1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved donstop.conferencesystems.online trojan

Discussion in 'Malware and Virus Removal' started by Barry, 2021/07/31.

Page 1 of 3
  1. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    Malwarebytes keeps popping up a sign that says this trojan is being blocked in file C:\\Windows\System32\wscript. What is it and how do I get rid of it?
    [​IMG] donstop.png - Shared with pCloud
     
    Barry,
    #1
  2. 2021/07/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    broni,
    #2


  3. to hide this advert.

  4. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2021 01
    Ran by psyd_ (administrator) on MINE (Gigabyte Technology Co., Ltd. GA-790XTA-UD4) (31-07-2021 06:47:42)
    Running from C:\Users\psyd_\Desktop
    Loaded Profiles: psyd_
    Platform: Windows 10 Pro Version 2004 19041.1110 (X64) Language: English (United States)
    Default browser: "C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe" --single-argument %1
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
    (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
    (Apple Computer, Inc.) [File not signed] C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Bernardo Zamora) C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8\Solitaire.exe
    (Bils) [File not signed] F:\Program Files (x86)\PC Equalizer\PCEqualizer.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe
    (Groupnotes, Inc. -> ) C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\videostream-native\videostream-native.exe <2>
    (Groupnotes, Inc. -> Videostream) C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\Videostream.exe
    (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe
    (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
    (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
    (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
    (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe <3>
    (Logitech -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU1\LogitechUpdate.exe
    (Logitech -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU1\LULnchr.exe
    (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\psyd_\AppData\Local\Microsoft\OneDrive\21.139.0711.0001\FileCoAuth.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\psyd_\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wscript.exe <3>
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
    (Motorola) [File not signed] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <13>
    (Mozilla Corporation -> Mozilla Corporation) F:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
    (pCloud AG -> pCloud AG) C:\Program Files (x86)\pCloud Drive\pCloud.exe
    (Piriform Software Ltd -> Piriform Software Ltd) F:\Program Files\CCleaner\CCleaner64.exe
    (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe <26>
    (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler.exe
    (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler64.exe
    (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
    (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe
    (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (Tonec Inc. -> Tonec Inc.) F:\Program Files\Internet Download Manager\IDMan.exe
    (Tonec Inc. -> Tonec Inc.) F:\Program Files\Internet Download Manager\IEMonitor.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1812032 2016-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-30] (Logitech Inc -> Logitech, Inc.)
    HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    HKLM-x32\...\Run: [EaseUS EPM tray] => F:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => F:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [File not signed]
    HKLM-x32\...\Run: [PCEqualizer] => F:\Program Files (x86)\PC Equalizer\PCEqualizer.exe [6497792 2016-03-17] (Bils) [File not signed]
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation)
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3657560 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49925280 2021-06-18] (Google LLC -> )
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe [3415608 2021-07-05] (pCloud AG -> pCloud AG)
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [CCleaner Smart Cleaning] => F:\Program Files\CCleaner\CCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [Videostream] => C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\Videostream.exe [339608 2019-01-17] (Groupnotes, Inc. -> Videostream)
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [MicrosoftEdgeAutoLaunch_3173782CC43AAF1092A724F27F2433AD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2297272 2021-07-02] (Piriform Software Ltd -> Piriform Software)
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\psyd_\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\psyd_\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\RunOnce: [Uninstall 21.129.0627.0002\i386] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\psyd_\AppData\Local\Microsoft\OneDrive\21.129.0627.0002\i386"
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\RunOnce: [Uninstall 21.129.0627.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\psyd_\AppData\Local\Microsoft\OneDrive\21.129.0627.0002"
    HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Print\Monitors\Adobe PDF Port: C:\WINDOWS\system32\AdobePDF64.dll [35928 2007-03-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated.)
    HKLM\...\Print\Monitors\PCL hpz3llhn: C:\WINDOWS\system32\hpz3llhn.dll [36352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
    HKLM\...\Print\Monitors\PrimoMon: C:\WINDOWS\system32\Primomonnt.dll [95008 2015-09-01] (Nitro PDF Software -> )
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\91.1.10935.167\Installer\chrmstp.exe [2021-07-21] (Piriform Software Ltd -> Piriform Software)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-21] (Google LLC -> Google LLC)
    Startup: C:\Users\psyd_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FAXRX.lnk [2017-06-21]
    ShortcutTarget: FAXRX.lnk -> C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {06B1DB65-69C7-49C0-9604-1A29F02AD68F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {095D9FD5-34AF-4B87-8B26-C7EBFF8E8C6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {1313F06D-A6DD-4BE3-AC53-8B33F5AAC55C} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software)
    Task: {14B46AC4-F184-4412-9AFB-71421440A92B} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1112576 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
    Task: {17276E77-4DE9-4B7B-ADB2-ACF60B948768} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software)
    Task: {2849A7BB-93CD-49CF-9962-19129A5F921A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {3C1B5C90-86BF-4B65-AA0B-471A7BCBC48A} - System32\Tasks\CCleaner Update => F:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd -> Piriform)
    Task: {67BA7C20-885B-441D-8216-765E7B20B52D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
    Task: {67F22B35-10E6-4CE1-9A4A-A76E166B3FCD} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2297272 2021-07-02] (Piriform Software Ltd -> Piriform Software)
    Task: {6D78C358-D4F5-4A76-B2F7-762E5E2EE9D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {7489F894-A09F-4C70-B020-A2D8D7B2A283} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {991F1667-B5C2-4A46-BBF5-853BE48F1795} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
    Task: {B29DE1C8-FA08-47B3-AEED-16D96988431A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2020-12-28] () [File not signed]
    Task: {B855251C-A392-4BEF-A8A5-E3018891EC33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-29] (Google Inc -> Google Inc.)
    Task: {BCB4E65E-9900-4E2C-B7DA-1B4A71432D21} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
    Task: {BE954B2E-CCB7-40C8-B16C-064FC5832E14} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2297272 2021-07-02] (Piriform Software Ltd -> Piriform Software)
    Task: {CD47E951-1B21-4B7F-98F1-1AD1C1E30135} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [690616 2021-07-18] (Mozilla Corporation -> Mozilla Foundation)
    Task: {D2A6AD62-67B5-493F-8223-B99747877C93} - System32\Tasks\CCleanerSkipUAC => F:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {E46164D7-3124-4D89-82E1-46147027F60C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
    Task: {EB4E1A91-20FB-4C4E-AA06-AC3B23347FEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-29] (Google Inc -> Google Inc.)
    Task: {EB7560E5-D542-4873-AEC3-B4FBCF725943} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{f7a6dcc0-a169-49bf-9d5a-c50892ff241e}: [DhcpNameServer] 192.168.1.1

    Edge:
    =======
    DownloadDir: C:\Users\psyd_\Downloads
    Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-03-29]
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.11.5.0_neutral__v68kp9n051hdp [not found]
    Edge Extension: (No Name) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.36.5.0_neutral__e7b5mm5d3r6v2 [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-31]
    Edge Extension: (Norton Safe Web) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2021-07-13]
    Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-07-13]
    Edge Extension: (Malwarebytes Browser Guard) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-13]
    Edge Extension: (IDM Integration Module) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2021-03-15]
    Edge Extension: (IDM Integration Module) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-03-15]
    Edge HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - F:\Program Files\Internet Download Manager\IDMEdgeExt.crx [2021-07-16]
    Edge HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2021-07-16]
    Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

    FireFox:
    ========
    FF DefaultProfile: hh1qpzfn.default
    FF ProfilePath: C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default [2021-07-31]
    FF DownloadDir: F:\Downloads
    FF Extension: (Test Pilot) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\@testpilot-addon.xpi [2018-10-17] [UpdateUrl:hxxps://testpilot.firefox.com/files/@testpilot-addon/updates.json]
    FF Extension: (InvisibleHand) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2020-12-12]
    FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-15]
    FF Extension: (Honey) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2020-12-12]
    FF Extension: (snoozetabs) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\snoozetabs@mozilla.com.xpi [2018-01-20] [UpdateUrl:hxxps://testpilot.firefox.com/files/snoozetabs@mozilla/updates.json]
    FF Extension: (TinEye Reverse Image Search) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\tineye@ideeinc.com.xpi [2019-07-10]
    FF Extension: (Malwarebytes Browser Guard) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-01-07]
    FF Extension: (Logitech SetPoint) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{84380428-8c9d-4bdf-913d-b2c34d6562d9}.xpi [2019-12-24]
    FF Extension: (Web of Trust) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2020-12-12]
    FF Extension: (Adblock Plus - free ad blocker) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-01-07]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-12-24] [not signed]
    FF HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - F:\Program Files\Internet Download Manager\idmmzcc3.xpi
    FF Extension: (IDM Integration Module) - F:\Program Files\Internet Download Manager\idmmzcc3.xpi [2021-03-05]
    FF HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\psyd_\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\psyd_\AppData\Roaming\IDM\idmmzcc5 [2017-03-27] [Legacy] [not signed]
    FF HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - F:\Program Files\Internet Download Manager\idmmzcc2.xpi
    FF Extension: (IDM integration) - F:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-12-19] [Legacy]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
    FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2021-01-26] (Piriform Software Ltd -> Piriform Software)
    FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2021-01-26] (Piriform Software Ltd -> Piriform Software)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default [2021-07-31]
    CHR HomePage: Default -> hxxp://www.google.com
    CHR Extension: (Slides) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
    CHR Extension: (Docs) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
    CHR Extension: (Google Drive) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-12]
    CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-06-25]
    CHR Extension: (YouTube) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-28]
    CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-06-25]
    CHR Extension: (Logitech Smooth Scrolling) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2019-12-24]
    CHR Extension: (Sheets) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
    CHR Extension: (Google Docs Offline) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-06]
    CHR Extension: (Malwarebytes Browser Guard) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-06-25]
    CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-06-25]
    CHR Extension: (IDM Integration Module) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-06-25]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-25]
    CHR Extension: (Gmail) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-12]
    CHR Extension: (Chrome Media Router) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-25]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2021-07-16]
    CHR HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
    CHR HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2021-07-16]
    CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2021-07-16]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
    R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
    S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software)
    S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\91.1.10935.167\elevation_service.exe [1421288 2021-07-16] (Piriform Software Ltd -> Piriform Software)
    S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software)
    R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-03-21] (Macrovision Europe Ltd.) [File not signed]
    R2 HsfXAudioService; C:\WINDOWS\SysWOW64\XAudio64.dll [436736 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe [473352 2017-03-30] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-07-17] (Malwarebytes Inc -> Malwarebytes)
    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [319320 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-17] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
    R3 CAXHWBS2; C:\WINDOWS\system32\DRIVERS\CAXHWBS2.sys [411136 2009-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    R1 cbfs20; C:\WINDOWS\System32\drivers\cbfs20.sys [436776 2021-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc. - www.callback.com)
    R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-09] (EldoS Corporation -> /n software, Inc.)
    R1 cbfsconnect2017; C:\WINDOWS\system32\drivers\cbfsconnect2017.sys [481296 2020-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
    S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbcx64.sys [38400 2016-05-10] (CSR plc.) [File not signed]
    S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-07-17] (Malwarebytes Inc -> Malwarebytes)
    R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    R3 HSF_DPV; C:\WINDOWS\system32\DRIVERS\CAX_DPV.sys [1486848 2009-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-07-18] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-07-18] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69016 2021-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-07-18] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-07-18] (Malwarebytes Inc -> Malwarebytes)
    R2 mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [17024 2006-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Conexant)
    R3 MODEMCSA; C:\WINDOWS\system32\drivers\MODEMCSA.sys [28160 2021-03-10] (Microsoft Windows -> Microsoft Corporation)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [216184 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
    R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [20704 2019-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-07-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425192 2021-07-09] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-09] (Microsoft Windows -> Microsoft Corporation)
    R3 winachsf; C:\WINDOWS\system32\DRIVERS\CAX_CNXT.sys [740864 2009-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    R2 XAudio; C:\WINDOWS\system32\DRIVERS\XAudio64.sys [10240 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-07-31 06:47 - 2021-07-31 06:48 - 000037686 _____ C:\Users\psyd_\Desktop\FRST.txt
    2021-07-31 06:47 - 2021-07-31 06:48 - 000000000 ____D C:\FRST
    2021-07-31 06:44 - 2021-07-31 06:44 - 002300416 _____ (Farbar) C:\Users\psyd_\Downloads\Unconfirmed 940117.crdownload
    2021-07-31 06:43 - 2021-07-31 06:44 - 002300416 _____ (Farbar) C:\Users\psyd_\Desktop\FRST64.exe
    2021-07-29 12:02 - 2021-07-29 14:16 - 015624217 _____ C:\Users\psyd_\Desktop\scandoc_099k.js
    2021-07-29 08:52 - 2021-07-29 08:52 - 001063601 _____ C:\Users\psyd_\Desktop\CCF07292021.pdf
    2021-07-28 10:08 - 2021-07-28 10:08 - 001884180 _____ C:\Users\psyd_\Desktop\CCF07282021.pdf
    2021-07-26 17:08 - 2021-07-26 17:14 - 000000000 ____D C:\Users\psyd_\Desktop\trotta
    2021-07-21 05:35 - 2021-07-31 05:42 - 000000000 ____D C:\Users\psyd_\AppData\LocalLow\IGDump
    2021-07-20 17:05 - 2021-07-20 17:05 - 000032464 _____ C:\Users\psyd_\Desktop\CA Air Resource Board FAQs.pdf
    2021-07-20 12:37 - 2021-07-20 12:37 - 000594870 _____ C:\Users\psyd_\Desktop\CCF07202021.pdf
    2021-07-18 06:09 - 2021-07-18 06:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
    2021-07-18 05:58 - 2021-07-18 05:58 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2021-07-18 05:58 - 2021-07-18 05:58 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2021-07-18 05:58 - 2021-07-18 05:58 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2021-07-18 05:58 - 2021-07-18 05:58 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2021-07-18 05:58 - 2021-07-18 05:58 - 000069016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2021-07-18 05:58 - 2021-07-18 05:58 - 000002040 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2021-07-18 05:57 - 2021-07-17 05:42 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2021-07-18 05:57 - 2020-12-12 17:00 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2021-07-17 10:43 - 2021-07-17 10:43 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
    2021-07-17 10:42 - 2021-07-17 10:42 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2021-07-17 10:42 - 2021-07-17 10:42 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2021-07-17 10:42 - 2021-07-17 10:42 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
    2021-07-17 10:42 - 2021-07-17 10:42 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
    2021-07-17 10:42 - 2021-07-17 10:42 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
    2021-07-16 22:25 - 2018-12-19 16:05 - 000229296 ____H (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
    2021-07-16 12:37 - 2021-07-16 12:37 - 000502414 _____ C:\Users\psyd_\Desktop\COVID cards.pdf
    2021-07-13 15:17 - 2021-07-13 15:17 - 001188058 _____ C:\Users\psyd_\Desktop\CCF07132021_0001.pdf
    2021-07-13 10:51 - 2021-07-13 10:51 - 002712179 _____ C:\Users\psyd_\Desktop\CCF07132021.pdf
    2021-07-10 06:22 - 2021-07-10 06:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pCloud
    2021-07-10 06:22 - 2021-07-10 06:22 - 000000000 ____D C:\Program Files (x86)\pCloud Drive
    2021-07-09 06:08 - 2021-07-09 06:08 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
    2021-07-09 06:08 - 2021-07-09 06:08 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2021-07-09 06:08 - 2021-07-09 06:08 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2021-07-09 06:08 - 2021-07-09 06:08 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2021-07-09 06:08 - 2021-07-09 06:08 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
    2021-07-09 06:08 - 2021-07-09 06:08 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
    2021-07-09 06:07 - 2021-07-09 06:07 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
    2021-07-09 06:07 - 2021-07-09 06:07 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2021-07-09 06:07 - 2021-07-09 06:07 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
    2021-07-09 06:07 - 2021-07-09 06:07 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
    2021-07-08 10:49 - 2021-07-08 10:49 - 000216655 _____ C:\Users\psyd_\Desktop\Pote EAP Auth.pdf
    2021-07-06 18:20 - 2021-07-07 11:03 - 003303625 _____ C:\Users\psyd_\Desktop\CCF07062021.pdf

