Chrome Hijack, redirects to Pulpsearch.com and then quickly to Bing - Virus, Trojan, Spyware, and Malware Removal Help (2022)

Gary, I have a mesh wi-fi system. One primary and one node. They are both RT-AC68 models. I have a fiber optic modem from Hargray. It has no identifying marks or labels. I can ask them about it if you want. This problem does not occur using Edge. Also, I changed the default search engine in Chrome from Google to Bing and the hijack behavior stopped. Changed the default back to Google and the Hijack returns.

Kenny

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-06-2022

Ran by Kenny (administrator) on GHOST (Micro-Star International Co., Ltd. MS-7D25) (18-06-2022 11:18:40)

Running from C:\Users\Kenny\Desktop\06182022

Loaded Profiles: Kenny

Platform: Microsoft Windows 11 Pro Version 21H2 22000.739 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe

(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe

(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe ->) (Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

(C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Engine\CC_Engine_x64.exe

(C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.CentralServer.exe

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(C:\Program Files\WindowsApps\MicrosoftTeams_22133.500.1346.3200_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\101.0.1210.53\msedgewebview2.exe <12>

(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe

(Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe

(Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12>

(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe

(services.exe ->) (cFos Software GmbH -> cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe

(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\ENS\ensserver.exe

(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe

(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_03b951be52cd2aa9\OneApp.IGCC.WinService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_3ad50285c3647623\IntelCpHDCPSvc.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe

(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe

(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe

(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe

(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe

(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe

(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe

(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe

(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe

(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\MSI Center\Super Charger\MSI_Super_Charger_Service.exe

(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_05fe713c4fadacd3\RtkAudUService64.exe <2>

(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.425.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe

(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\MSI.TerminalServer.exe

(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe

(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Speed Up\StorageMonitor.exe

(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Center\True Color\New\MSI.True Color.exe

(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControlEngine.exe

(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe <4>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_05fe713c4fadacd3\RtkAudUService64.exe [3477960 2022-04-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288184 2022-05-09] (Intel Corporation -> Intel)

HKLM-x32\...\Run: [M17A] => C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [85912 2021-09-15] (Microsoft Windows Hardware Compatibility Publisher -> )

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [145344 2019-07-26] (Brother Industries, Ltd. -> Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3146752 2021-12-10] (Brother Industries, Ltd.) [File not signed]

HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3590656 2021-10-20] (Brother Industries, Ltd.) [File not signed]

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION

HKU\S-1-5-21-1342915427-4270335918-3763836606-1001\...\Run: [MicrosoftEdgeAutoLaunch_B0242E18BA481139F5D08829B62AFD0B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3595168 2022-06-16] (Microsoft Corporation -> Microsoft Corporation)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\102.0.5005.115\Installer\chrmstp.exe [2022-06-17] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04610426-F80F-4F3A-99C0-AE23E1A3350D} - System32\Tasks\MSI Task Host - LEDKeeper2_Host => C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LEDKeeper2.exe [2066672 2022-05-17] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)

Task: {081094BE-03D0-4942-BC53-57DAC40B61FA} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3231104 2022-05-02] (Intel Corporation -> Intel Corporation)

Task: {28DEAC9C-0989-4D23-8006-F4E38DB05696} - System32\Tasks\GoogleUpdateTaskMachineUA{4304F2F6-788A-49F9-81A2-7A3B0A8C8B07} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-06-17] (Google LLC -> Google LLC)

Task: {3FDAC5F0-5033-4FA3-AD9B-FF026139A809} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {400A01BF-E908-4393-BD39-31E386377BDA} /quiet /qn

Task: {3FDAC5F0-5033-4FA3-AD9B-FF026139A809} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run

Task: {4008DD43-77BD-45C2-8369-043B4C1FB774} - System32\Tasks\Microsoft\Windows\Clip\LicenseImdsIntegration => C:\Windows\system32\fclip.exe [480720 2022-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {96584DD1-C96E-4481-BBE5-52CD8F864854} - System32\Tasks\MicrosoftEdgeShadowStackRollbackTask => C:\Program Files (x86)\Microsoft\Edge\Application\102.0.1245.44\Installer\setup.exe [3256224 2022-06-18] (Microsoft Corporation -> Microsoft Corporation)

Task: {A3AF0887-3E4D-49DF-9E0A-17F5B8AA91B5} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"

Task: {E06411B7-EBFD-4F28-8994-090184DC3FD2} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [121605552 2022-05-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

Task: {E46B5154-0AB7-4FCC-A0CA-E7AE26207FDE} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3231104 2022-05-02] (Intel Corporation -> Intel Corporation)

Task: {FDADCFFA-469E-4C5B-8F5C-E7E894C1DEE6} - System32\Tasks\GoogleUpdateTaskMachineCore{D40880F3-1657-49A1-83C2-48976E5CC25D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [168632 2022-06-17] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{04a7a61e-2676-48bd-948b-7f269ec3f941}: [DhcpNameServer] 192.168.1.1

Edge:

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\Kenny\AppData\Local\Microsoft\Edge\User Data\Default [2022-06-18]

Chrome:

=======

CHR Profile: C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default [2022-06-18]

CHR HomePage: Default -> hxxps://news.google.com/?hl=en-US&gl=US&ceid=US:en

CHR StartupUrls: Default -> "hxxps://news.google.com/news/?gl=US&ned=us&hl=en","hxxps://www.google.com/"

CHR Extension: (Entanglement Web App) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2022-06-17]

CHR Extension: (HTTPS Everywhere) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2022-06-17]

CHR Extension: (Google Docs Offline) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-17]

CHR Extension: (Kindle Cloud Reader) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2022-06-17]

CHR Extension: (Google Keep Chrome Extension) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2022-06-17]

CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2022-06-17]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-17]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [321536 2021-12-06] (Brother Industries, Ltd.) [File not signed]

R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [602376 2021-07-29] (cFos Software GmbH -> cFos Software GmbH)

R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [39352 2022-05-09] (Intel Corporation -> Intel)

R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [184248 2022-05-09] (Intel Corporation -> Intel)

R2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2021-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )

R3 EPMVssEaseusProvider; C:\Windows\system32\dllhost.exe /Processid:{29F6C5E4-3B82-4176-BF91-BAE2681B2810} [45368 2021-06-05] (Microsoft Windows -> Microsoft Corporation)

R2 LightKeeperService; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\LightKeeperService.exe [86776 2020-12-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8677120 2022-06-17] (Malwarebytes Inc. -> Malwarebytes)

R2 MSI_Case_Service; C:\Program Files (x86)\MSI\MSI Center\Case\MSI_Case_Service.exe [60656 2022-05-16] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)

R2 MSI_Central_Service; C:\Program Files (x86)\MSI\MSI Center\MSI_Central_Service.exe [148720 2022-05-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)

R2 MSI_Super_Charger_Service; C:\Program Files (x86)\MSI\MSI Center\Super Charger\MSI_Super_Charger_Service.exe [37104 2022-05-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

R2 MSI_VoiceControl_Service; C:\Program Files (x86)\MSI\MSI Center\Voice Control\VoiceControl_Service.exe [34032 2022-05-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)

R2 Mystic_Light_Service; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Mystic_Light_Service.exe [37616 2022-04-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)

R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [360368 2022-05-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6207704 2022-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-06-15] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WMIRegistrationService; C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe [538736 2021-12-27] (Intel Corporation -> Intel Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [557056 2022-06-15] (Microsoft Windows -> Microsoft Corporation)

R1 cFosSpeed; C:\Windows\system32\DRIVERS\cfosspeed6.sys [1695016 2021-07-28] (cFos Software GmbH -> cFos Software GmbH)

S3 e2f68; C:\Windows\System32\drivers\e2f68.sys [485376 2021-06-01] (Microsoft Windows -> Intel Corporation)

R3 e2fnexpress; C:\Windows\System32\DriverStore\FileRepository\e2fn.inf_amd64_89417de64b74fa9c\e2fn.sys [1320608 2021-09-30] (Intel Corporation -> Intel Corporation)

