Solved Shorte.st clkmein unwanted pop ups

Oct123

Thread Starter
Joined
Jan 14, 2022
Messages
5
I'm getting daily pop ups that are unwanted, Ive searched the computer for key words to remove and tried malware/antivirus programmes, but cannot get rid of it. I'd be grateful for any steers on how to fix this.

Thank you.

The results of FRST are:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-01-2022 01
Ran by Richard (administrator) on DESKTOP-TPBF3NR (LENOVO 23252S4) (14-01-2022 17:41:42)
Running from C:\Users\Richard\Downloads
Loaded Profiles: Richard
Platform: Microsoft Windows 10 Home Version 20H2 19042.1466 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Users\Richard\anaconda3\Scripts\jupyter-notebook.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Discord Inc. -> Discord Inc.) C:\Users\Richard\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <27>
(Huawei Technologies Co., Ltd. -> ) C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\Richard\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\python.exe <2>
(Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\pythonw.exe <2>
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe <5>
(Sony Imaging Products & Solutions Inc. -> Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Imaging Products & Solutions Inc. -> Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Sunplus Innovation Technology Inc. -> SunplusIT, Inc.) [File not signed] C:\Program Files (x86)\Integrated Camera\Monitor.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1719456 2013-12-10] (Sunplus Innovation Technology Inc. -> SunplusIT, Inc.) [File not signed]
HKLM-x32\...\Run: [IMSS] => c:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe [1178400 2015-08-14] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779448 2021-05-11] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [868328 2018-12-21] (Sony Imaging Products & Solutions Inc. -> Sony Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [112191904 2021-12-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\Run: [Samsung DeX] => C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe [10929320 2021-12-03] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\Run: [Discord] => C:\Users\Richard\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\MountPoints2: {35cdbbba-4c21-11eb-b71a-3c970ee47275} - "D:\HiSuiteDownLoader.exe"
HKLM\...\Windows x64\Print Processors\Canon iP7200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBA.DLL [30208 2012-04-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor iP7200 series: C:\Windows\system32\CNMLMBA.DLL [389120 2012-04-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.71\Installer\chrmstp.exe [2022-01-07] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E90C07C-55CA-4E90-A9FA-F9E6C1FA8A74} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {1223A159-8720-451D-A810-3511D6CA16F1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {134268DB-45B8-4957-89DA-CD40665F8170} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8388528 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {432597B5-3547-4C91-A4B1-9B0A160E2E4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {440BC486-1A11-4792-A153-6B83B2783C8B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138584 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F6502F4-4FC9-4184-97D8-C99D8F17B167} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138584 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {5E54D055-5FD2-4285-9DD0-8B0B20226B64} - System32\Tasks\SVC Update => C:\Windows\explorer.exe "hxxps://destyy.com/w2S0D1" <==== ATTENTION
Task: {698B7430-D9E8-4AFC-9D8A-5D95D56FBAAA} - System32\Tasks\Duplicate Photos Fixer ProNotifier => C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe [306440 2021-11-25] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {7206183C-A7EE-4E19-8AC1-E2797F081D6B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8388528 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {86FBE6C1-F5EB-461B-939E-B8F533A5536F} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112824 2021-07-11] (Lenovo -> Lenovo)
Task: {9C14F1DD-D373-4595-AA5F-1520E4EA1440} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [62136 2021-07-11] (Lenovo -> )
Task: {9D7329C6-1668-4399-A851-8604418D8445} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-28] (Google LLC -> Google LLC)
Task: {A2D0874B-102B-4236-8F1C-0AA192AC50CE} - System32\Tasks\Duplicate Photos Fixer Pro_updates => C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe [8201992 2021-11-25] (SYSTWEAK SOFTWARE -> Systweak)
Task: {AF1F2FA9-EC98-4325-A951-57FE00CFFAF8} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-09-22] (Lenovo -> )
Task: {B019B75D-2FA6-4539-8CCA-CFF6C70A45A8} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-442883875-2476310825-192517120-1001 => C:\Users\Richard\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [88408 2021-12-29] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {B80582D2-6A70-472C-8172-7D7076FC1DAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-28] (Google LLC -> Google LLC)
Task: {C1696DA6-A81F-4E15-87A4-86B74D8FFCE3} - System32\Tasks\Duplicate Photos Fixer ProNotifier_trigger => C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe [306440 2021-11-25] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {C45EC75C-8A12-416B-968C-CBD2278B472F} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758792 2021-09-22] (Lenovo -> )
Task: {C6E17AD5-1EBA-4208-8541-8EA8A2DBC69A} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3817392 2020-06-18] (Easeware Technology Limited -> Easeware)
Task: {E9906361-7D8F-4CE2-905C-CB5A434B312C} - System32\Tasks\Duplicate Photos Fixer ProNotifier_startup => C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe [306440 2021-11-25] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {F260BBA6-3A7B-425D-A227-4A4D07717D25} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d7898ae6-c9e3-4f0f-b12f-bc092ede047c}: [DhcpNameServer] 192.168.0.1
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.0.20,1]