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-07-31 06:43 - 2017-06-21 11:37 - 000000138 _____ C:\WINDOWS\Brfaxrx.ini
    2021-07-31 06:42 - 2016-06-29 13:37 - 000000000 ____D C:\Program Files (x86)\Google
    2021-07-31 06:41 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-07-31 05:38 - 2019-01-17 19:00 - 000000000 ____D C:\Users\psyd_\AppData\Local\SquirrelTemp
    2021-07-31 05:37 - 2016-12-09 12:07 - 000000000 ____D C:\Users\psyd_\AppData\LocalLow\Mozilla
    2021-07-31 05:35 - 2020-09-13 22:24 - 000000000 ___HD C:\WINDOWS\system32\SleepStudy
    2021-07-30 18:15 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-07-30 18:15 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2021-07-30 18:14 - 2020-07-05 06:26 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-07-30 05:52 - 2021-01-27 07:06 - 000057037 _____ C:\Users\psyd_\Desktop\AutoIDCard.pdf
    2021-07-30 05:38 - 2020-04-24 09:54 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\MPC-HC
    2021-07-29 08:58 - 2016-03-21 13:30 - 000001129 _____ C:\WINDOWS\Brpfx04a.ini
    2021-07-29 06:41 - 2020-09-13 22:36 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-970927895-26279177-2598225439-1001
    2021-07-29 06:41 - 2020-09-13 15:30 - 000002394 _____ C:\Users\psyd_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2021-07-29 06:41 - 2016-03-21 13:04 - 000000000 ___RD C:\Users\psyd_\OneDrive
    2021-07-27 20:02 - 2016-03-24 08:40 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\DMCache
    2021-07-23 05:38 - 2016-03-24 08:40 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\IDM
    2021-07-22 14:09 - 2021-02-03 20:53 - 000009301 _____ C:\Users\psyd_\Desktop\Barbacoa Rent 2021.xlsx
    2021-07-22 12:08 - 2016-08-25 14:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2021-07-21 18:50 - 2017-05-28 07:26 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-07-21 10:37 - 2020-04-29 05:44 - 000002406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
    2021-07-21 10:37 - 2020-04-29 05:44 - 000002371 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
    2021-07-21 10:37 - 2020-04-29 05:43 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
    2021-07-21 05:32 - 2020-08-30 07:21 - 000000000 ____D C:\Users\psyd_\AppData\Local\CrashDumps
    2021-07-20 05:57 - 2020-09-13 22:36 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
    2021-07-18 06:10 - 2019-02-10 17:05 - 000000000 ____D C:\ProgramData\Mozilla
    2021-07-18 06:09 - 2021-01-07 07:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2021-07-18 06:09 - 2016-08-24 21:15 - 000001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2021-07-18 06:09 - 2016-03-21 13:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2021-07-18 06:08 - 2021-06-28 07:24 - 000769948 ____H C:\WINDOWS\system32\perfh019.dat
    2021-07-18 06:08 - 2021-06-28 07:24 - 000151506 ____H C:\WINDOWS\system32\perfc019.dat
    2021-07-18 06:08 - 2020-09-13 22:37 - 001752888 ____H C:\WINDOWS\system32\PerfStringBackup.INI
    2021-07-18 06:08 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
    2021-07-18 05:58 - 2020-08-15 05:50 - 000002052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2021-07-18 05:58 - 2019-01-17 19:00 - 000000000 ____D C:\Users\psyd_\AppData\Local\Videostream
    2021-07-18 05:58 - 2018-09-03 20:57 - 000000000 ____D C:\Users\psyd_\AppData\Local\pCloud
    2021-07-18 05:57 - 2020-09-13 22:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2021-07-18 05:57 - 2020-09-13 22:24 - 000008192 ___SH C:\DumpStack.log.tmp
    2021-07-18 05:57 - 2017-04-13 10:00 - 000000000 ____D C:\ProgramData\NVIDIA
    2021-07-17 19:11 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2021-07-17 19:10 - 2020-09-13 22:24 - 002442528 ____H C:\WINDOWS\system32\FNTCACHE.DAT
    2021-07-17 19:09 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2021-07-17 19:09 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\system32\WinBioPlugIns
    2021-07-17 19:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2021-07-17 19:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2021-07-17 19:09 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\System
    2021-07-17 11:37 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2021-07-17 10:42 - 2012-07-26 01:18 - 000414038 __RSH C:\bootmgr
    2021-07-16 06:56 - 2016-03-23 12:38 - 000000000 ___HD C:\WINDOWS\system32\MRT
    2021-07-16 06:51 - 2016-03-23 12:38 - 133422552 ___HC (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2021-07-15 15:37 - 2020-09-13 22:36 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2021-07-15 15:37 - 2020-09-13 22:36 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2021-07-10 06:23 - 2018-09-03 20:57 - 000000000 ____D C:\ProgramData\Package Cache
    2021-07-10 06:22 - 2021-06-25 11:16 - 000002499 _____ C:\Users\Public\Desktop\pCloud Drive.lnk
    2021-07-10 06:22 - 2021-06-25 11:16 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\pCloud Drive.lnk
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\system32\setup
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\system32\oobe
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\system32\Dism
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2021-07-09 19:29 - 2016-03-26 19:44 - 000000740 _____ C:\Users\psyd_\Desktop\Internet Download Manager.lnk
    2021-07-09 18:02 - 2018-02-22 11:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2021-07-08 18:51 - 2016-03-23 09:32 - 000001333 _____ C:\Users\psyd_\Desktop\thunderbird - Shortcut.lnk
    2021-07-06 16:26 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\system32\NDF
    2021-07-06 10:31 - 2017-09-21 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
    2021-07-01 18:37 - 2020-09-13 22:36 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2021-07-01 18:37 - 2020-09-13 22:36 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================
     
    Barry,
    #3
  5. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
    Ran by psyd_ (31-07-2021 06:50:37)
    Running from C:\Users\psyd_\Desktop
    Windows 10 Pro Version 2004 19041.1110 (X64) (2020-09-14 05:36:24)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================


    (If an entry is included in the fixlist, it will be removed.)

    Administrator (S-1-5-21-970927895-26279177-2598225439-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-970927895-26279177-2598225439-503 - Limited - Disabled)
    Guest (S-1-5-21-970927895-26279177-2598225439-501 - Limited - Disabled)
    psyd_ (S-1-5-21-970927895-26279177-2598225439-1001 - Administrator - Enabled) => C:\Users\psyd_
    WDAGUtilityAccount (S-1-5-21-970927895-26279177-2598225439-504 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)
    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
    Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
    AHV content for Acrobat and Flash (HKLM-x32\...\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}) (Version: 1 - Adobe Systems Incorporated) Hidden
    Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.21.170501 - )
    Backup and Sync from Google (HKLM\...\{A0397FA8-34ED-4A41-A8C9-30EE0B89C464}) (Version: 3.56.3802.7766 - Google, Inc.)
    Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
    Brother MFL-Pro Suite MFC-J5910DW (HKLM-x32\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.1.1.0 - Brother Industries, Ltd.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.83 - Piriform)
    CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 91.1.10935.167 - Piriform Software)
    CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden
    Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12334.0 - Cisco Consumer Products LLC)
    Convert PDF To Word Plus 1.0 (HKLM-x32\...\Convert PDF To Word Plus) (Version: 1.0 - pdftowordstudio.com)
    Data Lifeguard Diagnostic for Windows 1.29 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
    EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
    EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
    EaseUS Todo Backup Free 9.1 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.1 - CHENGDU YIWO Tech Development Co., Ltd)
    Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.2 - )
    FILE RECOVERY for Windows (HKLM-x32\...\FILE RECOVERY for WindowsNSIS) (Version: 1.0.180 - Seagate)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.107 - Google LLC)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.39.2 - Tonec Inc.)
    IrfanView 4.54 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.54 - Irfan Skiljan)
    K-Lite Codec Pack 16.0.6 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.0.6 - KLCP)
    Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13225.3 - Linksys LLC)
    Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.126 - Logitech)
    Malwarebytes version 4.4.3.125 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.3.125 - Malwarebytes)
    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.62 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
    Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
    Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)
    Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
    Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
    Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
    Mozilla Firefox 89.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 89.0.2 (x64 en-US)) (Version: 89.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 89.0.2.7843 - Mozilla)
    Mozilla Thunderbird 38.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.0 (x86 en-US)) (Version: 38.7.0 - Mozilla)
    Mozilla Thunderbird 78.12.0 (x86 en-US) (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Mozilla Thunderbird 78.12.0 (x86 en-US)) (Version: 78.12.0 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.7.1 - Notepad++ Team)
    Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
    NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
    NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    PC Equalizer (HKLM-x32\...\PC Equalizer) (Version: 1.1.7 - Bils)
    PCI SoftV92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.5.0 - Conexant Systems)
    pCloud Drive (HKLM-x32\...\{a7dc8b8f-f33a-4a71-9bc4-e675554aa7b6}) (Version: 3.11.3.0 - pCloud AG)
    pCloud Drive (HKLM-x32\...\{EDDD2EC9-42EB-4C27-9572-BBE0658F4EFD}) (Version: 3.11.3.0 - pCloud AG) Hidden
    PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
    PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
    RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 7 - Philipp Winterberg)
    Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)
    Sandboxie 5.33.6 (64-bit) (HKLM\...\Sandboxie) (Version: 5.33.6 - Sandboxie Holdings, LLC)
    SolveigMM AVI Trimmer+ version 5.0.1603.23 (HKLM-x32\...\SolveigMM AVI Trimmer_is1) (Version: 5.0.1603.23 - Solveig Multimedia)
    SolveigMM Video Splitter Home Edition (HKLM-x32\...\SolveigMM Video Splitter Home Edition 5.0.1509.11) (Version: 5.0.1509.11 - Solveig Multimedia)
    Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
    TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
    TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)
    TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
    TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)
    TurboTax 2020 (HKLM-x32\...\TurboTax 2020) (Version: 2020.0 - Intuit, Inc)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
    Videostream (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Videostream) (Version: 0.3.5 - Videostream)
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
    Zoom (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.)

    Packages:
    =========
    Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-03-29] (eyeo GmbH)
    Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.6.36.0_x86__kgqvnymyfvs32 [2021-07-10] (king.com)
    Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.198.300.0_x86__kgqvnymyfvs32 [2021-07-24] (king.com)
    Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_6.1.13.0_x86__h6adky7gbf63m [2021-07-18] (Gameloft SE)
    FreeCell HD -> C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8 [2020-11-25] (Bernardo Zamora)
    IDM Integration Module -> C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.38.19.0_neutral__e7b5mm5d3r6v2 [2021-05-26] (Tonec FZE)
    iDownload Manager (iDM) - High speed file downloader -> C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.30.0_x64__k42naep6bwmrc [2021-07-30] (Optimilia Studios) [MS Ad] [Startup Task]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]
    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-10] (Microsoft Studios) [MS Ad]
    Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp [2021-05-26] (NortonLifeLock Inc.)
    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-10] (Microsoft Corporation)
    Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-28] (Twitter Inc.)

    ==================== Custom CLSID (Whitelisted): ==============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    SSODL: EldosMountNotificator-cbfs6 - {B7038158-4D4C-4084-ADCC-802971A84145} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
    SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {1948F7D8-6849-437D-AF14-C3C14E0C1E54} - C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
    SSODL-x32: EldosMountNotificator-cbfs6 - {B7038158-4D4C-4084-ADCC-802971A84145} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)
    SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {1948F7D8-6849-437D-AF14-C3C14E0C1E54} - C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)
    ShellServiceObjects: Virtual Storage Mount Notification -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54} => C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
    ShellServiceObjects: Virtual Storage Mount Notification -> {B7038158-4D4C-4084-ADCC-802971A84145} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)
    ShellServiceObjects-x32: Virtual Storage Mount Notification -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54} => C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)
    ShellServiceObjects-x32: Virtual Storage Mount Notification -> {B7038158-4D4C-4084-ADCC-802971A84145} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => F:\Program Files\Internet Download Manager\IDMShellExt64.dll [2021-03-02] (Tonec Inc. -> Tonec FZE)
    ShellIconOverlayIdentifiers: [ pCloudINPROGRESS] -> {D8BFAFBD-B670-4252-9C17-9CF1C64C2BAF} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
    ShellIconOverlayIdentifiers: [ pCloudINSYNC] -> {8D0C0582-552A-4A6B-9455-DA63E1F329C0} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
    ShellIconOverlayIdentifiers: [ pCloudNOSYNC] -> {3858ED1B-8F1C-42ED-A8A9-FDBF591E3C6B} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {830A9813-8D13-4E32-86D2-E3D6428399AB} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)
    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {830A9813-8D13-4E32-86D2-E3D6428399AB} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)
    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-11] (Adobe Systems Inc.) [File not signed]
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] (Notepad++ -> )
    ContextMenuHandlers1: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files (x86)\pCloud Drive\ContextMenuHandler64.dll [2021-03-16] (pCloud AG) [File not signed] [File is in use]
    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google)
    ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
    ContextMenuHandlers4: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files (x86)\pCloud Drive\ContextMenuHandler64.dll [2021-03-16] (pCloud AG) [File not signed] [File is in use]
    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google)
    ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-11] (Adobe Systems Inc.) [File not signed]
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

    ==================== Codecs (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Drivers32: [wave2] => C:\WINDOWS\system32\serwvdrv.dll [25600 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Drivers32: [wave2] => C:\Windows\SysWOW64\serwvdrv.dll [18944 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\psyd_\New folder\programs\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl
    ShortcutWithArgument: C:\Users\psyd_\Desktop\programs\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl
    ShortcutWithArgument: C:\Users\psyd_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

    ==================== Loaded Modules (Whitelisted) =============

    2006-10-01 22:49 - 2006-10-01 22:49 - 000389120 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeXMP.dll
    2007-03-16 12:38 - 2007-01-13 04:01 - 000475136 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\ccme_base.dll
    2007-03-16 12:38 - 2007-01-13 04:01 - 000397312 _____ () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\cryptocme2.dll
    2016-03-21 14:56 - 2007-03-22 13:38 - 002748416 ____R () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\LIBMYSQLD.dll
    2006-08-22 22:09 - 2006-08-22 22:09 - 001200128 ____R () [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Onix32.dll
    2017-06-21 11:37 - 2005-02-02 13:38 - 000024576 ____N () [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\brrunpp.dll
    2017-06-21 11:37 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    2017-06-21 11:37 - 2012-09-06 21:02 - 000978944 ____N () [File not signed] C:\Program Files (x86)\ControlCenter4\BrImgProc.dll
    2021-07-05 13:19 - 2021-07-05 13:19 - 001896960 _____ () [File not signed] C:\Program Files (x86)\pCloud Drive\pSyncLib.dll
    2020-11-25 08:19 - 2020-11-25 08:20 - 015057408 _____ () [File not signed] C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8\Solitaire.dll
    2021-07-18 05:57 - 2021-07-18 05:57 - 000114176 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\_ctypes.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000172544 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\_elementtree.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 002255872 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\_hashlib.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000032256 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\_multiprocessing.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000046080 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\_psutil_windows.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000047616 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\_socket.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 002825216 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\_ssl.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000026112 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\_yappi.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000080896 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\bz2.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000015872 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\common.time34.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000007680 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\hashobjs_ext.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000301568 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\PIL._imaging.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000168448 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\pyexpat.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 001084416 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\pysqlite2._sqlite.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000548864 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\pythoncom27.dll
    2021-07-18 05:57 - 2021-07-18 05:57 - 000137728 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\pywintypes27.dll
    2021-07-18 05:57 - 2021-07-18 05:57 - 000010752 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\select.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000020992 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\thumbnails_ext.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000689664 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\unicodedata.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000119808 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\usb_ext.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000128512 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\win32api.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000438784 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\win32com.shell.shell.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000011776 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\win32crypt.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000023040 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\win32event.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000149504 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\win32file.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000223232 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\win32gui.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000048128 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\win32inet.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000029696 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\win32pdh.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000027648 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\win32pipe.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000044032 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\win32process.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000020480 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\win32profile.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000136192 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\win32security.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000026624 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\win32ts.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000034304 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\windows.conditional.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000037888 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\windows.connectivity.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000071680 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\windows.device_monitor.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000103936 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\windows.volumes.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000019968 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\windows.winwrap.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 001325056 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\wx._controls_.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 001489408 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\wx._core_.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 001007104 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\wx._gdi_.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000103424 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\wx._html2.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000916992 ____N () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\wx._misc_.pyd
    2021-07-18 05:57 - 2021-07-18 05:57 - 001039872 ____N () [File not signed]
     
