the top of the list....the log will appear.

Review the results...see note below

After reviewing the log, click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.

Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).

To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.

Copy and paste the contents of AdwCleaner[CX].txt in your next reply.

A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Barry · 2022/02/28

Program : RogueKiller Anti-Malware
Version : 15.3.0.0
x64 : Yes
Program Date : Feb 17 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19043) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : psyd_
User is Admin : Yes
Date : 2022/02/28 17:38:04
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 1611
Found items : 0
Total scanned : 80708
Signatures Version : 20220228_112716
Truesight Driver : Yes
Updates Count : 5
Arguments : -minimize

************************* Warnings *************************

************************* Updates *************************
Sandboxie 5.33.6 (64-bit) (64-bit), version 5.33.6
[+] Available Version : 5.55.10
[+] Wow6432 : No
[+] Portable : No

VLC media player (64-bit), version 3.0.11
[+] Available Version : 3.0.16
[+] Size : 131 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\VideoLAN\VLC

Mozilla Thunderbird 38.7.0 (x86 en-US) (32-bit), version 38.7.0
[+] Available Version : 91.6.1
[+] Size : 79.5 MB
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Mozilla Thunderbird

Notepad++ (32-bit x86) (32-bit), version 8.2.1
[+] Available Version : 8.3.2
[+] Size : 14.1 MB
[+] Wow6432 : Yes
[+] Portable : No

TeamViewer 12 (32-bit), version 12.0.72365
[+] Available Version : 15.25.8
[+] Size : 85.3 MB
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\TeamViewer

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts

************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************

Barry · 2022/02/28

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/28/22
Scan Time: 9:48 AM
Log File: 9e3f7c10-98be-11ec-a8f0-6cf049571d6e.json

-Software Information-
Version: 4.5.4.168
Components Version: 1.0.1599
Update Package Version: 1.0.51677
License: Free

-System Information-
OS: Windows 10 (Build 19043.1526)
CPU: x64
File System: NTFS
User: MINE\psyd_

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 321011
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 7 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

Barry · 2022/02/28

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-02-03.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-28-2022
# Duration: 00:00:13
# OS: Windows 10 Pro
# Scanned: 32049
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

AdwCleaner[S00].txt - [1405 octets] - [13/11/2021 06:42:30]
AdwCleaner[S01].txt - [1466 octets] - [02/02/2022 15:22:13]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

broni · 2022/02/28

I don't see much there and also I don't see any sign of that program you showed in your screenshot.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.

Press Scan button.

Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Barry · 2022/02/28

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2022
Ran by psyd_ (administrator) on MINE (Gigabyte Technology Co., Ltd. GA-790XTA-UD4) (28-02-2022 10:15:00)
Running from C:\Users\psyd_\Desktop\Computer tools\virus removal
Loaded Profiles: psyd_
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1526 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe" --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bils) [File not signed] F:\Program Files (x86)\PC Equalizer\PCEqualizer.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\Mozilla Firefox\firefox.exe ->) (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(C:\Program Files\Sandboxie\SandboxieRpcSs.exe ->) (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(C:\Program Files\Sandboxie\SbieSvc.exe ->) (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(C:\Program Files\Sandboxie\SbieSvc.exe ->) (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCopyAccelerator.exe
(C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\Videostream.exe ->) (Groupnotes, Inc. -> ) C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\videostream-native\videostream-native.exe <2>
(explorer.exe ->) (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(explorer.exe ->) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\55.0.3.0\crashpad_handler.exe <3>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\55.0.3.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(explorer.exe ->) (Optimilia Studios) C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.30.0_x64__k42naep6bwmrc\Win32\iDownloaderConsole.exe
(explorer.exe ->) (pCloud AG -> pCloud AG) C:\Program Files (x86)\pCloud Drive\pCloud.exe
(F:\Program Files\Internet Download Manager\IDMan.exe ->) (Tonec Inc. -> Tonec Inc.) F:\Program Files\Internet Download Manager\IEMonitor.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Groupnotes, Inc. -> Videostream) C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\Videostream.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <55>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(nvvsvc.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Piriform Software Ltd -> Piriform Software Ltd) F:\Program Files\CCleaner\CCleaner64.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\CCleanerBrowserCrashHandler.exe
(Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\CCleanerBrowserCrashHandler64.exe
(RuntimeBroker.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
(services.exe ->) (ADLICE -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Apple Computer, Inc.) [File not signed] C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(services.exe ->) (Cisco WebEx LLC -> Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(services.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(services.exe ->) (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe <3>
(services.exe ->) (Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe
(services.exe ->) (Motorola) [File not signed] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(services.exe ->) (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe
(services.exe ->) (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(svchost.exe ->) (Bernardo Zamora) C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8\Solitaire.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\psyd_\AppData\Local\Microsoft\OneDrive\22.022.0130.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Optimilia Studios) C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.30.0_x64__k42naep6bwmrc\iDownloadManager.exe
(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(svchost.exe ->) (Tonec Inc. -> Tonec Inc.) F:\Program Files\Internet Download Manager\IDMan.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1812032 2016-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-30] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3952104 2020-09-24] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => F:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => F:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [PCEqualizer] => F:\Program Files (x86)\PC Equalizer\PCEqualizer.exe [6497792 2016-03-17] (Bils) [File not signed]
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\55.0.3.0\GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\55.0.3.0\GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3657560 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe [3424048 2022-01-24] (pCloud AG -> pCloud AG)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [CCleaner Smart Cleaning] => F:\Program Files\CCleaner\CCleaner64.exe [35646080 2022-02-14] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [Videostream] => C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\Videostream.exe [339608 2019-01-17] (Groupnotes, Inc. -> Videostream)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\55.0.3.0\GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [MicrosoftEdgeAutoLaunch_3173782CC43AAF1092A724F27F2433AD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\55.0.3.0\GoogleDriveFS.exe [55334232 2022-01-25] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port: C:\WINDOWS\system32\AdobePDF64.dll [35928 2007-03-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\WINDOWS\system32\hpz3llhn.dll [36352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PrimoMon: C:\WINDOWS\system32\Primomonnt.dll [95008 2015-09-01] (Nitro PDF Software -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\98.0.14335.105\Installer\chrmstp.exe [2022-02-24] (Piriform Software Ltd -> Piriform Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\98.0.4758.102\Installer\chrmstp.exe [2022-02-16] (Google LLC -> Google LLC)
Startup: C:\Users\psyd_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FAXRX.lnk [2017-06-21]
ShortcutTarget: FAXRX.lnk -> C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14B46AC4-F184-4412-9AFB-71421440A92B} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1112576 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {2692B43A-D651-49B7-94E4-5DA0133970A5} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200600 2022-01-02] (Piriform Software Ltd -> Piriform Software)
Task: {27F51B85-9BA7-4A42-BF11-3B594BDF8DF4} - System32\Tasks\Microsoft\Windows\RestartManager\{2654D9D3-BD16-4b13-8208-E53DAF974B6A} => C:\WINDOWS\system32\rmclient.exe [18432 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {349F3779-0145-4E2A-8B58-7D991C6ED5E6} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2760608 2022-02-15] (Piriform Software Ltd -> Piriform Software)
Task: {67BA7C20-885B-441D-8216-765E7B20B52D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {67CDF4AD-BCFF-450F-9B54-E9063453B139} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {68FF8ABE-0D8C-4F9F-98BB-4A3468D22523} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200600 2022-01-02] (Piriform Software Ltd -> Piriform Software)
Task: {7F0F5CDD-2019-4B98-9FC2-4BB4558B0A5B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {89A92A6F-EC9A-4329-B3E2-B20917FD78C6} - System32\Tasks\CCleanerSkipUAC - psyd_ => F:\Program Files\CCleaner\CCleaner.exe [29764224 2022-02-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8DCA9B5D-DD5D-4CDA-97E4-C8B29570C826} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {991F1667-B5C2-4A46-BBF5-853BE48F1795} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {9E82A441-9211-4CA1-BDC8-9CACCC6FF1DE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B29DE1C8-FA08-47B3-AEED-16D96988431A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2022-01-13] () [File not signed]
Task: {B2E40843-4A42-42C4-8F57-BE678B0C4C17} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B855251C-A392-4BEF-A8A5-E3018891EC33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-29] (Google Inc -> Google Inc.)
Task: {BCB4E65E-9900-4E2C-B7DA-1B4A71432D21} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {E126B770-4A28-45CD-A54F-247567F920F7} - System32\Tasks\CCleaner Update => F:\Program Files\CCleaner\CCUpdate.exe [684976 2022-01-25] (Piriform Software Ltd -> Piriform)
Task: {E46164D7-3124-4D89-82E1-46147027F60C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
Task: {EB4E1A91-20FB-4C4E-AA06-AC3B23347FEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-29] (Google Inc -> Google Inc.)
Task: {EB7560E5-D542-4873-AEC3-B4FBCF725943} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {F278240C-ED90-4D7A-8E60-D61150F2C630} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2760608 2022-02-15] (Piriform Software Ltd -> Piriform Software)
Task: {F938B36D-9813-4BEF-B9F3-791407C7B3FD} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f7a6dcc0-a169-49bf-9d5a-c50892ff241e}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\psyd_\Downloads
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2021-11-13]
Edge DefaultProfile: Default
Edge Profile: C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-28]
Edge Extension: (Norton Safe Web) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2021-11-21]
Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2022-01-16]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-02-20]
Edge Extension: (IDM Integration Module) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2022-01-28]