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Richard\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-14]
Edge Notifications: Default -> hxxps://en.softonic.com; hxxps://www.hotdeals.com
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Richard\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-01-14]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-05-11] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> c:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> c:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-05-11] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default [2022-01-14]
CHR Notifications: Default -> hxxps://209303103311267.webpush.freshchat.com; hxxps://aspireglobal.eu.webpush.freshchat.com; hxxps://calendar.google.com; hxxps://metro.co.uk; hxxps://oanda.secure.force.com; hxxps://secretldn.com; hxxps://uk.mail.yahoo.com; hxxps://uk.pcmag.com; hxxps://www.bristolpost.co.uk; hxxps://www.buyagift.co.uk; hxxps://www.facebook.com; hxxps://www.grandnational.org.uk; hxxps://www.hertfordshiremercury.co.uk; hxxps://www.lightinthebox.com; hxxps://www.marksandspencer.com; hxxps://www.myvouchercodes.co.uk; hxxps://www.netflix.com; hxxps://www.oliverstravels.com; hxxps://www.qmee.com; hxxps://www.topcashback.co.uk; hxxps://www.vouchercloud.com
CHR HomePage: Default -> hxxp://www.google.co.uk/ig
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/ig"
CHR Extension: (Slides) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-28]
CHR Extension: (Docs) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-28]
CHR Extension: (Google Drive) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-28]
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-28]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2020-12-28]
CHR Extension: (Latest Deals) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehllaigpicpkadibmagdgblfdlfeeahf [2022-01-10]
CHR Extension: (TopCashback UK: Get Cashback & Vouchers) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekeeeebmbhkkjcaoicinbdjmklipppkj [2021-09-30]
CHR Extension: (Sheets) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-28]
CHR Extension: (Google Docs Offline) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-03]
CHR Extension: (Guardio Protection for Chrome) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfpmkejnolcfklaaddjnckanhhgegla [2022-01-13]
CHR Extension: (SwagButton) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2021-12-29]
CHR Extension: (Digital-i's GB Research Support Tool) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpljhcpobhmhghhhampjeedlljpcocfp [2021-12-03]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2020-12-28]
CHR Extension: (Cookmate - formerly My CookBook) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbehgakcmbdalmpdfjedahogegmgpba [2020-12-28]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2021-12-19]
CHR Extension: (Qmee) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2020-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-15]
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-28]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842424 2021-05-11] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12129128 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [236864 2020-12-05] (Huawei Technologies Co., Ltd. -> )
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2022-01-13] (Malwarebytes Inc -> Malwarebytes)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [493544 2018-12-21] (Sony Imaging Products & Solutions Inc. -> Sony Corporation)
S3 ss_conn_launcher_service; C:\Windows\System32\Samsung\EasySetup\ss_conn_launcher.exe [182296 2021-06-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2021-06-23] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2021-06-23] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12912936 2021-11-16] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159760 2021-06-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2022-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ew_usbccgpfilter; C:\Windows\System32\drivers\ew_usbccgpfilter.sys [18944 2020-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2020-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [27496 2012-07-30] (Lenovo(Japan)Ltd. -> Lenovo)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210352 2022-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2022-01-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193448 2022-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2022-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2022-01-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [149424 2022-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 optousb; C:\Windows\system32\DRIVERS\optousb.sys [22656 2008-04-04] (Microsoft Windows Hardware Compatibility Publisher -> OPTO ELECTRONICS CO.,LTD.)
S3 optovcm; C:\Windows\system32\DRIVERS\optovcm.sys [31744 2008-04-04] (Microsoft Windows Hardware Compatibility Publisher -> OPTO ELECTRONICS CO.,LTD.)
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R3 risdxc; C:\Windows\System32\drivers\risdxc64.sys [106496 2013-09-08] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1514144 2013-12-10] (Sunplus Innovation Technology Inc. -> Sunplus)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167432 2021-06-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [43536 2021-06-23] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-13 21:26 - 2022-01-13 21:26 - 000000000 ____D C:\Users\Richard\AppData\Local\mbam
2022-01-13 21:25 - 2022-01-13 21:25 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-01-13 21:25 - 2022-01-13 21:25 - 000210352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-01-13 21:25 - 2022-01-13 21:25 - 000193448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2022-01-13 21:25 - 2022-01-13 21:25 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-01-13 21:25 - 2022-01-13 21:25 - 000149424 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2022-01-13 21:25 - 2022-01-13 21:25 - 000069040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2022-01-13 21:25 - 2022-01-13 21:25 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-01-13 21:25 - 2022-01-13 21:25 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-01-13 21:25 - 2022-01-13 21:25 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-01-13 21:24 - 2022-01-13 21:24 - 002086424 _____ (Malwarebytes) C:\Users\Richard\Downloads\MBSetup-076886.076886-Consumer.exe
2022-01-13 21:24 - 2022-01-13 21:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-01-13 21:24 - 2022-01-13 21:24 - 000000000 ____D C:\Program Files\Malwarebytes
2022-01-13 21:05 - 2022-01-13 21:07 - 000052193 _____ C:\Users\Richard\Downloads\Addition.txt
2022-01-13 21:03 - 2022-01-14 17:42 - 000026990 _____ C:\Users\Richard\Downloads\FRST.txt
2022-01-13 21:03 - 2022-01-14 17:42 - 000000000 ____D C:\FRST
2022-01-13 21:03 - 2022-01-13 21:03 - 002311680 _____ (Farbar) C:\Users\Richard\Downloads\FRST64.exe
2022-01-12 21:07 - 2022-01-13 22:09 - 000010274 _____ C:\Users\Richard\Untitled8.ipynb
2022-01-11 23:53 - 2022-01-11 23:53 - 000523776 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-01-11 23:53 - 2022-01-11 23:53 - 000464384 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-01-11 23:53 - 2022-01-11 23:53 - 000011797 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-01-11 23:45 - 2022-01-11 23:46 - 000000000 ___HD C:\$WinREAgent
2022-01-11 20:40 - 2022-01-12 21:04 - 000000000 ____D C:\ProgramData\AVG
2022-01-11 20:40 - 2022-01-11 20:40 - 000224072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Richard\Downloads\avg_antivirus_free_setup.exe
2022-01-09 17:37 - 2022-01-11 21:55 - 000016469 _____ C:\Users\Richard\Untitled7.ipynb
2022-01-08 11:37 - 2022-01-08 13:15 - 000007976 _____ C:\Users\Richard\Untitled6.ipynb
2022-01-08 07:53 - 2022-01-08 07:53 - 000071399 _____ C:\Users\Richard\Downloads\parkrun-barcode-A2658876.pdf
2022-01-07 11:39 - 2022-01-07 11:43 - 000001144 _____ C:\Users\Richard\myfirstnotebook.ipynb
2022-01-07 11:04 - 2022-01-07 11:05 - 000000000 ____D C:\Program Files\Sublime Text 3
2022-01-07 10:38 - 2022-01-07 10:48 - 000000959 _____ C:\Users\Richard\Untitled5.ipynb
2022-01-06 18:12 - 2022-01-06 18:12 - 000000000 ____D C:\Users\Richard\Untitled Folder 1
2022-01-06 18:10 - 2022-01-06 18:10 - 000000000 ____D C:\Users\Richard\Mypythonstuff
2022-01-06 17:48 - 2022-01-06 17:48 - 000000000 ____D C:\Program Files\New folder
2022-01-06 17:46 - 2022-01-06 17:47 - 026580990 _____ C:\Users\Richard\Downloads\Complete-Python-3-Bootcamp-master (2).zip
2022-01-06 17:07 - 2022-01-14 17:27 - 000000000 ____D C:\Users\Richard\AppData\Roaming\discord
2022-01-06 17:07 - 2022-01-14 17:25 - 000000000 ____D C:\Users\Richard\AppData\Local\Discord
2022-01-06 17:07 - 2022-01-06 17:07 - 000002237 _____ C:\Users\Richard\Desktop\Discord.lnk
2022-01-06 17:07 - 2022-01-06 17:07 - 000000000 ____D C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2022-01-06 17:07 - 2022-01-06 17:07 - 000000000 ____D C:\Users\Richard\AppData\Local\SquirrelTemp
2022-01-06 17:06 - 2022-01-06 17:07 - 082973864 _____ (Discord Inc.) C:\Users\Richard\Downloads\DiscordSetup.exe
2022-01-04 16:11 - 2022-01-04 16:11 - 000001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
2022-01-04 16:11 - 2022-01-04 16:11 - 000001038 _____ C:\Users\Richard\Desktop\Lightroom.lnk
2022-01-04 13:02 - 2022-01-04 13:02 - 000000000 ____D C:\Windows\system32\Tasks\Apple
2022-01-04 13:02 - 2022-01-04 13:02 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2022-01-03 17:13 - 2022-01-03 17:13 - 000003584 _____ C:\Windows\system32\Tasks\SVC Update
2022-01-03 17:12 - 2010-12-06 02:16 - 000090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2022-01-03 07:57 - 2022-01-12 00:24 - 000000000 ____D C:\Program Files (x86)\Duplicate Photos Fixer Pro