    Barry,
    #4
  6. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    C:\Users\psyd_\AppData\Local\Temp\_MEI18162\wx._windows_.pyd
    2016-03-21 13:29 - 2005-04-21 21:36 - 000143360 ____H () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
    2007-01-19 05:23 - 2007-05-11 00:18 - 001560576 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll
    2006-08-02 08:52 - 2006-08-02 08:52 - 000126976 ____R (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\asneu.dll
    2006-10-23 02:10 - 2006-10-23 02:10 - 000467555 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\ImageViewer.API
    2016-03-21 14:56 - 2007-05-11 03:47 - 000674816 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\ACE.dll
    2007-03-20 18:26 - 2007-03-20 18:26 - 000214528 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_caps.dll
    2006-09-15 00:20 - 2006-09-15 00:20 - 000212992 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll
    2006-09-15 00:46 - 2006-09-15 00:46 - 000208896 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll
    2006-09-15 00:20 - 2006-09-15 00:20 - 000346112 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll
    2006-10-11 02:06 - 2006-10-11 02:06 - 000466944 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeLinguistic.dll
    2016-03-21 14:56 - 2007-05-11 03:46 - 004905472 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AGM.dll
    2016-03-21 14:56 - 2007-05-11 01:51 - 000232960 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\ARE.dll
    2016-03-21 14:56 - 2007-04-27 12:14 - 000167936 ____R (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AXE8SharedExpat.dll
    2016-03-21 14:56 - 2007-05-11 03:55 - 000098816 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\BIB.dll
    2016-03-21 14:56 - 2007-05-11 01:51 - 000152064 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\BIBUtils.dll
    2016-03-21 14:56 - 2007-05-11 03:48 - 002281472 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\CoolType.dll
    2016-03-21 14:56 - 2007-05-11 03:37 - 000355427 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Accessibility.api
    2016-03-21 14:56 - 2007-05-11 03:40 - 008648803 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\AcroForm.api
    2006-10-23 02:09 - 2006-10-23 02:09 - 000067683 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\ADBC.api
    2016-03-21 14:56 - 2007-05-11 03:38 - 004124259 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Annots.api
    2016-03-21 14:56 - 2007-05-11 03:37 - 000225379 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Catalog.api
    2016-03-21 14:56 - 2007-05-11 03:37 - 000838755 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Checkers.api
    2016-03-21 14:56 - 2007-05-11 03:37 - 001148515 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\DigSig.api
    2016-03-21 14:56 - 2007-05-11 03:37 - 000090211 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\DistillerPI.api
    2006-10-23 02:10 - 2006-10-23 02:10 - 000125027 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\DVA.api
    2016-03-21 14:56 - 2007-05-11 03:38 - 000051299 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\eBook.api
    2016-03-21 14:56 - 2007-05-11 03:38 - 002982499 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Editor.api
    2016-03-21 14:56 - 2007-05-11 03:40 - 001381987 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Escript.api
    2016-03-21 14:56 - 2007-05-11 03:42 - 000125027 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\EWH32.api
    2006-10-23 02:10 - 2006-10-23 02:10 - 000051299 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\HLS.api
    2016-03-21 14:56 - 2007-05-11 03:43 - 002179683 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\HTML2PDF.api
    2016-03-21 14:56 - 2007-05-11 03:39 - 000084067 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\IA32.api
    2016-03-21 14:56 - 2007-05-11 03:38 - 000843363 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\ImageConversion.api
    2016-03-21 14:56 - 2007-05-11 03:38 - 000392291 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\InDesignPI.api
    2016-03-21 14:56 - 2007-05-11 03:40 - 000778339 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\JDFProdDef.api
    2016-03-21 14:56 - 2007-05-11 03:38 - 002034787 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\MakeAccessible.api
    2016-03-21 14:56 - 2007-05-11 03:39 - 001347171 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Multimedia.api
    2016-03-21 14:56 - 2007-05-11 03:41 - 000168547 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\PaperCapture.api
    2006-10-23 02:19 - 2006-10-23 02:19 - 000397411 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\PDDom.api
    2016-03-21 14:56 - 2007-05-11 03:46 - 005770339 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\PPKLite.api
    2016-03-21 14:56 - 2007-05-11 03:38 - 000106595 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\ReadOutLoud.api
    2016-03-21 14:56 - 2007-05-11 03:42 - 000363107 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\reflow.api
    2016-03-21 14:56 - 2007-05-11 03:38 - 000300643 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\SaveAsRTF.api
    2006-10-23 02:20 - 2006-10-23 02:20 - 000335459 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\SaveAsXML.api
    2016-03-21 14:56 - 2007-05-11 03:39 - 000741987 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Scan.api
    2016-03-21 14:56 - 2007-05-11 03:43 - 000352867 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Search.api
    2016-03-21 14:56 - 2007-05-11 03:43 - 000085603 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Search5.api
    2016-03-21 14:56 - 2007-05-11 03:39 - 000124515 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\SendMail.api
    2016-03-21 14:56 - 2007-05-11 03:43 - 000268387 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Spelling.api
    2016-03-21 14:56 - 2007-05-11 03:43 - 000124003 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\TablePicker.api
    2016-03-21 14:56 - 2007-05-11 03:39 - 001815651 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\TouchUp.api
    2016-03-21 14:56 - 2007-05-11 03:44 - 000165475 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Updater.api
    2016-03-21 14:56 - 2007-05-11 03:37 - 000182883 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\weblink.api
    2016-03-21 14:56 - 2007-05-11 03:44 - 000671331 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Webpdf.api
    2016-03-21 14:56 - 2007-05-11 03:47 - 001491555 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\XPS2PDF.api
    2016-03-21 14:56 - 2007-05-11 00:11 - 001384448 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\SPPlugins\ADMPlugin.apl
    2016-03-21 14:56 - 2007-05-11 03:45 - 002457600 _____ (Adobe Systems, Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Adobelm.dll
    2007-03-20 18:27 - 2007-03-20 18:27 - 000270336 _____ (Adobe Systems, Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\BridgeTalkClient.api
    2005-09-07 14:03 - 2005-09-07 14:03 - 000036864 _____ (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
    2017-06-21 11:37 - 2009-10-13 16:59 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\BrMuSNMP.dll
    2017-06-21 11:37 - 2011-12-22 18:25 - 000010752 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\Lang\PCFaxRxLangUsa.dll
    2017-06-21 11:37 - 2012-04-23 15:03 - 000380928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
    2017-06-21 11:37 - 2010-09-29 17:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll
    2017-06-21 11:37 - 2011-02-28 11:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
    2017-06-21 11:37 - 2012-01-11 14:39 - 000626688 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
    2017-06-21 11:37 - 2012-09-06 21:02 - 000155648 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
    2017-06-21 11:37 - 2012-07-06 13:33 - 000098304 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
    2017-06-21 11:37 - 2012-09-06 21:02 - 000131072 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcFcnv.dll
    2017-06-21 11:37 - 2012-07-06 13:33 - 017694720 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
    2017-06-21 11:37 - 2012-07-17 13:36 - 000090112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
    2017-06-21 11:37 - 2012-09-06 21:02 - 000098304 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcSmon.dll
    2016-03-21 13:29 - 2012-07-05 04:32 - 000084480 ____H (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
    2017-06-21 11:37 - 2011-04-25 13:14 - 000118784 ____N (Brother Industries,LTD.) [File not signed] C:\Program Files (x86)\Brother\Brmfl11b\brMfNt.dll
    2016-03-21 13:29 - 2012-09-14 08:53 - 000241664 ____R (Brother Industries,LTD.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrImageConversion.dll
    2016-03-21 13:29 - 2012-09-14 08:53 - 000098304 ____R (Brother Industries,LTD.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrImgPdf.dll
    2016-03-21 13:29 - 2012-09-14 08:53 - 000118784 ____R (Brother Industries,LTD.) [File not signed] C:\Program Files (x86)\ControlCenter4\brTPGSplash.dll
    2016-03-21 14:56 - 2007-04-17 10:31 - 000554083 ____R (callas software gmbh) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\plug_ins\Preflight.api
    2016-03-24 08:48 - 2015-12-10 06:04 - 000025128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
    2016-03-24 08:48 - 2016-02-24 17:59 - 000131856 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
    2016-03-24 08:48 - 2016-02-24 17:59 - 000023824 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000443944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
    2016-03-24 08:48 - 2016-02-24 17:59 - 000042256 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000072232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000169512 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
    2016-03-24 08:48 - 2016-02-24 17:59 - 000177424 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
    2016-03-24 08:48 - 2016-02-24 17:59 - 000020752 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
    2016-03-24 08:48 - 2016-02-24 17:59 - 000191248 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
    2016-03-24 08:48 - 2016-02-24 17:59 - 000027408 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000080936 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000089640 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000020520 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000138792 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000027176 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000353832 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000030760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000281128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000193064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000201768 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000148008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000032296 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000769064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000061992 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000076840 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000111656 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000050216 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000024616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000158248 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 001296424 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000068136 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000059944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000056360 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000207912 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000146984 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000064040 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000224808 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000501800 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000043048 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000088616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
    2016-03-24 08:48 - 2016-02-24 17:59 - 000058640 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000034856 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
    2016-03-24 08:48 - 2016-01-26 08:27 - 000427560 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000139816 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000136232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000060968 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
    2016-03-24 08:48 - 2016-02-24 17:59 - 000539920 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmdManager.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ControlPxe.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000689704 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EMail.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000044584 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuPipe.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000221224 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackup.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000100904 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackupSize.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000591400 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlImgFile.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000044072 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlSearchImg.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000159272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Ftp.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FTPTest.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000079400 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImageFileInfo.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000293928 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFileHlp.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000153128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MatchStr.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000026664 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Options.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000093224 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\PolicyManage.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000121896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Thread.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Transmit.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000042536 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\XmlWrapper.dll
    2016-03-24 08:48 - 2015-12-10 06:05 - 000303656 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000898088 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll
    2016-03-24 08:48 - 2015-12-10 06:04 - 000050216 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MFC90ENU.DLL
    2016-03-24 08:48 - 2015-12-10 06:04 - 003779624 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\mfc90u.dll
    2006-05-08 16:34 - 2006-05-08 16:34 - 000090112 ____R (IBM Corporation and others) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\icudt34.dll
    2006-05-12 14:55 - 2006-05-12 14:55 - 008855552 ____R (IBM Corporation and others) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\icudt34_full.dll
    2006-03-23 11:11 - 2006-03-23 11:11 - 000835584 ____R (IBM Corporation and others) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\icuuc34.dll
    2018-08-18 19:52 - 2017-03-30 17:49 - 000087040 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppCollect.dll
    2018-08-18 19:52 - 2017-03-30 17:49 - 000197632 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppCommon.dll
    2016-03-21 14:56 - 2007-05-11 03:45 - 002531328 _____ (Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcrobatFNP.dll
    2006-09-15 14:58 - 2006-09-15 14:58 - 000934400 ____R (Macrovision Europe Ltd.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll
    2008-08-25 22:50 - 2008-08-25 22:50 - 000155648 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\1033\VBE6INTL.DLL
    2020-09-13 22:28 - 2020-09-13 22:28 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
    2017-06-22 13:08 - 2016-03-15 07:16 - 004116480 _____ (Microsoft) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\Skin\win.8.msstyles
    2018-08-18 19:52 - 2015-02-27 10:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\Newtonsoft.Json.dll
    2020-09-13 22:29 - 2016-11-14 02:45 - 001220424 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
    2020-09-13 22:29 - 2016-11-14 02:45 - 001408200 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
    2015-07-02 17:44 - 2015-07-02 17:44 - 000057344 _____ (Open Source Software community LGPL) [File not signed] C:\Program Files (x86)\pCloud Drive\pthreadVSE2.dll
    2016-03-24 08:48 - 2016-01-26 08:27 - 002454016 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\python27.dll
    2021-07-18 05:57 - 2021-07-18 05:57 - 003043328 ____N (Python Software Foundation) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\python27.dll
    2017-06-22 13:08 - 2010-06-07 08:42 - 000088576 _____ (Reteset) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\SliderEx\SliderEx.apo
    2017-10-23 18:28 - 2017-10-23 18:28 - 000342016 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll
    2017-06-22 13:08 - 2010-11-19 11:21 - 000204800 _____ (TODO: <Company name>) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\Download\Download.lmd
    2017-06-22 13:08 - 2011-04-16 11:14 - 000172032 _____ (TODO: <Company name>) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\Tray\Tray.lmd
    2017-06-22 13:08 - 2010-07-05 12:46 - 000319488 _____ (TODO: <Company name>) [File not signed] F:\Program Files (x86)\PC Equalizer\data\Plugins\WinApi\WinApi.lmd
    2021-07-18 05:57 - 2021-07-18 05:57 - 000202240 ____N (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\wxbase30u_net_vc90_x64.dll
    2021-07-18 05:57 - 2021-07-18 05:57 - 002831872 ____N (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\wxbase30u_vc90_x64.dll
    2021-07-18 05:57 - 2021-07-18 05:57 - 001654784 ____N (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\wxmsw30u_adv_vc90_x64.dll
    2021-07-18 05:57 - 2021-07-18 05:57 - 006542336 ____N (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\wxmsw30u_core_vc90_x64.dll
    2021-07-18 05:57 - 2021-07-18 05:57 - 000773632 ____N (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\wxmsw30u_html_vc90_x64.dll
    2021-07-18 05:57 - 2021-07-18 05:57 - 000137216 ____N (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI18162\wxmsw30u_webview_vc90_x64.dll

    ==================== Alternate Data Streams (Whitelisted) ========

    ==================== Safe Mode (Whitelisted) ==================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) =================

    ==================== Internet Explorer (Whitelisted) ==========

    HKU\S-1-5-21-970927895-26279177-2598225439-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.popularwoodworking.com/winshop#/
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> F:\Program Files\Internet Download Manager\IDMIECC64.dll [2020-12-12] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    BHO: No Name -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54}' -> No File
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> F:\Program Files\Internet Download Manager\IDMIECC.dll [2020-12-12] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
    BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: No Name -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54}' -> No File
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)

    ==================== Hosts content: =========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-30 00:24 - 2015-10-30 00:21 - 000000824 ____H C:\WINDOWS\system32\drivers\etc\hosts

    ==================== Other Areas ===========================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-970927895-26279177-2598225439-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\psyd_\OneDrive\Pictures\Saved Pictures\darren & kendall mvp.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (If an entry is included in the fixlist, it will be removed.)