Edge HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - F:\Program Files\Internet Download Manager\IDMEdgeExt.crx [2022-02-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: hh1qpzfn.default
FF ProfilePath: C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default [2022-02-28]
FF DownloadDir: F:\Downloads
FF Extension: (Test Pilot) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\@testpilot-addon.xpi [2018-10-17] [UpdateUrl:hxxps://testpilot.firefox.com/files/@testpilot-addon/updates.json]
FF Extension: (InvisibleHand) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2022-02-20]
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-15]
FF Extension: (IDM Integration Module) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2022-02-20]
FF Extension: (snoozetabs) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\snoozetabs@mozilla.com.xpi [2018-01-20] [UpdateUrl:hxxps://testpilot.firefox.com/files/snoozetabs@mozilla/updates.json]
FF Extension: (TinEye Reverse Image Search) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\tineye@ideeinc.com.xpi [2022-01-02]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-02-20]
FF Extension: (Logitech SetPoint) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{84380428-8c9d-4bdf-913d-b2c34d6562d9}.xpi [2019-12-24]
FF Extension: (WOT Website Security & Browsing Protection) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2022-01-02]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-01-02]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-12-24] [not signed]
FF HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\psyd_\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\psyd_\AppData\Roaming\IDM\idmmzcc5 [2021-08-02] [Legacy] [not signed]
FF HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - F:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - F:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-12-19] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\GlanceGuest\npglance.dll [2018-01-24] (Glance Networks Inc -> Glance Networks, Inc.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\npCCleanerBrowserUpdate3.dll [2022-01-02] (Piriform Software Ltd -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1187.1\npCCleanerBrowserUpdate3.dll [2022-01-02] (Piriform Software Ltd -> Piriform Software)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default [2022-02-28]
CHR HomePage: Default -> hxxp://www.google.com
CHR Extension: (Slides) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
CHR Extension: (Docs) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
CHR Extension: (Google Drive) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-12]
CHR Extension: (WOT Website Security & Browsing Protection) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2022-02-09]
CHR Extension: (YouTube) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-28]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-01-21]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2019-12-24]
CHR Extension: (Sheets) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
CHR Extension: (Google Docs Offline) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-24]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-02-09]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-06-25]
CHR Extension: (IDM Integration Module) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2022-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-25]
CHR Extension: (Gmail) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-12]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2022-02-18]
CHR HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2022-02-18]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2022-02-18]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200600 2022-01-02] (Piriform Software Ltd -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\98.0.14335.105\elevation_service.exe [1893872 2022-02-15] (Piriform Software Ltd -> Piriform Software)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200600 2022-01-02] (Piriform Software Ltd -> Piriform Software)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-03-21] (Macrovision Europe Ltd.) [File not signed]
R2 HsfXAudioService; C:\WINDOWS\SysWOW64\XAudio64.dll [436736 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe [473352 2017-03-30] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7997112 2022-02-20] (Malwarebytes Inc -> Malwarebytes)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [14413808 2022-02-17] (ADLICE -> )
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [319320 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6136536 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe [2909208 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe [128376 2022-02-10] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 CAXHWBS2; C:\WINDOWS\system32\DRIVERS\CAXHWBS2.sys [411136 2009-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R1 cbfs20; C:\WINDOWS\System32\drivers\cbfs20.sys [447560 2022-01-04] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc. - www.callback.com)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-09] (EldoS Corporation -> /n software, Inc.)
R1 cbfsconnect2017; C:\WINDOWS\system32\drivers\cbfsconnect2017.sys [481296 2020-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbcx64.sys [38400 2016-05-10] (CSR plc.) [File not signed]
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R1 googledrivefs3688; C:\WINDOWS\System32\DRIVERS\googledrivefs3688.sys [381456 2021-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R3 HSF_DPV; C:\WINDOWS\system32\DRIVERS\CAX_DPV.sys [1486848 2009-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [221096 2022-02-20] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-12] (Malwarebytes Inc -> Malwarebytes)
R2 mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [17024 2006-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Conexant)
R3 MODEMCSA; C:\WINDOWS\system32\drivers\MODEMCSA.sys [28160 2021-04-09] (Microsoft Windows -> Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [216184 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2022-02-20] (Adlice -> )
R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [20704 2019-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2022-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [438520 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-10] (Microsoft Windows -> Microsoft Corporation)
R3 winachsf; C:\WINDOWS\system32\DRIVERS\CAX_CNXT.sys [740864 2009-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
R2 XAudio; C:\WINDOWS\system32\DRIVERS\XAudio64.sys [10240 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-28 10:10 - 2022-02-28 10:10 - 000071070 _____ C:\Users\psyd_\Desktop\Course Test - Course #76683 The Aging Brain - NetCE.htm
2022-02-28 10:10 - 2022-02-28 10:10 - 000000000 ____D C:\Users\psyd_\Desktop\Course Test - Course #76683 The Aging Brain - NetCE_files
2022-02-28 09:59 - 2022-02-28 09:59 - 000001220 _____ C:\Users\psyd_\Desktop\Malwarebytes log.txt
2022-02-28 09:49 - 2022-02-28 09:56 - 000000000 ____D C:\Users\psyd_\AppData\LocalLow\IGDump
2022-02-28 09:45 - 2022-02-28 09:45 - 000006026 _____ C:\Users\psyd_\Desktop\RogueKiller file.txt
2022-02-20 19:40 - 2022-02-20 19:41 - 042095856 _____ (Adlice Software ) C:\Users\psyd_\Downloads\RogueKiller_setup (1).exe
2022-02-20 19:27 - 2022-02-20 19:27 - 000221096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-02-20 19:18 - 2022-02-20 19:18 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2022-02-20 19:13 - 2022-02-23 06:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-02-20 19:13 - 2022-02-20 19:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-02-18 09:32 - 2022-02-18 09:33 - 000000022 _____ C:\Users\psyd_\Downloads\2022-02-18 (1).zip
2022-02-18 09:29 - 2022-02-20 19:43 - 000000022 _____ C:\Users\psyd_\Downloads\2022-02-18.zip
2022-02-18 01:30 - 2018-12-19 16:05 - 000229296 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2022-02-16 09:30 - 2022-02-16 10:36 - 000000022 _____ C:\Users\psyd_\Downloads\Photos-001.zip
2022-02-16 09:26 - 2022-02-16 09:26 - 000000022 _____ C:\Users\psyd_\Downloads\2022-02-16 (3).zip
2022-02-16 09:23 - 2022-02-16 09:24 - 000000022 _____ C:\Users\psyd_\Downloads\2022-02-16 (2).zip
2022-02-16 09:21 - 2022-02-16 09:21 - 000000022 _____ C:\Users\psyd_\Downloads\2022-02-16 (1).zip
2022-02-16 09:18 - 2022-02-16 09:18 - 000000022 _____ C:\Users\psyd_\Downloads\2022-02-16.zip
2022-02-15 18:58 - 2022-02-15 18:58 - 034773134 _____ (KLCP ) C:\Users\psyd_\Downloads\K-Lite_Codec_Pack_1680_Standard.exe
2022-02-10 17:51 - 2022-02-10 17:51 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-02-10 17:51 - 2022-02-10 17:51 - 000011813 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-02-10 17:50 - 2022-02-10 17:50 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-02-10 17:50 - 2022-02-10 17:50 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2022-02-10 17:50 - 2022-02-10 17:50 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-02-10 17:41 - 2022-02-10 17:41 - 000000000 ___HD C:\$WinREAgent
2022-02-09 07:22 - 2022-01-27 23:30 - 000381776 _____ (Cisco WebEx LLC) C:\WINDOWS\SysWOW64\atsckernel.exe
2022-02-09 07:22 - 2022-01-27 23:30 - 000276304 _____ (Cisco WebEx LLC) C:\WINDOWS\SysWOW64\atashost.exe