2022-01-03 07:57 - 2022-01-09 16:44 - 000003306 _____ C:\Windows\system32\Tasks\Duplicate Photos Fixer ProNotifier
2022-01-03 07:57 - 2022-01-03 07:57 - 000003866 _____ C:\Windows\system32\Tasks\Duplicate Photos Fixer Pro_updates
2022-01-03 07:57 - 2022-01-03 07:57 - 000003374 _____ C:\Windows\system32\Tasks\Duplicate Photos Fixer ProNotifier_trigger
2022-01-03 07:57 - 2022-01-03 07:57 - 000003294 _____ C:\Windows\system32\Tasks\Duplicate Photos Fixer ProNotifier_startup
2022-01-03 07:57 - 2022-01-03 07:57 - 000001277 _____ C:\Users\Public\Desktop\Duplicate Photos Fixer Pro.lnk
2022-01-03 07:57 - 2022-01-03 07:57 - 000000000 ____D C:\Users\Richard\AppData\Roaming\DPFXR
2022-01-03 07:57 - 2022-01-03 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photos Fixer Pro
2022-01-03 07:56 - 2022-01-03 07:56 - 010332632 _____ (Systweak Software ) C:\Users\Richard\Downloads\dpfsetupipg_googleadw-dpf_gads_uk_ext7.exe
2022-01-03 07:56 - 2022-01-03 07:56 - 000000000 ____D C:\Users\Richard\AppData\Roaming\Systweak
2022-01-01 18:52 - 2022-01-01 18:52 - 010608968 _____ (Ursa Minor Ltd ) C:\Users\Richard\Downloads\CopyTransHEICforWindowsv1.009 (1).exe
2022-01-01 18:51 - 2022-01-01 18:52 - 000000000 ____D C:\Program Files\CopyTrans HEIC for Windows
2022-01-01 18:51 - 2022-01-01 18:52 - 000000000 ____D C:\Program Files (x86)\CopyTrans HEIC for Windows
2022-01-01 18:51 - 2022-01-01 18:51 - 000000000 ____D C:\ProgramData\WindSolutions
2022-01-01 18:50 - 2022-01-01 18:50 - 010608968 _____ (Ursa Minor Ltd ) C:\Users\Richard\Downloads\CopyTransHEICforWindowsv1.009.exe
2022-01-01 18:48 - 2022-01-01 18:48 - 023863280 _____ (SoftOrbits ) C:\Users\Richard\Downloads\HeicToJpg.exe
2022-01-01 18:46 - 2022-01-01 18:46 - 000000000 ____D C:\ProgramData\Avast Software
2022-01-01 18:45 - 2022-01-01 18:46 - 000234272 _____ (AVAST Software) C:\Users\Richard\Downloads\avast_one_essential_setup_online.exe
2022-01-01 16:23 - 2022-01-01 16:23 - 000000000 ____D C:\Users\Richard\AppData\Local\Apple Computer
2022-01-01 16:22 - 2022-01-09 16:44 - 000000000 ____D C:\Users\Richard\AppData\Roaming\Apple Computer
2022-01-01 16:21 - 2022-01-04 13:02 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2022-01-01 16:21 - 2022-01-01 16:21 - 000001914 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2022-01-01 16:21 - 2022-01-01 16:21 - 000000000 ____D C:\Users\Richard\AppData\Local\Apple
2022-01-01 16:21 - 2022-01-01 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2022-01-01 16:21 - 2022-01-01 16:21 - 000000000 ____D C:\ProgramData\Apple Computer
2022-01-01 16:21 - 2022-01-01 16:21 - 000000000 ____D C:\ProgramData\Apple
2022-01-01 16:21 - 2022-01-01 16:21 - 000000000 ____D C:\Program Files (x86)\QuickTime
2022-01-01 16:20 - 2022-01-01 16:20 - 041896256 _____ (Apple Inc.) C:\Users\Richard\Downloads\QuickTimeInstaller.exe
2022-01-01 16:20 - 2022-01-01 16:20 - 000000000 ____D C:\Users\Richard\AppData\LocalLow\Apple Computer
2021-12-29 23:20 - 2021-12-29 23:20 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2022.lnk
2021-12-29 22:58 - 2021-12-29 22:58 - 000000000 ____D C:\Program Files (x86)\Samsung
2021-12-29 22:57 - 2021-06-23 02:12 - 000167432 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2021-12-29 22:57 - 2021-06-23 02:12 - 000159760 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus2.sys
2021-12-29 22:57 - 2021-06-23 02:12 - 000043536 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ss_conn_usb_driver2.sys
2021-12-27 20:43 - 2021-12-27 20:43 - 000101983 _____ C:\Users\Richard\Downloads\1640637786.3373075_0852e919-4f48-4a1d-93a9-32beba3f7025.pdf
2021-12-23 21:21 - 2021-12-23 21:21 - 000000703 _____ C:\Users\Richard\Downloads\transcript.txt
2021-12-19 00:29 - 2021-12-19 00:29 - 000000000 ____D C:\Windows\SystemTemp
2021-12-18 20:18 - 2021-12-18 20:18 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-12-18 20:18 - 2021-12-18 20:18 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-12-18 20:18 - 2021-12-18 20:18 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-01-14 17:33 - 2020-12-28 22:49 - 000000000 ____D C:\Program Files (x86)\Google
2022-01-14 17:14 - 2020-11-18 23:28 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-01-14 16:58 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-14 16:50 - 2020-12-29 23:10 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-01-13 22:09 - 2021-04-11 14:07 - 000000000 ____D C:\Users\Richard\AppData\Roaming\jupyter
2022-01-13 22:09 - 2020-12-28 21:44 - 000000000 ____D C:\Users\Richard
2022-01-13 21:25 - 2019-12-07 09:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-01-13 21:23 - 2020-12-28 21:46 - 000000000 ____D C:\Users\Richard\AppData\Local\Packages
2022-01-13 21:23 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-13 21:23 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\AppReadiness
2022-01-13 21:07 - 2019-12-07 09:13 - 000000000 ____D C:\Windows\INF
2022-01-13 03:06 - 2021-04-05 19:45 - 000000000 ____D C:\Users\Richard\.conda
2022-01-12 21:07 - 2021-04-11 14:38 - 000000000 ____D C:\Users\Richard\.ipynb_checkpoints
2022-01-12 21:02 - 2021-04-05 19:46 - 000000043 _____ C:\Users\Richard\.condarc
2022-01-12 10:28 - 2020-12-28 21:35 - 000840602 _____ C:\Windows\system32\PerfStringBackup.INI
2022-01-12 00:26 - 2020-12-29 23:13 - 000000000 ___RD C:\Users\Richard\Creative Cloud Files
2022-01-12 00:24 - 2020-12-28 22:24 - 000000000 __SHD C:\Users\Richard\IntelGraphicsProfiles
2022-01-12 00:24 - 2020-12-28 22:11 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-01-12 00:24 - 2020-12-28 21:27 - 000008192 ___SH C:\DumpStack.log.tmp
2022-01-12 00:24 - 2020-11-18 23:29 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-01-12 00:24 - 2020-11-18 23:28 - 000460696 _____ C:\Windows\system32\FNTCACHE.DAT
2022-01-12 00:23 - 2019-12-07 09:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2022-01-12 00:23 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2022-01-12 00:23 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SystemResources
2022-01-12 00:23 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\setup
2022-01-12 00:23 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\oobe
2022-01-12 00:23 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\Dism
2022-01-12 00:23 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\bcastdvr
2022-01-12 00:23 - 2019-12-07 09:03 - 000786432 _____ C:\Windows\system32\config\BBI
2022-01-11 23:55 - 2019-12-07 09:03 - 000000000 ____D C:\Windows\CbsTemp
2022-01-11 23:42 - 2021-01-05 09:04 - 000000000 ____D C:\Windows\system32\MRT
2022-01-11 23:40 - 2021-01-05 09:04 - 145765912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-01-09 19:26 - 2021-04-30 18:57 - 000000077 _____ C:\Users\Richard\myfile.txt
2022-01-07 21:04 - 2020-11-18 23:31 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-07 21:04 - 2020-11-18 23:31 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-01-07 20:29 - 2021-12-12 19:19 - 000000000 ____D C:\Windows\Minidump
2022-01-07 11:35 - 2021-07-04 10:39 - 000000000 ____D C:\Users\Richard\Python
2022-01-07 11:05 - 2021-04-11 14:50 - 000000000 ____D C:\Users\Richard\AppData\Roaming\Sublime Text 3
2022-01-07 11:05 - 2021-04-11 14:50 - 000000000 ____D C:\Users\Richard\AppData\Local\Sublime Text 3
2022-01-07 02:36 - 2020-12-28 22:50 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-01-07 02:36 - 2020-12-28 22:50 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-01-06 18:12 - 2021-04-05 19:37 - 000000000 ____D C:\Users\Richard\anaconda3
2022-01-06 10:49 - 2020-12-28 22:14 - 000000000 ____D C:\Users\Richard\AppData\Local\LenovoServiceBridge
2022-01-05 16:09 - 2021-12-11 13:04 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-442883875-2476310825-192517120-1001
2022-01-05 16:09 - 2020-12-28 21:49 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-442883875-2476310825-192517120-1001
2022-01-05 16:09 - 2020-12-28 21:44 - 000002385 _____ C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-04 16:11 - 2020-12-29 23:10 - 000000000 ____D C:\Program Files\Adobe
2022-01-04 09:11 - 2020-12-28 21:52 - 000000000 ____D C:\Users\Richard\AppData\Local\PlaceholderTileLogoFolder
2022-01-04 09:11 - 2020-11-18 23:32 - 000000000 ____D C:\ProgramData\Packages
2022-01-03 22:41 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\LiveKernelReports
2022-01-03 07:25 - 2020-12-28 21:49 - 000000000 ___RD C:\Users\Richard\OneDrive
2022-01-02 12:04 - 2020-12-29 22:23 - 000000000 ____D C:\Users\Richard\AppData\Roaming\vlc
2021-12-29 23:21 - 2020-12-29 23:10 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-12-29 23:20 - 2020-12-29 23:10 - 000000000 ____D C:\ProgramData\Adobe
2021-12-29 23:20 - 2020-12-28 21:46 - 000000000 ____D C:\Users\Richard\AppData\Roaming\Adobe
2021-12-29 22:58 - 2021-01-20 22:17 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung DeX.lnk
2021-12-29 22:58 - 2021-01-20 22:17 - 000001163 _____ C:\Users\Public\Desktop\Samsung DeX.lnk
2021-12-29 22:58 - 2020-12-28 22:18 - 000000000 ____D C:\ProgramData\Package Cache
2021-12-29 22:45 - 2020-12-28 22:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2021-12-19 23:43 - 2020-12-28 22:31 - 000000000 ____D C:\Program Files\Microsoft Office
2021-12-19 00:29 - 2019-12-07 09:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-12-19 00:29 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\lv-LV
2021-12-19 00:29 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\lt-LT
2021-12-19 00:29 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\et-EE
2021-12-19 00:29 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-12-19 00:29 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\Provisioning
2021-12-16 14:04 - 2020-11-18 23:29 - 000000000 ____D C:\Windows\system32\Drivers\wd