    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
    HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
    HKLM\...\StartupApproved\Run32: => "EaseUS TB Tray Agent"
    HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
    HKLM\...\StartupApproved\Run32: => "PPort12reminder"
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\StartupFolder: => "FAXRX.lnk"
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B6B1848498DE69800140E7F655A96C3C"
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "SandboxieControl"
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
     
    Barry,
    #5
  7. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    ==================== FirewallRules (Whitelisted) ================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [{4622FAA5-5CE8-43C9-B09D-B3230D88A438}] => (Allow) C:\Users\psyd_\AppData\Roaming\Zoom\bin\airhost.exe => No File

    FirewallRules: [{3DF87BBB-5D0C-4C67-A161-31138E2BA8D4}] => (Allow) C:\Users\psyd_\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

    FirewallRules: [{E12952C0-9D98-4EE6-B7E5-F56CA88031F8}] => (Block) C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> )

    FirewallRules: [{8183BAE1-AEEB-4AEB-8E00-14762544EC96}] => (Block) C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> )

    FirewallRules: [UDP Query User{A40C82E9-A1A9-4FD4-B2F2-1DD682230049}C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe] => (Allow) C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> )

    FirewallRules: [TCP Query User{669C3543-8BE1-4232-9D29-18B50C9592B7}C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe] => (Allow) C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> )

    FirewallRules: [UDP Query User{1B74107A-BA89-4618-B13E-1AA6268B81E9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

    FirewallRules: [TCP Query User{4C41EAC5-7E83-4074-9328-7485918AC10E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

    FirewallRules: [{3B51D1E5-6E56-4467-B220-0C1B50CA1B9C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)

    FirewallRules: [{2F0FDD09-9396-4D01-8B4F-52202D81263F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)

    FirewallRules: [{2BCC2A52-FEC0-48CC-9499-0B2F9BA28D1B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)

    FirewallRules: [{411897C7-366B-4E59-A9CE-0B18CC9A9C01}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)

    FirewallRules: [{62D6EF68-868E-401E-86EE-434B2F64ABA0}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]

    FirewallRules: [{1B0FAE6A-2198-44D3-A299-E04013D98F9E}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]

    FirewallRules: [{F4FE08A3-37B6-41AF-88AA-4EA438854858}] => (Allow) LPort=54925

    FirewallRules: [{30808A5B-26F2-4B9F-80FB-A8D5F9685F89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

    FirewallRules: [{04A24372-1784-4078-8DEF-9FD2729ED824}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

    FirewallRules: [{E7F19576-CADC-465C-A5D3-0B331BBE9C83}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    FirewallRules: [{4D47995B-70D6-42DA-97CA-BA772B2A75E7}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    FirewallRules: [{544F29A5-C222-43D4-8E38-F51599C4292F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    FirewallRules: [{587C2579-08CD-4E3A-B348-2B99CDF3BCD1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    FirewallRules: [{3F8651E3-ED9F-4A88-92D3-70481F3BB9A3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

    FirewallRules: [{AAC51BFB-F2F7-476C-807A-994828A6352B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

    FirewallRules: [TCP Query User{EE80FEDC-3F33-4C35-950A-0B4D06936AAD}D:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) D:\program files (x86)\google\chrome\application\chrome.exe => No File

    FirewallRules: [UDP Query User{BC1DFF57-5F98-4F07-8C65-0DD65F53C078}D:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) D:\program files (x86)\google\chrome\application\chrome.exe => No File

    FirewallRules: [TCP Query User{A55838AB-A17A-4C45-8F92-C273A9B1C624}F:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) F:\program files (x86)\teamviewer\teamviewer.exe (TeamViewer -> TeamViewer GmbH)

    FirewallRules: [UDP Query User{FE6802EC-A6FD-43A4-937B-902C603B7F0F}F:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) F:\program files (x86)\teamviewer\teamviewer.exe (TeamViewer -> TeamViewer GmbH)

    FirewallRules: [{092A0445-BA03-4386-8C96-1E2F5A326171}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    FirewallRules: [{0E50DAE0-C869-4F67-9656-73AF33A1BE51}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    FirewallRules: [{96ACF519-0AE0-4FCF-B77A-099D229C5EDE}] => (Allow) LPort=5556

    FirewallRules: [{736EFC6A-B967-4669-9A20-47435AB0E55D}] => (Allow) LPort=5558

    FirewallRules: [{8DD36EA6-D6AF-49C5-888F-46373C03286E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

    FirewallRules: [{76EA3604-87A6-4554-96CF-DB006A4693D1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

    FirewallRules: [{4E787329-B5AA-4843-AA3D-844A153AA1BC}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]

    FirewallRules: [{070A0DB3-DF3E-46C7-9D37-3E0799A1F46E}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]

    FirewallRules: [{84590C0A-65C1-4D24-A31C-EE5B1669B911}] => (Allow) LPort=54925

    FirewallRules: [{F7171B7B-D648-4944-B590-75E592C8F07D}] => (Allow) F:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)

    FirewallRules: [{BFB5663E-8EC2-4205-8A75-09B198C61D28}] => (Allow) F:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)

    FirewallRules: [{F20CB30D-429D-4A62-9893-B5882E4C2E49}] => (Allow) LPort=5557

    FirewallRules: [{B8B788A5-E6D8-4572-889B-60E4BCFF8F49}] => (Allow) C:\Program Files\Sandboxie\Start.exe (Invincea, Inc. -> Sandboxie Holdings, LLC)

    FirewallRules: [{5BE43988-ADB4-47C1-8309-A94AB861BECF}] => (Allow) C:\Program Files\Sandboxie\Start.exe (Invincea, Inc. -> Sandboxie Holdings, LLC)

    FirewallRules: [{92FE4939-B538-4401-B0CD-E034F3C1965E}] => (Allow) C:\Program Files\Sandboxie\Start.exe (Invincea, Inc. -> Sandboxie Holdings, LLC)

    FirewallRules: [{1920A589-6CC5-4825-91C8-7775C30E23BE}] => (Allow) C:\Program Files\Sandboxie\Start.exe (Invincea, Inc. -> Sandboxie Holdings, LLC)

    FirewallRules: [{82834809-A150-4F4E-9422-027D7858C07A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)

    FirewallRules: [{32F58EB3-DFE0-4C56-A38A-AF3E41630811}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

    FirewallRules: [{909FD15A-E330-4DAF-A8FF-397051F71306}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

    FirewallRules: [{D162FD42-0955-4E9D-A978-0C90F28405D0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

    FirewallRules: [{353F6D94-FA67-44D4-9370-0C22C8E5A8D1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

    FirewallRules: [{634B7F11-828A-4467-B48C-D74CDE485009}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

    FirewallRules: [{7930A490-DDCF-4F78-8724-6F95900CB32D}] => (Allow) C:\Program Files (x86)\pCloud Drive\pCloud.exe (pCloud AG -> pCloud AG)

    FirewallRules: [{9505A23C-730B-4856-9C48-B59F2962A256}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)

    FirewallRules: [{C232BFEF-0B96-471C-AD86-8E37A9C87DDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)


    ==================== Restore Points =========================


    26-07-2021 07:05:11 Scheduled Checkpoint


    ==================== Faulty Device Manager Devices ============



    ==================== Event log errors: ========================


    Application errors:

    ==================

    Error: (07/31/2021 05:45:00 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: mbam.exe, version: 4.0.0.1055, time stamp: 0x60e6f1ba

    Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce

    Exception code: 0xc0000005

    Fault offset: 0x0000000000219dc5

    Faulting process id: 0x33d0

    Faulting application start time: 0x01d78609ddfbc3d5

    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

    Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll

    Report Id: f5568bee-f5d8-48f9-a666-77ffc49fe2f6

    Faulting package full name:

    Faulting package-relative application ID:


    Error: (07/30/2021 06:15:11 PM) (Source: Application Hang) (EventID: 1002) (User: )

    Description: The program iDownloaderConsole.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.


    Process ID: 2e08


    Start Time: 01d77bd48aae2641


    Termination Time: 4294967295


    Application Path: C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.20.0_x64__k42naep6bwmrc\Win32\iDownloaderConsole.exe


    Report Id: 954879dc-fecf-440e-b821-303359750499


    Faulting package full name: 21676OptimiliaStudios.iDownload-Manager_1.2.20.0_x64__k42naep6bwmrc


    Faulting package-relative application ID: App


    Hang type: Quiesce


    Error: (07/27/2021 04:12:18 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

    Description: The storage optimizer couldn't complete retrim on 160GB Storage (H:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


    Error: (07/27/2021 04:11:10 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

    Description: The storage optimizer couldn't complete retrim on 750 Storage (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


    Error: (07/27/2021 04:11:06 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

    Description: The storage optimizer couldn't complete retrim on 750 Win 8 Pro (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


    Error: (07/27/2021 04:10:45 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

    Description: The storage optimizer couldn't complete retrim on extra (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


    Error: (07/27/2021 03:56:04 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

    Description: The storage optimizer couldn't complete retrim on 750 Extended Storage (M:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


    Error: (07/27/2021 03:55:59 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

    Description: The storage optimizer couldn't complete retrim on 160 Win 8 Pro (G:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)



    System errors:

    =============

    Error: (07/30/2021 07:37:33 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

    Description: 4


    Error: (07/30/2021 08:55:00 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

    Description: 4


    Error: (07/30/2021 08:53:01 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

    Description: 4


    Error: (07/29/2021 07:58:39 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

    Description: 4


    Error: (07/29/2021 09:31:11 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

    Description: 4


    Error: (07/29/2021 06:39:24 AM) (Source: DCOM) (EventID: 10000) (User: MINE)

    Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:

    "2147942767"

    Happened while starting this command:

    C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}


    Error: (07/28/2021 07:14:50 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

    Description: 4


    Error: (07/28/2021 06:34:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

    Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NQX4MTT2Z9G-21676OptimiliaStudios.iDownload-Manager.



    Windows Defender:

    ================

    Date: 2021-07-30 18:44:40

    Description:

    Microsoft Defender Antivirus scan has been stopped before completion.

    Scan Type: Antimalware

    Scan Parameters: Quick Scan


    Date: 2021-07-29 18:32:37

    Description:

    Microsoft Defender Antivirus scan has been stopped before completion.

    Scan Type: Antimalware

    Scan Parameters: Quick Scan


    Date: 2021-07-28 19:14:44

    Description:

    Microsoft Defender Antivirus scan has been stopped before completion.

    Scan Type: Antimalware

    Scan Parameters: Quick Scan


    Date: 2021-07-27 19:24:16

    Description:

    Microsoft Defender Antivirus scan has been stopped before completion.

    Scan Type: Antimalware

    Scan Parameters: Quick Scan


    Date: 2021-07-25 18:20:31

    Description:

    Microsoft Defender Antivirus scan has been stopped before completion.

    Scan Type: Antimalware

    Scan Parameters: Quick Scan


    Date: 2021-06-29 06:24:03

    Description:

    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

    New security intelligence Version: 1.343.25.0

    Previous security intelligence Version: 1.341.1610.0

    Update Source: User

    Security intelligence Type: AntiSpyware

    Update Type: Delta

    Current Engine Version: 1.1.18300.4

    Previous Engine Version: 1.1.18200.4

    Error code: 0x80070666

    Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.


    Date: 2021-06-29 06:24:03

    Description:

    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

    New security intelligence Version: 1.343.25.0

    Previous security intelligence Version: 1.341.1610.0

    Update Source: User

    Security intelligence Type: AntiVirus

    Update Type: Delta

    Current Engine Version: 1.1.18300.4

    Previous Engine Version: 1.1.18200.4

    Error code: 0x80070666

    Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.


    Date: 2021-06-29 06:24:03

    Description:

    Microsoft Defender Antivirus has encountered an error trying to update the engine.

    New Engine Version: 1.1.18300.4

    Previous Engine Version: 1.1.18200.4

    Error Code: 0x80070666

    Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.


    CodeIntegrity:

    ===============

    Date: 2021-07-17 05:41:51

    Description:

    Code Integrity determined that a process (\Device\HarddiskVolume1\Sandbox\psyd_\DefaultBox\drive\C\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


    Date: 2021-07-09 19:42:58

    Description:

    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\appid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2020-09-14 06:43:38

    Description:

    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



    ==================== Memory info ===========================


    BIOS: Award Software International, Inc. F2 12/03/2009

    Motherboard: Gigabyte Technology Co., Ltd. GA-790XTA-UD4

    Processor: AMD Phenom(tm) II X4 955 Processor

    Percentage of memory in use: 59%

    Total physical RAM: 16382.49 MB

    Available physical RAM: 6711.84 MB

    Total Virtual: 26608.6 MB

    Available Virtual: 4455.37 MB


    ==================== Drives ================================


    Drive c: (Samsung 850 EVO SSD) (Fixed) (Total:232.37 GB) (Free:138.34 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    Drive d: (750 Win 8 Pro) (Fixed) (Total:55.03 GB) (Free:6.26 GB) NTFS

    Drive e: (extra) (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS

    Drive f: (750 Storage) (Fixed) (Total:72.95 GB) (Free:24.43 GB) NTFS

    Drive g: (160 Win 8 Pro) (Fixed) (Total:28.31 GB) (Free:3.9 GB) NTFS ==>[system with boot components (obtained from drive)]

    Drive h: (160GB Storage) (Fixed) (Total:120.73 GB) (Free:65.81 GB) NTFS

    Drive m: (750 Extended Storage) (Fixed) (Total:570.64 GB) (Free:123.44 GB) NTFS

    Drive p: (pCloud Drive) (Removable) (Total:10 GB) (Free:8.79 GB) exFAT


    \\?\Volume{fd0610f8-0000-0000-0000-e0173a000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS


    ==================== MBR & Partition Table ====================


    ==========================================================

    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: BC336398)

    Partition 1: (Active) - (Size=28.3 GB) - (Type=06)

    Partition 2: (Not Active) - (Size=120.7 GB) - (Type=07 NTFS)


    ==========================================================

    Disk: 1 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 10F510F4)

    Partition 1: (Not Active) - (Size=128 GB) - (Type=0F Extended)

    Partition 2: (Not Active) - (Size=570.6 GB) - (Type=07 NTFS)


    ==========================================================

    Disk: 2 (Size: 232.9 GB) (Disk ID: FD0610F8)

    Partition 1: (Active) - (Size=232.4 GB) - (Type=07 NTFS)

    Partition 2: (Not Active) - (Size=519 MB) - (Type=27)


    ==================== End of Addition.txt =======================
     
    Barry,
    #6
  8. 2021/07/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please do NOT create new topic for a new reply. I merged both topics.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Remove Selected.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    [​IMG] Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
    [​IMG] Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8/10 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.
    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
     
    broni,
    #7
  9. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    RogueKiller Anti-Malware V15.0.8.0 (x64) [Jul 13 2021] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.19041) 64-bit
    Started in : Normal mode
    User : psyd_ [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20210729_115300, Driver : Loaded
    Mode : Standard Scan, Delete -- Date : 2021/07/31 08:21:23 (Duration : 00:13:34)
    Switches : -minimize

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    [Suspicious.Path (Potentially Malicious)] wscript.exe -- %localappdata%\Temp\Temp1_scandoc_099k.zip\scandoc_099k.js -> Killed [Tree]
    [PUP.DriverToolkit (Potentially Malicious)] DriverToolkit -- %localappdata%\DriverToolkit -> Deleted
    [PUP.Gen2 (Potentially Malicious)] Honey -- jid1-93CWPmRbVPjRQA@jetpack -> Deleted
     
    Barry,
    #8
  10. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 7/31/21
    Scan Time: 8:34 AM
    Log File: d6a2fa60-f214-11eb-b016-6cf049571d6e.json

    -Software Information-
    Version: 4.4.3.125
    Components Version: 1.0.1387
    Update Package Version: 1.0.43760
    License: Trial

    -System Information-
    OS: Windows 10 (Build 19041.1110)
    CPU: x64
    File System: NTFS
    User: MINE\psyd_

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 327154
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 13 min, 20 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)
     
    Barry,
    #9
  11. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    # -------------------------------
    # Malwarebytes AdwCleaner 8.3.0.0
    # -------------------------------
    # Build: 06-29-2021
    # Database: 2021-06-29.1 (Local)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 07-31-2021
    # Duration: 00:00:11
    # OS: Windows 10 Pro
    # Scanned: 31988
    # Detected: 0


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.

    ***** [ Hosts File Entries ] *****

    No malicious hosts file entries found.

    ***** [ Preinstalled Software ] *****

    No Preinstalled Software found.



    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
     
    Barry,
    #10
  12. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    It looks like Rogue Killer got rid of it. If you see anything else to address, please let me know. Thank you for your help.
     
    Barry,
    #11
  13. 2021/07/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news but need to finish the process.