R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )

S3 epmdkdrv; C:\Windows\system32\epmdkdrv.sys [36280 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> )

R0 EPMVolFl; C:\Windows\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows ® Codename Longhorn DDK provider)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2022-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R0 EUDCPEPM; C:\Windows\System32\drivers\EUDCPEPM.sys [76344 2020-12-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)

R1 EUEDKEPM; C:\Windows\system32\drivers\EUEDKEPM.sys [33712 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)

S3 Hsp; C:\Windows\System32\drivers\Hsp.sys [111960 2022-06-15] (Microsoft Windows -> Microsoft Corporation)

R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_e11257f05c0c2f89\iaLPSS2_GPIO2_ADL.sys [139928 2021-07-29] (Intel Corporation -> Intel Corporation)

S0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1587944 2021-12-16] (Intel Corporation -> Intel Corporation)

R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_19ceb7ce67a7cf8b\gna.sys [87200 2022-01-11] (Intel Corporation -> Intel Corporation)

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-06-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [192960 2022-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [74680 2022-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181992 2022-06-17] (Malwarebytes Inc. -> Malwarebytes)

R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)

R3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\MSI Center\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

R3 NTIOLib_CC_COMM; C:\Program Files (x86)\MSI\MSI Center\Lib\SYS\NTIOLib_X64.sys [28480 2022-04-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

R3 NTIOLib_CC_CPU; C:\Program Files (x86)\MSI\MSI Center\Super Charger\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Lib\NTIOLib_X64.sys [14288 2017-07-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)

S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49600 2022-06-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [443664 2022-06-15] (Microsoft Windows -> Microsoft Corporation)

(Video) How to Remove Virus from Google Chrome - Redirects, Popups, Yahoo, Bing

S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90384 2022-06-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-18 11:09 - 2022-06-18 11:18 - 000000000 ____D C:\Users\Kenny\Desktop\06182022

2022-06-18 11:00 - 2022-06-18 11:00 - 002368512 _____ (Farbar) C:\Users\Kenny\Downloads\Unconfirmed 703092.crdownload

2022-06-17 22:26 - 2022-06-17 22:26 - 000000000 ____D C:\Users\Kenny\AppData\Roaming\ControlCenter4

2022-06-17 22:24 - 2022-06-17 22:24 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys

2022-06-17 22:24 - 2022-06-17 22:24 - 000181992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys

2022-06-17 22:24 - 2022-06-17 22:24 - 000074680 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2022-06-17 21:42 - 2022-06-17 21:42 - 000001601 _____ C:\Users\Kenny\Desktop\AdwCleaner[C00]_Desktop06172022.txt

2022-06-17 21:40 - 2022-06-17 21:41 - 000000000 ____D C:\AdwCleaner

2022-06-17 21:39 - 2022-06-17 21:39 - 000005946 _____ C:\Users\Kenny\Desktop\Malwarebytes Scan of desktop PC 06172022A.txt

2022-06-17 21:33 - 2022-06-17 21:33 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys

2022-06-17 21:33 - 2022-06-17 21:33 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys

2022-06-17 21:33 - 2022-06-17 21:33 - 000002046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2022-06-17 21:33 - 2022-06-17 21:33 - 000002034 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2022-06-17 21:33 - 2022-06-17 21:33 - 000000000 ____D C:\Users\Kenny\AppData\Local\mbam

2022-06-17 21:33 - 2022-06-17 21:32 - 000158640 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys

2022-06-17 21:33 - 2022-06-17 21:32 - 000021480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys

2022-06-17 21:32 - 2022-06-17 21:32 - 000000000 ____D C:\ProgramData\Malwarebytes

2022-06-17 21:32 - 2022-06-17 21:32 - 000000000 ____D C:\Program Files\Malwarebytes

2022-06-17 18:08 - 2022-06-17 18:08 - 000072555 _____ C:\Users\Kenny\Desktop\Gmail - SpyHunter - Account Activation Key & Instructions.pdf

2022-06-17 18:06 - 2022-06-18 06:06 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE

2022-06-17 18:06 - 2022-06-17 18:06 - 000003642 _____ C:\Windows\system32\Tasks\PowerENGAGE

2022-06-17 18:06 - 2022-06-17 18:06 - 000000000 ____D C:\Users\Kenny\AppData\Roaming\PowerENGAGE

2022-06-17 18:05 - 2022-06-17 22:26 - 000000000 ____D C:\ProgramData\ControlCenter4

2022-06-17 18:05 - 2022-06-17 18:07 - 000000000 ____D C:\ProgramData\Brother

2022-06-17 18:05 - 2022-06-17 18:07 - 000000000 ____D C:\Program Files (x86)\Browny02

2022-06-17 18:05 - 2022-06-17 18:06 - 000000000 ____D C:\Program Files (x86)\ControlCenter4

2022-06-17 18:05 - 2022-06-17 18:05 - 000002138 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk

2022-06-17 18:05 - 2022-06-17 18:05 - 000001692 _____ C:\Users\Public\Desktop\Brother Utilities.lnk

2022-06-17 18:05 - 2022-06-17 18:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother

2022-06-17 18:05 - 2022-06-17 18:05 - 000000000 ____D C:\Program Files (x86)\ControlCenter4 CSDK

2022-06-17 18:05 - 2016-11-01 14:27 - 000090112 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrNetSti.dll

2022-06-17 18:05 - 2015-06-17 00:39 - 000252928 _____ (brother) C:\Windows\system32\NSSRH64.dll

2022-06-17 18:05 - 2013-07-03 14:46 - 000065024 _____ (Brother Industries,Ltd) C:\Windows\system32\Brnsplg.dll

2022-06-17 18:05 - 2013-03-08 18:45 - 000059904 _____ (Brother Industries,Ltd.) C:\Windows\system32\BrWiaNCp.dll

2022-06-17 18:05 - 2005-04-22 16:36 - 000143360 _____ C:\Windows\system32\BrSNMP64.dll

2022-06-17 18:04 - 2022-06-17 18:05 - 000000000 ____D C:\Program Files (x86)\Brother

2022-06-17 15:00 - 2022-06-17 15:00 - 000003496 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{4304F2F6-788A-49F9-81A2-7A3B0A8C8B07}

2022-06-17 15:00 - 2022-06-17 15:00 - 000003372 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{D40880F3-1657-49A1-83C2-48976E5CC25D}

2022-06-17 15:00 - 2022-06-17 15:00 - 000002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2022-06-17 15:00 - 2022-06-17 15:00 - 000002295 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2022-06-17 00:39 - 2022-06-18 11:18 - 000000000 ____D C:\FRST

2022-06-16 20:06 - 2022-06-16 20:06 - 000000115 _____ C:\Users\Kenny\Desktop\Firmware Update Utility Instructions and FAQ - Seagate Support US.url

2022-06-16 12:33 - 2022-06-16 22:41 - 000000000 ____D C:\Program Files (x86)\SeaTools5

2022-06-16 12:33 - 2022-06-16 12:33 - 000002024 _____ C:\Users\Public\Desktop\SeaTools.lnk

2022-06-16 12:33 - 2022-06-16 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaTools

2022-06-16 12:22 - 2022-06-17 22:26 - 000000000 ____D C:\Users\Kenny\AppData\Roaming\Samsung Magician

2022-06-16 12:22 - 2022-06-16 12:22 - 000003332 _____ C:\Windows\system32\Tasks\SamsungMagician

2022-06-16 12:22 - 2022-06-16 12:22 - 000001310 _____ C:\Users\Public\Desktop\Samsung Magician.lnk

2022-06-16 12:22 - 2022-06-16 12:22 - 000000000 ____D C:\ProgramData\Samsung

2022-06-16 12:22 - 2022-06-16 12:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician

2022-06-16 12:22 - 2022-06-16 12:22 - 000000000 ____D C:\Program Files (x86)\Samsung