2022-02-09 07:22 - 2022-01-27 23:24 - 000165200 _____ (Cisco WebEx LLC) C:\WINDOWS\SysWOW64\wbxtrace.dll
2022-02-09 07:21 - 2022-02-09 07:31 - 000000000 ____D C:\ProgramData\WebEx
2022-02-09 07:21 - 2022-02-09 07:22 - 000000000 ____D C:\Users\psyd_\AppData\Local\WebEx
2022-02-09 07:21 - 2022-02-09 07:21 - 000000000 ____D C:\Users\psyd_\AppData\LocalLow\WebEx
2022-02-03 12:03 - 2022-02-03 12:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STMicroelectronics
2022-02-03 12:03 - 2022-02-03 12:03 - 000000000 ____D C:\Program Files (x86)\STMicroelectronics
2022-02-03 06:53 - 2022-02-10 18:12 - 096993280 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-02-03 06:47 - 2022-02-03 06:52 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-02-02 22:21 - 2022-02-02 22:21 - 000000000 ____D C:\Program Files (x86)\pCloud Drive
2022-02-02 18:28 - 2022-02-02 18:28 - 001234148 _____ C:\Users\psyd_\Desktop\CCF02022022.pdf
2022-02-02 15:22 - 2022-02-28 10:15 - 000000000 ____D C:\FRST
2022-02-02 13:37 - 2022-02-02 13:37 - 000000000 ____D C:\Users\psyd_\Downloads\en.stsw-stm32080_v3.0.6
2022-02-02 12:52 - 2022-02-03 12:07 - 000000000 ____D C:\Users\psyd_\Desktop\tinySA_v1.3-336-gb8215bc.bin
2022-02-02 11:37 - 2022-02-02 11:37 - 007415987 _____ C:\Users\psyd_\Desktop\tinySA Update.pdf
2022-02-01 06:06 - 2022-02-01 06:06 - 042051760 _____ (Adlice Software ) C:\Users\psyd_\Downloads\RogueKiller_setup.exe
2022-01-30 19:19 - 2022-01-30 19:19 - 000219600 _____ C:\Users\psyd_\Downloads\ViewEOB.pdf
2022-01-29 09:36 - 2022-01-29 09:36 - 017274918 _____ C:\Users\psyd_\Desktop\Home Buying 3.bmp
2022-01-29 09:34 - 2022-01-29 09:34 - 003098814 _____ C:\Users\psyd_\Desktop\Home Buying 2.bmp
2022-01-29 09:33 - 2022-01-29 09:33 - 018941886 _____ C:\Users\psyd_\Desktop\Home Buying 1.bmp
2022-01-29 09:31 - 2022-01-29 09:31 - 001634248 _____ C:\Users\psyd_\Desktop\CCF01292022.pdf
2022-01-29 09:28 - 2022-01-29 09:44 - 000057354 _____ C:\Users\psyd_\Desktop\Mortgage Advice.pdf
2022-01-29 09:19 - 2022-01-29 09:19 - 001966796 _____ C:\Users\psyd_\Desktop\CCF01292022_0002.pdf
2022-01-29 09:19 - 2022-01-29 09:19 - 001573019 _____ C:\Users\psyd_\Desktop\CCF01292022_0001.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-02-28 10:12 - 2016-03-24 07:40 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\IDM
2022-02-28 09:19 - 2016-06-29 12:37 - 000000000 ____D C:\Program Files (x86)\Google
2022-02-28 09:14 - 2016-12-09 11:07 - 000000000 ____D C:\Users\psyd_\AppData\LocalLow\Mozilla
2022-02-28 08:05 - 2022-01-02 16:22 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2022-02-28 08:02 - 2021-09-22 23:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-02-28 07:55 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-28 07:55 - 2017-12-07 07:32 - 000000000 ____D C:\Users\psyd_\AppData\Local\Packages
2022-02-28 07:54 - 2019-12-07 01:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-28 07:54 - 2017-12-15 10:07 - 000000000 ____D C:\Users\psyd_\AppData\Local\PlaceholderTileLogoFolder
2022-02-28 06:35 - 2019-02-10 16:05 - 000000000 ____D C:\ProgramData\Mozilla
2022-02-28 06:32 - 2019-12-07 01:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-26 17:53 - 2016-03-24 07:40 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\DMCache
2022-02-26 17:36 - 2019-01-17 18:00 - 000002396 _____ C:\Users\psyd_\Desktop\Videostream.lnk
2022-02-26 14:19 - 2019-01-17 18:00 - 000000000 ____D C:\Users\psyd_\AppData\Local\SquirrelTemp
2022-02-25 18:30 - 2020-07-05 05:26 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-02-24 18:51 - 2022-01-02 16:23 - 000002406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2022-02-24 18:51 - 2022-01-02 16:23 - 000002371 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2022-02-21 09:06 - 2017-06-21 10:37 - 000000136 _____ C:\WINDOWS\Brfaxrx.ini
2022-02-21 06:26 - 2021-09-22 23:18 - 000003300 _____ C:\WINDOWS\system32\Tasks\klcp_update
2022-02-21 06:26 - 2020-04-24 08:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2022-02-21 06:26 - 2020-04-24 08:48 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2022-02-21 05:55 - 2019-01-17 18:00 - 000000000 ____D C:\Users\psyd_\AppData\Local\Videostream
2022-02-21 05:55 - 2016-03-21 12:04 - 000000000 ___RD C:\Users\psyd_\OneDrive
2022-02-20 19:44 - 2017-11-25 09:25 - 000000000 ___RD C:\Users\psyd_\Desktop\Computer tools
2022-02-20 19:42 - 2021-12-17 06:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2022-02-20 19:42 - 2021-12-17 06:02 - 000000000 ____D C:\Program Files\RogueKiller
2022-02-20 19:27 - 2021-07-18 04:58 - 000002040 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-02-20 19:27 - 2020-08-15 04:50 - 000002052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-02-20 19:25 - 2017-10-29 07:16 - 000000000 ____D C:\Program Files\Malwarebytes
2022-02-20 19:25 - 2016-03-23 20:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-02-20 19:23 - 2020-08-30 06:21 - 000000000 ____D C:\Users\psyd_\AppData\Local\CrashDumps
2022-02-20 19:13 - 2021-11-12 18:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-02-20 19:13 - 2016-08-24 20:15 - 000001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-02-20 19:13 - 2016-03-21 12:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-02-20 05:35 - 2021-01-24 05:46 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-02-17 06:39 - 2021-12-11 06:51 - 000003580 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-970927895-26279177-2598225439-1001
2022-02-17 06:39 - 2021-09-22 23:18 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-970927895-26279177-2598225439-1001
2022-02-17 06:39 - 2021-09-22 22:40 - 000002394 _____ C:\Users\psyd_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-02-17 06:15 - 2021-09-22 23:18 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2022-02-16 15:20 - 2017-05-28 06:26 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-02-15 05:19 - 2020-04-24 08:54 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\MPC-HC
2022-02-11 05:50 - 2021-09-22 23:17 - 001752884 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-02-11 05:50 - 2021-09-22 21:49 - 000769904 _____ C:\WINDOWS\system32\perfh019.dat
2022-02-11 05:50 - 2021-09-22 21:49 - 000151462 _____ C:\WINDOWS\system32\perfc019.dat
2022-02-11 05:50 - 2019-12-07 01:13 - 000000000 ____D C:\WINDOWS\INF
2022-02-11 05:43 - 2021-09-22 23:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-02-11 05:43 - 2020-09-13 21:24 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-11 05:43 - 2017-04-13 09:00 - 000000000 ____D C:\ProgramData\NVIDIA
2022-02-10 18:12 - 2019-12-07 01:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-02-10 18:10 - 2021-09-22 23:07 - 002433344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-02-10 18:09 - 2019-12-07 01:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-02-10 18:09 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-02-10 18:09 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\servicing
2022-02-10 17:54 - 2019-12-07 01:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-10 17:51 - 2012-07-26 00:18 - 000414870 __RSH C:\bootmgr
2022-02-10 17:50 - 2021-09-22 23:08 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-02-10 17:41 - 2016-03-23 11:38 - 000000000 ___HD C:\WINDOWS\system32\MRT
2022-02-10 17:36 - 2016-03-23 11:38 - 149611728 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-02-10 14:51 - 2016-08-25 13:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-02-10 09:18 - 2018-02-22 10:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-02-09 08:38 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-02-04 11:25 - 2017-09-21 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2022-02-03 07:01 - 2019-12-07 01:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-02-03 06:46 - 2021-09-22 22:40 - 000000000 ____D C:\Users\psyd_
2022-02-03 06:09 - 2021-12-17 05:54 - 000000000 ____D C:\ProgramData\RogueKiller
2022-02-02 22:21 - 2021-06-25 10:16 - 000002499 _____ C:\Users\Public\Desktop\pCloud Drive.lnk
2022-02-02 22:21 - 2021-06-25 10:16 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\pCloud Drive.lnk
2022-02-02 22:21 - 2018-09-03 19:57 - 000000000 ____D C:\ProgramData\Package Cache
2022-02-02 18:30 - 2016-03-21 12:30 - 000001070 _____ C:\WINDOWS\Brpfx04a.ini
2022-02-02 15:35 - 2019-09-04 16:48 - 000001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2022-02-02 15:35 - 2016-04-11 10:04 - 000000000 ____D C:\Program Files (x86)\Notepad++
2022-02-02 13:37 - 2022-01-03 12:57 - 000000000 ____D C:\Users\psyd_\AppData\Local\Downloaded Installations
2022-02-02 12:11 - 2021-07-31 13:19 - 000000398 __RSH C:\ProgramData\ntuser.pol
2022-02-02 12:07 - 2015-10-29 23:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-01-31 05:41 - 2021-09-01 16:03 - 000002076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2022-01-31 05:41 - 2021-09-01 16:03 - 000001918 _____ C:\Users\Default\Desktop\Google Slides.lnk
2022-01-31 05:41 - 2021-09-01 16:03 - 000001918 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2022-01-31 05:41 - 2021-09-01 16:03 - 000001906 _____ C:\Users\Default\Desktop\Google Docs.lnk
2022-01-31 05:41 - 2016-06-29 12:39 - 000001882 _____ C:\Users\psyd_\Desktop\Google Drive.lnk
2022-01-29 09:28 - 2016-04-04 21:37 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\PrimoPDF