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
    broni,
    #12
  14. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2021
    Ran by psyd_ (administrator) on MINE (Gigabyte Technology Co., Ltd. GA-790XTA-UD4) (31-07-2021 11:33:32)
    Running from C:\Users\psyd_\Desktop\Computer tools
    Loaded Profiles: psyd_
    Platform: Windows 10 Pro Version 2004 19041.1110 (X64) Language: English (United States)
    Default browser: "C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe" --single-argument %1
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
    (Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
    (Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
    (Apple Computer, Inc.) [File not signed] C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    (Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe
    (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe
    (Groupnotes, Inc. -> ) C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\videostream-native\videostream-native.exe <2>
    (Groupnotes, Inc. -> Videostream) C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\Videostream.exe
    (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (Logitech -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU1\LogitechUpdate.exe
    (Logitech -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\sp6\LU1\LULnchr.exe
    (Logitech Inc -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <9>
    (Microsoft Corporation -> Microsoft Corporation) C:\Users\psyd_\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
    (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
    (Motorola) [File not signed] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    (Mozilla Corporation -> Mozilla Corporation) F:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
    (Optimilia Studios) C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.30.0_x64__k42naep6bwmrc\iDownloadManager.exe
    (Optimilia Studios) C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.30.0_x64__k42naep6bwmrc\Win32\iDownloaderConsole.exe
    (pCloud AG -> pCloud AG) C:\Program Files (x86)\pCloud Drive\pCloud.exe
    (Piriform Software Ltd -> Piriform Software Ltd) F:\Program Files\CCleaner\CCleaner64.exe
    (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe <17>
    (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler.exe
    (Piriform Software Ltd -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\CCleanerBrowserCrashHandler64.exe
    (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
    (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft) C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe
    (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    ==================== Registry (Whitelisted) ===================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1812032 2016-03-28] (NVIDIA Corporation -> NVIDIA Corporation)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-30] (Logitech Inc -> Logitech, Inc.)
    HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    HKLM-x32\...\Run: [EaseUS EPM tray] => F:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => F:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [File not signed]
    HKLM-x32\...\Run: [PCEqualizer] => F:\Program Files (x86)\PC Equalizer\PCEqualizer.exe [6497792 2016-03-17] (Bils) [File not signed]
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation)
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3657560 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49925280 2021-06-18] (Google LLC -> )
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe [3415096 2021-07-21] (pCloud AG -> pCloud AG)
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [CCleaner Smart Cleaning] => F:\Program Files\CCleaner\CCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [Videostream] => C:\Users\psyd_\AppData\Local\Videostream\app-0.3.5\Videostream.exe [339608 2019-01-17] (Groupnotes, Inc. -> Videostream)
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Run: [MicrosoftEdgeAutoLaunch_3173782CC43AAF1092A724F27F2433AD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2297272 2021-07-16] (Piriform Software Ltd -> Piriform Software)
    HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
    HKLM\...\Print\Monitors\Adobe PDF Port: C:\WINDOWS\system32\AdobePDF64.dll [35928 2007-03-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated.)
    HKLM\...\Print\Monitors\PCL hpz3llhn: C:\WINDOWS\system32\hpz3llhn.dll [36352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
    HKLM\...\Print\Monitors\PrimoMon: C:\WINDOWS\system32\Primomonnt.dll [95008 2015-09-01] (Nitro PDF Software -> )
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\91.1.10935.167\Installer\chrmstp.exe [2021-07-21] (Piriform Software Ltd -> Piriform Software)
    HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\92.0.4515.107\Installer\chrmstp.exe [2021-07-21] (Google LLC -> Google LLC)
    Startup: C:\Users\psyd_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FAXRX.lnk [2017-06-21]
    ShortcutTarget: FAXRX.lnk -> C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) ============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {06B1DB65-69C7-49C0-9604-1A29F02AD68F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Task: {095D9FD5-34AF-4B87-8B26-C7EBFF8E8C6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {1313F06D-A6DD-4BE3-AC53-8B33F5AAC55C} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software)
    Task: {14B46AC4-F184-4412-9AFB-71421440A92B} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1112576 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
    Task: {17276E77-4DE9-4B7B-ADB2-ACF60B948768} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software)
    Task: {1EBC2B4F-BE6A-4C0F-BD4B-CFF36AAE0F2A} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [681400 2021-07-31] (Mozilla Corporation -> Mozilla Foundation)
    Task: {2849A7BB-93CD-49CF-9962-19129A5F921A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {3C1B5C90-86BF-4B65-AA0B-471A7BCBC48A} - System32\Tasks\CCleaner Update => F:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd -> Piriform)
    Task: {67BA7C20-885B-441D-8216-765E7B20B52D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
    Task: {67F22B35-10E6-4CE1-9A4A-A76E166B3FCD} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2297272 2021-07-16] (Piriform Software Ltd -> Piriform Software)
    Task: {6D78C358-D4F5-4A76-B2F7-762E5E2EE9D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {7489F894-A09F-4C70-B020-A2D8D7B2A283} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    Task: {991F1667-B5C2-4A46-BBF5-853BE48F1795} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
    Task: {B29DE1C8-FA08-47B3-AEED-16D96988431A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2020-12-28] () [File not signed]
    Task: {B855251C-A392-4BEF-A8A5-E3018891EC33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-29] (Google Inc -> Google Inc.)
    Task: {BCB4E65E-9900-4E2C-B7DA-1B4A71432D21} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
    Task: {BE954B2E-CCB7-40C8-B16C-064FC5832E14} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [2297272 2021-07-16] (Piriform Software Ltd -> Piriform Software)
    Task: {D2A6AD62-67B5-493F-8223-B99747877C93} - System32\Tasks\CCleanerSkipUAC => F:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {E46164D7-3124-4D89-82E1-46147027F60C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [272176 2014-10-30] (Motorola Mobility Inc. -> )
    Task: {EB4E1A91-20FB-4C4E-AA06-AC3B23347FEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-06-29] (Google Inc -> Google Inc.)
    Task: {EB7560E5-D542-4873-AEC3-B4FBCF725943} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{f7a6dcc0-a169-49bf-9d5a-c50892ff241e}: [DhcpNameServer] 192.168.1.1

    Edge:
    =======
    DownloadDir: C:\Users\psyd_\Downloads
    Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-03-29]
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.11.5.0_neutral__v68kp9n051hdp [not found]
    Edge Extension: (No Name) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.36.5.0_neutral__e7b5mm5d3r6v2 [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    Edge DefaultProfile: Default
    Edge Profile: C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-31]
    Edge Extension: (Norton Safe Web) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2021-07-13]
    Edge Extension: (Adblock Plus - free ad blocker) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-07-13]
    Edge Extension: (Malwarebytes Browser Guard) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-07-31]
    Edge Extension: (IDM Integration Module) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llbjbkhnmlidjebalopleeepgdfgcpec [2021-03-15]
    Edge Extension: (IDM Integration Module) - C:\Users\psyd_\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-03-15]
    Edge HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [llbjbkhnmlidjebalopleeepgdfgcpec] - F:\Program Files\Internet Download Manager\IDMEdgeExt.crx [2021-07-16]
    Edge HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2021-07-16]
    Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

    FireFox:
    ========
    FF DefaultProfile: hh1qpzfn.default
    FF ProfilePath: C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default [2021-07-31]
    FF DownloadDir: F:\Downloads
    FF Extension: (Test Pilot) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\@testpilot-addon.xpi [2018-10-17] [UpdateUrl:hxxps://testpilot.firefox.com/files/@testpilot-addon/updates.json]
    FF Extension: (InvisibleHand) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2020-12-12]
    FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-15]
    FF Extension: (snoozetabs) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\snoozetabs@mozilla.com.xpi [2018-01-20] [UpdateUrl:hxxps://testpilot.firefox.com/files/snoozetabs@mozilla/updates.json]
    FF Extension: (TinEye Reverse Image Search) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\tineye@ideeinc.com.xpi [2019-07-10]
    FF Extension: (Malwarebytes Browser Guard) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-01-07]
    FF Extension: (Logitech SetPoint) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{84380428-8c9d-4bdf-913d-b2c34d6562d9}.xpi [2019-12-24]
    FF Extension: (Web of Trust) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2020-12-12]
    FF Extension: (Adblock Plus - free ad blocker) - C:\Users\psyd_\AppData\Roaming\Mozilla\Firefox\Profiles\hh1qpzfn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-01-07]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-12-24] [not signed]
    FF HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - F:\Program Files\Internet Download Manager\idmmzcc3.xpi
    FF Extension: (IDM Integration Module) - F:\Program Files\Internet Download Manager\idmmzcc3.xpi [2021-03-05]
    FF HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\psyd_\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\psyd_\AppData\Roaming\IDM\idmmzcc5 [2017-03-27] [Legacy] [not signed]
    FF HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - F:\Program Files\Internet Download Manager\idmmzcc2.xpi
    FF Extension: (IDM integration) - F:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-12-19] [Legacy]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
    FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2021-01-26] (Piriform Software Ltd -> Piriform Software)
    FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [2021-01-26] (Piriform Software Ltd -> Piriform Software)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default [2021-07-31]
    CHR HomePage: Default -> hxxp://www.google.com
    CHR Extension: (Slides) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-15]
    CHR Extension: (Docs) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-15]
    CHR Extension: (Google Drive) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-12]
    CHR Extension: (WOT Web of Trust, Website Reputation Ratings) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2021-06-25]
    CHR Extension: (YouTube) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-28]
    CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-06-25]
    CHR Extension: (Logitech Smooth Scrolling) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2019-12-24]
    CHR Extension: (Sheets) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-15]
    CHR Extension: (Google Docs Offline) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-06]
    CHR Extension: (Malwarebytes Browser Guard) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-06-25]
    CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-06-25]
    CHR Extension: (IDM Integration Module) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2021-06-25]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-25]
    CHR Extension: (Gmail) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-12]
    CHR Extension: (Chrome Media Router) - C:\Users\psyd_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-25]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2021-07-16]
    CHR HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
    CHR HKU\S-1-5-21-970927895-26279177-2598225439-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2021-07-16]
    CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - F:\Program Files\Internet Download Manager\IDMGCExt.crx [2021-07-16]

    ==================== Services (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
    R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
    S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software)
    S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\91.1.10935.167\elevation_service.exe [1421288 2021-07-16] (Piriform Software Ltd -> Piriform Software)
    S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [200928 2021-01-26] (Piriform Software Ltd -> Piriform Software)
    R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-03-21] (Macrovision Europe Ltd.) [File not signed]
    R2 HsfXAudioService; C:\WINDOWS\SysWOW64\XAudio64.dll [436736 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    R2 IsAppService; C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppService.exe [473352 2017-03-30] (Shenzhen Yi Xing Investment Co., Ltd. -> Iskysoft)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7477704 2021-07-17] (Malwarebytes Inc -> Malwarebytes)
    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
    R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
    R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13927760 2021-07-13] (Adlice -> )
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [319320 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-17] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)

    ===================== Drivers (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
    R3 CAXHWBS2; C:\WINDOWS\system32\DRIVERS\CAXHWBS2.sys [411136 2009-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    R1 cbfs20; C:\WINDOWS\System32\drivers\cbfs20.sys [436776 2021-06-26] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc. - www.callback.com)
    R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-09] (EldoS Corporation -> /n software, Inc.)
    R1 cbfsconnect2017; C:\WINDOWS\system32\drivers\cbfsconnect2017.sys [481296 2020-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
    S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbcx64.sys [38400 2016-05-10] (CSR plc.) [File not signed]
    S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-07-17] (Malwarebytes Inc -> Malwarebytes)
    R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [60968 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [18472 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [192552 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
    S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
    R3 HSF_DPV; C:\WINDOWS\system32\DRIVERS\CAX_DPV.sys [1486848 2009-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-07-18] (Malwarebytes Inc -> Malwarebytes)
    S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-07-18] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69016 2021-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-07-18] (Malwarebytes Inc -> Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-07-18] (Malwarebytes Inc -> Malwarebytes)
    R2 mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [17024 2006-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Conexant)
    R3 MODEMCSA; C:\WINDOWS\system32\drivers\MODEMCSA.sys [28160 2021-03-10] (Microsoft Windows -> Microsoft Corporation)
    R3 MpKsle0bef3d9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{436684CD-40EF-44DF-8D1C-724FFB8D7103}\MpKslDrv.sys [107752 2021-07-31] (Microsoft Windows -> Microsoft Corporation)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [216184 2020-03-18] (Invincea, Inc. -> Sandboxie Holdings, LLC)
    U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-07-31] (Adlice -> )
    R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [20704 2019-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-07-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425192 2021-07-09] (Microsoft Windows -> Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-09] (Microsoft Windows -> Microsoft Corporation)
    R3 winachsf; C:\WINDOWS\system32\DRIVERS\CAX_CNXT.sys [740864 2009-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    R2 XAudio; C:\WINDOWS\system32\DRIVERS\XAudio64.sys [10240 2009-04-29] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) (Whitelisted) =========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-07-31 09:05 - 2021-07-31 09:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pCloud
    2021-07-31 09:04 - 2021-07-31 09:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
    2021-07-31 08:55 - 2021-07-31 08:59 - 008553680 _____ (Malwarebytes) C:\Users\psyd_\Downloads\AdwCleaner.exe
    2021-07-31 08:33 - 2021-07-31 08:33 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
    2021-07-31 08:03 - 2021-07-31 08:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2021-07-31 08:03 - 2021-07-31 08:03 - 000000000 ____D C:\Program Files\RogueKiller
    2021-07-31 08:00 - 2021-07-31 08:20 - 000000000 ____D C:\ProgramData\RogueKiller
    2021-07-31 06:47 - 2021-07-31 11:34 - 000000000 ____D C:\FRST
    2021-07-29 12:02 - 2021-07-29 14:16 - 015624217 _____ C:\Users\psyd_\Desktop\scandoc_099k.js
    2021-07-29 08:52 - 2021-07-29 08:52 - 001063601 _____ C:\Users\psyd_\Desktop\CCF07292021.pdf
    2021-07-28 10:08 - 2021-07-28 10:08 - 001884180 _____ C:\Users\psyd_\Desktop\CCF07282021.pdf
    2021-07-26 17:08 - 2021-07-26 17:14 - 000000000 ____D C:\Users\psyd_\Desktop\trotta
    2021-07-20 17:05 - 2021-07-20 17:05 - 000032464 _____ C:\Users\psyd_\Desktop\CA Air Resource Board FAQs.pdf
    2021-07-20 12:37 - 2021-07-20 12:37 - 000594870 _____ C:\Users\psyd_\Desktop\CCF07202021.pdf
    2021-07-18 05:58 - 2021-07-18 05:58 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2021-07-18 05:58 - 2021-07-18 05:58 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2021-07-18 05:58 - 2021-07-18 05:58 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2021-07-18 05:58 - 2021-07-18 05:58 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2021-07-18 05:58 - 2021-07-18 05:58 - 000069016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2021-07-18 05:58 - 2021-07-18 05:58 - 000002040 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2021-07-18 05:57 - 2021-07-17 05:42 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2021-07-18 05:57 - 2020-12-12 17:00 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
    2021-07-17 10:43 - 2021-07-17 10:43 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
    2021-07-17 10:42 - 2021-07-17 10:42 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2021-07-17 10:42 - 2021-07-17 10:42 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
    2021-07-17 10:42 - 2021-07-17 10:42 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
    2021-07-17 10:42 - 2021-07-17 10:42 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
    2021-07-17 10:42 - 2021-07-17 10:42 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
    2021-07-16 22:25 - 2018-12-19 16:05 - 000229296 ____H (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
    2021-07-16 12:37 - 2021-07-16 12:37 - 000502414 _____ C:\Users\psyd_\Desktop\COVID cards.pdf
    2021-07-13 15:17 - 2021-07-13 15:17 - 001188058 _____ C:\Users\psyd_\Desktop\CCF07132021_0001.pdf
    2021-07-13 10:51 - 2021-07-13 10:51 - 002712179 _____ C:\Users\psyd_\Desktop\CCF07132021.pdf
    2021-07-10 06:22 - 2021-07-31 09:05 - 000000000 ____D C:\Program Files (x86)\pCloud Drive
    2021-07-09 06:08 - 2021-07-09 06:08 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
    2021-07-09 06:08 - 2021-07-09 06:08 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2021-07-09 06:08 - 2021-07-09 06:08 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2021-07-09 06:08 - 2021-07-09 06:08 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2021-07-09 06:08 - 2021-07-09 06:08 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
    2021-07-09 06:08 - 2021-07-09 06:08 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
    2021-07-09 06:07 - 2021-07-09 06:07 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
    2021-07-09 06:07 - 2021-07-09 06:07 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2021-07-09 06:07 - 2021-07-09 06:07 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
    2021-07-09 06:07 - 2021-07-09 06:07 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
    2021-07-08 10:49 - 2021-07-08 10:49 - 000216655 _____ C:\Users\psyd_\Desktop\Pote EAP Auth.pdf
    2021-07-06 18:20 - 2021-07-07 11:03 - 003303625 _____ C:\Users\psyd_\Desktop\CCF07062021.pdf