==================== Files in the root of some directories ========

2020-12-29 23:17 - 2020-12-29 23:17 - 000000000 _____ () C:\Users\Richard\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-01-2022 01
Ran by Richard (14-01-2022 17:43:20)
Running from C:\Users\Richard\Downloads
Microsoft Windows 10 Home Version 20H2 19042.1466 (X64) (2020-12-28 21:30:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-442883875-2476310825-192517120-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-442883875-2476310825-192517120-503 - Limited - Disabled)
Guest (S-1-5-21-442883875-2476310825-192517120-501 - Limited - Disabled)
Richard (S-1-5-21-442883875-2476310825-192517120-1001 - Administrator - Enabled) => C:\Users\Richard
WDAGUtilityAccount (S-1-5-21-442883875-2476310825-192517120-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 21.06 (x64) (HKLM\...\7-Zip) (Version: 21.06 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.4.5.550 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
Adobe Lightroom (HKLM-x32\...\LRCC_5_1) (Version: 5.1 - Adobe Inc.)
Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_1) (Version: 23.1.0.143 - Adobe Inc.)
Amazon Kindle (HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\Amazon Kindle) (Version: 1.30.0.59056 - Amazon)
Anaconda3 2020.11 (Python 3.8.5 64-bit) (HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\Anaconda3 2020.11 (Python 3.8.5 64-bit)) (Version: 2020.11 - Anaconda, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1188.1 - AVG Technologies) Hidden
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.1.0 - Ursa Minor Ltd)
Discord (HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
Driver Easy 5.6.15 (HKLM\...\DriverEasy_is1) (Version: 5.6.15 - Easeware)
Duplicate Photos Fixer Pro (HKLM-x32\...\Duplicate Photos Fixer Pro_is1) (Version: 1.3.1086.53 - Systweak Software) <==== ATTENTION
Evernote 10.26.5 (HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\e4251011-875e-51f3-a464-121adaff5aaa) (Version: 10.26.5 - Evernote Corporation)
Google Chrome (HKLM\...\{56CF9805-415B-3B7A-A1BD-DC14F7E8FAB6}) (Version: 97.0.4692.71 - Google LLC)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 11.0.0.500 - Huawei Technologies Co., Ltd.)
Integrated Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.7.31 - SunplusIT)
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.5 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{88540041-fd0c-4588-9b2f-251e29f7c5a1}) (Version: 18.40.4 - Intel Corporation)
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.9 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0131 - Lenovo)
Malwarebytes version 4.5.0.152 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.0.152 - Malwarebytes)
MergeModule_x64 (HKLM\...\{8B591A6B-253E-4E62-B2A8-3668CDA0A907}) (Version: 11.0.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{51B45206-47B1-4B51-B46A-330B9156D6C1}) (Version: 11.0.00 - Sony Corporation) Hidden
MetaTrader 5 (HKLM\...\MetaTrader 5) (Version: 5.00 - MetaQuotes Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.55 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\OneDriveSetup.exe) (Version: 21.245.1128.0002 - Microsoft Corporation)
Microsoft Project - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visio - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
OANDA - MetaTrader (HKLM-x32\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
PlayMemories Home (HKLM-x32\...\{AEB04E0E-0A28-4014-A96A-282E43B7227B}) (Version: 6.0.00.12211 - Sony Corporation)
PMB_ModeEditor (HKLM-x32\...\{F8063714-BD75-42DC-8FAA-D0E1EED92519}) (Version: 11.0.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{CF081855-ED80-445A-BF63-025584939230}) (Version: 11.0.00 - Sony Corporation) Hidden
Python 3.9.4 (64-bit) (HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\{8a52f2bf-c3d0-4872-bc3d-61f6eab0cbf2}) (Version: 3.9.4150.0 - Python Software Foundation)
Python 3.9.4 Add to Path (64-bit) (HKLM\...\{B943A821-11D8-4FB4-B573-6D04DCC596AD}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Core Interpreter (64-bit) (HKLM\...\{1C17C2CE-B315-4C1C-885A-E37181C7368E}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Development Libraries (64-bit) (HKLM\...\{CB856DD1-55A4-42B3-B676-73DDE515A589}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Documentation (64-bit) (HKLM\...\{73524E2A-5D97-4CB8-8438-5FE8F9653F1C}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Executables (64-bit) (HKLM\...\{EDBB67F1-B275-4AC6-9D32-0A033570A705}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 pip Bootstrap (64-bit) (HKLM\...\{1FDC7BC3-4CE5-4236-A8C2-0C4A7AFFDFA4}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Standard Library (64-bit) (HKLM\...\{91ED5736-9D50-4991-87DC-CFB0492D1A22}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Tcl/Tk Support (64-bit) (HKLM\...\{4E0E4F08-ECD0-4737-ABFC-030B702AC2BF}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Test Suite (64-bit) (HKLM\...\{F12FD64B-8964-4F40-8448-7FA3955C5AD6}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python 3.9.4 Utility Scripts (64-bit) (HKLM\...\{BBCC595F-93C2-4054-9565-8F4F19B3D706}) (Version: 3.9.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{BDD80906-41E0-43DB-8C65-D8BCCEB3A3F8}) (Version: 3.9.7400.0 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Samsung DeX (HKLM-x32\...\{43409A91-7C1A-4D28-B628-AD78F09DA3F0}) (Version: 2.4.0.27 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{a306c372-6ec4-43f0-b372-b1de15b0e935}) (Version: 2.4.0.27 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.46.0 - Samsung Electronics Co., Ltd.)
Shopandscan (HKLM-x32\...\{0AE44DE7-5B32-4151-8272-0FA6DAF800E8}) (Version: 1.0.0 - Kantar WorldPanel)
Skype version 8.79 (HKLM-x32\...\Skype_is1) (Version: 8.79 - Skype Technologies S.A.)
SoftMaker FreeOffice 2018 (HKLM-x32\...\{02B0F09C-4910-4F32-BB8A-F22606E9E320}) (Version: 1.0.4910 - SoftMaker Software GmbH)
Sublime Text 3 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.24.5 - TeamViewer)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports (06/02/2008 2.0.5.5) (HKLM\...\245A139F08D3D69654D8822673D0B5EBFB63EF38) (Version: 06/02/2008 2.0.5.5 - OPTO ELECTRONICS CO.,LTD)
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-12-29] (Adobe Systems Incorporated)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-19] (Canon Inc.)
Duplicate & Similar Photo Cleaner -> C:\Program Files\WindowsApps\53354DuckheadSoftware.497213958DCA8_16.0.5.0_x64__2gc4m0bggm024 [2022-01-04] (Duckhead Software)
HEIC to JPEG (FREE) -> C:\Program Files\WindowsApps\53354DuckheadSoftware.HEICtoJPEGFREE_6.2.29.0_x64__2gc4m0bggm024 [2022-01-01] (Duckhead Software)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.1050.0_x64__8wekyb3d8bbwe [2022-01-10] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation)
Python 3.9 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.2544.0_x64__qbz5n2kfra8p0 [2021-11-26] (Python Software Foundation)
Raw Image Extension -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.0.23022.0_x64__8wekyb3d8bbwe [2021-12-10] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0 [2022-01-08] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-442883875-2476310825-192517120-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A548EF5CC59A} -> [Creative Cloud Files] => C:\Users\Richard\Creative Cloud Files [2020-12-29 23:13]
CustomCLSID: HKU\S-1-5-21-442883875-2476310825-192517120-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-442883875-2476310825-192517120-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-442883875-2476310825-192517120-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-01-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2021-11-24] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-01-13] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Richard\Desktop\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Richard\Desktop\Google Keep.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=eilembjdkfgodjkcjnpgpaenohkicgjd
ShortcutWithArgument: C:\Users\Richard\Desktop\Money owed to Mum - Google Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=khbepoaahamoaeiglfcfkmkcapnpdibn
ShortcutWithArgument: C:\Users\Richard\Desktop\Mum's and My Account.xlsx - Google Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=koalcaphaccbalopeaahlekhfjogmabe
ShortcutWithArgument: C:\Users\Richard\Desktop\Shared account - my share in atom - Google Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kiicbccacdiggidgcbmleegjjonjfkam
ShortcutWithArgument: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=eilembjdkfgodjkcjnpgpaenohkicgjd
ShortcutWithArgument: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Money owed to Mum - Google Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=khbepoaahamoaeiglfcfkmkcapnpdibn
ShortcutWithArgument: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Mum's and My Account.xlsx - Google Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=koalcaphaccbalopeaahlekhfjogmabe
ShortcutWithArgument: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Shared account - my share in atom - Google Sheets.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kiicbccacdiggidgcbmleegjjonjfkam
ShortcutWithArgument: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (anaconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Richard\anaconda3\Scripts\activate.bat C:\Users\Richard\anaconda3