2022-06-16 12:15 - 2022-06-16 12:15 - 000001197 _____ C:\Users\Public\Desktop\DriveImage XML.lnk

2022-06-16 12:15 - 2022-06-16 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software

2022-06-16 12:15 - 2022-06-16 12:15 - 000000000 ____D C:\Program Files (x86)\Runtime Software

2022-06-16 02:39 - 2022-06-16 02:42 - 000271498 _____ C:\Windows\ntbtlog.txt

2022-06-16 02:39 - 2022-06-16 02:39 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job

2022-06-16 00:51 - 2022-06-18 02:51 - 000004784 _____ C:\Windows\system32\Tasks\MicrosoftEdgeShadowStackRollbackTask

2022-06-15 17:09 - 2022-06-15 17:09 - 000000000 ____D C:\Windows\system32\HealthAttestationClient

2022-06-15 16:51 - 2022-06-15 16:52 - 000000000 ____D C:\Users\Kenny\AppData\Roaming\Process Hacker

2022-06-15 16:48 - 2022-06-17 21:36 - 000000000 ____D C:\Program Files\Process Hacker

2022-06-15 16:48 - 2022-06-15 16:48 - 000001572 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Viewer.lnk

2022-06-15 15:36 - 2022-06-18 11:05 - 000000000 ____D C:\Program Files (x86)\Google

2022-06-15 15:36 - 2022-06-17 15:00 - 000000000 ____D C:\Users\Kenny\AppData\Local\Google

2022-06-15 15:36 - 2022-06-15 15:36 - 000000000 ____D C:\Program Files\Google

2022-06-15 15:32 - 2022-06-15 15:32 - 054489096 _____ (EaseUS ) C:\Users\Kenny\Downloads\epm_ad_easeus.exe

2022-06-15 15:32 - 2022-06-15 15:32 - 001487168 _____ C:\Users\Kenny\Downloads\epm_trial_ad_install_20220615.440648a1110028.exe

2022-06-15 15:32 - 2022-06-15 15:32 - 000001374 _____ C:\Users\Public\Desktop\EaseUS Partition Master.lnk

2022-06-15 15:32 - 2022-06-15 15:32 - 000000000 ____D C:\ProgramData\SystemAcCrux

2022-06-15 15:32 - 2022-06-15 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master

2022-06-15 15:32 - 2022-06-15 15:32 - 000000000 ____D C:\Program Files (x86)\EaseUS

2022-06-15 15:32 - 2021-10-28 15:42 - 006009480 _____ C:\Windows\system32\BootMan.exe

2022-06-15 15:32 - 2021-10-28 15:42 - 003994760 _____ C:\Windows\SysWOW64\BootMan.exe

2022-06-15 15:32 - 2021-10-28 15:42 - 000024712 _____ C:\Windows\SysWOW64\EuEpmGdi.dll

2022-06-15 15:32 - 2021-10-28 15:42 - 000021128 _____ C:\Windows\system32\EuEpmGdi.dll

2022-06-15 15:32 - 2021-10-27 14:02 - 000174216 _____ C:\Windows\system32\setupepmdrvx64.exe

2022-06-15 15:32 - 2020-12-16 12:03 - 000000057 _____ C:\Windows\system32\setupepmdrv.ini

2022-06-15 15:32 - 2020-12-08 03:00 - 000076344 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EUDCPEPM.sys

2022-06-15 15:32 - 2020-02-23 17:54 - 000033712 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EUEDKEPM.sys

2022-06-15 15:32 - 2020-02-23 17:49 - 000036280 _____ C:\Windows\system32\epmdkdrv.sys

2022-06-15 15:32 - 2020-02-23 17:49 - 000030136 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\EPMVolFl.sys

2022-06-15 15:28 - 2022-06-15 15:28 - 020301720 _____ (LSoft Technologies Inc ) C:\Users\Kenny\Downloads\PartManFree-Setup.exe

2022-06-15 15:28 - 2022-06-15 15:28 - 000000000 ____D C:\Program Files\LSoft Technologies

2022-06-15 15:24 - 2022-06-15 15:24 - 002550832 _____ (The ICU Project) C:\Windows\system32\icu.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 002125824 _____ C:\Windows\system32\dwmscene.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 002080992 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000831488 _____ (Microsoft Corporation) C:\Windows\system32\Bubbles.scr

2022-06-15 15:24 - 2022-06-15 15:24 - 000774144 _____ C:\Windows\system32\FsNVSDeviceSource.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000643072 _____ C:\Windows\system32\SettingSyncDownloadHelper.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000614400 _____ C:\Windows\system32\TextInputMethodFormatter.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000557056 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr

2022-06-15 15:24 - 2022-06-15 15:24 - 000524288 _____ C:\Windows\system32\AssignedAccessCsp.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000523776 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe

2022-06-15 15:24 - 2022-06-15 15:24 - 000485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr

2022-06-15 15:24 - 2022-06-15 15:24 - 000464384 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe

2022-06-15 15:24 - 2022-06-15 15:24 - 000460800 _____ C:\Windows\SysWOW64\SettingSyncDownloadHelper.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000442368 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2022-06-15 15:24 - 2022-06-15 15:24 - 000372736 _____ C:\Windows\system32\hwreqchk.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000356352 _____ C:\Windows\system32\Windows.Internal.UI.Shell.WindowTabManager.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2022-06-15 15:24 - 2022-06-15 15:24 - 000339968 _____ C:\Windows\system32\pku2u.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000335872 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000335872 _____ C:\Windows\system32\Windows.Internal.UI.Dialogs.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000323584 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp

2022-06-15 15:24 - 2022-06-15 15:24 - 000299008 _____ C:\Windows\system32\EsclScan.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000294912 _____ C:\Windows\system32\pnpdiag.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000286720 _____ C:\Windows\system32\Microsoft.Bluetooth.Audio.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp

2022-06-15 15:24 - 2022-06-15 15:24 - 000253952 _____ (Microsoft Corporation) C:\Windows\system32\ssText3d.scr

2022-06-15 15:24 - 2022-06-15 15:24 - 000247808 _____ C:\Windows\SysWOW64\pku2u.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000210432 _____ C:\Windows\system32\CloudIdWxhExtension.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000208896 _____ C:\Windows\system32\BthpanContextHandler.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000208896 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codecp.acm

2022-06-15 15:24 - 2022-06-15 15:24 - 000196096 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codecp.acm

2022-06-15 15:24 - 2022-06-15 15:24 - 000180224 _____ C:\Windows\system32\EsclProtocol.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000180224 _____ C:\Windows\system32\CloudExperienceHostRedirection.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\Ribbons.scr

2022-06-15 15:24 - 2022-06-15 15:24 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\Mystify.scr

2022-06-15 15:24 - 2022-06-15 15:24 - 000167936 _____ C:\Windows\system32\DeviceUpdateCenterCsp.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000122880 _____ (Microsoft Corporation) C:\Windows\system32\remotesp.tsp

2022-06-15 15:24 - 2022-06-15 15:24 - 000098304 _____ C:\Windows\system32\sstpcfg.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000088064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remotesp.tsp

2022-06-15 15:24 - 2022-06-15 15:24 - 000086016 _____ C:\Windows\system32\printticketvalidation.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000086016 _____ C:\Windows\system32\CredProvCommonCore.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000079192 _____ C:\Windows\system32\Drivers\NDKPerf.sys

2022-06-15 15:24 - 2022-06-15 15:24 - 000077824 _____ C:\Windows\system32\APMonUI.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp

2022-06-15 15:24 - 2022-06-15 15:24 - 000069632 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000067528 _____ (Microsoft Corporation) C:\Windows\system32\msgsm32.acm

2022-06-15 15:24 - 2022-06-15 15:24 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\format.com

2022-06-15 15:24 - 2022-06-15 15:24 - 000063392 _____ (Microsoft Corporation) C:\Windows\system32\imaadp32.acm