    ==================== One month (modified) ==================

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2021-07-31 11:34 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2021-07-31 11:33 - 2017-11-25 10:25 - 000000000 ____D C:\Users\psyd_\Desktop\Computer tools
    2021-07-31 11:31 - 2020-09-13 22:24 - 000000000 ___HD C:\WINDOWS\system32\SleepStudy
    2021-07-31 11:15 - 2016-06-29 13:37 - 000000000 ____D C:\Program Files (x86)\Google
    2021-07-31 09:27 - 2016-12-09 12:07 - 000000000 ____D C:\Users\psyd_\AppData\LocalLow\Mozilla
    2021-07-31 09:24 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
    2021-07-31 09:24 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
    2021-07-31 09:23 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
    2021-07-31 09:17 - 2019-01-17 19:00 - 000000000 ____D C:\Users\psyd_\AppData\Local\SquirrelTemp
    2021-07-31 09:12 - 2019-01-17 19:00 - 000000000 ____D C:\Users\psyd_\AppData\Local\Videostream
    2021-07-31 09:12 - 2016-03-21 13:04 - 000000000 ___RD C:\Users\psyd_\OneDrive
    2021-07-31 09:11 - 2016-03-24 08:40 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\DMCache
    2021-07-31 09:08 - 2017-06-21 11:37 - 000000138 _____ C:\WINDOWS\Brfaxrx.ini
    2021-07-31 09:05 - 2021-06-25 11:16 - 000002499 _____ C:\Users\Public\Desktop\pCloud Drive.lnk
    2021-07-31 09:05 - 2021-06-25 11:16 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\pCloud Drive.lnk
    2021-07-31 09:05 - 2020-08-30 07:21 - 000000000 ____D C:\Users\psyd_\AppData\Local\CrashDumps
    2021-07-31 09:05 - 2018-09-03 20:57 - 000000000 ____D C:\ProgramData\Package Cache
    2021-07-31 09:04 - 2021-01-07 07:26 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2021-07-31 09:04 - 2019-02-10 17:05 - 000000000 ____D C:\ProgramData\Mozilla
    2021-07-31 09:04 - 2016-08-24 21:15 - 000001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2021-07-31 09:01 - 2020-04-29 05:43 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
    2021-07-31 08:59 - 2018-09-04 05:47 - 000000000 ____D C:\AdwCleaner
    2021-07-30 18:14 - 2020-07-05 06:26 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
    2021-07-30 05:52 - 2021-01-27 07:06 - 000057037 _____ C:\Users\psyd_\Desktop\AutoIDCard.pdf
    2021-07-30 05:38 - 2020-04-24 09:54 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\MPC-HC
    2021-07-29 08:58 - 2016-03-21 13:30 - 000001129 _____ C:\WINDOWS\Brpfx04a.ini
    2021-07-29 06:41 - 2020-09-13 22:36 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-970927895-26279177-2598225439-1001
    2021-07-29 06:41 - 2020-09-13 15:30 - 000002394 _____ C:\Users\psyd_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2021-07-23 05:38 - 2016-03-24 08:40 - 000000000 ____D C:\Users\psyd_\AppData\Roaming\IDM
    2021-07-22 14:09 - 2021-02-03 20:53 - 000009301 _____ C:\Users\psyd_\Desktop\Barbacoa Rent 2021.xlsx
    2021-07-22 12:08 - 2016-08-25 14:05 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2021-07-21 18:50 - 2017-05-28 07:26 - 000002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2021-07-21 10:37 - 2020-04-29 05:44 - 000002406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
    2021-07-21 10:37 - 2020-04-29 05:44 - 000002371 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
    2021-07-20 05:57 - 2020-09-13 22:36 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
    2021-07-18 06:09 - 2016-03-21 13:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2021-07-18 06:08 - 2021-06-28 07:24 - 000769948 ____H C:\WINDOWS\system32\perfh019.dat
    2021-07-18 06:08 - 2021-06-28 07:24 - 000151506 ____H C:\WINDOWS\system32\perfc019.dat
    2021-07-18 06:08 - 2020-09-13 22:37 - 001752888 ____H C:\WINDOWS\system32\PerfStringBackup.INI
    2021-07-18 05:58 - 2020-08-15 05:50 - 000002052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
    2021-07-18 05:58 - 2018-09-03 20:57 - 000000000 ____D C:\Users\psyd_\AppData\Local\pCloud
    2021-07-18 05:57 - 2020-09-13 22:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2021-07-18 05:57 - 2020-09-13 22:24 - 000008192 ___SH C:\DumpStack.log.tmp
    2021-07-18 05:57 - 2017-04-13 10:00 - 000000000 ____D C:\ProgramData\NVIDIA
    2021-07-17 19:11 - 2019-12-07 02:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2021-07-17 19:10 - 2020-09-13 22:24 - 002442528 ____H C:\WINDOWS\system32\FNTCACHE.DAT
    2021-07-17 19:09 - 2019-12-07 02:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
    2021-07-17 19:09 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\system32\WinBioPlugIns
    2021-07-17 19:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SystemResources
    2021-07-17 19:09 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\bcastdvr
    2021-07-17 19:09 - 2019-12-07 02:14 - 000000000 ____D C:\Program Files\Common Files\System
    2021-07-17 11:37 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
    2021-07-17 10:42 - 2012-07-26 01:18 - 000414038 __RSH C:\bootmgr
    2021-07-16 06:56 - 2016-03-23 12:38 - 000000000 ___HD C:\WINDOWS\system32\MRT
    2021-07-16 06:51 - 2016-03-23 12:38 - 133422552 ___HC (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2021-07-15 15:37 - 2020-09-13 22:36 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
    2021-07-15 15:37 - 2020-09-13 22:36 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\system32\setup
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\system32\oobe
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\system32\Dism
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\Provisioning
    2021-07-09 19:41 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2021-07-09 19:29 - 2016-03-26 19:44 - 000000740 _____ C:\Users\psyd_\Desktop\Internet Download Manager.lnk
    2021-07-09 18:02 - 2018-02-22 11:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2021-07-08 18:51 - 2016-03-23 09:32 - 000001333 _____ C:\Users\psyd_\Desktop\thunderbird - Shortcut.lnk
    2021-07-06 16:26 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\system32\NDF
    2021-07-06 10:31 - 2017-09-21 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
    2021-07-01 18:37 - 2020-09-13 22:36 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
    2021-07-01 18:37 - 2020-09-13 22:36 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

    ==================== SigCheck ============================

    (There is no automatic fix for files that do not pass verification.)

    ==================== End of FRST.txt ========================
     
    Barry,
    #13
  15. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2021

    Ran by psyd_ (31-07-2021 11:35:42)

    Running from C:\Users\psyd_\Desktop\Computer tools

    Windows 10 Pro Version 2004 19041.1110 (X64) (2020-09-14 05:36:24)

    Boot Mode: Normal

    ==========================================================



    ==================== Accounts: =============================



    (If an entry is included in the fixlist, it will be removed.)


    Administrator (S-1-5-21-970927895-26279177-2598225439-500 - Administrator - Disabled)

    DefaultAccount (S-1-5-21-970927895-26279177-2598225439-503 - Limited - Disabled)

    Guest (S-1-5-21-970927895-26279177-2598225439-501 - Limited - Disabled)

    psyd_ (S-1-5-21-970927895-26279177-2598225439-1001 - Administrator - Enabled) => C:\Users\psyd_

    WDAGUtilityAccount (S-1-5-21-970927895-26279177-2598225439-504 - Limited - Disabled)


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    Add or Remove Adobe Creative Suite 3 Master Collection (HKLM-x32\...\Adobe_4dcfd9b7e901b57f81f667144603236) (Version: 1.0 - Adobe Systems Incorporated)

    Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)

    Adobe Flash Player 9 ActiveX (HKLM-x32\...\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}) (Version: 9.0.45.0 - Adobe Systems, Inc.)

    AHV content for Acrobat and Flash (HKLM-x32\...\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}) (Version: 1 - Adobe Systems Incorporated) Hidden

    Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.21.170501 - )

    Backup and Sync from Google (HKLM\...\{A0397FA8-34ED-4A41-A8C9-30EE0B89C464}) (Version: 3.56.3802.7766 - Google, Inc.)

    Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)

    Brother MFL-Pro Suite MFC-J5910DW (HKLM-x32\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.1.1.0 - Brother Industries, Ltd.)

    CCleaner (HKLM\...\CCleaner) (Version: 5.83 - Piriform)

    CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 91.1.10935.167 - Piriform Software)

    CCleaner Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1067.0 - Piriform Software) Hidden

    Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12334.0 - Cisco Consumer Products LLC)

    Convert PDF To Word Plus 1.0 (HKLM-x32\...\Convert PDF To Word Plus) (Version: 1.0 - pdftowordstudio.com)

    Data Lifeguard Diagnostic for Windows 1.29 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)

    EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)

    EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)

    EaseUS Todo Backup Free 9.1 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.1 - CHENGDU YIWO Tech Development Co., Ltd)

    Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.1.2 - )

    FILE RECOVERY for Windows (HKLM-x32\...\FILE RECOVERY for WindowsNSIS) (Version: 1.0.180 - Seagate)

    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.107 - Google LLC)

    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: 6.39.2 - Tonec Inc.)

    IrfanView 4.54 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.54 - Irfan Skiljan)

    K-Lite Codec Pack 16.0.6 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.0.6 - KLCP)

    Linksys Connect (HKLM-x32\...\Linksys Connect) (Version: 1.5.13225.3 - Linksys LLC)

    Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.126 - Logitech)

    Malwarebytes version 4.4.3.125 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.3.125 - Malwarebytes)

    Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.62 - Microsoft Corporation)

    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

    Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft OneDrive (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)

    Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)

    Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27024 (HKLM-x32\...\{2ff11a2a-f7ac-4a6c-8cd4-c7bb974f3642}) (Version: 14.16.27024.1 - Microsoft Corporation)

    Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)

    Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden

    Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)

    Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 90.0.2 (x64 en-US)) (Version: 90.0.2 - Mozilla)

    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 90.0.2.7872 - Mozilla)

    Mozilla Thunderbird 38.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.7.0 (x86 en-US)) (Version: 38.7.0 - Mozilla)

    Mozilla Thunderbird 78.12.0 (x86 en-US) (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Mozilla Thunderbird 78.12.0 (x86 en-US)) (Version: 78.12.0 - Mozilla)

    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

    Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.7.1 - Notepad++ Team)

    Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)

    NVIDIA 3D Vision Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)

    NVIDIA Graphics Driver 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)

    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)

    PC Equalizer (HKLM-x32\...\PC Equalizer) (Version: 1.1.7 - Bils)

    PCI SoftV92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.80.5.0 - Conexant Systems)

    pCloud Drive (HKLM-x32\...\{1ae6d90d-39bb-4bce-a752-487b180a5fcb}) (Version: 3.11.4.0 - pCloud AG)

    pCloud Drive (HKLM-x32\...\{ED796208-AA2E-43AC-B0C8-D6D56C84DEB2}) (Version: 3.11.4.0 - pCloud AG) Hidden

    PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden

    PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)

    RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 7 - Philipp Winterberg)

    RogueKiller version 15.0.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.0.8.0 - Adlice Software)

    Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.1.0.1120 - Samsung Electronics)

    Sandboxie 5.33.6 (64-bit) (HKLM\...\Sandboxie) (Version: 5.33.6 - Sandboxie Holdings, LLC)

    SolveigMM AVI Trimmer+ version 5.0.1603.23 (HKLM-x32\...\SolveigMM AVI Trimmer_is1) (Version: 5.0.1603.23 - Solveig Multimedia)

    SolveigMM Video Splitter Home Edition (HKLM-x32\...\SolveigMM Video Splitter Home Edition 5.0.1509.11) (Version: 5.0.1509.11 - Solveig Multimedia)

    Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)

    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)

    TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)

    TurboTax 2017 (HKLM-x32\...\TurboTax 2017) (Version: 2017.0 - Intuit, Inc)

    TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)

    TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)

    TurboTax 2020 (HKLM-x32\...\TurboTax 2020) (Version: 2020.0 - Intuit, Inc)

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

    Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)

    Videostream (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\Videostream) (Version: 0.3.5 - Videostream)

    VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)

    Zoom (HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.)


    Packages:

    =========

    Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.19.0_neutral__d55gg7py3s0m0 [2020-03-29] (eyeo GmbH)

    Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.6.36.0_x86__kgqvnymyfvs32 [2021-07-10] (king.com)

    Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.198.300.0_x86__kgqvnymyfvs32 [2021-07-24] (king.com)

    Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_6.1.13.0_x86__h6adky7gbf63m [2021-07-18] (Gameloft SE)

    FreeCell HD -> C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8 [2020-11-25] (Bernardo Zamora)

    IDM Integration Module -> C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.38.19.0_neutral__e7b5mm5d3r6v2 [2021-05-26] (Tonec FZE)

    iDownload Manager (iDM) - High speed file downloader -> C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.30.0_x64__k42naep6bwmrc [2021-07-31] (Optimilia Studios) [MS Ad] [Startup Task]

    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]

    Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad]

    Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-10] (Microsoft Studios) [MS Ad]

    Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp [2021-05-26] (NortonLifeLock Inc.)

    Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-10] (Microsoft Corporation)

    Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-28] (Twitter Inc.)


    ==================== Custom CLSID (Whitelisted): ==============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    SSODL: EldosMountNotificator-cbfs6 - {B7038158-4D4C-4084-ADCC-802971A84145} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)

    SSODL: CallbackTechMountNotificator-cbfsconnect2017 - {1948F7D8-6849-437D-AF14-C3C14E0C1E54} - C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)

    SSODL-x32: EldosMountNotificator-cbfs6 - {B7038158-4D4C-4084-ADCC-802971A84145} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation -> /n software, Inc.)

    SSODL-x32: CallbackTechMountNotificator-cbfsconnect2017 - {1948F7D8-6849-437D-AF14-C3C14E0C1E54} - C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll (Callback Technologies, Inc. -> Callback Technologies, Inc.)

    ShellServiceObjects: Virtual Storage Mount Notification -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54} => C:\WINDOWS\system32\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)

    ShellServiceObjects: Virtual Storage Mount Notification -> {B7038158-4D4C-4084-ADCC-802971A84145} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)

    ShellServiceObjects-x32: Virtual Storage Mount Notification -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54} => C:\WINDOWS\SysWOW64\cbfsconnectMntNtf2017.dll [2020-06-25] (Callback Technologies, Inc. -> Callback Technologies, Inc.)

    ShellServiceObjects-x32: Virtual Storage Mount Notification -> {B7038158-4D4C-4084-ADCC-802971A84145} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)

    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => F:\Program Files\Internet Download Manager\IDMShellExt64.dll [2021-03-02] (Tonec Inc. -> Tonec FZE)

    ShellIconOverlayIdentifiers: [ pCloudINPROGRESS] -> {D8BFAFBD-B670-4252-9C17-9CF1C64C2BAF} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]

    ShellIconOverlayIdentifiers: [ pCloudINSYNC] -> {8D0C0582-552A-4A6B-9455-DA63E1F329C0} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]

    ShellIconOverlayIdentifiers: [ pCloudNOSYNC] -> {3858ED1B-8F1C-42ED-A8A9-FDBF591E3C6B} => C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll [2017-10-23] (TODO: <Company name>) [File not signed]

    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)

    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)

    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-06-18] (Google LLC -> Google)

    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

    ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {830A9813-8D13-4E32-86D2-E3D6428399AB} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)

    ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {830A9813-8D13-4E32-86D2-E3D6428399AB} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-09] (EldoS Corporation -> /n software, Inc.)