==================== Loaded Modules (Whitelisted) =============

2021-10-25 11:31 - 2021-10-25 11:31 - 013525504 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avcodec-58.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 002586112 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avformat-58.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000658944 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\avutil-56.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000135680 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\brotlicommon.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000041984 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\brotlidec.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000056320 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\bz2.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 001130496 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\cairo.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000222208 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\fontconfig.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000009728 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\libcharset.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000117248 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\libexpat.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000918016 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\libiconv.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000164864 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\libpng16.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000152576 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\swresample-3.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000611328 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\swscale-5.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000074752 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\zlib1.dll
2021-04-05 19:38 - 2020-09-21 14:41 - 000182272 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\_cffi_backend.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-06-25 22:39 - 000194048 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\_yaml.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-06-03 09:50 - 000830464 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\brotli\_brotli.cp38-win_amd64.pyd
2021-04-05 19:38 - 2019-11-11 16:14 - 000014848 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\markupsafe\_speedups.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-06-11 13:39 - 000012288 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\menuinst\winshortcut.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-08-25 15:46 - 000074240 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\psutil\_psutil_windows.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-09-15 03:50 - 000033280 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\pvectorc.cp38-win_amd64.pyd
2021-04-05 19:38 - 2019-11-22 18:56 - 002218496 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\PyQt5\QtCore.pyd
2021-04-05 19:38 - 2019-11-22 18:54 - 002338304 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\PyQt5\QtGui.pyd
2021-04-05 19:38 - 2019-11-22 18:58 - 000113152 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\PyQt5\QtSvg.pyd
2021-04-05 19:38 - 2019-11-22 18:53 - 004955648 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\PyQt5\QtWidgets.pyd
2021-04-05 19:38 - 2020-01-15 15:54 - 000142336 _____ () [File not signed] C:\Users\Richard\anaconda3\Lib\site-packages\pywin32_system32\pywintypes38.dll
2021-04-05 19:38 - 2020-06-25 17:29 - 000181248 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\ruamel_yaml\ext\_ruamel_yaml.cp38-win_amd64.pyd
2021-04-05 19:38 - 2019-11-08 07:58 - 000107520 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\sip.pyd
2021-04-05 19:38 - 2020-03-12 15:28 - 000010240 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\tornado\speedups.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-01-15 15:55 - 000010752 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\win32\_win32sysloader.pyd
2021-04-05 19:38 - 2020-01-15 15:54 - 000142336 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\win32\pywintypes38.dll
2021-04-05 19:38 - 2020-01-15 15:55 - 000134144 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\win32\win32api.pyd
2021-04-05 19:38 - 2020-01-15 15:55 - 000060928 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\win32\win32console.pyd
2021-04-05 19:38 - 2020-01-15 15:54 - 000145920 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\win32\win32security.pyd
2021-04-05 19:38 - 2020-01-15 15:58 - 000552448 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\win32comext\shell\shell.pyd
2021-04-05 19:38 - 2019-12-16 16:27 - 000072192 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\winpty\cywinpty.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-09-18 15:23 - 000049664 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\zmq\backend\cython\_device.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-09-18 15:23 - 000060928 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\zmq\backend\cython\_poll.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-09-18 15:23 - 000045056 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\zmq\backend\cython\_proxy_steerable.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-09-18 15:23 - 000029696 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\zmq\backend\cython\_version.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-09-18 15:23 - 000067072 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\zmq\backend\cython\constants.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-09-18 15:23 - 000059392 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\zmq\backend\cython\context.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-09-18 15:23 - 000031232 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\zmq\backend\cython\error.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-09-18 15:23 - 000083456 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\zmq\backend\cython\message.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-09-18 15:23 - 000126976 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\zmq\backend\cython\socket.cp38-win_amd64.pyd
2021-04-05 19:38 - 2020-09-18 15:23 - 000040448 _____ () [File not signed] C:\Users\Richard\anaconda3\lib\site-packages\zmq\backend\cython\utils.cp38-win_amd64.pyd
2021-04-05 19:38 - 2017-11-09 04:32 - 000229376 _____ () [File not signed] C:\Users\Richard\anaconda3\Library\bin\libjpeg.dll
2021-04-05 19:38 - 2019-04-23 17:51 - 000192512 _____ () [File not signed] C:\Users\Richard\anaconda3\Library\bin\libpng16.dll
2021-04-05 19:38 - 2020-02-14 16:20 - 000307712 _____ () [File not signed] C:\Users\Richard\anaconda3\Library\bin\libsodium.dll
2021-04-05 19:38 - 2020-01-15 15:56 - 000579584 _____ () [File not signed] C:\Users\Richard\anaconda3\Library\bin\pythoncom38.dll
2021-04-05 19:38 - 2020-08-20 10:00 - 001549824 _____ () [File not signed] C:\Users\Richard\anaconda3\Library\bin\sqlite3.dll
2021-04-05 19:38 - 2018-02-02 17:44 - 002509089 _____ () [File not signed] C:\Users\Richard\anaconda3\Library\bin\winpty.dll
2021-04-05 19:38 - 2020-06-25 20:16 - 000103936 _____ () [File not signed] C:\Users\Richard\anaconda3\Library\bin\yaml.dll
2021-04-05 19:38 - 2020-04-18 10:15 - 000084992 _____ () [File not signed] C:\Users\Richard\anaconda3\Library\bin\zlib.dll
2021-01-30 12:18 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2021-04-05 19:38 - 2020-09-10 12:36 - 000453120 _____ (iMatix Corporation) [File not signed] C:\Users\Richard\anaconda3\Library\bin\libzmq-mt-4_3_2.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000055808 _____ (Open Source Software community LGPL) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\pthreadVC2.dll
2021-04-05 19:38 - 2020-09-04 02:29 - 000056320 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\_asyncio.pyd
2021-04-05 19:38 - 2020-09-04 02:29 - 000076800 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\_bz2.pyd
2021-04-05 19:39 - 2020-09-04 02:29 - 000117248 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\_ctypes.pyd
2021-04-05 19:38 - 2020-09-04 02:29 - 000260608 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\_decimal.pyd
2021-04-05 19:38 - 2020-09-04 02:29 - 000169472 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\_elementtree.pyd
2021-04-05 19:38 - 2020-09-04 02:29 - 000038400 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\_hashlib.pyd
2021-04-05 19:38 - 2020-09-04 02:30 - 000155648 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\_lzma.pyd
2021-04-05 19:38 - 2020-09-04 02:29 - 000038400 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\_overlapped.pyd
2021-04-05 19:38 - 2020-09-04 02:29 - 000020992 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\_queue.pyd
2021-04-05 19:38 - 2020-09-04 02:29 - 000071680 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\_socket.pyd
2021-04-05 19:38 - 2020-09-04 02:29 - 000080384 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\_sqlite3.pyd
2021-04-05 19:38 - 2020-09-04 02:29 - 000144896 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\_ssl.pyd
2021-04-05 19:38 - 2020-09-04 02:29 - 000182272 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\pyexpat.pyd
2021-04-05 19:38 - 2020-09-04 02:29 - 000019968 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\select.pyd
2021-04-05 19:38 - 2020-09-04 02:29 - 001089024 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\DLLs\unicodedata.pyd
2021-04-05 19:38 - 2020-09-04 02:29 - 000051712 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\python3.DLL
2021-04-05 19:38 - 2020-09-04 02:29 - 004204544 _____ (Python Software Foundation) [File not signed] C:\Users\Richard\anaconda3\python38.dll
2021-12-03 13:17 - 2021-12-03 13:17 - 004578816 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\NativeSamsungDexFramework.dll
2021-12-03 13:16 - 2021-12-03 13:16 - 002832384 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\SCommon.dll
2021-12-03 13:14 - 2021-12-03 13:14 - 006556672 _____ (Samsung Electronics Co., Ltd.) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\SLocales.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000539136 _____ (The FreeType Project) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\freetype.dll
2021-04-05 19:38 - 2020-04-27 22:18 - 026216448 _____ (The ICU Project) [File not signed] C:\Users\Richard\anaconda3\Library\bin\icudt58.dll
2021-04-05 19:38 - 2020-04-27 22:18 - 002668544 _____ (The ICU Project) [File not signed] C:\Users\Richard\anaconda3\Library\bin\icuin58.dll
2021-04-05 19:38 - 2020-04-27 22:18 - 001896960 _____ (The ICU Project) [File not signed] C:\Users\Richard\anaconda3\Library\bin\icuuc58.dll
2021-04-05 19:39 - 2020-09-22 13:53 - 003409408 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\Richard\anaconda3\Library\bin\libcrypto-1_1-x64.dll
2021-04-05 19:38 - 2020-09-22 13:53 - 000682496 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Users\Richard\anaconda3\Library\bin\libssl-1_1-x64.dll
2021-04-05 19:39 - 2018-12-12 20:38 - 005109760 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\bin\Qt5Core.dll
2021-04-05 19:38 - 2018-12-12 20:39 - 005924352 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\bin\Qt5Gui.dll
2021-04-05 19:38 - 2018-12-12 20:40 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\bin\Qt5Svg.dll
2021-04-05 19:38 - 2018-12-12 20:39 - 005572608 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\bin\Qt5Widgets.dll
2021-04-05 19:38 - 2018-12-12 20:40 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\plugins\iconengines\qsvgicon.dll
2021-04-05 19:38 - 2018-12-12 20:39 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\plugins\imageformats\qgif.dll
2021-04-05 19:38 - 2018-12-12 20:40 - 000040960 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\plugins\imageformats\qicns.dll
2021-04-05 19:38 - 2018-12-12 20:39 - 000032256 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\plugins\imageformats\qico.dll
2021-04-05 19:38 - 2018-12-12 20:39 - 000038400 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\plugins\imageformats\qjpeg.dll
2021-04-05 19:38 - 2018-12-12 20:40 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\plugins\imageformats\qsvg.dll
2021-04-05 19:38 - 2018-12-12 20:40 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\plugins\imageformats\qtga.dll
2021-04-05 19:38 - 2018-12-12 20:40 - 000371200 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\plugins\imageformats\qtiff.dll
2021-04-05 19:38 - 2018-12-12 20:40 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\plugins\imageformats\qwbmp.dll
2021-04-05 19:38 - 2018-12-12 20:40 - 000505856 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\plugins\imageformats\qwebp.dll
2021-04-05 19:38 - 2018-12-12 20:40 - 001264128 _____ (The Qt Company Ltd.) [File not signed] C:\Users\Richard\anaconda3\Library\plugins\platforms\qwindows.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\BASS.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000019008 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\BASSCD.dll
2021-10-25 11:31 - 2021-10-25 11:31 - 000017472 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\Samsung\Samsung DeX\BASSWMA.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-29] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 09:14 - 2019-12-07 09:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2021-11-26 15:09 - 2021-11-26 15:14 - 000000446 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;c:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;c:\Program Files\Intel\Intel(R) Management Engine Components\DAL;c:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;c:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-442883875-2476310825-192517120-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F3527143-FF97-4992-8C17-028849482140}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{A6405ACD-3F0D-4386-B262-73DAA00CAB6F}] => (Allow) C:\Users\Richard\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{DF84C34F-41BD-4795-91F2-BC20C16A13B0}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe (MetaQuotes Ltd. -> MetaQuotes Ltd.)
FirewallRules: [{199460BB-07EF-4832-BE8D-EEE617F56287}] => (Allow) C:\Program Files\Easeware\DriverEasy\DriverEasy.exe (Easeware Technology Limited -> Easeware)
FirewallRules: [{59C3507F-B05D-4977-AB1D-B2EB2AAC1855}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{136D44DA-326F-4882-858D-60F4E54B4A9B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{F4C32A38-F41A-449D-B535-A0D3523CB17F}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{39C34FB0-9D87-4E7D-A6E6-BE7A231AA992}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0C9F754B-CD20-4073-92CD-599828830ED3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{865066EF-B3FC-4223-B207-1BC30EB1837F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7709030C-8E2A-40AD-B55A-03686E4EC7D3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{43B4C569-799D-4CC8-B6F6-BC2BC94B2D0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{332E9DB5-1480-44DE-9BD9-61AF830D492F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{38FBC7EF-4863-48C1-92BE-E2922CADAF2C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{FEBDD48C-943C-4B62-8719-E63DF6D60BBD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CAFE2FF9-4063-4809-8B4B-E73E3400FDD5}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FF10F052-8D44-4412-B750-F908C327DC09}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D5564DEB-18FF-4B1E-A11D-6824D1CE6F43}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{FA844100-53AE-49FA-9796-FEBDE609BFB8}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{6EF2CD72-E4B1-44FC-B41B-765C6CDE461C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{20772815-BB7B-442A-A633-864AD9867AE5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{25B59D4F-AAD7-48E0-AC4C-5FFD27712306}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7AEFDC04-F7E3-467B-8D4A-67279993F751}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7BD6BD2B-A652-4FC9-B81A-1F008988830B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1712C246-33AB-48ED-9932-CEFD4A14AEF5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3AFBCE28-84C7-48C2-A667-8D70D8716E1F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{154CC0DA-C2D1-4263-9201-AF8AA00FFA2E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6DAA1762-64E3-4CF7-9832-9D2F05098622}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{79DADB5F-C9F5-4960-8EDA-943A8E732C3E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.176.447.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