2022-06-15 15:24 - 2022-06-15 15:24 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\scrnsave.scr

2022-06-15 15:24 - 2022-06-15 15:24 - 000061440 _____ (Microsoft Corporation) C:\Windows\system32\hidphone.tsp

2022-06-15 15:24 - 2022-06-15 15:24 - 000059264 _____ (Microsoft Corporation) C:\Windows\system32\msadp32.acm

2022-06-15 15:24 - 2022-06-15 15:24 - 000057344 _____ C:\Windows\system32\uwfservicingapi.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000051712 _____ C:\Windows\SysWOW64\CredProvCommonCore.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\more.com

2022-06-15 15:24 - 2022-06-15 15:24 - 000049152 _____ (Microsoft Corporation) C:\Windows\system32\mode.com

2022-06-15 15:24 - 2022-06-15 15:24 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\format.com

2022-06-15 15:24 - 2022-06-15 15:24 - 000042752 _____ C:\Windows\system32\wow64base.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000040960 _____ C:\Windows\system32\WsdProviderUtil.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000040960 _____ C:\Windows\system32\prxyqry.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\tree.com

2022-06-15 15:24 - 2022-06-15 15:24 - 000039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp

2022-06-15 15:24 - 2022-06-15 15:24 - 000038760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msgsm32.acm

2022-06-15 15:24 - 2022-06-15 15:24 - 000034112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imaadp32.acm

2022-06-15 15:24 - 2022-06-15 15:24 - 000033568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msadp32.acm

2022-06-15 15:24 - 2022-06-15 15:24 - 000032768 _____ C:\Windows\system32\agentactivationruntimestarter.exe

2022-06-15 15:24 - 2022-06-15 15:24 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrnsave.scr

2022-06-15 15:24 - 2022-06-15 15:24 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hidphone.tsp

2022-06-15 15:24 - 2022-06-15 15:24 - 000027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mode.com

2022-06-15 15:24 - 2022-06-15 15:24 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\more.com

(Video) How to Remove Poshukach Browser Hijacker | Poshukach Redirect search engine Virus Removal Guide

2022-06-15 15:24 - 2022-06-15 15:24 - 000019456 _____ C:\Windows\SysWOW64\WsdProviderUtil.dll

2022-06-15 15:24 - 2022-06-15 15:24 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tree.com

2022-06-15 15:24 - 2022-06-15 15:24 - 000015042 _____ C:\Windows\system32\DrtmAuthTxt.wim

2022-06-15 15:24 - 2022-06-15 15:24 - 000013824 _____ C:\Windows\SysWOW64\prxyqry.dll

2022-06-15 15:22 - 2022-06-15 15:22 - 000000000 ___HD C:\$WinREAgent

2022-06-15 15:22 - 2022-06-15 15:22 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

2022-06-15 15:19 - 2022-06-15 15:20 - 000000000 ____D C:\Windows\system32\MRT

2022-06-15 15:15 - 2022-06-16 09:00 - 000000000 ____D C:\Windows\Panther

2022-06-15 15:13 - 2021-12-16 03:46 - 001587944 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorVD.sys

2022-06-15 15:13 - 2021-12-16 03:46 - 000029416 _____ (Intel Corporation) C:\Windows\system32\RstMwEventLogMsg.dll

2022-06-15 15:10 - 2022-06-15 15:10 - 000017827 _____ C:\Windows\cFosSpeed_Setup_Log.txt

2022-06-15 15:10 - 2022-06-15 15:10 - 000000000 ____D C:\ProgramData\cFos

2022-06-15 15:10 - 2022-06-15 15:10 - 000000000 ____D C:\Program Files\cFosSpeed

2022-06-15 15:10 - 2021-07-28 20:07 - 001695016 _____ (cFos Software GmbH) C:\Windows\system32\Drivers\cfosspeed6.sys

2022-06-15 15:01 - 2022-06-15 15:01 - 000003176 _____ C:\Windows\system32\Tasks\MSI Task Host - LEDKeeper2_Host

2022-06-15 15:01 - 2022-06-15 15:01 - 000000000 ____D C:\Program Files\WD

2022-06-15 15:01 - 2022-06-15 15:01 - 000000000 ____D C:\Program Files\ENE

2022-06-15 15:01 - 2022-06-15 15:01 - 000000000 ____D C:\Program Files (x86)\ENE

2022-06-15 15:01 - 2020-05-12 04:28 - 000020992 _____ C:\Windows\system32\Drivers\ene.sys

2022-06-15 15:01 - 2020-01-19 22:49 - 000017424 _____ (MICSYS Technology Co., LTd) C:\Windows\system32\Drivers\MsIo64.sys

2022-06-15 14:58 - 2022-06-15 14:58 - 000000000 ____D C:\MSI

2022-06-15 14:58 - 2022-05-16 20:23 - 000013576 _____ (Windows ® Win 7 DDK provider) C:\Windows\acpimof.dll

2022-06-15 14:47 - 2022-06-16 14:34 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1342915427-4270335918-3763836606-1001

2022-06-15 14:47 - 2022-06-15 15:01 - 000000000 ____D C:\ProgramData\MSI

2022-06-15 14:43 - 2022-06-15 14:43 - 000000000 ____D C:\ProgramData\Intel Package Cache {9f9c9e51-d42f-4462-a27a-7d419da18045}

2022-06-15 14:43 - 2022-06-15 14:43 - 000000000 ____D C:\ProgramData\Intel Package Cache {58E22E6B-0E58-4E93-AF9A-036556EB66F5}

2022-06-15 14:43 - 2022-06-15 14:43 - 000000000 ____D C:\ProgramData\Intel Package Cache {1CEAC85D-2590-4760-800F-8DE5E91F3700}

2022-06-15 14:42 - 2022-06-15 14:42 - 000000000 ___HD C:\Program Files (x86)\Temp

2022-06-15 14:42 - 2022-06-15 14:42 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2022-06-15 14:42 - 2022-06-15 14:42 - 000000000 ____D C:\Users\Kenny\Intel

2022-06-15 14:42 - 2022-06-15 14:42 - 000000000 ____D C:\Program Files (x86)\Realtek

2022-06-15 14:42 - 2022-04-12 02:17 - 050822203 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT

2022-06-15 14:42 - 2021-05-17 12:50 - 002875968 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll

2022-06-15 14:40 - 2022-06-15 14:40 - 000003762 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132

2022-06-15 14:40 - 2022-06-15 14:40 - 000003670 _____ C:\Windows\system32\Tasks\USER_ESRV_SVC_QUEENCREEK

2022-06-15 14:40 - 2022-06-15 14:40 - 000003528 _____ C:\Windows\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon

2022-06-15 14:40 - 2022-06-15 14:40 - 000000000 ____D C:\Users\Kenny\AppData\Local\Intel

2022-06-15 14:40 - 2022-05-05 20:44 - 000041816 _____ C:\Windows\system32\Drivers\semav6msr64.sys

2022-06-15 14:39 - 2022-06-15 14:58 - 000000000 ____D C:\Program Files (x86)\MSI

2022-06-15 14:39 - 2022-06-15 14:53 - 000000000 ____D C:\Program Files (x86)\Intel

2022-06-15 14:39 - 2022-06-15 14:39 - 006351832 _____ (Intel) C:\Users\Kenny\Downloads\Intel-Driver-and-Support-Assistant-Installer.exe

2022-06-15 14:39 - 2022-06-15 14:39 - 000001510 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk

2022-06-15 14:38 - 2022-06-15 14:38 - 000000000 ____D C:\Users\Kenny\AppData\Local\Comms

2022-06-15 14:38 - 2022-04-12 02:33 - 006189504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys

2022-06-15 14:37 - 2022-06-15 14:54 - 000000000 ____D C:\ProgramData\Intel

2022-06-15 14:37 - 2022-06-15 14:37 - 000002354 _____ C:\Users\Kenny\Desktop\Microsoft Edge.lnk