    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-11] (Adobe Systems Inc.) [File not signed]

    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] (Notepad++ -> )

    ContextMenuHandlers1: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files (x86)\pCloud Drive\ContextMenuHandler64.dll [2021-03-16] (pCloud AG) [File not signed] [File is in use]

    ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google)

    ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]

    ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]

    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

    ContextMenuHandlers4: [ContextMenuExtension] -> {3103a792-c2d9-3c57-98dd-30071b26c05f} => C:\Program Files (x86)\pCloud Drive\ContextMenuHandler64.dll [2021-03-16] (pCloud AG) [File not signed] [File is in use]

    ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-06-18] (Google LLC -> Google)

    ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed]

    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)

    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll [2007-05-11] (Adobe Systems Inc.) [File not signed]

    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)


    ==================== Codecs (Whitelisted) ====================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Drivers32: [wave2] => C:\WINDOWS\system32\serwvdrv.dll [25600 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

    HKLM\...\Drivers32: [wave2] => C:\Windows\SysWOW64\serwvdrv.dll [18944 2019-12-07] (Microsoft Windows -> Microsoft Corporation)


    ==================== Shortcuts & WMI ========================


    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\psyd_\New folder\programs\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl

    ShortcutWithArgument: C:\Users\psyd_\Desktop\programs\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl

    ShortcutWithArgument: C:\Users\psyd_\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default


    ==================== Loaded Modules (Whitelisted) =============


    2017-06-21 11:37 - 2009-02-27 16:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

    2021-07-21 11:58 - 2021-07-21 11:58 - 001896960 _____ () [File not signed] C:\Program Files (x86)\pCloud Drive\pSyncLib.dll

    2021-07-24 06:46 - 2021-07-24 06:46 - 033991168 _____ () [File not signed] C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.30.0_x64__k42naep6bwmrc\iDownloadManager.dll

    2020-11-25 08:19 - 2020-11-25 08:20 - 015057408 _____ () [File not signed] C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.21.70.0_x64__1fgex2kbsn6g8\Solitaire.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 000114176 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\_ctypes.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000172544 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\_elementtree.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 002255872 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\_hashlib.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000032256 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\_multiprocessing.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000046080 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\_psutil_windows.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000047616 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\_socket.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 002825216 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\_ssl.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000026112 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\_yappi.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000080896 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\bz2.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000015872 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\common.time34.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000007680 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\hashobjs_ext.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000301568 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\PIL._imaging.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000168448 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\pyexpat.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 001084416 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\pysqlite2._sqlite.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000548864 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\pythoncom27.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 000137728 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\pywintypes27.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 000010752 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\select.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000020992 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\thumbnails_ext.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000689664 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\unicodedata.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000119808 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\usb_ext.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000128512 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\win32api.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000438784 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\win32com.shell.shell.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000011776 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\win32crypt.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000023040 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\win32event.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000149504 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\win32file.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000223232 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\win32gui.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000048128 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\win32inet.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000029696 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\win32pdh.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000027648 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\win32pipe.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000044032 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\win32process.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000020480 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\win32profile.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000136192 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\win32security.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000026624 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\win32ts.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000034304 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\windows.conditional.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000037888 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\windows.connectivity.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000071680 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\windows.device_monitor.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000103936 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\windows.volumes.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000019968 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\windows.winwrap.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 001325056 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wx._controls_.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 001489408 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wx._core_.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 001007104 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wx._gdi_.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000103424 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wx._html2.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 000916992 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wx._misc_.pyd

    2021-07-31 09:12 - 2021-07-31 09:12 - 001039872 _____ () [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wx._windows_.pyd

    2016-03-21 13:29 - 2005-04-21 21:36 - 000143360 ____H () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll

    2007-01-19 05:23 - 2007-05-11 00:18 - 001560576 _____ (Adobe Systems Inc.) [File not signed] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu64.dll

    2017-06-21 11:37 - 2012-04-23 15:03 - 000380928 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll

    2017-06-21 11:37 - 2010-09-29 17:07 - 000180224 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BroSNMP.dll

    2017-06-21 11:37 - 2011-02-28 11:32 - 000208896 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll

    2017-06-21 11:37 - 2012-01-11 14:39 - 000626688 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll

    2017-06-21 11:37 - 2012-09-06 21:02 - 000155648 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll

    2017-06-21 11:37 - 2012-07-06 13:33 - 000098304 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll

    2017-06-21 11:37 - 2012-07-06 13:33 - 017694720 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll

    2017-06-21 11:37 - 2012-07-17 13:36 - 000090112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll

    2016-03-21 13:29 - 2012-07-05 04:32 - 000084480 ____H (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000025128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll

    2016-03-24 08:48 - 2016-02-24 17:59 - 000131856 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll

    2016-03-24 08:48 - 2016-02-24 17:59 - 000023824 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000443944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll

    2016-03-24 08:48 - 2016-02-24 17:59 - 000042256 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000072232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000169512 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll

    2016-03-24 08:48 - 2016-02-24 17:59 - 000177424 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll

    2016-03-24 08:48 - 2016-02-24 17:59 - 000020752 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll

    2016-03-24 08:48 - 2016-02-24 17:59 - 000191248 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll

    2016-03-24 08:48 - 2016-02-24 17:59 - 000027408 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000080936 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000089640 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000020520 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000138792 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000027176 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000353832 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000030760 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000281128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000193064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000201768 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000148008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000032296 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000769064 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000061992 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000076840 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000111656 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000050216 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000024616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000158248 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 001296424 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000068136 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000059944 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000056360 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000207912 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000146984 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000064040 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000224808 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000501800 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000043048 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000088616 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll

    2016-03-24 08:48 - 2016-02-24 17:59 - 000058640 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000034856 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll

    2016-03-24 08:48 - 2016-01-26 08:27 - 000427560 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\uexper.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000139816 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000136232 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000060968 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll

    2016-03-24 08:48 - 2016-02-24 17:59 - 000539920 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmdManager.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000020008 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ControlPxe.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000689704 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EMail.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000044584 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuPipe.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000221224 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackup.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000100904 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackupSize.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000591400 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlImgFile.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000044072 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlSearchImg.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000159272 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Ftp.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000017448 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\FTPTest.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000079400 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImageFileInfo.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000293928 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFileHlp.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000153128 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MatchStr.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000026664 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Options.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000093224 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\PolicyManage.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000121896 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Thread.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000077864 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\Transmit.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000042536 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\XmlWrapper.dll

    2016-03-24 08:48 - 2015-12-10 06:05 - 000303656 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co.,Ltd) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000898088 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Free Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\iconv.dll

    2016-03-24 08:48 - 2015-12-10 06:04 - 000050216 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\MFC90ENU.DLL

    2016-03-24 08:48 - 2015-12-10 06:04 - 003779624 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> Microsoft Corporation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\mfc90u.dll

    2018-08-18 19:52 - 2017-03-30 17:49 - 000087040 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppCollect.dll

    2018-08-18 19:52 - 2017-03-30 17:49 - 000197632 _____ (Iskysoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\IsAppCommon.dll

    2020-09-13 22:28 - 2020-09-13 22:28 - 000065536 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll

    2018-08-18 19:52 - 2015-02-27 10:35 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Iskysoft\IAF\2.4.2.223\Newtonsoft.Json.dll

    2020-09-13 22:29 - 2016-11-14 02:45 - 001408200 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll

    2015-07-02 17:44 - 2015-07-02 17:44 - 000057344 _____ (Open Source Software community LGPL) [File not signed] C:\Program Files (x86)\pCloud Drive\pthreadVSE2.dll

    2016-03-24 08:48 - 2016-01-26 08:27 - 002454016 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\EaseUS\Todo Backup\bin\python27.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\python27.dll

    2017-10-23 18:28 - 2017-10-23 18:28 - 000342016 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wxbase30u_net_vc90_x64.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wxbase30u_vc90_x64.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wxmsw30u_adv_vc90_x64.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wxmsw30u_core_vc90_x64.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wxmsw30u_html_vc90_x64.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wxmsw30u_webview_vc90_x64.dll


    ==================== Alternate Data Streams (Whitelisted) ========


    ==================== Safe Mode (Whitelisted) ==================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"


    ==================== Association (Whitelisted) =================


    ==================== Internet Explorer (Whitelisted) ==========
     
    Barry,
    #14
  16. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    HKU\S-1-5-21-970927895-26279177-2598225439-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.popularwoodworking.com/winshop#/

    SearchScopes: HKLM-x32 -> DefaultScope value is missing

    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> F:\Program Files\Internet Download Manager\IDMIECC64.dll [2020-12-12] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

    BHO: No Name -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54}' -> No File

    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)

    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> F:\Program Files\Internet Download Manager\IDMIECC.dll [2020-12-12] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)

    BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

    BHO-x32: No Name -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54}' -> No File

    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-30] (Logitech Inc -> Logitech, Inc.)

    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc. -> Belarc, Inc.)


    ==================== Hosts content: =========================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2015-10-30 00:24 - 2015-10-30 00:21 - 000000824 ____H C:\WINDOWS\system32\drivers\etc\hosts


    ==================== Other Areas ===========================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-970927895-26279177-2598225439-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\psyd_\OneDrive\Pictures\Saved Pictures\darren & kendall mvp.jpg

    DNS Servers: 192.168.1.1

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    (If an entry is included in the fixlist, it will be removed.)


    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"

    HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"

    HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"

    HKLM\...\StartupApproved\Run32: => "EaseUS TB Tray Agent"

    HKLM\...\StartupApproved\Run32: => "PaperPort PTD"

    HKLM\...\StartupApproved\Run32: => "PPort12reminder"

    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\StartupFolder: => "FAXRX.lnk"

    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_B6B1848498DE69800140E7F655A96C3C"

    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "IDMan"

    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "SandboxieControl"

    HKU\S-1-5-21-970927895-26279177-2598225439-1001\...\StartupApproved\Run: => "CCleaner Monitoring"


    ==================== FirewallRules (Whitelisted) ================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [{4622FAA5-5CE8-43C9-B09D-B3230D88A438}] => (Allow) C:\Users\psyd_\AppData\Roaming\Zoom\bin\airhost.exe => No File

    FirewallRules: [{3DF87BBB-5D0C-4C67-A161-31138E2BA8D4}] => (Allow) C:\Users\psyd_\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

    FirewallRules: [{E12952C0-9D98-4EE6-B7E5-F56CA88031F8}] => (Block) C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> )

    FirewallRules: [{8183BAE1-AEEB-4AEB-8E00-14762544EC96}] => (Block) C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> )

    FirewallRules: [UDP Query User{A40C82E9-A1A9-4FD4-B2F2-1DD682230049}C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe] => (Allow) C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> )

    FirewallRules: [TCP Query User{669C3543-8BE1-4232-9D29-18B50C9592B7}C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe] => (Allow) C:\users\psyd_\appdata\local\videostream\app-0.3.5\videostream-native\videostream-native.exe (Groupnotes, Inc. -> )

    FirewallRules: [UDP Query User{1B74107A-BA89-4618-B13E-1AA6268B81E9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

    FirewallRules: [TCP Query User{4C41EAC5-7E83-4074-9328-7485918AC10E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

    FirewallRules: [{3B51D1E5-6E56-4467-B220-0C1B50CA1B9C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)

    FirewallRules: [{2F0FDD09-9396-4D01-8B4F-52202D81263F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)

    FirewallRules: [{2BCC2A52-FEC0-48CC-9499-0B2F9BA28D1B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)

    FirewallRules: [{411897C7-366B-4E59-A9CE-0B18CC9A9C01}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)

    FirewallRules: [{62D6EF68-868E-401E-86EE-434B2F64ABA0}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]

    FirewallRules: [{1B0FAE6A-2198-44D3-A299-E04013D98F9E}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]

    FirewallRules: [{F4FE08A3-37B6-41AF-88AA-4EA438854858}] => (Allow) LPort=54925

    FirewallRules: [{30808A5B-26F2-4B9F-80FB-A8D5F9685F89}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

    FirewallRules: [{04A24372-1784-4078-8DEF-9FD2729ED824}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

    FirewallRules: [{E7F19576-CADC-465C-A5D3-0B331BBE9C83}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    FirewallRules: [{4D47995B-70D6-42DA-97CA-BA772B2A75E7}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    FirewallRules: [{544F29A5-C222-43D4-8E38-F51599C4292F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    FirewallRules: [{587C2579-08CD-4E3A-B348-2B99CDF3BCD1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

    FirewallRules: [{3F8651E3-ED9F-4A88-92D3-70481F3BB9A3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

    FirewallRules: [{AAC51BFB-F2F7-476C-807A-994828A6352B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

    FirewallRules: [TCP Query User{EE80FEDC-3F33-4C35-950A-0B4D06936AAD}D:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) D:\program files (x86)\google\chrome\application\chrome.exe => No File

    FirewallRules: [UDP Query User{BC1DFF57-5F98-4F07-8C65-0DD65F53C078}D:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) D:\program files (x86)\google\chrome\application\chrome.exe => No File

    FirewallRules: [TCP Query User{A55838AB-A17A-4C45-8F92-C273A9B1C624}F:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) F:\program files (x86)\teamviewer\teamviewer.exe (TeamViewer -> TeamViewer GmbH)

    FirewallRules: [UDP Query User{FE6802EC-A6FD-43A4-937B-902C603B7F0F}F:\program files (x86)\teamviewer\teamviewer.exe] => (Allow) F:\program files (x86)\teamviewer\teamviewer.exe (TeamViewer -> TeamViewer GmbH)

    FirewallRules: [{092A0445-BA03-4386-8C96-1E2F5A326171}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    FirewallRules: [{0E50DAE0-C869-4F67-9656-73AF33A1BE51}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    FirewallRules: [{96ACF519-0AE0-4FCF-B77A-099D229C5EDE}] => (Allow) LPort=5556

    FirewallRules: [{736EFC6A-B967-4669-9A20-47435AB0E55D}] => (Allow) LPort=5558

    FirewallRules: [{8DD36EA6-D6AF-49C5-888F-46373C03286E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

    FirewallRules: [{76EA3604-87A6-4554-96CF-DB006A4693D1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]

    FirewallRules: [{4E787329-B5AA-4843-AA3D-844A153AA1BC}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]

    FirewallRules: [{070A0DB3-DF3E-46C7-9D37-3E0799A1F46E}] => (Allow) C:\Program Files (x86)\Brother\Brmfl11b\FAXRX.exe (Brother Industries, Ltd.) [File not signed]

    FirewallRules: [{84590C0A-65C1-4D24-A31C-EE5B1669B911}] => (Allow) LPort=54925

    FirewallRules: [{F7171B7B-D648-4944-B590-75E592C8F07D}] => (Allow) F:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)

    FirewallRules: [{BFB5663E-8EC2-4205-8A75-09B198C61D28}] => (Allow) F:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)

    FirewallRules: [{F20CB30D-429D-4A62-9893-B5882E4C2E49}] => (Allow) LPort=5557

    FirewallRules: [{B8B788A5-E6D8-4572-889B-60E4BCFF8F49}] => (Allow) C:\Program Files\Sandboxie\Start.exe (Invincea, Inc. -> Sandboxie Holdings, LLC)

    FirewallRules: [{5BE43988-ADB4-47C1-8309-A94AB861BECF}] => (Allow) C:\Program Files\Sandboxie\Start.exe (Invincea, Inc. -> Sandboxie Holdings, LLC)

    FirewallRules: [{92FE4939-B538-4401-B0CD-E034F3C1965E}] => (Allow) C:\Program Files\Sandboxie\Start.exe (Invincea, Inc. -> Sandboxie Holdings, LLC)

    FirewallRules: [{1920A589-6CC5-4825-91C8-7775C30E23BE}] => (Allow) C:\Program Files\Sandboxie\Start.exe (Invincea, Inc. -> Sandboxie Holdings, LLC)

    FirewallRules: [{82834809-A150-4F4E-9422-027D7858C07A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)

    FirewallRules: [{32F58EB3-DFE0-4C56-A38A-AF3E41630811}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

    FirewallRules: [{909FD15A-E330-4DAF-A8FF-397051F71306}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

    FirewallRules: [{D162FD42-0955-4E9D-A978-0C90F28405D0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

    FirewallRules: [{353F6D94-FA67-44D4-9370-0C22C8E5A8D1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

    FirewallRules: [{634B7F11-828A-4467-B48C-D74CDE485009}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)

    FirewallRules: [{9505A23C-730B-4856-9C48-B59F2962A256}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (Piriform Software Ltd -> Piriform Software)

    FirewallRules: [{C232BFEF-0B96-471C-AD86-8E37A9C87DDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

    FirewallRules: [{96DC122B-1FE5-462A-A816-0634B3E41FF5}] => (Allow) C:\Program Files (x86)\pCloud Drive\pCloud.exe (pCloud AG -> pCloud AG)


    ==================== Restore Points =========================


    26-07-2021 07:05:11 Scheduled Checkpoint

    31-07-2021 09:04:28 pCloud Drive


    ==================== Faulty Device Manager Devices ============



    ==================== Event log errors: ========================


    Application errors:

    ==================

    Error: (07/31/2021 09:05:31 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: pCloud.exe, version: 3.11.4.0, time stamp: 0x60e2dcc8

    Faulting module name: KERNELBASE.dll, version: 10.0.19041.1110, time stamp: 0xc830c52d

    Exception code: 0xe0434352

    Fault offset: 0x0012b4b2

    Faulting process id: 0x5448

    Faulting application start time: 0x01d78625dfd26750

    Faulting application path: C:\Program Files (x86)\pCloud Drive\pCloud.exe

    Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll

    Report Id: 9592ad3b-410b-41ee-a5c1-845536602c08

    Faulting package full name:

    Faulting package-relative application ID:


    Error: (07/31/2021 09:05:29 AM) (Source: .NET Runtime) (EventID: 1026) (User: )

    Description: Application: pCloud.exe

    Framework Version: v4.0.30319

    Description: The process was terminated due to an unhandled exception.