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Barry · 2022/02/28

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2022
Ran by psyd_ (28-02-2022 10:16:59)
Running from C:\Users\psyd_\Desktop\Computer tools\virus removal
Microsoft Windows 10 Pro Version 21H1 19043.1526 (X64) (2021-09-23 07:18:23)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-970927895-26279177-2598225439-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-970927895-26279177-2598225439-503 - Limited - Disabled)
Guest (S-1-5-21-970927895-26279177-2598225439-501 - Limited - Disabled)
psyd_ (S-1-5-21-970927895-26279177-2598225439-1001 - Administrator - Enabled) => C:\Users\psyd_
WDAGUtilityAccount (S-1-5-21-970927895-26279177-2598225439-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (HKLM-x32\...\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}) (Version: 1 - Adobe Systems Incorporated) Hidden
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.21.170501 - )
Backup and Sync from Google (HKLM\...\{696895F7-52C7-4C9E-998B-C7E0CC907092}) (Version: 3.57.4256.0809 - Google, Inc.)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Brother MFL-Pro Suite MFC-J5910DW (HKLM-x32\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.1.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.90 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 98.0.14335.105 - Piriform Software)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1187.1 - Piriform Software) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12334.0 - Cisco Consumer Products LLC)
Convert PDF To Word Plus 1.0 (HKLM-x32\...\Convert PDF To Word Plus) (Version: 1.0 - pdftowordstudio.com)
Data Lifeguard Diagnostic for Windows 1.29 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DfuSe v3.0.6 (HKLM-x32\...\{61D44ABF-A11F-4FA4-98E6-C05BBBD0B52A}) (Version: 3.0.6 - STMicroelectronics)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EaseUS Todo Backup Free 9.1 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.1 - CHENGDU YIWO Tech Development Co., Ltd)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.2 - )
FILE RECOVERY for Windows (HKLM-x32\...\FILE RECOVERY for WindowsNSIS) (Version: 1.0.180 - Seagate)
GlanceGuest version 4.17.1.19 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.17.1.19 - Glance Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 98.0.4758.102 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 55.0.3.0 - Google LLC)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.40.8 - Tonec Inc.)
IrfanView 4.54 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.54 - Irfan Skiljan)
K-Lite Codec Pack 16.8.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.8.0 - KLCP)
Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13225.3 - Linksys LLC)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.126 - Logitech)
Malwarebytes version 4.5.4.168 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.4.168 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 98.0.1108.62 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\OneDriveSetup.exe) (Version: 22.022.0130.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{16E50919-B07A-4B4E-994A-476D4773F5BF}) (Version: 3.65.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 97.0.1 (x64 en-US)) (Version: 97.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 97.0.1.8082 - Mozilla)
Mozilla Thunderbird (x86 en-US) (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Mozilla Thunderbird 91.6.1 (x86 en-US)) (Version: 91.6.1 - Mozilla)
Mozilla Thunderbird 38.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.0 (x86 en-US)) (Version: 38.7.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 8.2.1 - Notepad++ Team)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
PC Equalizer (HKLM-x32\...\PC Equalizer) (Version: 1.1.7 - Bils)
PCI SoftV92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.5.0 - Conexant Systems)
pCloud Drive (HKLM-x32\...\{28F20387-1C43-4B18-9683-D99E342870EC}) (Version: 3.11.10.0 - pCloud AG) Hidden
pCloud Drive (HKLM-x32\...\{879bff10-faea-435f-826b-5a242eadc3c8}) (Version: 3.11.10.0 - pCloud AG)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 7 - Philipp Winterberg)
RogueKiller version 15.3.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.3.0.0 - Adlice Software)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
Sandboxie 5.33.6 (64-bit) (HKLM\...\Sandboxie) (Version: 5.33.6 - Sandboxie Holdings, LLC)
SolveigMM AVI Trimmer+ version 5.0.1603.23 (HKLM-x32\...\SolveigMM AVI Trimmer_is1) (Version: 5.0.1603.23 - Solveig Multimedia)
SolveigMM Video Splitter Home Edition (HKLM-x32\...\SolveigMM Video Splitter Home Edition 5.0.1509.11) (Version: 5.0.1509.11 - Solveig Multimedia)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)
TurboTax 2020 (HKLM-x32\...\TurboTax 2020) (Version: 2020.0 - Intuit, Inc)
TurboTax 2021 (HKLM-x32\...\{19F2745D-A94D-40AB-A983-E9D0A57B1E50}) (Version: 021.000.0407 - Intuit Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Videostream (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Videostream) (Version: 0.3.5 - Videostream)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
wcaiperStateIS (HKLM-x32\...\{5887AC3E-5182-4897-BED4-57FA33B53976}) (Version: 021.000.0118 - Intuit Inc.) Hidden
Windows PC Health Check (HKLM\...\{00DC4B60-5FC9-4629-8147-EF81ADF0EEA6}) (Version: 2.3.2106.25001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\ZoomUMX) (Version: 5.8.0 (1324) - Zoom Video Communications, Inc.)