29-12-2021 22:57:01 Samsung DeX
01-01-2022 16:21:26 Installed QuickTime 7
10-01-2022 00:42:36 Scheduled Checkpoint
11-01-2022 23:42:55 Windows Modules Installer
11-01-2022 23:46:32 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: BCM20702A0
Description: BCM20702A0
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/11/2022 11:46:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service AVG Tools since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (01/11/2022 11:46:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service AVG Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (01/11/2022 11:46:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service avgbIDSAgent since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (01/11/2022 11:46:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avgVmm.

System Error:
The system cannot find the file specified.
.

Error: (01/11/2022 11:46:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avgbuniv.

System Error:
The system cannot find the file specified.
.

Error: (01/11/2022 11:46:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avgbidsh.

System Error:
The system cannot find the file specified.
.

Error: (01/11/2022 11:46:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avgSP.

System Error:
The system cannot find the file specified.
.

Error: (01/11/2022 11:46:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avgMonFlt.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (01/14/2022 04:47:52 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TPBF3NR)
Description: The server microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.

Error: (01/12/2022 12:23:08 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TPBF3NR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/12/2022 12:23:08 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TPBF3NR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/12/2022 12:23:08 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TPBF3NR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/12/2022 12:23:08 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TPBF3NR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/12/2022 12:23:08 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TPBF3NR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/12/2022 12:23:07 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TPBF3NR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (01/12/2022 12:23:07 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TPBF3NR)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
================
Date: 2022-01-11 21:23:18
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-01-11 21:11:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-01-11 17:20:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-01-10 14:42:17
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-01-07 17:34:32
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:

Date: 2022-01-07 11:14:57
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.355.1499.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18800.4
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2022-01-07 11:14:57
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.355.1499.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.18800.4
Error code: 0x80240022
Error description: The program can't check for definition updates.

CodeIntegrity:
===============
Date: 2022-01-11 20:42:24
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2022-01-11 20:42:24
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: LENOVO G2ETB7WW (2.77 ) 09/24/2019
Motherboard: LENOVO 23252S4
Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 44%
Total physical RAM: 16060.3 MB
Available physical RAM: 8929.48 MB
Total Virtual: 21180.3 MB
Available Virtual: 12627.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.71 GB) (Free:225.36 GB) NTFS

\\?\Volume{078a219e-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 078A219E)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,759
Hi, Oct123.

Thanks for you patience.

Welcome to TSG Forums.


I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


==============================

I will review your logs and be back to you as soon as I am ready.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,759
Hi.

My first comments/instructions:

1. Uninstall programs
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
Code:
Driver Easy 5.6.15
Duplicate Photos Fixer Pro
  • Select the above programs, one by one, and click Uninstall.
  • Restart the computer.

2. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.[/*]
Code:
Start::
CreateRestorePoint:
CloseProcesses:
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1188.1 - AVG Technologies) Hidden
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\MountPoints2: {35cdbbba-4c21-11eb-b71a-3c970ee47275} - "D:\HiSuiteDownLoader.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5E54D055-5FD2-4285-9DD0-8B0B20226B64} - System32\Tasks\SVC Update => C:\Windows\explorer.exe "hxxps://destyy.com/w2S0D1" <==== ATTENTION
Task: {698B7430-D9E8-4AFC-9D8A-5D95D56FBAAA} - System32\Tasks\Duplicate Photos Fixer ProNotifier => C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe [306440 2021-11-25] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {A2D0874B-102B-4236-8F1C-0AA192AC50CE} - System32\Tasks\Duplicate Photos Fixer Pro_updates => C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe [8201992 2021-11-25] (SYSTWEAK SOFTWARE -> Systweak)
Task: {C1696DA6-A81F-4E15-87A4-86B74D8FFCE3} - System32\Tasks\Duplicate Photos Fixer ProNotifier_trigger => C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe [306440 2021-11-25] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {C6E17AD5-1EBA-4208-8541-8EA8A2DBC69A} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3817392 2020-06-18] (Easeware Technology Limited -> Easeware)
Task: {C6E17AD5-1EBA-4208-8541-8EA8A2DBC69A} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3817392 2020-06-18] (Easeware Technology Limited -> Easeware)
Task: {E9906361-7D8F-4CE2-905C-CB5A434B312C} - System32\Tasks\Duplicate Photos Fixer ProNotifier_startup => C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe [306440 2021-11-25] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Edge Notifications: Default -> hxxps://en.softonic.com; hxxps://www.hotdeals.com
CHR Notifications: Default -> hxxps://209303103311267.webpush.freshchat.com; hxxps://aspireglobal.eu.webpush.freshchat.com; hxxps://calendar.google.com; hxxps://metro.co.uk; hxxps://oanda.secure.force.com; hxxps://secretldn.com; hxxps://uk.mail.yahoo.com; hxxps://uk.pcmag.com; hxxps://www.bristolpost.co.uk; hxxps://www.buyagift.co.uk; hxxps://www.facebook.com; hxxps://www.grandnational.org.uk; hxxps://www.hertfordshiremercury.co.uk; hxxps://www.lightinthebox.com; hxxps://www.marksandspencer.com; hxxps://www.myvouchercodes.co.uk; hxxps://www.netflix.com; hxxps://www.oliverstravels.com; hxxps://www.qmee.com; hxxps://www.topcashback.co.uk; hxxps://www.vouchercloud.com
2022-01-11 20:40 - 2022-01-12 21:04 - 000000000 ____D C:\ProgramData\AVG
2022-01-11 20:40 - 2022-01-11 20:40 - 000224072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Richard\Downloads\avg_antivirus_free_setup.exe
2022-01-03 07:57 - 2022-01-12 00:24 - 000000000 ____D C:\Program Files (x86)\Duplicate Photos Fixer Pro
2022-01-03 07:57 - 2022-01-09 16:44 - 000003306 _____ C:\Windows\system32\Tasks\Duplicate Photos Fixer ProNotifier
2022-01-03 07:57 - 2022-01-03 07:57 - 000003866 _____ C:\Windows\system32\Tasks\Duplicate Photos Fixer Pro_updates
2022-01-03 07:57 - 2022-01-03 07:57 - 000003374 _____ C:\Windows\system32\Tasks\Duplicate Photos Fixer ProNotifier_trigger
2022-01-03 07:57 - 2022-01-03 07:57 - 000003294 _____ C:\Windows\system32\Tasks\Duplicate Photos Fixer ProNotifier_startup
2022-01-03 07:57 - 2022-01-03 07:57 - 000001277 _____ C:\Users\Public\Desktop\Duplicate Photos Fixer Pro.lnk
2022-01-03 07:57 - 2022-01-03 07:57 - 000000000 ____D C:\Users\Richard\AppData\Roaming\DPFXR
2022-01-03 07:57 - 2022-01-03 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photos Fixer Pro
2022-01-03 07:56 - 2022-01-03 07:56 - 010332632 _____ (Systweak Software ) C:\Users\Richard\Downloads\dpfsetupipg_googleadw-dpf_gads_uk_ext7.exe
2022-01-03 07:56 - 2022-01-03 07:56 - 000000000 ____D C:\Users\Richard\AppData\Roaming\Systweak
2022-01-01 18:52 - 2022-01-01 18:52 - 010608968 _____ (Ursa Minor Ltd ) C:\Users\Richard\Downloads\CopyTransHEICforWindowsv1.009 (1).exe
2022-01-01 18:46 - 2022-01-01 18:46 - 000000000 ____D C:\ProgramData\Avast Software
2022-01-01 18:45 - 2022-01-01 18:46 - 000234272 _____ (AVAST Software) C:\Users\Richard\Downloads\avast_one_essential_setup_online.exe
C:\Program Files (x86)\Duplicate Photos Fixer Pro
C:\Program Files\Easeware
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

In your next reply please post:
  1. The fixlog.txt
 

Oct123

Thread Starter
Joined
Jan 14, 2022
Messages
5
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-01-2022
Ran by Richard (17-01-2022 19:07:10) Run:1
Running from C:\Users\Richard\Downloads
Loaded Profiles: Richard
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1188.1 - AVG Technologies) Hidden
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
HKU\S-1-5-21-442883875-2476310825-192517120-1001\...\MountPoints2: {35cdbbba-4c21-11eb-b71a-3c970ee47275} - "D:\HiSuiteDownLoader.exe"
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {5E54D055-5FD2-4285-9DD0-8B0B20226B64} - System32\Tasks\SVC Update => C:\Windows\explorer.exe "hxxps://destyy.com/w2S0D1" <==== ATTENTION
Task: {698B7430-D9E8-4AFC-9D8A-5D95D56FBAAA} - System32\Tasks\Duplicate Photos Fixer ProNotifier => C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe [306440 2021-11-25] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {A2D0874B-102B-4236-8F1C-0AA192AC50CE} - System32\Tasks\Duplicate Photos Fixer Pro_updates => C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe [8201992 2021-11-25] (SYSTWEAK SOFTWARE -> Systweak)
Task: {C1696DA6-A81F-4E15-87A4-86B74D8FFCE3} - System32\Tasks\Duplicate Photos Fixer ProNotifier_trigger => C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe [306440 2021-11-25] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: {C6E17AD5-1EBA-4208-8541-8EA8A2DBC69A} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3817392 2020-06-18] (Easeware Technology Limited -> Easeware)
Task: {C6E17AD5-1EBA-4208-8541-8EA8A2DBC69A} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3817392 2020-06-18] (Easeware Technology Limited -> Easeware)
Task: {E9906361-7D8F-4CE2-905C-CB5A434B312C} - System32\Tasks\Duplicate Photos Fixer ProNotifier_startup => C:\Program Files (x86)\Duplicate Photos Fixer Pro\DPFNotifier.exe [306440 2021-11-25] (SYSTWEAK SOFTWARE -> Systweak Software)
Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Edge Notifications: Default -> hxxps://en.softonic.com; hxxps://www.hotdeals.com
CHR Notifications: Default -> hxxps://209303103311267.webpush.freshchat.com; hxxps://aspireglobal.eu.webpush.freshchat.com; hxxps://calendar.google.com; hxxps://metro.co.uk; hxxps://oanda.secure.force.com; hxxps://secretldn.com; hxxps://uk.mail.yahoo.com; hxxps://uk.pcmag.com; hxxps://www.bristolpost.co.uk; hxxps://www.buyagift.co.uk; hxxps://www.facebook.com; hxxps://www.grandnational.org.uk; hxxps://www.hertfordshiremercury.co.uk; hxxps://www.lightinthebox.com; hxxps://www.marksandspencer.com; hxxps://www.myvouchercodes.co.uk; hxxps://www.netflix.com; hxxps://www.oliverstravels.com; hxxps://www.qmee.com; hxxps://www.topcashback.co.uk; hxxps://www.vouchercloud.com
2022-01-11 20:40 - 2022-01-12 21:04 - 000000000 ____D C:\ProgramData\AVG
2022-01-11 20:40 - 2022-01-11 20:40 - 000224072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Richard\Downloads\avg_antivirus_free_setup.exe
2022-01-03 07:57 - 2022-01-12 00:24 - 000000000 ____D C:\Program Files (x86)\Duplicate Photos Fixer Pro
2022-01-03 07:57 - 2022-01-09 16:44 - 000003306 _____ C:\Windows\system32\Tasks\Duplicate Photos Fixer ProNotifier
2022-01-03 07:57 - 2022-01-03 07:57 - 000003866 _____ C:\Windows\system32\Tasks\Duplicate Photos Fixer Pro_updates
2022-01-03 07:57 - 2022-01-03 07:57 - 000003374 _____ C:\Windows\system32\Tasks\Duplicate Photos Fixer ProNotifier_trigger
2022-01-03 07:57 - 2022-01-03 07:57 - 000003294 _____ C:\Windows\system32\Tasks\Duplicate Photos Fixer ProNotifier_startup
2022-01-03 07:57 - 2022-01-03 07:57 - 000001277 _____ C:\Users\Public\Desktop\Duplicate Photos Fixer Pro.lnk
2022-01-03 07:57 - 2022-01-03 07:57 - 000000000 ____D C:\Users\Richard\AppData\Roaming\DPFXR
2022-01-03 07:57 - 2022-01-03 07:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photos Fixer Pro
2022-01-03 07:56 - 2022-01-03 07:56 - 010332632 _____ (Systweak Software ) C:\Users\Richard\Downloads\dpfsetupipg_googleadw-dpf_gads_uk_ext7.exe
2022-01-03 07:56 - 2022-01-03 07:56 - 000000000 ____D C:\Users\Richard\AppData\Roaming\Systweak
2022-01-01 18:52 - 2022-01-01 18:52 - 010608968 _____ (Ursa Minor Ltd ) C:\Users\Richard\Downloads\CopyTransHEICforWindowsv1.009 (1).exe
2022-01-01 18:46 - 2022-01-01 18:46 - 000000000 ____D C:\ProgramData\Avast Software
2022-01-01 18:45 - 2022-01-01 18:46 - 000234272 _____ (AVAST Software) C:\Users\Richard\Downloads\avast_one_essential_setup_online.exe
C:\Program Files (x86)\Duplicate Photos Fixer Pro
C:\Program Files\Easeware
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}\\SystemComponent" => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKU\S-1-5-21-442883875-2476310825-192517120-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35cdbbba-4c21-11eb-b71a-3c970ee47275} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E54D055-5FD2-4285-9DD0-8B0B20226B64}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E54D055-5FD2-4285-9DD0-8B0B20226B64}" => removed successfully
C:\Windows\System32\Tasks\SVC Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SVC Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{698B7430-D9E8-4AFC-9D8A-5D95D56FBAAA}" => not found
"C:\Windows\System32\Tasks\Duplicate Photos Fixer ProNotifier" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Duplicate Photos Fixer ProNotifier" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2D0874B-102B-4236-8F1C-0AA192AC50CE}" => not found
"C:\Windows\System32\Tasks\Duplicate Photos Fixer Pro_updates" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Duplicate Photos Fixer Pro_updates" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1696DA6-A81F-4E15-87A4-86B74D8FFCE3}" => not found
"C:\Windows\System32\Tasks\Duplicate Photos Fixer ProNotifier_trigger" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Duplicate Photos Fixer ProNotifier_trigger" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6E17AD5-1EBA-4208-8541-8EA8A2DBC69A}" => not found
"C:\Windows\System32\Tasks\Driver Easy Scheduled Scan" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Easy Scheduled Scan" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6E17AD5-1EBA-4208-8541-8EA8A2DBC69A}" => not found
"C:\Windows\System32\Tasks\Driver Easy Scheduled Scan" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Easy Scheduled Scan" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9906361-7D8F-4CE2-905C-CB5A434B312C}" => not found
"C:\Windows\System32\Tasks\Duplicate Photos Fixer ProNotifier_startup" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Duplicate Photos Fixer ProNotifier_startup" => not found
"C:\Windows\Tasks\Driver Easy Scheduled Scan.job" => not found
"Edge Notifications" => removed successfully
"Chrome Notifications" => removed successfully
C:\ProgramData\AVG => moved successfully
C:\Users\Richard\Downloads\avg_antivirus_free_setup.exe => moved successfully
"C:\Program Files (x86)\Duplicate Photos Fixer Pro" => not found
"C:\Windows\system32\Tasks\Duplicate Photos Fixer ProNotifier" => not found
"C:\Windows\system32\Tasks\Duplicate Photos Fixer Pro_updates" => not found
"C:\Windows\system32\Tasks\Duplicate Photos Fixer ProNotifier_trigger" => not found
"C:\Windows\system32\Tasks\Duplicate Photos Fixer ProNotifier_startup" => not found
"C:\Users\Public\Desktop\Duplicate Photos Fixer Pro.lnk" => not found
C:\Users\Richard\AppData\Roaming\DPFXR => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photos Fixer Pro" => not found
C:\Users\Richard\Downloads\dpfsetupipg_googleadw-dpf_gads_uk_ext7.exe => moved successfully
"C:\Users\Richard\AppData\Roaming\Systweak" => not found
C:\Users\Richard\Downloads\CopyTransHEICforWindowsv1.009 (1).exe => moved successfully
C:\ProgramData\Avast Software => moved successfully
C:\Users\Richard\Downloads\avast_one_essential_setup_online.exe => moved successfully
"C:\Program Files (x86)\Duplicate Photos Fixer Pro" => not found
"C:\Program Files\Easeware" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45763840 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 52108970 B
Edge => 0 B
Chrome => 532319750 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 23316 B
NetworkService => 45548 B
Richard => 205337774 B