2022-06-15 14:37 - 2022-06-15 14:37 - 000000000 ____D C:\Users\Kenny\AppData\LocalLow\Intel

2022-06-15 14:35 - 2022-06-15 15:20 - 000000000 ____D C:\Users\Kenny\AppData\Local\PlaceholderTileLogoFolder

2022-06-15 14:34 - 2022-06-15 15:02 - 000000000 ____D C:\ProgramData\Package Cache

2022-06-15 14:34 - 2022-06-15 14:56 - 000000000 ____D C:\Program Files\Intel

2022-06-15 14:28 - 2022-06-15 14:28 - 000000000 ____D C:\Users\Kenny\AppData\Local\PeerDistRepub

2022-06-15 14:23 - 2022-06-16 14:34 - 000003360 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1342915427-4270335918-3763836606-1001

2022-06-15 14:23 - 2022-06-16 14:34 - 000002396 _____ C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2022-06-15 14:23 - 2022-06-15 14:47 - 000000000 ___RD C:\Users\Kenny\OneDrive

2022-06-15 14:23 - 2022-06-15 14:23 - 000000000 ____D C:\Users\Kenny\AppData\Local\VirtualStore

2022-06-15 14:23 - 2022-06-15 14:23 - 000000000 ____D C:\ProgramData\Microsoft OneDrive

2022-06-15 14:21 - 2022-06-17 21:40 - 000000000 ____D C:\Users\Kenny\AppData\Local\D3DSCache

2022-06-15 14:21 - 2022-06-16 12:43 - 000000000 ____D C:\Users\Kenny\AppData\Local\Packages

2022-06-15 14:21 - 2022-06-16 12:43 - 000000000 ____D C:\ProgramData\Packages

2022-06-15 14:21 - 2022-06-15 14:42 - 000000000 ____D C:\Users\Kenny

2022-06-15 14:21 - 2022-06-15 14:38 - 000000000 ____D C:\Users\Kenny\AppData\Local\Publishers

2022-06-15 14:21 - 2022-06-15 14:21 - 000000020 ___SH C:\Users\Kenny\ntuser.ini

2022-06-15 14:21 - 2022-06-15 14:21 - 000000000 __RHD C:\Users\Public\AccountPictures

2022-06-15 14:21 - 2022-06-15 14:21 - 000000000 ____D C:\Users\Kenny\AppData\Roaming\Adobe

2022-06-15 14:21 - 2022-06-15 14:21 - 000000000 ____D C:\Users\Kenny\AppData\Local\ConnectedDevicesPlatform

2022-06-15 14:21 - 2021-06-05 08:04 - 000001281 _____ C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk

2022-06-15 14:21 - 2021-06-05 08:04 - 000000407 _____ C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk

2022-06-15 14:20 - 2022-06-17 22:28 - 000803404 _____ C:\Windows\system32\PerfStringBackup.INI

2022-06-15 14:18 - 2022-06-15 14:18 - 000000000 ____D C:\Windows\CSC

2022-06-15 14:16 - 2022-06-15 14:16 - 000000000 _SHDL C:\Documents and Settings

2022-06-15 14:15 - 2022-06-18 10:50 - 000000000 ____D C:\Windows\system32\SleepStudy

2022-06-15 14:15 - 2022-06-18 02:51 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2022-06-15 14:15 - 2022-06-17 22:24 - 000012288 ___SH C:\DumpStack.log.tmp

2022-06-15 14:15 - 2022-06-17 22:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2022-06-15 14:15 - 2022-06-16 00:45 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2022-06-15 14:15 - 2022-06-16 00:45 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2022-06-15 14:15 - 2022-06-15 17:20 - 000000000 ____D C:\Windows\system32\Drivers\wd

2022-06-15 14:15 - 2022-06-15 17:10 - 000292696 _____ C:\Windows\system32\FNTCACHE.DAT

2022-06-15 14:15 - 2022-06-15 14:15 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2022-06-15 14:15 - 2022-06-15 14:15 - 000000000 ____D C:\Windows\ServiceProfiles

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-06-18 11:18 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\Registration

2022-06-18 06:06 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SystemTemp

2022-06-18 03:26 - 2021-06-05 08:10 - 000000000 ___HD C:\Program Files\WindowsApps

2022-06-18 03:26 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\AppReadiness

2022-06-18 03:26 - 2021-06-05 08:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2022-06-17 22:28 - 2021-06-05 08:09 - 000000000 ____D C:\Windows\INF

2022-06-17 22:24 - 2021-06-05 08:01 - 000262144 _____ C:\Windows\system32\config\BBI

2022-06-17 21:33 - 2021-06-05 08:10 - 000000000 ___HD C:\Windows\ELAMBKUP

2022-06-17 18:05 - 2021-06-05 08:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2022-06-16 15:04 - 2021-06-05 08:01 - 000000000 ____D C:\Windows\CbsTemp

2022-06-16 06:50 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\appcompat

2022-06-15 17:20 - 2021-06-05 08:10 - 000000000 ____D C:\Program Files\Windows Defender

2022-06-15 17:10 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\vi-VN

2022-06-15 17:09 - 2021-06-05 10:30 - 000000000 ___SD C:\Windows\system32\AppV

2022-06-15 17:09 - 2021-06-05 10:30 - 000000000 ____D C:\Program Files\Windows Photo Viewer

2022-06-15 17:09 - 2021-06-05 10:30 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection

2022-06-15 17:09 - 2021-06-05 10:30 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ___SD C:\Windows\SysWOW64\F12

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ___SD C:\Windows\system32\UNP

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ___SD C:\Windows\system32\F12

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ___SD C:\Windows\system32\DiagSvcs

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ___RD C:\Windows\PrintDialog

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ___RD C:\Windows\ImmersiveControlPanel

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\setup

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\oobe

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\lv-LV

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\lt-LT

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\id-ID

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\gl-ES

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\eu-ES

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\et-EE

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\es-MX

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\Dism

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\Com

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SysWOW64\ca-ES

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\SystemResources

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\WinBioPlugIns

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\vi-VN

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\SystemResetPlatform

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\Sysprep

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\setup

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\oobe

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\migwiz

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\lv-LV

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\lt-LT

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\id-ID

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\gl-ES

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\eu-ES

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\et-EE

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\es-MX

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\Dism

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\DDFs

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\Com

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\ca-ES

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\appraiser

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\ShellExperiences

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\ShellComponents

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\PolicyDefinitions

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\IME

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\DiagTrack

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\bcastdvr

2022-06-15 17:09 - 2021-06-05 08:10 - 000000000 ____D C:\Program Files\Common Files\System

2022-06-15 17:09 - 2021-06-05 08:01 - 000000000 ____D C:\Windows\servicing

2022-06-15 15:26 - 2021-06-05 08:08 - 000245760 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll

2022-06-15 15:26 - 2021-06-05 08:08 - 000207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll

2022-06-15 15:26 - 2021-06-05 08:08 - 000114688 _____ (Khronos Group) C:\Windows\system32\opencl.dll

2022-06-15 15:26 - 2021-06-05 08:08 - 000078336 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll

2022-06-15 15:20 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\SecurityHealth

2022-06-15 15:14 - 2021-06-05 08:08 - 000028672 _____ C:\Windows\system32\config\BCD-Template

2022-06-15 15:08 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\NDF

2022-06-15 14:18 - 2021-06-05 10:30 - 000000000 ____D C:\Windows\system32\FxsTmp

2022-06-15 14:18 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\spool

2022-06-15 14:16 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\system32\WinBioDatabase

2022-06-15 14:16 - 2021-06-05 08:10 - 000000000 ____D C:\Windows\ServiceState

(Video) Pulpysearch Virus Removal

2022-06-15 14:16 - 2021-06-05 08:10 - 000000000 ____D C:\ProgramData\USOPrivate

2022-06-15 14:15 - 2021-06-05 08:01 - 000032768 _____ C:\Windows\system32\config\ELAM

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2022

Ran by Kenny (18-06-2022 11:19:29)

Running from C:\Users\Kenny\Desktop\06182022

Microsoft Windows 11 Pro Version 21H2 22000.739 (X64) (2022-06-15 18:16:17)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1342915427-4270335918-3763836606-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1342915427-4270335918-3763836606-503 - Limited - Disabled)

Guest (S-1-5-21-1342915427-4270335918-3763836606-501 - Limited - Disabled)

Kenny (S-1-5-21-1342915427-4270335918-3763836606-1001 - Administrator - Enabled) => C:\Users\Kenny

WDAGUtilityAccount (S-1-5-21-1342915427-4270335918-3763836606-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AppLogLibSetup (HKLM-x32\...\{52FB0C8F-DF05-4C61-AEB6-18C55F8C385F}) (Version: 1.0.3.0 - Brother Industries Ltd.) Hidden

BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden

BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden

Brother PowerENGAGE (HKLM-x32\...\{3CE8B8E8-B33B-453C-BB7A-821ED6E18A24}) (Version: 1.0.27 - Aviata, Inc.)