Barry · 2022/02/28

Packages:
=========
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2021-11-13] (eyeo GmbH)
FreeCell HD -> C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8 [2020-11-25] (Bernardo Zamora)
IDM Integration Module -> C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.38.19.0_neutral__e7b5mm5d3r6v2 [2021-11-13] (Tonec FZE)
iDownload Manager (iDM) - High speed file downloader -> C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.30.0_x64__k42naep6bwmrc [2021-11-13] (Optimilia Studios) [MS Ad] [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-09-22] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-09-22] (Microsoft Corporation) [MS Ad]
Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp [2021-05-26] (NortonLifeLock Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-10] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-11-13] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

SSODL: EldosMountNotificator-cbfs6 - {B7038158-4D4C-4084-ADCC-802971A84145} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {1948F7D8-6849-437D-AF14-C3C14E0C1E54} - C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
SSODL-x32: EldosMountNotificator-cbfs6 - {B7038158-4D4C-4084-ADCC-802971A84145} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {1948F7D8-6849-437D-AF14-C3C14E0C1E54} - C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54} => C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects: Virtual Storage Mount Notification -> {B7038158-4D4C-4084-ADCC-802971A84145} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54} => C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
ShellServiceObjects-x32: Virtual Storage Mount Notification -> {B7038158-4D4C-4084-ADCC-802971A84145} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => F:\Program Files\Internet Download Manager\IDMShellExt64.dll [2021-03-02] (Tonec Inc. -> Tonec FZE)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ pCloudINPROGRESS] -> {D8BFAFBD-B670-4252-9C17-9CF1C64C2BAF} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [ pCloudINSYNC] -> {8D0C0582-552A-4A6B-9455-DA63E1F329C0} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [ pCloudNOSYNC] -> {3858ED1B-8F1C-42ED-A8A9-FDBF591E3C6B} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {830A9813-8D13-4E32-86D2-E3D6428399AB} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {830A9813-8D13-4E32-86D2-E3D6428399AB} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-10] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] (Notepad++ -> )
ContextMenuHandlers1: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files (x86)\pCloud Drive\ContextMenuHandler64.dll [2022-01-24] (pCloud AG) [File not signed] [File is in use]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files (x86)\pCloud Drive\ContextMenuHandler64.dll [2022-01-24] (pCloud AG) [File not signed] [File is in use]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\55.0.3.0\drivefsext.dll [2022-01-25] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-10] (Adobe Systems Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [wave2] => C:\WINDOWS\system32\serwvdrv.dll [25600 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [wave2] => C:\Windows\SysWOW64\serwvdrv.dll [18944 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\psyd_\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat ()
ShortcutWithArgument: C:\Users\psyd_\New folder\programs\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl
ShortcutWithArgument: C:\Users\psyd_\Desktop\programs\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl
ShortcutWithArgument: C:\Users\psyd_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2017-06-21 10:37 - 2005-02-02 12:38 - 000024576 ____N () [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\brrunpp.dll
2017-06-21 10:37 - 2009-02-27 15:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2022-01-24 16:53 - 2022-01-24 16:53 - 001900032 _____ () [File not signed] C:\Program Files (x86)\pCloud Drive\pSyncLib.dll
2021-07-24 05:46 - 2021-07-24 05:46 - 033991168 _____ () [File not signed] C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.30.0_x64__k42naep6bwmrc\iDownloadManager.dll
2020-11-25 07:19 - 2020-11-25 07:20 - 015057408 _____ () [File not signed] C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8\Solitaire.dll
2016-03-21 12:29 - 2005-04-21 20:36 - 000143360 ____H () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2007-01-19 04:23 - 2007-05-10 23:18 - 001560576 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll
2005-09-07 13:03 - 2005-09-07 13:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
2017-06-21 10:37 - 2009-10-13 15:59 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\BrMuSNMP.dll
2017-06-21 10:37 - 2011-12-22 17:25 - 000010752 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\Lang\PCFaxRxLangUsa.dll
2017-06-21 10:37 - 2012-04-23 14:03 - 000380928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2017-06-21 10:37 - 2010-09-29 16:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
2017-06-21 10:37 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2017-06-21 10:37 - 2012-01-11 13:39 - 000626688 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2017-06-21 10:37 - 2012-09-06 20:02 - 000155648 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2017-06-21 10:37 - 2012-07-06 12:33 - 000098304 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2017-06-21 10:37 - 2012-07-06 12:33 - 017694720 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2017-06-21 10:37 - 2012-07-17 12:36 - 000090112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2016-03-21 12:29 - 2012-07-05 03:32 - 000084480 ____H (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2017-06-21 10:37 - 2011-04-25 12:14 - 000118784 ____N (Brother Industries,LTD.) [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\brMfNt.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000025128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2016-03-24 07:48 - 2016-02-24 16:59 - 000131856 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2016-03-24 07:48 - 2016-02-24 16:59 - 000023824 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000443944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2016-03-24 07:48 - 2016-02-24 16:59 - 000042256 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000072232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000169512 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2016-03-24 07:48 - 2016-02-24 16:59 - 000177424 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2016-03-24 07:48 - 2016-02-24 16:59 - 000020752 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2016-03-24 07:48 - 2016-02-24 16:59 - 000191248 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2016-03-24 07:48 - 2016-02-24 16:59 - 000027408 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000080936 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000089640 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000020520 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000138792 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000027176 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000353832 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000030760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000281128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000193064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000201768 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000148008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000032296 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000769064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000061992 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000076840 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000111656 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000050216 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000024616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000158248 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 001296424 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000068136 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000059944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000056360 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000207912 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000146984 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000064040 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000224808 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000501800 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000043048 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000088616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2016-03-24 07:48 - 2016-02-24 16:59 - 000058640 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000034856 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2016-03-24 07:48 - 2016-01-26 07:27 - 000427560 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000139816 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000136232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000060968 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2016-03-24 07:48 - 2016-02-24 16:59 - 000539920 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmdManager.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ControlPxe.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000689704 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EMail.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000044584 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuPipe.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000221224 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackup.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000100904 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackupSize.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000591400 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlImgFile.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000044072 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlSearchImg.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000159272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Ftp.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FTPTest.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000079400 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImageFileInfo.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000293928 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFileHlp.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000153128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MatchStr.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000026664 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Options.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000093224 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\PolicyManage.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000121896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Thread.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Transmit.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000042536 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\XmlWrapper.dll
2016-03-24 07:48 - 2015-12-10 05:05 - 000303656 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000898088 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
2016-03-24 07:48 - 2015-12-10 05:04 - 000050216 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MFC90ENU.DLL
2016-03-24 07:48 - 2015-12-10 05:04 - 003779624 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\mfc90u.dll
2018-08-18 18:52 - 2017-03-30 16:49 - 000087040 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppCollect.dll
2018-08-18 18:52 - 2017-03-30 16:49 - 000197632 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppCommon.dll
2008-08-25 21:50 - 2008-08-25 21:50 - 000155648 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\1033\VBE6INTL.DLL
2021-09-22 23:11 - 2021-09-22 23:11 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
2017-06-22 12:08 - 2016-03-15 06:16 - 004116480 _____ (Microsoft) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\Skin\win.8.msstyles
2018-08-18 18:52 - 2015-02-27 09:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\Newtonsoft.Json.dll
2021-09-22 23:08 - 2016-11-14 01:45 - 001220424 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
2021-09-22 23:08 - 2016-11-14 01:45 - 001408200 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
2015-07-02 16:44 - 2015-07-02 16:44 - 000057344 _____ (Open Source Software community LGPL) [File not signed] C:\Program Files (x86)\pCloud Drive\pthreadVSE2.dll
2016-03-24 07:48 - 2016-01-26 07:27 - 002454016 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\python27.dll
2017-06-22 12:08 - 2010-06-07 07:42 - 000088576 _____ (Reteset) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\SliderEx\SliderEx.apo
2017-10-23 17:28 - 2017-10-23 17:28 - 000342016 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll
2017-06-22 12:08 - 2010-11-19 10:21 - 000204800 _____ (TODO: <Company name>) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\Download\Download.lmd
2017-06-22 12:08 - 2011-04-16 10:14 - 000172032 _____ (TODO: <Company name>) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\Tray\Tray.lmd
2017-06-22 12:08 - 2010-07-05 11:46 - 000319488 _____ (TODO: <Company name>) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\WinApi\WinApi.lmd