    Exception Info: System.IO.FileNotFoundException

    at System.ModuleHandle.ResolveType(System.Reflection.RuntimeModule, Int32, IntPtr*, Int32, IntPtr*, Int32, System.Runtime.CompilerServices.ObjectHandleOnStack)

    at System.ModuleHandle.ResolveTypeHandleInternal(System.Reflection.RuntimeModule, Int32, System.RuntimeTypeHandle[], System.RuntimeTypeHandle[])

    at System.Reflection.RuntimeModule.ResolveType(Int32, System.Type[], System.Type[])

    at System.Reflection.CustomAttribute.FilterCustomAttributeRecord(System.Reflection.CustomAttributeRecord, System.Reflection.MetadataImport, System.Reflection.Assembly ByRef, System.Reflection.RuntimeModule, System.Reflection.MetadataToken, System.RuntimeType, Boolean, System.Object[], System.Collections.IList, System.RuntimeType ByRef, System.IRuntimeMethodInfo ByRef, Boolean ByRef, Boolean ByRef)

    at System.Reflection.CustomAttribute.IsCustomAttributeDefined(System.Reflection.RuntimeModule, Int32, System.RuntimeType, Int32, Boolean)

    at System.Reflection.CustomAttribute.IsDefined(System.Reflection.RuntimeAssembly, System.RuntimeType)

    at System.Reflection.RuntimeAssembly.IsDefined(System.Type, Boolean)

    at System.Attribute.IsDefined(System.Reflection.Assembly, System.Type, Boolean)

    at <Module>.CModuleInitialize.IsProcessDpiAware(CModuleInitialize*)

    at <Module>.CModuleInitialize.{ctor}(CModuleInitialize*, Void ())

    at <Module>.?A0x92b5dcdc.InitCmiStartupRunner()

    at <Module>.?A0x92b5dcdc.??__E?A0x92b5dcdc@unused@@YMXXZ()

    at <Module>._initterm_m(Void* ()*, Void* ()*)

    at <Module>.<CrtImplementationDetails>.LanguageSupport.InitializePerAppDomain(<CrtImplementationDetails>.LanguageSupport*)

    at <Module>.<CrtImplementationDetails>.LanguageSupport._Initialize(<CrtImplementationDetails>.LanguageSupport*)

    at <Module>.<CrtImplementationDetails>.LanguageSupport.Initialize(<CrtImplementationDetails>.LanguageSupport*)


    Exception Info: <CrtImplementationDetails>.ModuleLoadException

    at <Module>.<CrtImplementationDetails>.LanguageSupport.Initialize(<CrtImplementationDetails>.LanguageSupport*)

    at <Module>..cctor()


    Exception Info: System.TypeInitializationException


    Error: (07/31/2021 05:45:00 AM) (Source: Application Error) (EventID: 1000) (User: )

    Description: Faulting application name: mbam.exe, version: 4.0.0.1055, time stamp: 0x60e6f1ba

    Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x603971ce

    Exception code: 0xc0000005

    Fault offset: 0x0000000000219dc5

    Faulting process id: 0x33d0

    Faulting application start time: 0x01d78609ddfbc3d5

    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

    Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll

    Report Id: f5568bee-f5d8-48f9-a666-77ffc49fe2f6

    Faulting package full name:

    Faulting package-relative application ID:


    Error: (07/30/2021 06:15:11 PM) (Source: Application Hang) (EventID: 1002) (User: )

    Description: The program iDownloaderConsole.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.


    Process ID: 2e08


    Start Time: 01d77bd48aae2641


    Termination Time: 4294967295


    Application Path: C:\Program Files\WindowsApps\21676OptimiliaStudios.iDownload-Manager_1.2.20.0_x64__k42naep6bwmrc\Win32\iDownloaderConsole.exe


    Report Id: 954879dc-fecf-440e-b821-303359750499


    Faulting package full name: 21676OptimiliaStudios.iDownload-Manager_1.2.20.0_x64__k42naep6bwmrc


    Faulting package-relative application ID: App


    Hang type: Quiesce


    Error: (07/27/2021 04:12:18 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

    Description: The storage optimizer couldn't complete retrim on 160GB Storage (H:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


    Error: (07/27/2021 04:11:10 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

    Description: The storage optimizer couldn't complete retrim on 750 Storage (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


    Error: (07/27/2021 04:11:06 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

    Description: The storage optimizer couldn't complete retrim on 750 Win 8 Pro (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


    Error: (07/27/2021 04:10:45 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )

    Description: The storage optimizer couldn't complete retrim on extra (E:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)



    System errors:

    =============

    Error: (07/31/2021 09:11:17 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

    Description: 5


    Error: (07/31/2021 09:11:03 AM) (Source: DCOM) (EventID: 10010) (User: MINE)

    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


    Error: (07/31/2021 09:11:03 AM) (Source: DCOM) (EventID: 10010) (User: MINE)

    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


    Error: (07/31/2021 09:11:03 AM) (Source: DCOM) (EventID: 10010) (User: MINE)

    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


    Error: (07/31/2021 09:11:02 AM) (Source: DCOM) (EventID: 10010) (User: MINE)

    Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


    Error: (07/31/2021 09:05:40 AM) (Source: DCOM) (EventID: 10000) (User: MINE)

    Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:

    "2147942767"

    Happened while starting this command:

    C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}


    Error: (07/31/2021 09:04:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

    Description: The Mozilla Maintenance Service service terminated with the following error:

    Incorrect function.


    Error: (07/30/2021 07:37:33 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

    Description: 4



    Windows Defender:

    ================

    Date: 2021-07-30 18:44:40

    Description:

    Microsoft Defender Antivirus scan has been stopped before completion.

    Scan Type: Antimalware

    Scan Parameters: Quick Scan


    Date: 2021-07-29 18:32:37

    Description:

    Microsoft Defender Antivirus scan has been stopped before completion.

    Scan Type: Antimalware

    Scan Parameters: Quick Scan


    Date: 2021-07-28 19:14:44

    Description:

    Microsoft Defender Antivirus scan has been stopped before completion.

    Scan Type: Antimalware

    Scan Parameters: Quick Scan


    Date: 2021-07-27 19:24:16

    Description:

    Microsoft Defender Antivirus scan has been stopped before completion.

    Scan Type: Antimalware

    Scan Parameters: Quick Scan


    Date: 2021-07-25 18:20:31

    Description:

    Microsoft Defender Antivirus scan has been stopped before completion.

    Scan Type: Antimalware

    Scan Parameters: Quick Scan


    Date: 2021-06-29 06:24:03

    Description:

    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

    New security intelligence Version: 1.343.25.0

    Previous security intelligence Version: 1.341.1610.0

    Update Source: User

    Security intelligence Type: AntiSpyware

    Update Type: Delta

    Current Engine Version: 1.1.18300.4

    Previous Engine Version: 1.1.18200.4

    Error code: 0x80070666

    Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.


    Date: 2021-06-29 06:24:03

    Description:

    Microsoft Defender Antivirus has encountered an error trying to update security intelligence.

    New security intelligence Version: 1.343.25.0

    Previous security intelligence Version: 1.341.1610.0

    Update Source: User

    Security intelligence Type: AntiVirus

    Update Type: Delta

    Current Engine Version: 1.1.18300.4

    Previous Engine Version: 1.1.18200.4

    Error code: 0x80070666

    Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.


    Date: 2021-06-29 06:24:03

    Description:

    Microsoft Defender Antivirus has encountered an error trying to update the engine.

    New Engine Version: 1.1.18300.4

    Previous Engine Version: 1.1.18200.4

    Error Code: 0x80070666

    Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.


    CodeIntegrity:

    ===============

    Date: 2021-07-17 05:41:51

    Description:

    Code Integrity determined that a process (\Device\HarddiskVolume1\Sandbox\psyd_\DefaultBox\drive\C\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


    Date: 2021-07-09 19:42:58

    Description:

    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\appid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2020-09-14 06:43:38

    Description:

    Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\WinSxS\x86_microsoft-windows-cloudstoragewizard_31bf3856ad364e35_6.3.9600.17415_none_895a2497a8f7a9b7\CloudStorageWizard.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



    ==================== Memory info ===========================


    BIOS: Award Software International, Inc. F2 12/03/2009

    Motherboard: Gigabyte Technology Co., Ltd. GA-790XTA-UD4

    Processor: AMD Phenom(tm) II X4 955 Processor

    Percentage of memory in use: 39%

    Total physical RAM: 16382.49 MB

    Available physical RAM: 9895.53 MB

    Total Virtual: 26223.02 MB

    Available Virtual: 17567.5 MB


    ==================== Drives ================================


    Drive c: (Samsung 850 EVO SSD) (Fixed) (Total:232.37 GB) (Free:138.3 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    Drive d: (750 Win 8 Pro) (Fixed) (Total:55.03 GB) (Free:6.26 GB) NTFS

    Drive e: (extra) (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS

    Drive f: (750 Storage) (Fixed) (Total:72.95 GB) (Free:24.43 GB) NTFS

    Drive g: (160 Win 8 Pro) (Fixed) (Total:28.31 GB) (Free:3.9 GB) NTFS ==>[system with boot components (obtained from drive)]

    Drive h: (160GB Storage) (Fixed) (Total:120.73 GB) (Free:65.81 GB) NTFS

    Drive m: (750 Extended Storage) (Fixed) (Total:570.64 GB) (Free:123.77 GB) NTFS

    Drive p: (pCloud Drive) (Removable) (Total:10 GB) (Free:8.79 GB) exFAT


    \\?\Volume{fd0610f8-0000-0000-0000-e0173a000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS


    ==================== MBR & Partition Table ====================


    ==========================================================

    Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149 GB) (Disk ID: BC336398)

    Partition 1: (Active) - (Size=28.3 GB) - (Type=06)

    Partition 2: (Not Active) - (Size=120.7 GB) - (Type=07 NTFS)


    ==========================================================

    Disk: 1 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 10F510F4)

    Partition 1: (Not Active) - (Size=128 GB) - (Type=0F Extended)

    Partition 2: (Not Active) - (Size=570.6 GB) - (Type=07 NTFS)


    ==========================================================

    Disk: 2 (Size: 232.9 GB) (Disk ID: FD0610F8)

    Partition 1: (Active) - (Size=232.4 GB) - (Type=07 NTFS)

    Partition 2: (Not Active) - (Size=519 MB) - (Type=27)


    ==================== End of Addition.txt =======================

    2021-07-31 09:12 - 2021-07-31 09:12 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\python27.dll

    2017-10-23 18:28 - 2017-10-23 18:28 - 000342016 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\pCloud Drive\OverlayIcon64.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wxbase30u_net_vc90_x64.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wxbase30u_vc90_x64.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wxmsw30u_adv_vc90_x64.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wxmsw30u_core_vc90_x64.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wxmsw30u_html_vc90_x64.dll

    2021-07-31 09:12 - 2021-07-31 09:12 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\psyd_\AppData\Local\Temp\_MEI224962\wxmsw30u_webview_vc90_x64.dll


    ==================== Alternate Data Streams (Whitelisted) ========


    ==================== Safe Mode (Whitelisted) ==================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"


    ==================== Association (Whitelisted) =================


    ==================== Internet Explorer (Whitelisted) ==========
     
    Barry,
    #15
  17. 2021/07/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

    broni,
    #16
  18. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2021
    Ran by psyd_ (31-07-2021 14:17:51) Run:1
    Running from C:\Users\psyd_\Desktop\virus removal
    Loaded Profiles: psyd_
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    GroupPolicy: Restriction ? <==== ATTENTION
    Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
    Task: {06B1DB65-69C7-49C0-9604-1A29F02AD68F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
    Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
    Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.11.5.0_neutral__v68kp9n051hdp [not found]
    Edge Extension: (No Name) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.36.5.0_neutral__e7b5mm5d3r6v2 [not found]
    Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
    Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    BHO: No Name -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54}' -> No File
    BHO-x32: No Name -> {1948F7D8-6849-437D-AF14-C3C14E0C1E54}' -> No File
    FirewallRules: [{4622FAA5-5CE8-43C9-B09D-B3230D88A438}] => (Allow) C:\Users\psyd_\AppData\Roaming\Zoom\bin\airhost.exe => No File
    FirewallRules: [TCP Query User{EE80FEDC-3F33-4C35-950A-0B4D06936AAD}D:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) D:\program files (x86)\google\chrome\application\chrome.exe => No File
    FirewallRules: [UDP Query User{BC1DFF57-5F98-4F07-8C65-0DD65F53C078}D:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) D:\program files (x86)\google\chrome\application\chrome.exe => No File


    *****************

    C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    C:\ProgramData\NTUSER.pol => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06B1DB65-69C7-49C0-9604-1A29F02AD68F}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06B1DB65-69C7-49C0-9604-1A29F02AD68F}" => removed successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
    HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1948F7D8-6849-437D-AF14-C3C14E0C1E54}' => removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1948F7D8-6849-437D-AF14-C3C14E0C1E54}' => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4622FAA5-5CE8-43C9-B09D-B3230D88A438}" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EE80FEDC-3F33-4C35-950A-0B4D06936AAD}D:\program files (x86)\google\chrome\application\chrome.exe" => removed successfully
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BC1DFF57-5F98-4F07-8C65-0DD65F53C078}D:\program files (x86)\google\chrome\application\chrome.exe" => removed successfully


    The system needed a reboot.

    ==== End of Fixlog 14:17:51 ====
     
    Barry,
    #17
  19. 2021/07/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Last scans....

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
    broni,
    #18
  20. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    CCleaner Browser
    CCleaner Update Helper
    Adobe Flash Player 9 Flash Player out of Date!
    Adobe Flash Player 32.0.0.465
    Mozilla Thunderbird (38.7.0)
    Google Chrome (92.0.4515.107)
    Google Chrome (SetupMetrics...)
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Malwarebytes Anti-Malware mbamservice.exe
    psyd_ Desktop virus removal SecurityCheck.exe
    Malwarebytes Anti-Malware mbamtray.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
    Barry,
    #19
  21. 2021/07/31
    Barry

    Barry Geek Member Thread Starter

    Joined:
    2002/12/16
    Messages:
    1,209
    Likes Received:
    10
    Farbar Service Scanner Version: 23-12-2020
    Ran by psyd_ (administrator) on 31-07-2021 at 15:22:21
    Running from "C:\Users\psyd_\Desktop\virus removal"
    Microsoft Windows 10 Pro (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Windows Security:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\Drivers\afd.sys => File is digitally signed
    C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
    Barry,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...