Brother Printer Driver (HKLM-x32\...\{D9164C2E-91BA-4D5D-B49A-604BB0A127FE}) (Version: 1.9.0.0 - Brother Industries Ltd.) Hidden

Brother Scanner Driver (HKLM-x32\...\{45E4523F-2842-410D-90C6-6D19974B8E57}) (Version: 1.0.28.1 - Brother Industries Ltd.) Hidden

BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden

cFosSpeed 12.01 (HKLM\...\cFosSpeed) (Version: 12.01 - cFos Software GmbH, Bonn)

ControlCenter4 (HKLM-x32\...\{9091B952-8719-49C3-9CC7-6E20EC61081F}) (Version: 4.6.6.1 - Brother Industries, Ltd.) Hidden

ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden

Documentation Manager (HKLM\...\{E6D708BA-9130-4926-AA3E-AEBB5DE1E60B}) (Version: 22.110.1.1 - Intel Corporation) Hidden

DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.60.000 - Runtime Software)

Dynamic Application Loader Host Interface Service (HKLM\...\{FE08EA18-3549-49F1-8F5D-01F176DCE1CC}) (Version: 1.0.0.0 - Intel Corporation) Hidden

EaseUS Partition Master (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)

ENE_EHD_M2_HAL (HKLM\...\{37A48B7F-D4EA-4863-844E-A284E2AA3C5D}) (Version: 1.0.9.13 - ENE TECHNOLOGY INC.) Hidden

ENE_EHD_M2_HAL (HKLM-x32\...\{e82fcc79-4f73-46e7-859e-08fd9586ed61}) (Version: 1.0.9.13 - ENE TECHNOLOGY INC.) Hidden

ENE_MousePad_HAL (HKLM\...\{9E97178A-ADB8-4778-BE60-7E28E2A72721}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden

ENE_MousePad_HAL (HKLM-x32\...\{c2c794a4-7986-4c45-884d-d4ca43b88df9}) (Version: 1.0.2.0 - ENE TECHNOLOGY INC.) Hidden

ENE_X-JMI_HAL (HKLM\...\{2B8E611F-0B51-4FAC-87BB-AF50D82E7DDA}) (Version: 1.0.5.1 - ENE Tech) Hidden

ENE_X-JMI_HAL (HKLM-x32\...\{50ec3a07-291b-463e-be86-487eb8cbb71c}) (Version: 1.0.5.1 - ENE Tech) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 102.0.5005.115 - Google LLC)

HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden

Intel Driver && Support Assistant (HKLM-x32\...\{19B7322D-268B-4D88-AA3E-938F36F9DCE9}) (Version: 22.3.20.6 - Intel) Hidden

Intel® Chipset Device Software (HKLM\...\{89D00C61-DC40-4846-B938-E2E6158EDAAA}) (Version: 10.1.18836.8283 - Intel Corporation) Hidden

Intel® Chipset Device Software (HKLM-x32\...\{9b79ab4c-1596-44ee-84e2-a2001f7af089}) (Version: 10.1.18836.8283 - Intel® Corporation)

Intel® Computing Improvement Program (HKLM\...\{D17293BC-1678-4281-B94E-DBCF66AE7611}) (Version: 2.4.08919 - Intel Corporation)

Intel® Graphics Driver Software (HKLM-x32\...\{0703311b-31d5-4c17-9668-c48dee4b7749}) (Version: 3.11.1.0 - Intel) Hidden

Intel® LMS (HKLM\...\{6A2335AD-315C-4ADD-BFFC-0C7D0FC8A2B9}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{11107004-9658-44DB-8E95-2ECAFAE17B7B}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2201.16.0.2645 - Intel Corporation)

Intel® Management Engine Driver (HKLM\...\{7F7FEA98-7076-40EE-A318-07C48E67385F}) (Version: 1.0.0.0 - Intel Corporation) Hidden

Intel® Serial IO (HKLM\...\{8EC4CB19-850D-4BD4-B914-F63DF7DAD67D}) (Version: 30.100.2131.26 - Intel Corporation) Hidden

Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2131.26 - Intel Corporation)

Intel® Wireless Bluetooth® (HKLM-x32\...\{00000140-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.140.0.4 - Intel Corporation)

Intel® Driver & Support Assistant (HKLM-x32\...\{0f33739d-b6ed-44b0-9a0d-6b87544be7c0}) (Version: 22.3.20.6 - Intel)

Intel® Software Installer (HKLM-x32\...\{04b8044d-0f6e-4c7e-af9e-5057a0156baa}) (Version: 22.110.1.1 - Intel Corporation) Hidden

Malwarebytes version 4.5.10.200 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.10.200 - Malwarebytes)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 102.0.1245.44 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 101.0.1210.53 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1342915427-4270335918-3763836606-1001\...\OneDriveSetup.exe) (Version: 22.111.0522.0002 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704 (HKLM-x32\...\{4d8dcf8c-a72a-43e1-9833-c12724db736e}) (Version: 14.30.30704.0 - Microsoft Corporation)

Microsoft Visual C++ 2019 X64 Additional Runtime - 14.23.27820 (HKLM\...\{9CA7111B-263D-45DE-B898-61FAD30B3237}) (Version: 14.23.27820 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.23.27820 (HKLM\...\{A94EC1B2-932B-49D7-8AF2-4FBD29FF314B}) (Version: 14.23.27820 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X86 Additional Runtime - 14.30.30704 (HKLM-x32\...\{BF08E976-B92E-4336-B56F-2171179476C4}) (Version: 14.30.30704 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.30.30704 (HKLM-x32\...\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}) (Version: 14.30.30704 - Microsoft Corporation) Hidden

MSI Center SDK (HKLM-x32\...\{15289038-41BE-48F8-B8B9-0B1021D3089E}}_is1) (Version: 3.2022.0525.01 - MSI)

NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden

PowerENGAGE (HKLM-x32\...\{400A01BF-E908-4393-BD39-31E386377BDA}) (Version: 3.2.16 - Aviata, Inc.) Hidden

Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9336.1 - Realtek Semiconductor Corp.)

Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 7.1.1.820 - Samsung Electronics)

ScannerUtilityInstaller (HKLM-x32\...\{D94DD953-F38C-4220-A17C-9217106510A6}) (Version: 1.20.0.1 - Brother) Hidden

SeaTools (HKLM-x32\...\SeaTools 5.0.140) (Version: 5.0.140 - Seagate)

SoftwareUpdateNotification (HKLM-x32\...\{013A706A-C8FA-4F56-8641-B8C792BB3CEE}) (Version: 1.0.18.0 - Brother Industries, Ltd.) Hidden

StatusMonitor (HKLM-x32\...\{9D3555A9-C100-45A0-BE3E-33C62D9B2B9A}) (Version: 1.25.4.0 - Brother Industries, Ltd.) Hidden

UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden

WD P40 Game Drive (HKLM\...\{EE55DBAE-ECDD-4ADD-AAB5-23DE848B0996}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden

WD P40 Game Drive (HKLM-x32\...\{72b1a866-fc31-4381-bff3-fa6cd8823777}) (Version: 1.0.2.18 - Western Digital Corporation) Hidden

WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden

WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden

WD_BLACK D50 (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden

WD_BLACK D50 (HKLM-x32\...\{a1d1ba00-92b7-4a99-8ebd-65b25c0e9e44}) (Version: 1.0.9.0 - ENE TECHNOLOGY INC.) Hidden

Packages:

=========

Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.30.6.0_x64__6rarf9sa4v8jt [2022-06-15] (Disney)

Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-06-15] (INTEL CORP) [Startup Task]

Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.5310.0_x64__8wekyb3d8bbwe [2022-06-15] (Microsoft Studios) [MS Ad]

MSI Center -> C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.MSICenter_1.0.48.0_x64__kzh8wxbdkxb8p [2022-06-15] (MICRO-STAR INTERNATIONAL CO., LTD) [Startup Task]

Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.35.271.0_x64__dt26b99r8h8gj [2022-06-15] (Realtek Semiconductor Corp)

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.187.612.0_x86__zpdnekdrzrea0 [2022-06-15] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-17] (Malwarebytes Inc. -> Malwarebytes)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-06-17] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2016-11-25 13:18 - 2016-11-25 13:18 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2021-01-29 22:40 - 2021-12-06 14:05 - 000542720 _____ () [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll

2021-01-19 17:21 - 2021-12-10 17:49 - 001859584 _____ () [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll

2017-04-05 12:53 - 2019-07-26 11:53 - 000137728 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll

2017-01-27 18:39 - 2017-08-18 14:23 - 000087552 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll

2017-01-27 18:39 - 2017-08-18 14:23 - 017974784 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll

2017-01-27 18:33 - 2018-04-27 12:16 - 000087040 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll

2017-04-05 12:53 - 2019-07-26 11:54 - 000440832 _____ () [File not signed] C:\Program Files (x86)\ControlCenter4\Track.dll

2022-05-02 11:22 - 2022-05-02 11:22 - 005998080 _____ () [File not signed] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module_win32.dll

2022-06-16 12:22 - 2022-05-04 20:42 - 002566656 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\ffmpeg.dll

2022-06-16 12:22 - 2022-05-04 20:42 - 000357888 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\libegl.dll

2022-06-16 12:22 - 2022-05-04 20:42 - 006827520 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\libglesv2.dll

2022-06-16 12:22 - 2022-05-04 20:42 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magutils-napi.node

2022-06-16 12:22 - 2022-05-04 20:42 - 000080384 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\magvibrancy-napi.node

2022-06-16 12:22 - 2022-05-04 20:42 - 000563200 _____ () [File not signed] C:\Program Files (x86)\Samsung\Samsung Magician\resources\app\dist\uimpewrapper-napi.node

2022-06-17 18:05 - 2005-04-22 16:36 - 000143360 _____ () [File not signed] C:\Windows\system32\BrSNMP64.dll

2016-04-12 13:07 - 2016-04-12 13:07 - 000067584 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\AppLogLib\BrBFLogI.dll

2022-06-17 18:05 - 2016-11-01 14:27 - 000090112 _____ (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll

2022-06-15 15:01 - 2018-11-15 17:08 - 002200784 _____ (Dexin Corp -> MICRO-STAR INTERNATIONAL) [File not signed] C:\Program Files (x86)\MSI\MSI Center\Mystic Light\IcMSIDll.dll

2022-06-15 15:01 - 2018-08-31 10:26 - 000053760 _____ (MS) [File not signed] C:\Program Files (x86)\MSI\MSI Center\Mystic Light\MsIo32_Galax.dll

2021-05-21 17:04 - 2021-05-21 17:04 - 000130048 _____ (Sam Grogan) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll

2022-05-05 20:44 - 2022-05-05 20:44 - 002122240 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

2022-06-15 15:01 - 2016-10-04 07:43 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\MSI Center\Mystic Light\Lib\SDKDLL.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-06-05 08:08 - 2022-06-17 22:22 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1342915427-4270335918-3763836606-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

Network Binding:

=============

Ethernet: cFosSpeed for faster Internet connections (NDIS 6) -> cfosspeed (enabled)

Wi-Fi: cFosSpeed for faster Internet connections (NDIS 6) -> cfosspeed (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{23939822-2CE8-4496-9407-7367732DB3B8}] => (Allow) LPort=32682

FirewallRules: [{34693EBD-29C6-4BF5-A333-6FB091EE0971}] => (Allow) LPort=26822

(Video) How to Fix Google Chrome Search Engine Changing to Bing - Remove Bing Search

==================== Restore Points =========================

16-06-2022 15:04:49 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (06/17/2022 10:26:23 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: GHOST)

Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).

Error: (06/17/2022 10:24:34 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: wmiprvse.exe, version: 10.0.22000.1, time stamp: 0xb3908376

Faulting module name: ntdll.dll, version: 10.0.22000.708, time stamp: 0xb998b765

Exception code: 0xc0000374

Fault offset: 0x000000000010c729

Faulting process id: 0x14dc

Faulting application start time: 0x01d882ba8b2c144e

Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: d7bed037-76f2-4cf5-8cba-29e40eb05fb4

Faulting package full name:

Faulting package-relative application ID:

Error: (06/17/2022 10:22:47 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.

.

Operation:

Executing Asynchronous Operation

Context:

Current State: DoSnapshotSet

Error: (06/17/2022 10:22:42 PM) (Source: VSS) (EventID: 8194) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {eac28c80-b103-4ec4-a1e1-5fa2ac9e2d99}

Error: (06/16/2022 08:08:53 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: GHOST)

Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).

Error: (06/16/2022 08:08:38 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0xae77557b

Faulting module name: Windows.UI.Xaml.dll, version: 10.0.22000.708, time stamp: 0x5d7ca22a

Exception code: 0xc000027b

Fault offset: 0x0000000000553940

Faulting process id: 0x2074

Faulting application start time: 0x01d881de64c2c1de

Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll

Report Id: 5e8ab00c-43f1-4407-a3f8-ebc910a24f49

Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.22000.37_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Error: (06/16/2022 08:07:57 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.

.

Error: (06/16/2022 08:07:57 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.

]

System errors:

=============

Error: (06/18/2022 07:37:42 AM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{04A7A61E-2676-48BD-948B-7F269EC3F941} because another computer on the network has the same name. The server could not start.

Error: (06/18/2022 02:49:10 AM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{04A7A61E-2676-48BD-948B-7F269EC3F941} because another computer on the network has the same name. The server could not start.

Error: (06/17/2022 10:24:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Error: (06/17/2022 10:24:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\IntelIHVRouter08.dll

Error: (06/17/2022 10:22:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The EPMVssEaseusProvider service terminated unexpectedly. It has done this 1 time(s).

Error: (06/17/2022 10:22:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The cFosSpeed System Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (06/17/2022 10:22:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/17/2022 10:22:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Realtek Audio Universal Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Windows Defender:

================

Date: 2022-06-16 21:58:42

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Custom Scan

Date: 2022-06-16 21:58:42

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: PUA:Win32/Presenoker

Severity: Low

Category: Potentially Unwanted Software

Path: containerfile:_I:\Files\NirSoft Utilities\nirsoft_package_1.18.09.zip; containerfile:_I:\Files\NirSoft Utilities\nirsoft_package_1.18.10.zip; containerfile:_I:\Files\UBD\ubcd528.iso; file:_I:\Files\NirSoft Utilities\NirLauncher\NirSoft\pcanypass.exe; file:_I:\Files\NirSoft Utilities\nirsoft_package_1.18.09.zip->NirSoft/pcanypass.exe; file:_I:\Files\NirSoft Utilities\nirsoft_package_1.18.10.zip->NirSoft/pcanypass.exe; file:_I:\Files\UBD\ubcd528.iso->ubcd\images\konboot.img.gz->konboot.img

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: User

Process Name: Unknown

Security intelligence Version: AV: 1.367.1675.0, AS: 1.367.1675.0, NIS: 1.367.1675.0

Engine Version: AM: 1.1.19200.6, NIS: 1.1.19200.6

Date: 2022-06-16 21:51:07

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Custom Scan

Date: 2022-06-16 21:46:49

Description:

Microsoft Defender Antivirus scan has been stopped before completion.