Barry · 2022/02/28

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-970927895-26279177-2598225439-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.popularwoodworking.com/winshop#/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> F:\Program Files\Internet Download Manager\IDMIECC64.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> F:\Program Files\Internet Download Manager\IDMIECC.dll [2021-11-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-29 23:24 - 2015-10-29 23:21 - 000000824 ____H C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-970927895-26279177-2598225439-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\psyd_\OneDrive\Pictures\Saved Pictures\darren & kendall mvp.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKLM\...\StartupApproved\Run32: => "EaseUS TB Tray Agent"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PPort12reminder"
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\StartupFolder: => "FAXRX.lnk"
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B6B1848498DE69800140E7F655A96C3C"
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{6BC0EC32-0153-455A-A833-02892252B0B8}C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe] => (Allow) C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [UDP Query User{F21EC2A8-732B-4CDA-BCDA-4AA657F8D2D0}C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe] => (Allow) C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [{F8FDBE52-07C2-4DCD-8FFB-601729A86A2F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
FirewallRules: [{7273AA3B-F442-495B-B7EC-F356D5775A67}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
FirewallRules: [{11F9B313-CEC2-42C2-AA13-1E540CD00FBA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
FirewallRules: [{FA932504-81D3-4915-B0AB-2043D57A8756}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
FirewallRules: [TCP Query User{6708A947-528D-4C2F-9EB3-61E96D42CB6B}C:\program files (x86)\pcloud drive\pcloud.exe] => (Allow) C:\program files (x86)\pcloud drive\pcloud.exe (pCloud AG -> pCloud AG)
FirewallRules: [UDP Query User{41886623-D8E2-41C5-8E29-7DB37EBF40DB}C:\program files (x86)\pcloud drive\pcloud.exe] => (Allow) C:\program files (x86)\pcloud drive\pcloud.exe (pCloud AG -> pCloud AG)
FirewallRules: [TCP Query User{715F5A3A-1657-4165-BC84-0804BC453DDF}C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe] => (Allow) C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> )
FirewallRules: [UDP Query User{ACB0337B-F835-4513-8B9C-11FCC4363A6A}C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe] => (Allow) C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> )
FirewallRules: [{7A23E683-ED6D-461A-89EA-6986F6846104}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D8A85DCF-90BB-482F-B819-EED680883C13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{FFBA38F7-C9CE-4233-8864-7C976622DCF1}C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe] => (Block) C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [UDP Query User{2BECCFF1-B65B-4BD5-AA12-26BC33EEDE5D}C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe] => (Block) C:\program files (x86)\ccleaner browser\application\ccleanerbrowser.exe (Piriform Software Ltd -> Piriform Software)
FirewallRules: [TCP Query User{33D89437-5B80-4444-895E-EC1CC3F8C1CC}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{C262B989-0353-44D0-B1A2-A82F9DD436B8}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{82022284-9E7A-4C73-89C8-D26154FA933F}C:\program files (x86)\brother\brmfl11b\faxrx.exe] => (Allow) C:\program files (x86)\brother\brmfl11b\faxrx.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [UDP Query User{850D5C4E-3A69-4366-A5B1-37BD633F8C9F}C:\program files (x86)\brother\brmfl11b\faxrx.exe] => (Allow) C:\program files (x86)\brother\brmfl11b\faxrx.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{672C60AD-3462-4C92-9DF1-D8B3E6920E8D}] => (Allow) C:\Program Files (x86)\TurboTax\Individual 2021\32bit\CefSharp.BrowserSubprocess.exe (INTUIT INC. -> The CefSharp Authors)
FirewallRules: [{79E72082-AECD-4552-BF9F-24713B653042}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{B46FCA43-0ECA-4D0F-87C7-7DEC4154A13C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{76CFCC00-E114-4E4B-B5B3-452CDF1F2929}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{B063D280-D2AF-4B54-8CB2-2766974D136A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{23C9CBF6-A195-4F1B-8F0F-DAB4364478E2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{7A35EDAA-7B8A-4890-B162-12FBC0D3DA74}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{29A3FFEC-7F52-48F6-8D6B-E5623C9B3EFD}] => (Allow) C:\Program Files (x86)\pCloud Drive\pCloud.exe (pCloud AG -> pCloud AG)
FirewallRules: [{16FE3C0D-09E0-4CBB-84CE-8BAC7991AC2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{66EF91EF-44A9-4EEC-8B69-EE519273BEB9}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)