RecycleBin => 0 B
EmptyTemp: => 798.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:08:10 ====
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,759
Moving on.

1. Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

2. Run Malwarebytes (scan only)
  • Open Malwarebytes.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) the option is NOT checked.
    Under the title Potentially unwanted items all options are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

In your next reply, please post:
  1. Screenshot with the popup(s) (if they continue to appear)
  2. The AdwCleaner[S0*].txt
  3. The Malwarebytes report
 

Oct123

Thread Starter
Joined
Jan 14, 2022
Messages
5
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-17-2022
# Duration: 00:00:15
# OS: Windows 10 Home
# Scanned: 32026
# Detected: 18


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy SwagButton - gngocbkfmikdgphklgmmehbjjlfgdemm

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoEasyCamera Registry HKLM\Software\Sunplus SPUVCb
Preinstalled.LenovoEasyCamera Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Sunplus SPUVCb
Preinstalled.LenovoEasyCamera Registry HKU\.DEFAULT\Software\Sunplus SPUVCb
Preinstalled.LenovoEasyCamera Registry HKU\S-1-5-18\Software\Sunplus SPUVCb
Preinstalled.LenovoPowerManager Folder C:\Windows\SysWOW64\LENOVO\POWERMGR
Preinstalled.LenovoPowerManager Folder C:\Windows\System32\LENOVO\POWERMGR
Preinstalled.LenovoServiceBridge Folder C:\Users\Richard\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Preinstalled.LenovoUpdate Folder C:\Program Files (x86)\LENOVO\SYSTEM UPDATE
Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{03C6CC92-68F2-4961-9A73-CAECA350BD08}
Preinstalled.LenovoUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\TVSU_is1
Preinstalled.SonyPlayMemoriesHome File C:\Users\Public\Desktop\PlayMemories Home Help.lnk
Preinstalled.SonyPlayMemoriesHome File C:\Users\Public\Desktop\PlayMemories Home.lnk
Preinstalled.SonyPlayMemoriesHome Folder C:\Program Files (x86)\SONY\PLAYMEMORIES HOME
Preinstalled.SonyPlayMemoriesHome Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|PMBVolumeWatcher
Preinstalled.SonyPlayMemoriesHome Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|PMBVolumeWatcher
Preinstalled.SonyPlayMemoriesHome Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{AEB04E0E-0A28-4014-A96A-282E43B7227B}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,759
Hi, Oct123.

no pop ups this session
Excellent!

Next steps:

1. AdwCleaner (Clean mode)

Let me explain to you the log created by AdwCleaner:

The finding in Chromium part of the log, is a PUP which stands for Potentially Unwanted Programs. In the instructions below, I will list it to be removed.

The section at the bottom under Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

To proceed, please do the following:
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

2. Fresh FRST logs

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
  2. The fresh FRST logs, Addition and FRST.
  3. How is the computer running now?
 

Oct123

Thread Starter
Joined
Jan 14, 2022
Messages
5
Thank you. I have run the adwcleaner scan again, but there is nothing coming up that I think I should quarantine. They are programmes that I use (swagbucks, sony play memories and lenovo - this is the computer, but I'm not sure what each of these lenovo software do)

Do I still need to share any logs if I've not changed anything?

in terms of 3) I haven't seen the pop ups today.

One of the items we'd previously cleared was 'duplicate photos fixer', which is a possible cause. I ran that free version.

I purchased a similar programme 'duplicate and similar photo cleaner', through the microsoft store, but this seems ok.

please let me know if I still need to send/do anything.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,759
They are programmes that I use (swagbucks, sony play memories and lenovo - this is the computer, but I'm not sure what each of these lenovo software do)
OK, if you use them. Have in mind, however, that swagbucks was detected as a potentially unwanted program. The others, are all pre-installed software.

If everything is good now, the only remaining thing is your computer's upgrade. You are still running version 20H2, two major upgrades behind. It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

In case you decide to upgrade now:

This will reinstall and update the operating system and fix any corruptions, without removing any file or program.
  • Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
  • Save the tool on your Desktop and double click to run it.
  • On the License terms page, if you accept the license terms, select Accept.
  • On the What do you want to do page, select Upgrade this PC now, and then select Next.
  • Follow the instructions and select Keep personal files and apps, when you are asked to.
  • It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
  • After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.
Let me know if you want to upgrade now. Otherwise, I will give you instructions for the tools' we used removal and the creation of a fresh restore point.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top