Scan Type: Antimalware

Scan Parameters: Custom Scan

Date: 2022-06-16 21:46:49

Description:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.

For more information please see the following:

Name: PUA:Win32/Presenoker

Severity: Low

Category: Potentially Unwanted Software

Path: containerfile:_I:\Files\NirSoft Utilities\nirsoft_package_1.18.09.zip; containerfile:_I:\Files\NirSoft Utilities\nirsoft_package_1.18.10.zip; containerfile:_I:\Files\UBD\ubcd528.iso; file:_I:\Files\NirSoft Utilities\NirLauncher\NirSoft\pcanypass.exe; file:_I:\Files\NirSoft Utilities\nirsoft_package_1.18.09.zip->NirSoft/pcanypass.exe; file:_I:\Files\NirSoft Utilities\nirsoft_package_1.18.10.zip->NirSoft/pcanypass.exe; file:_I:\Files\UBD\ubcd528.iso->ubcd\images\konboot.img.gz->konboot.img

Detection Origin: Local machine

Detection Type: Concrete

Detection Source: System

Process Name: Unknown

Security intelligence Version: AV: 1.367.1675.0, AS: 1.367.1675.0, NIS: 1.367.1675.0

Engine Version: AM: 1.1.19200.6, NIS: 1.1.19200.6

Event[0]

Date: 2022-06-16 02:39:53

Description:

Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.

Feature: On Access

Error Code: 0x8007043c

Error description: This service cannot be started in Safe Mode

Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:

===============

Date: 2022-06-18 11:18:09

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends International, LLC. 1.43 05/17/2022

Motherboard: Micro-Star International Co., Ltd. PRO Z690-A WIFI DDR4(MS-7D25)

Processor: 12th Gen Intel® Core™ i5-12600K

Percentage of memory in use: 21%

Total physical RAM: 32555.87 MB

Available physical RAM: 25717.3 MB

Total Virtual: 37675.87 MB

Available Virtual: 30325.04 MB

==================== Drives ================================

Drive c: (CrucialSSD2TB) (Fixed) (Total:1862.31 GB) (Free:1797.27 GB) (Model: CT2000P5PSSD8) NTFS

Drive d: (SamsungSSD2TB) (Fixed) (Total:1863 GB) (Free:1259.36 GB) (Model: Samsung SSD 870 QVO 2TB) NTFS

Drive e: (SeaGate3TB) (Fixed) (Total:2794.39 GB) (Free:2794.21 GB) (Model: ST3000DM001-1CH166) NTFS

Drive f: (Seagate1TB) (Fixed) (Total:931.5 GB) (Free:369.62 GB) (Model: ST31000528AS) NTFS

\\?\Volume{95856fea-a08e-445c-bc5c-0ee34f7cf7f6}\ () (Fixed) (Total:0.59 GB) (Free:0.08 GB) NTFS

\\?\Volume{96e356ae-ab6a-43b0-bd47-43241ffd8652}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

(Video) How To Remove PUP Or Malware Search Engines In Google Chrome Browser

==================== End of Addition.txt =======================


FAQs

How do I remove malware extensions from Chrome? ›

Here are the steps you need to take to remove the Google Chrome virus and adware from your browser:
  1. Reset browser settings. Open Chrome and click on the three dots in the upper right corner.
  2. Change default ads permissions. Go to Chrome settings.
  3. Remove unwanted browser extensions.
Apr 11, 2022

Why does Google Chrome keep redirecting me to Bing? ›

If Google Chrome keeps redirecting to Bing, then you most likely have a web hijacker infecting your computer and altering Google Chrome's settings. You need to uninstall recently installed extensions and apps, then scan your PC with a secure antivirus scanner like Norton.

How do I get rid of Google Redirect Virus? ›

How to Remove Chrome Redirect Virus? Clean Google Chrome

Why does my browser redirect to Bing? ›

If google.com is assigned as the default search engine/homepage, and you start encountering unwanted redirects to bing.com, the web browser is probably hijacked by a browser hijacker. Although bing.com is a legitimate search engine, not all people prefer to use it.

How do I remove a browser hijacker from Chrome? ›

How to remove a browser hijacker
  1. On your desktop, click on the Windows logo in the lower left corner. You can also press the Windows key on your keyboard.
  2. Search for Control Panel and open it.
  3. Under Programs, click on Uninstall a program.
  4. Choose any suspicious software and click Uninstall.
Sep 10, 2021

What happens if a Chrome extension has malware? ›

According to various investigations, a malicious Chrome extension can redirect users to ads or phishing sites, collect browsing history, collect personal data like birth dates, email addresses, active devices and even download further malware onto a device.

How do I know if my browser is hijacked? ›

Signs a browser is hijacked include:
  1. Searches that are redirected to different websites.
  2. Multiple pop-up advertisement alerts.
  3. Slow-loading web pages.
  4. Multiple toolbars on a web browser not installed by the user.

What is browser hijacker virus? ›

A browser hijacker is a malware program that modifies web browser settings without the user's permission and redirects the user to websites the user had not intended to visit. It is often called a browser redirect virus because it redirects the browser to other, usually malicious, websites.

How do I stop a website from redirecting Chrome? ›

Change your default pop-ups and redirects settings
  1. On your computer, open Chrome .
  2. At the top right, click More. Settings.
  3. Click Privacy and security. Site settings.
  4. Click Pop-ups and redirects.
  5. Choose the option you want as your default setting.

How do I know if I have malware on Chrome? ›

You can also check for malware manually.
  1. Open Chrome.
  2. At the top right, click More. Settings.
  3. Click Advanced Reset and clean up. Clean up computer.
  4. Click Find.
  5. If you're asked to remove unwanted software, click Remove. You may be asked to reboot your computer.

How do I know if my Google Chrome has a virus? ›

How to run a virus scan on Google chrome
  1. Open Google Chrome;
  2. Click the three dots in the top-right corner and choose Settings;
  3. Scroll to the bottom and click Advanced;
  4. Scroll further down and pick Clean up computer;
  5. Click Find. ...
  6. Wait for Google to report whether any threats were found.
Mar 27, 2022

How do I get rid of malware? ›

How to get rid of viruses or malware on Android
  1. Reboot in safe mode.
  2. Uninstall all suspicious apps.
  3. Get rid of pop-up ads and redirects from your browser.
  4. Clear your downloads.
  5. Install a mobile anti-malware app.

How do I stop being redirected to Bing? ›

How to stop Google redirects to Bing?
  1. Step 1: Restart your PC in Safe Mode. ...
  2. Step 2: Remove Web Extensions From Browser. ...
  3. Step 3: Reset Web Browser Settings. ...
  4. Step 4: Uninstall Suspicious Applications. ...
  5. Step 5: Delete Temporary Files. ...
  6. Step 6: Install an Antimalware and Perform a Scan.
Aug 24, 2020

You might also like

Latest Posts

Article information

Author: Rueben Jacobs

Last Updated: 08/22/2022

Views: 5539

Rating: 4.7 / 5 (77 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Rueben Jacobs

Birthday: 1999-03-14

Address: 951 Caterina Walk, Schambergerside, CA 67667-0896

Phone: +6881806848632

Job: Internal Education Planner

Hobby: Candle making, Cabaret, Poi, Gambling, Rock climbing, Wood carving, Computer programming

Introduction: My name is Rueben Jacobs, I am a cooperative, beautiful, kind, comfortable, glamorous, open, magnificent person who loves writing and wants to share my knowledge and understanding with you.