==================== Restore Points =========================

10-02-2022 17:42:07 Windows Modules Installer
18-02-2022 08:00:04 Scheduled Checkpoint
27-02-2022 07:27:17 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (02/25/2022 07:16:48 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on 160GB Storage (H because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/25/2022 07:16:29 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on 750 Storage (F because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/25/2022 07:16:17 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on 750 Win 8 Pro (D because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/25/2022 07:15:54 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on extra (E because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/25/2022 07:15:53 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on 750 Extended Storage (M because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/25/2022 07:15:25 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on 160 Win 8 Pro (G because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (02/20/2022 07:23:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Solitaire.exe, version: 1.0.0.0, time stamp: 0x5fbd6666
Faulting module name: chakra.dll, version: 11.0.19041.1526, time stamp: 0x2ac3fc7e
Exception code: 0xc0000005
Fault offset: 0x000000000020ab04
Faulting process id: 0x349c
Faulting application start time: 0x01d82071bf52b5e9
Faulting application path: C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8\Solitaire.exe
Faulting module path: C:\WINDOWS\SYSTEM32\chakra.dll
Report Id: ba87f738-7cab-4d0d-86ff-a7c7d24ff60d
Faulting package full name: 32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8
Faulting package-relative application ID: App

Error: (02/18/2022 08:00:00 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on 160GB Storage (H because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

System errors:
=============
Error: (02/28/2022 06:33:43 AM) (Source: LsaSrv) (EventID: 6033) (User: NT AUTHORITY)
Description: An anonymous session connected from MINE has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller.
The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1.
This message will be logged at most once a day.

Error: (02/27/2022 06:16:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/27/2022 05:48:03 AM) (Source: DCOM) (EventID: 10000) (User: MINE)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (02/26/2022 07:12:10 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/26/2022 06:19:58 AM) (Source: LsaSrv) (EventID: 6033) (User: NT AUTHORITY)
Description: An anonymous session connected from MINE has attempted to open an LSA policy handle on this machine. The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to the anonymous caller.
The application that made this attempt needs to be fixed. Please contact the application vendor. As a temporary workaround, this security measure can be disabled by setting the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1.
This message will be logged at most once a day.

Error: (02/25/2022 07:14:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/25/2022 08:19:16 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/25/2022 06:15:01 AM) (Source: DCOM) (EventID: 10000) (User: MINE)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Windows Defender:
================
Date: 2022-02-27 09:46:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-25 19:14:20
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-24 09:47:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-23 19:01:21
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-02-22 19:53:45
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-02-20 19:27:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\cbfsNetRdr6.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2022-02-20 19:27:09
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\cbfsconnectNetRdr2017.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: Award Software International, Inc. F2 12/03/2009
Motherboard: Gigabyte Technology Co., Ltd. GA-790XTA-UD4
Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 80%
Total physical RAM: 16382.49 MB
Available physical RAM: 3173.53 MB
Total Virtual: 32365.14 MB
Available Virtual: 8327.07 MB

==================== Drives ================================

Drive c: (Samsung 850 EVO SSD) (Fixed) (Total:232.37 GB) (Free:126.56 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (750 Win 8 Pro) (Fixed) (Total:55.03 GB) (Free:6.27 GB) NTFS
Drive e: (extra) (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS
Drive f: (750 Storage) (Fixed) (Total:72.95 GB) (Free:23.6 GB) NTFS
Drive g: (160 Win 8 Pro) (Fixed) (Total:28.31 GB) (Free:3.9 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: (160GB Storage) (Fixed) (Total:120.73 GB) (Free:65.82 GB) NTFS
Drive k: (Google Drive) (Fixed) (Total:15 GB) (Free:7.59 GB) FAT32
Drive m: (750 Extended Storage) (Fixed) (Total:570.64 GB) (Free:121.16 GB) NTFS
Drive p: (pCloud Drive) (Removable) (Total:10 GB) (Free:8.73 GB) exFAT

\\?\Volume{fd0610f8-0000-0000-0000-e0173a000000}\ () (Fixed) (Total:0.51 GB) (Free:0.05 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: BC336398)
Partition 1: (Active) - (Size=28.3 GB) - (Type=06)
Partition 2: (Not Active) - (Size=120.7 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 10F510F4)
Partition 1: (Not Active) - (Size=128 GB) - (Type=0F Extended)
Partition 2: (Not Active) - (Size=570.6 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (Size: 232.9 GB) (Disk ID: FD0610F8)
Partition 1: (Active) - (Size=232.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=519 MB) - (Type=27)

==================== End of Addition.txt =======================

broni · 2022/02/28

All clean there.
I suppose, that item in CCleaner must be some registry leftover.
I wouldn't worry about it.

Barry · 2022/02/28

I just find it strange that I can't uninstall it without it reappearing. Hopefully, it's not something running in the background. Do you know how I can find out where it is located?

broni · 2022/02/28

How exactly are you trying to uninstall it?
I don't see it in a list of installed programs?
Does CCleaner give you any more info?

Log in or Sign up

Solved Can't get rid of Russian program

Barry Geek Member Thread Starter

broni Moderator Malware Analyst

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

broni Moderator Malware Analyst

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

broni Moderator Malware Analyst

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

broni Moderator Malware Analyst

Barry Geek Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Can't get rid of Russian program

Barry Geek Member Thread Starter

broni Moderator Malware Analyst

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

broni Moderator Malware Analyst

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

broni Moderator Malware Analyst

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

Barry Geek Member Thread Starter

broni Moderator Malware Analyst

Barry Geek Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches