Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think my computer may be infected [Solved]

Started by arwier , Apr 09 2022 12:52 PM

  • This topic is locked This topic is locked

#16
arwier
Posted 18 April 2022 - 11:01 AM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

I did have to restart the computer and here are the new reports

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-04-2022 01
Ran by Art (administrator) on ART-PC (Hewlett-Packard HP Compaq 8100 Elite CMT PC) (18-04-2022 11:50:32)
Running from C:\Users\Art\Desktop
Loaded Profiles: Art
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (CANON INC. -> CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP3LAK.EXE
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(services.exe ->) (INTERNET PROJECT LLC -> Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(spool\drivers\x64\3\CNAP3LAK.EXE ->) (CANON INC. -> CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABISWD.EXE <3>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CNAP3 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP3LAK.EXE [228520 2021-01-02] (CANON INC. -> CANON INC.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-22] (Kilonova LLC -> )
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Run: [Opera Browser Assistant] => C:\Users\Art\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MARINE~1.SCR [6938624 2011-06-09] (SereneScreen) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [152064 2013-01-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CNAP3 Monitor: C:\Windows\system32\CNAP3SMD.DLL [1470464 2014-11-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON XP-340 Series 64MonitorBE: C:\Windows\system32\E_YLMBRBE.DLL [182784 2015-12-08] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2008-03-03] (Hewlett Packard) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\100.0.4896.127\Installer\chrmstp.exe [2022-04-14] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{10880D85-AAD9-4558-ABDC-2AB1552D831F}] -> C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe [2013-01-16] (Hewlett-Packard Company -> Hewlett-Packard Company)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01573DE8-0D4C-4861-916B-E8F74D55E117} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {04724AF9-B688-4BE0-8387-9D95E1F6E474} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {06C59630-0D72-4EC6-AD9B-8C1E520CE97A} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {183FCA79-3655-469D-9FBF-30F3D67FC261} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Art\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-17] (ESET, spol. s r.o. -> ESET)
Task: {2CF73D26-3566-4841-8CF4-08F5AEBE0667} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {31500587-F98F-4A30-93F0-BABFD763FBBD} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {4025AAEC-33CA-4922-A2F0-1F1D1E5ACA4C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {648D2D9F-02D7-4A3B-AC12-6C843A994DA7} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2020-09-21] (Garmin International, Inc. -> )
Task: {6886F4CC-75C3-40FE-929F-48DAC792DB52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {6D43F3A2-07DA-43E8-9C54-27CA2ABE2F8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
Task: {712CC812-5E71-469F-8543-21B5BFB01666} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {76530735-C7FD-442C-9E8D-C0FE3E33598D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2012456220-316695357-2301545490-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {79C8B109-DE68-4ED8-8469-AF0F983DD250} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {7C5FD3AE-1DAF-431D-98BC-79EE52090C02} - System32\Tasks\{99472F5E-C01B-4B91-9137-2EFA7592DDFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\OpenOffice 4\program\scalc.exe" -d C:\Users\Art\Desktop -c -o "C:\Users\Art\Desktop\May2017Bills.ods"
Task: {A5268831-1CAE-4860-976C-3C44AD94750A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {AA1FC477-E2D9-4AEE-A46B-938B6C698E3D} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1775752 2013-08-30] (CANON INC. -> CANON INC.) -> /Config:"C:\Program Files\Canon\OIPPESP\CnpspCfg.xml"
Task: {B2B0432E-9C38-4E83-89D5-6C61C2AB0DCF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {C28AC525-00FB-446D-A82B-DA0399F10967} - System32\Tasks\Opera scheduled Autoupdate 1627571888 => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe [2469120 2022-04-06] (Opera Software AS -> Opera Software)
Task: {C3155139-DB86-4D73-A8B4-A0A1E2047FF0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
Task: {C37EC27D-BF39-48DB-866F-0A0EE1440126} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {DA22D176-5183-4FA3-9DED-9BB51C2FA710} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [326320 2021-06-16] (HP Inc. -> HP Inc.)
Task: {F7B349A0-0CF2-4AB3-A759-EAAA7CA85C53} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Art\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-17] (ESET, spol. s r.o. -> ESET)
Task: {FE887839-7E11-45F3-B917-99F7A03A9354} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-27] (Apple Inc. -> Apple Inc.)
Task: {FF988BA5-04AB-4661-B841-C5D586EDB41F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
Task: {FFE661D7-25C3-418D-83E4-F91C338CB17A} - System32\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{46456222-9B9B-4384-B862-62B2FAC12445}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{62EBE42C-851F-43FB-B7E2-E9334B0F8D6F}: [DhcpNameServer] 192.168.42.129
 
Edge: 
=======
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF DefaultProfile: whx4aer7.default-1627042292606
FF ProfilePath: C:\Users\Art\AppData\Roaming\TomTom\HOME\Profiles\xd4wb18b.default [2021-06-24]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF ProfilePath: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\whx4aer7.default-1627042292606 [2022-04-15]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default [2022-04-18]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Google Drive) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-08-19]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-14]
CHR Extension: (Gmail) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-08-19]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
Opera: 
=======
OPR Profile: C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable [2022-04-18]
OPR StartupUrls: Opera Stable -> "hxxp://google.com/"
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-02-18]
OPR Extension: (Opera Crypto Wallet) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2022-04-13]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-13]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc. -> Apple Inc.)
S3 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation -> Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [158912 2019-03-28] (Microsoft Dynamic Code Publisher -> Microsoft Corporation)
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [73200 2018-10-10] (INTERNET PROJECT LLC -> Freemake)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [15856 2018-10-10] (INTERNET PROJECT LLC -> Ellora Assets Corp.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2013-01-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-04-15] (Malwarebytes Inc -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1337216 2022-03-19] (Windscribe Limited -> Windscribe Limited)
S2 adawareantivirusservice; "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.7.1052.0\AdAwareService.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [34416 2017-06-20] (Anvsoft Inc. -> AnvSoft Inc.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (西安博汇电子科技有限公司 -> Wireless Data Device)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [78848 2009-12-21] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
S3 FXVAD; C:\Windows\System32\drivers\fxvad.sys [326120 2021-07-14] (FxSound, LLC -> Windows ® Win 7 DDK provider)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (ZTE CORPORATION -> HandSet Incorporated)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223688 2022-04-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2022-04-15] (Malwarebytes Inc -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation -> Microsoft Corporation)
S3 MpKslbb6e0e65; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4542B7-CE09-4B0F-B52E-C2B466C57C9A}\MpKslDrv.sys [50448 2022-04-17] (Microsoft Windows -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation -> Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [48544 2022-03-19] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2014-11-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [29184 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [31232 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [37888 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94720 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 WindscribeSplitTunnel; C:\Windows\System32\DRIVERS\WindscribeSplitTunnel.sys [25384 2022-03-19] (Windscribe Limited -> )
R3 windtun420; C:\Windows\System32\DRIVERS\windtun420.sys [38312 2022-03-19] (Windscribe Limited -> WireGuard LLC)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-04-18 11:50 - 2022-04-18 11:51 - 000021805 _____ C:\Users\Art\Desktop\FRST.txt
2022-04-17 14:39 - 2022-04-17 14:40 - 000262144 _____ C:\Windows\Minidump\041722-14601-01.dmp
2022-04-17 14:27 - 2022-04-17 14:27 - 000262144 _____ C:\Windows\Minidump\041722-14398-01.dmp
2022-04-17 13:07 - 2022-04-17 13:07 - 000003750 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2022-04-17 13:07 - 2022-04-17 13:07 - 000003310 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2022-04-17 13:05 - 2022-04-17 13:05 - 000000754 _____ C:\Users\Art\Desktop\eset.txt
2022-04-17 11:07 - 2022-04-17 11:07 - 000001191 _____ C:\Users\Art\Desktop\ESET Online Scanner.lnk
2022-04-17 11:05 - 2022-04-17 11:05 - 015274968 _____ (ESET) C:\Users\Art\Desktop\esetonlinescanner.exe
2022-04-17 10:39 - 2022-04-17 14:39 - 569175462 _____ C:\Windows\MEMORY.DMP
2022-04-17 10:39 - 2022-04-17 14:39 - 000000000 ____D C:\Windows\Minidump
2022-04-17 10:39 - 2022-04-17 10:39 - 000262144 _____ C:\Windows\Minidump\041722-23727-01.dmp
2022-04-15 19:05 - 2022-04-15 20:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2022-04-15 18:26 - 2022-04-15 18:26 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-04-15 18:26 - 2022-04-15 18:26 - 000223688 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-04-15 18:26 - 2022-04-15 18:26 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-04-15 18:26 - 2022-04-15 18:26 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2022-04-15 18:26 - 2022-04-15 18:25 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-04-15 18:24 - 2022-04-15 18:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-04-15 18:07 - 2022-04-15 18:07 - 002443448 _____ (Malwarebytes) C:\Users\Art\Desktop\MBSetup.exe
2022-04-15 18:03 - 2022-04-15 18:03 - 008551608 _____ (Malwarebytes) C:\Users\Art\Desktop\adwcleaner(1).exe
2022-04-15 18:02 - 2022-04-17 10:37 - 000000000 ____D C:\AdwCleaner
2022-04-15 17:46 - 2022-04-15 17:46 - 000000008 __RSH C:\ProgramData\ntuser.pol
2022-04-15 17:43 - 2022-04-15 17:46 - 000038662 _____ C:\Users\Art\Desktop\Fixlog.txt
2022-04-10 19:43 - 2022-04-10 19:43 - 003702073 _____ C:\Users\Art\Downloads\508883094_84_A_20220311.pdf
2022-04-09 13:03 - 2022-04-18 05:47 - 000000000 ____D C:\Users\Art\Desktop\FRST-OlderVersion
2022-04-09 13:02 - 2022-04-18 05:47 - 002366464 _____ (Farbar) C:\Users\Art\Desktop\FRST64.exe
2022-03-22 22:32 - 2022-03-22 22:32 - 000000000 ____D C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2022-03-19 02:55 - 2022-03-19 02:55 - 000001071 _____ C:\Users\Public\Desktop\Windscribe.lnk
2022-03-19 02:55 - 2022-03-19 02:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2022-03-19 02:52 - 2022-03-19 02:52 - 019552128 _____ (Windscribe Limited) C:\Users\Art\Downloads\Windscribe (2).exe
2022-03-19 02:52 - 2022-03-19 02:52 - 000048544 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys
2022-03-19 02:52 - 2022-03-19 02:52 - 000038312 _____ (WireGuard LLC) C:\Windows\system32\Drivers\windtun420.sys
2022-03-19 02:52 - 2022-03-19 02:52 - 000025384 _____ C:\Windows\system32\Drivers\WindscribeSplitTunnel.sys
2022-03-19 02:36 - 2022-03-19 02:36 - 000329520 _____ C:\active_protection.txt
2022-03-19 02:36 - 2022-03-19 02:36 - 000037888 _____ C:\urls.set
2022-03-19 02:16 - 2022-03-19 02:16 - 007513880 _____ (VS Revo Group ) C:\Users\Art\Downloads\revosetup (1).exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-04-18 11:51 - 2017-03-18 06:43 - 000000000 ____D C:\FRST
2022-04-18 11:50 - 2015-05-18 22:15 - 000000000 ____D C:\Program Files (x86)\Google
2022-04-18 11:48 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-04-18 11:37 - 2022-02-11 01:01 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{BF21A923-A93E-412B-9FC4-6EA3E52D3F63}
2022-04-18 11:03 - 2015-11-29 00:20 - 000000384 _____ C:\Windows\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000.job
2022-04-18 09:00 - 2015-11-29 00:20 - 000000384 _____ C:\Windows\Tasks\update-sys.job
2022-04-17 21:53 - 2022-01-30 04:02 - 000000000 ____D C:\Users\Art\Desktop\open office
2022-04-17 14:52 - 2009-07-13 23:45 - 000036096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-04-17 14:52 - 2009-07-13 23:45 - 000036096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-04-17 14:49 - 2009-07-14 00:13 - 000798694 _____ C:\Windows\system32\PerfStringBackup.INI
2022-04-17 14:49 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2022-04-17 14:39 - 2015-05-18 21:10 - 000000000 ____D C:\Users\Art
2022-04-17 11:06 - 2021-07-28 23:06 - 000000000 ____D C:\Users\Art\AppData\Local\ESET
2022-04-17 11:03 - 2022-01-30 05:11 - 000000000 ____D C:\Users\Art\AppData\Roaming\Auslogics
2022-04-17 11:03 - 2018-05-27 11:54 - 000000000 ____D C:\Users\Art\Downloads\torrents
2022-04-17 10:37 - 2017-04-29 22:31 - 000000000 ____D C:\Users\Art\AppData\Roaming\Samsung
2022-04-16 17:36 - 2021-06-24 09:55 - 000000000 ____D C:\Windows\system32\Tasks\Auslogics
2022-04-16 17:36 - 2015-10-17 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2022-04-15 22:49 - 2018-08-13 07:29 - 000000000 ____D C:\Users\Art\AppData\LocalLow\Mozilla
2022-04-15 22:09 - 2020-02-03 10:23 - 000000000 ____D C:\ProgramData\Mozilla
2022-04-15 20:41 - 2015-10-03 12:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-04-15 18:24 - 2017-09-27 17:42 - 000000000 ____D C:\Program Files\Malwarebytes
2022-04-15 17:43 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2022-04-15 17:43 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\GroupPolicy
2022-04-14 19:10 - 2021-08-02 10:35 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-04-14 19:10 - 2021-08-02 10:35 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-04-14 13:55 - 2021-07-27 21:26 - 000000000 ____D C:\Users\Art\AppData\Local\CrashDumps
2022-04-13 20:03 - 2015-12-03 18:39 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-04-13 00:12 - 2009-07-13 21:34 - 000000466 _____ C:\Windows\win.ini
2022-04-12 20:31 - 2015-12-10 06:23 - 000000000 ____D C:\Users\Art\AppData\Local\ElevatedDiagnostics
2022-04-12 03:36 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2022-04-11 09:19 - 2021-07-29 10:18 - 000004026 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1627571888
2022-04-05 13:55 - 2015-06-07 14:12 - 000000000 ____D C:\Users\Art\Desktop\New folder
2022-04-02 13:41 - 2016-01-25 15:05 - 000000000 ____D C:\ProgramData\Package Cache
2022-03-28 00:20 - 2020-11-23 18:02 - 000000000 ____D C:\Program Files\DIFX
2022-03-27 22:43 - 2021-06-24 02:39 - 000000000 ____D C:\Users\Art\AppData\LocalLow\IGDump
2022-03-22 23:09 - 2018-05-23 08:58 - 000000000 ____D C:\Program Files (x86)\Windscribe
2022-03-22 23:07 - 2019-11-06 19:35 - 000007668 _____ C:\Users\Art\AppData\Local\Resmon.ResmonCfg
2022-03-20 22:36 - 2015-10-10 16:33 - 000000000 ____D C:\Users\Art\AppData\Roaming\vlc
2022-03-19 02:52 - 2018-05-23 08:58 - 000000000 ____D C:\Users\Art\AppData\Local\Windscribe
2022-03-19 02:39 - 2019-05-26 21:27 - 000001077 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2022-03-19 02:39 - 2019-05-26 21:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2022-03-19 02:22 - 2015-10-17 06:58 - 000000000 ____D C:\ProgramData\Auslogics
2022-03-19 02:17 - 2017-07-28 01:39 - 000001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2022-03-19 02:17 - 2017-07-28 01:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
 
==================== Files in the root of some directories ========
 
2016-02-17 21:13 - 2016-03-08 03:27 - 000399360 _____ () C:\Program Files\CascLib.dll
2016-02-17 21:13 - 2016-03-08 03:27 - 000326144 _____ () C:\Program Files\DXPRecastPathFinding2.dll
2016-02-19 22:52 - 2016-02-19 22:52 - 000003766 _____ () C:\Program Files\error.txt
2016-02-17 21:13 - 2016-02-01 15:51 - 000301056 _____ (The Apache Software Foundation) C:\Program Files\log4net.dll
2016-02-17 21:13 - 2016-02-01 15:51 - 000510976 _____ (Newtonsoft) C:\Program Files\Newtonsoft.Json.dll
2016-02-17 21:13 - 2016-02-01 15:51 - 000230912 _____ (Alexandre Mutel) C:\Program Files\SharpDX.Direct2D1.dll
2016-02-17 21:13 - 2016-02-01 15:51 - 000558080 _____ (Alexandre Mutel) C:\Program Files\SharpDX.dll
2016-02-17 21:13 - 2016-02-01 15:51 - 000090624 _____ (Alexandre Mutel) C:\Program Files\SharpDX.DXGI.dll
2016-06-20 11:11 - 2013-08-31 14:01 - 000121696 _____ () C:\Program Files\Weather_Meter_V1.7.gadget
2016-01-17 14:28 - 2017-03-28 21:09 - 000000933 _____ () C:\Users\Art\AppData\Roaming\burnaware.ini
2017-07-29 23:33 - 2017-07-30 03:10 - 000000098 _____ () C:\Users\Art\AppData\Roaming\LauncherSettings_live.cfg
2017-07-30 01:01 - 2017-07-30 01:01 - 000000042 _____ () C:\Users\Art\AppData\Roaming\TheHunterSettings_live.cfg
2016-09-27 00:21 - 2016-09-27 00:21 - 000000046 _____ () C:\Users\Art\AppData\Roaming\WB.CFG
2017-10-27 13:33 - 2020-06-03 13:29 - 000000367 _____ () C:\Users\Art\AppData\Roaming\Weather Meter_Settings.ini
2016-01-24 09:57 - 2016-02-04 21:50 - 000000031 _____ () C:\Users\Art\AppData\Local\burnaware.ini
2019-02-28 23:12 - 2019-02-28 23:12 - 000000084 _____ () C:\Users\Art\AppData\Local\DVDPATH.TXT
2019-11-06 19:35 - 2022-03-22 23:07 - 000007668 _____ () C:\Users\Art\AppData\Local\Resmon.ResmonCfg
2021-06-24 07:08 - 2021-06-24 07:08 - 000000003 _____ () C:\Users\Art\AppData\Local\updater.log
2015-11-29 00:20 - 2022-03-05 20:09 - 000000424 _____ () C:\Users\Art\AppData\Local\UserProducts.xml
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2022-04-17 00:29
==================== End of FRST.txt ========================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-04-2022 01
Ran by Art (18-04-2022 11:53:50)
Running from C:\Users\Art\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X64) (2015-05-19 02:10:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2012456220-316695357-2301545490-500 - Administrator - Disabled)
Art (S-1-5-21-2012456220-316695357-2301545490-1000 - Administrator - Enabled) => C:\Users\Art
G5PWFULZDC (S-1-5-21-2012456220-316695357-2301545490-1001 - Limited - Enabled) => C:\Users\G5PWFULZDC
Guest (S-1-5-21-2012456220-316695357-2301545490-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2012456220-316695357-2301545490-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20117 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B046F915-7A34-7D83-5494-67D8BD488538}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{16BA964D-698D-4663-8FA7-B9613DA7958B}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntimalwareEngine (HKLM\...\{5C7A5F94-02E9-4C5D-A594-B1F10865965A}) (Version: 3.0.160.0 - adaware) Hidden
Any Video Converter Ultimate 6.2.4 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVCWare DVD Copy 2 (HKLM-x32\...\AVCWare DVD Copy 2) (Version: 2.0.4.20170210 - AVCWare)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 1.2.11 - CANON INC.) Hidden
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.2.11.10002 - CANON INC.)
Canon LBP6230 6240 Uninstaller (HKLM\...\Canon LBP6230 6240) (Version: 6, 3, 1, 0 - Canon Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
Clementine (HKLM-x32\...\Clementine) (Version: 1.3.1 - Clementine)
DVD43 Plug-in v1.0.0.6 (HKLM-x32\...\DVD43 Plug-in_is1) (Version:  - )
DVD-Cloner 2019 (HKLM-x32\...\DVD-Cloner 2019_is1) (Version: 16.10.0.1444 - OpenCloner Inc.)
Easy Photo Scan (HKLM-x32\...\{1021AA9F-6A0A-4128-B89B-1A05A8DD1770}) (Version: 1.00.0009 - Seiko Epson Corporation)
EKS Sherlock (HKLM-x32\...\EKS Sherlock) (Version:  - )
Elevated Installer (HKLM-x32\...\{877496C2-70B0-42F1-835A-FAFE2CF0199C}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Hidden
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 9.02 - NCH Software)
Fast Duplicate File Finder 5.9.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 5.9.0.1 - MindGems, Inc.)
Filmotech v3.9.1 (HKLM\...\Filmotech_is1) (Version: 3.9.1 - )
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation)
Garmin Express (HKLM-x32\...\{235f2ee5-7383-44df-a298-01221caa5532}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{E944FA32-8BCF-474F-BFB2-D1EF24555873}) (Version: 7.1.4.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.127 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.18.34.21 - Hewlett-Packard Company)
HydraVision (HKLM-x32\...\{5F170011-13ED-E84C-7844-6B941CA34F30}) (Version: 4.2.222.0 - Advanced Micro Devices, Inc.) Hidden
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
LG VZW United Drivers (HKLM-x32\...\{BEEBD17D-FF29-4508-8032-2D1FA66F7B77}) (Version: 2.23.1 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
LightScribe Template Labeler (HKLM-x32\...\{8A03241E-7A3C-401D-B0CE-B3096F50AE6F}) (Version: 1.18.27.10 - LightScribe)
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.13 - Magical Jelly Bean)
Malwarebytes version 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.7.186 - Malwarebytes)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.23.5.1 - Marvell)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0 - Mozilla)
Mozilla Thunderbird 78.11.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 78.11.0 (x86 en-US)) (Version: 78.11.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NewFreeScreensaver nfsUnderwaterLife (HKLM-x32\...\nfsUnderwaterLife New Free Screensaver_is1) (Version:  - NewFreeScreensavers.com)
ODT Viewer version 1.0 (HKLM-x32\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
OpenOffice 4.1.10 (HKLM-x32\...\{D909483F-780E-4232-9313-4C24A1B09BE8}) (Version: 4.110.9807 - Apache Software Foundation)
Opera Stable 85.0.4341.60 (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Opera 85.0.4341.60) (Version: 85.0.4341.60 - Opera Software)
Outbyte AVArmor (HKLM\...\{6D2DE302-B1E4-47BC-A870-83089CA9A6D8}_is1) (Version: 4.1.2.62618 - Outbyte Computing Pty Ltd)
Pogo (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\7800fd33e6d3fd32066a5d9e92b24b59) (Version: 1.0 - Google\Chrome)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Revo Uninstaller 2.3.8 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.3.8 - VS Revo Group, Ltd.)
Revo Uninstaller Pro 4.5.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.5.5 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.0 - Prolific Publishing, Inc.)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{F3BA1C5E-51F1-4256-B5FD-0C060D963D35}) (Version: 2.17.0214 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{EDB7BFB3-9B55-4A70-920F-35226A4E4A12}) (Version: 2.16.0504 - Samsung Electronics Co., Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Windows Driver Package - Canon Printer  (07/02/2019 21.46.0.0) (HKLM\...\7B4C73808C155604A986DC16347581EF007C38D5) (Version: 07/02/2019 21.46.0.0 - Canon)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Intel System  (07/09/2013 9.1.9.1004) (HKLM\...\BD28A75CDFB28255C4F7327AD9EC5B23B9DD7481) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\BF1AD0105EBDCA6E730BE93DE583343339830A7A) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Media Player 9 Series Winter Fun Pack (HKLM-x32\...\{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}) (Version: 1.0.0 - <no manufacturer>)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.3 Build 16 - Windscribe Limited)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B08 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-01-29] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-04-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pogo.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=bkjcnfmlobgpbcmjdhpedlfcbcbdgmag
 
==================== Loaded Modules (Whitelisted) =============
 
2021-08-04 15:23 - 2013-01-31 04:21 - 000152064 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2008-03-03 13:35 - 2008-03-03 13:35 - 000153088 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hptcpmib.dll
2008-03-03 13:36 - 2008-03-03 13:36 - 000331264 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\HpTcpMon.dll
2005-04-08 01:27 - 2005-04-08 01:27 - 000132096 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hpzjrd01.dll
2013-01-16 14:15 - 2013-01-16 14:15 - 000033792 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
2013-01-16 14:15 - 2013-01-16 14:15 - 000110592 _____ (Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
2016-02-09 16:25 - 2008-05-07 20:59 - 000099840 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpzpplhn.dll
2008-03-03 13:36 - 2008-03-03 13:36 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\HPTcpMUI.dll
2017-06-24 19:45 - 2015-12-08 14:08 - 000182784 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\E_YLMBRBE.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Version 11) (Whitelisted) ==========
 
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\localhost -> localhost
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-04-05 13:58 - 2022-04-05 13:58 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Art\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D46333DB-7ECF-41C1-AC2F-2B393DC04A73}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D3BAF84-2602-4CFD-9A9B-78C8161F808B}] => (Allow) LPort=67
FirewallRules: [{9AFEE362-8358-4F36-839E-8A35E6221800}] => (Allow) LPort=67
FirewallRules: [TCP Query User{7E28F5A7-300E-47C8-B6CB-9A0B3A252517}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{90AD9F5A-3B3D-4963-9470-714EB0D8F103}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{CF4DE86D-EDFD-4AB0-9D20-3678EC1E6EBA}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{C774692B-4084-4E6A-A0A1-8F9BE26284FC}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{EF9DB066-48C9-4901-86AC-B95EFCD1832D}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{B31526B4-B506-49B3-8D9C-34BB75BBE376}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{3CF768AB-B1BA-4F64-B802-20DB31439ECF}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
15-04-2022 17:43:24 Restore Point Created by FRST
15-04-2022 17:53:41 Revo Uninstaller Pro's restore point - AdAwareUpdater
16-04-2022 17:32:32 Revo Uninstaller Pro's restore point - Auslogics Duplicate File Finder
16-04-2022 17:36:02 Revo Uninstaller Pro's restore point - Auslogics Disk Defrag
17-04-2022 10:37:41 AdwCleaner_BeforeCleaning_17/04/2022_10:37:40
17-04-2022 14:14:38 AdwCleaner_BeforeCleaning_17/04/2022_14:14:34
17-04-2022 14:26:30 AdwCleaner_BeforeCleaning_17/04/2022_14:26:27
17-04-2022 14:38:19 AdwCleaner_BeforeCleaning_17/04/2022_14:38:16
 
==================== Faulty Device Manager Devices ============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/18/2022 11:50:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (04/18/2022 11:47:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 18.4.2022.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ab4
 
Start Time: 01d85311c236da44
 
Termination Time: 0
 
Application Path: C:\Users\Art\Desktop\FRST64.exe
 
Report Id: 3653d98e-bf37-11ec-89e8-1cc1de5dad22
 
Error: (04/18/2022 05:48:23 AM) (Source: VSS) (EventID: 12297) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume \\?\Volume{9dc8774d-fdda-11e4-b284-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
], Release[0x00000000, The operation completed successfully.
], OnRun[0x00000000, The operation completed successfully.
].
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (04/18/2022 05:48:23 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{9dc8774d-fdda-11e4-b284-806e6f6e6963} - 0000000000000248,0x0053c000,00000000003BD690,0,00000000003BE6A0,4096,[0]).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: calling flush-and-hold IOCTL
   Current State: flush-and-hold writes
   Volume Name: \\?\Volume{9dc8774d-fdda-11e4-b284-806e6f6e6963}\
 
Error: (04/18/2022 03:23:08 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0xD000010A
6.1.7601.17514
 
Error: (04/18/2022 03:23:08 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0xD000010A
6.1.7601.17514
 
Error: (04/18/2022 03:22:20 AM) (Source: Software Protection Platform Service) (EventID: 1001) (User: )
Description: The Software Protection service failed to start. 0xD000010A
6.1.7601.17514
 
Error: (04/17/2022 10:47:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
 
System errors:
=============
Error: (04/18/2022 11:56:47 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
 
Error: (04/18/2022 11:49:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/18/2022 11:49:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/18/2022 11:49:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/18/2022 11:49:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/18/2022 11:49:03 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (04/18/2022 11:49:03 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (04/18/2022 11:48:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard 786H1 v01.02 12/16/2009
Motherboard: Hewlett-Packard 304Bh
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 40%
Total physical RAM: 7991.29 MB
Available physical RAM: 4777.02 MB
Total Virtual: 15980.73 MB
Available Virtual: 12787.58 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:704.82 GB) NTFS
 
\\?\Volume{9dc8774c-fdda-11e4-b284-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 75E2953E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

Advertisements

#17
DR M
Posted 18 April 2022 - 02:22 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi.
 
I missed Outbyte AVArmor in the previous instructions. Please uninstall it. 
 
Since you chose to remove the pre-installed software, also consider to uninstall HP Support Solutions Framework.
 
 
After the above uninstallments:
 
 
1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
FirewallRules: [TCP Query User{B49E544D-6E50-4481-A8F5-880F2F9499F7}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{CB26F1F7-99AD-4256-894B-BC99E8CD701F}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [TCP Query User{E2BFD027-3D18-4E15-B194-C7B351796008}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{71440E9D-3A85-47ED-BBC7-607E4AC7A70A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
Task: {01573DE8-0D4C-4861-916B-E8F74D55E117} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {183FCA79-3655-469D-9FBF-30F3D67FC261} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Art\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-17] (ESET, spol. s r.o. -> ESET)
Task: {2CF73D26-3566-4841-8CF4-08F5AEBE0667} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {4025AAEC-33CA-4922-A2F0-1F1D1E5ACA4C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {6886F4CC-75C3-40FE-929F-48DAC792DB52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {712CC812-5E71-469F-8543-21B5BFB01666} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {79C8B109-DE68-4ED8-8469-AF0F983DD250} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {A5268831-1CAE-4860-976C-3C44AD94750A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {B2B0432E-9C38-4E83-89D5-6C61C2AB0DCF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {C3155139-DB86-4D73-A8B4-A0A1E2047FF0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
Task: {C37EC27D-BF39-48DB-866F-0A0EE1440126} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {DA22D176-5183-4FA3-9DED-9BB51C2FA710} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [326320 2021-06-16] (HP Inc. -> HP Inc.)
Task: {F7B349A0-0CF2-4AB3-A759-EAAA7CA85C53} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Art\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-17] (ESET, spol. s r.o. -> ESET)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
S2 adawareantivirusservice; "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.7.1052.0\AdAwareService.exe" [X]
2022-03-19 02:36 - 2022-03-19 02:36 - 000329520 _____ C:\active_protection.txt
2022-03-19 02:36 - 2022-03-19 02:36 - 000037888 _____ C:\urls.set
2022-04-17 11:03 - 2022-01-30 05:11 - 000000000 ____D C:\Users\Art\AppData\Roaming\Auslogics
2022-04-16 17:36 - 2021-06-24 09:55 - 000000000 ____D C:\Windows\system32\Tasks\Auslogics
2022-04-16 17:36 - 2015-10-17 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2022-03-19 02:22 - 2015-10-17 06:58 - 000000000 ____D C:\ProgramData\Auslogics
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework
EmptyTemp: 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

 

2. System File Checker
 
I asked you to do that before, via FRST, as if you were running Windows 10. But you are still running Windows 7. :)

  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter;
sfc /scannow
  • ​Let the scan finish.
  • You will normally get one of the following results:
    Windows Resource Protection did not find any integrity violations
Windows Resource Protection found corrupt files and successfully repaired them
Windows Resource Protection found corrupt files but was unable to fix some of them
Windows Resource Protection could not perform the requested operation
    Please post the result you got (screenshot).

 

In your next post please post:

  1. If the uninstallments went fine
  2. The fixlist.txt
  3. The screenshot

  • 0

#18
arwier
Posted 18 April 2022 - 02:47 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
uninstall went fine
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 18-04-2022 01
Ran by Art (18-04-2022 15:31:01) Run:2
Running from C:\Users\Art\Desktop
Loaded Profiles: Art
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => ""="Service"
FirewallRules: [TCP Query User{B49E544D-6E50-4481-A8F5-880F2F9499F7}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{CB26F1F7-99AD-4256-894B-BC99E8CD701F}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [TCP Query User{E2BFD027-3D18-4E15-B194-C7B351796008}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
FirewallRules: [UDP Query User{71440E9D-3A85-47ED-BBC7-607E4AC7A70A}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Block) C:\program files (x86)\windscribe\wsappcontrol.exe => No File
Task: {01573DE8-0D4C-4861-916B-E8F74D55E117} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136304 2021-03-30] (HP Inc. -> HP Inc.)
Task: {183FCA79-3655-469D-9FBF-30F3D67FC261} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Art\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-17] (ESET, spol. s r.o. -> ESET)
Task: {2CF73D26-3566-4841-8CF4-08F5AEBE0667} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [555640 2021-03-25] (HP Inc. -> HP Inc.)
Task: {4025AAEC-33CA-4922-A2F0-1F1D1E5ACA4C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {6886F4CC-75C3-40FE-929F-48DAC792DB52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {712CC812-5E71-469F-8543-21B5BFB01666} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {79C8B109-DE68-4ED8-8469-AF0F983DD250} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {A5268831-1CAE-4860-976C-3C44AD94750A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {B2B0432E-9C38-4E83-89D5-6C61C2AB0DCF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {C3155139-DB86-4D73-A8B4-A0A1E2047FF0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
Task: {C37EC27D-BF39-48DB-866F-0A0EE1440126} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {DA22D176-5183-4FA3-9DED-9BB51C2FA710} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [326320 2021-06-16] (HP Inc. -> HP Inc.)
Task: {F7B349A0-0CF2-4AB3-A759-EAAA7CA85C53} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Art\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-04-17] (ESET, spol. s r.o. -> ESET)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
S2 adawareantivirusservice; "C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.7.1052.0\AdAwareService.exe" [X]
2022-03-19 02:36 - 2022-03-19 02:36 - 000329520 _____ C:\active_protection.txt
2022-03-19 02:36 - 2022-03-19 02:36 - 000037888 _____ C:\urls.set
2022-04-17 11:03 - 2022-01-30 05:11 - 000000000 ____D C:\Users\Art\AppData\Roaming\Auslogics
2022-04-16 17:36 - 2021-06-24 09:55 - 000000000 ____D C:\Windows\system32\Tasks\Auslogics
2022-04-16 17:36 - 2015-10-17 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2022-03-19 02:22 - 2015-10-17 06:58 - 000000000 ____D C:\ProgramData\Auslogics
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework
EmptyTemp: 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\adawareantivirusservice => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\adawareantivirusservice => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B49E544D-6E50-4481-A8F5-880F2F9499F7}C:\program files (x86)\windscribe\wsappcontrol.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CB26F1F7-99AD-4256-894B-BC99E8CD701F}C:\program files (x86)\windscribe\wsappcontrol.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E2BFD027-3D18-4E15-B194-C7B351796008}C:\program files (x86)\windscribe\wsappcontrol.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{71440E9D-3A85-47ED-BBC7-607E4AC7A70A}C:\program files (x86)\windscribe\wsappcontrol.exe" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01573DE8-0D4C-4861-916B-E8F74D55E117}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01573DE8-0D4C-4861-916B-E8F74D55E117}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{183FCA79-3655-469D-9FBF-30F3D67FC261}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{183FCA79-3655-469D-9FBF-30F3D67FC261}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CF73D26-3566-4841-8CF4-08F5AEBE0667}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CF73D26-3566-4841-8CF4-08F5AEBE0667}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4025AAEC-33CA-4922-A2F0-1F1D1E5ACA4C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4025AAEC-33CA-4922-A2F0-1F1D1E5ACA4C}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6886F4CC-75C3-40FE-929F-48DAC792DB52}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6886F4CC-75C3-40FE-929F-48DAC792DB52}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\PC Health Analysis" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{712CC812-5E71-469F-8543-21B5BFB01666}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{712CC812-5E71-469F-8543-21B5BFB01666}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79C8B109-DE68-4ED8-8469-AF0F983DD250}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79C8B109-DE68-4ED8-8469-AF0F983DD250}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5268831-1CAE-4860-976C-3C44AD94750A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5268831-1CAE-4860-976C-3C44AD94750A}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2B0432E-9C38-4E83-89D5-6C61C2AB0DCF}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2B0432E-9C38-4E83-89D5-6C61C2AB0DCF}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\WarrantyChecker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3155139-DB86-4D73-A8B4-A0A1E2047FF0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3155139-DB86-4D73-A8B4-A0A1E2047FF0}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C37EC27D-BF39-48DB-866F-0A0EE1440126}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C37EC27D-BF39-48DB-866F-0A0EE1440126}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA22D176-5183-4FA3-9DED-9BB51C2FA710}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA22D176-5183-4FA3-9DED-9BB51C2FA710}" => removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\Product Configurator" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7B349A0-0CF2-4AB3-A759-EAAA7CA85C53}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7B349A0-0CF2-4AB3-A759-EAAA7CA85C53}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
HKLM\System\CurrentControlSet\Services\HPSupportSolutionsFrameworkService => removed successfully
HPSupportSolutionsFrameworkService => service removed successfully
HKLM\System\CurrentControlSet\Services\adawareantivirusservice => removed successfully
adawareantivirusservice => service removed successfully
C:\active_protection.txt => moved successfully
C:\urls.set => moved successfully
C:\Users\Art\AppData\Roaming\Auslogics => moved successfully
C:\Windows\system32\Tasks\Auslogics => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics => moved successfully
C:\ProgramData\Auslogics => moved successfully
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions => moved successfully
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7859082 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 9938051 B
Edge => 0 B
Chrome => 366259747 B
Firefox => 0 B
Opera => 366732966 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 1211 B
LocalService => 1211 B
NetworkService => 81189 B
Art => 21627552 B
G5PWFULZDC => 21627552 B
 
RecycleBin => 118490 B
EmptyTemp: => 757.5 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:31:50 ====
 
 
 
Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.
 
C:\Windows\system32>sfc /scannow
 
Windows Resource Protection could not start the repair service.
 
C:\Windows\system32>

  • 0

#19
DR M
Posted 18 April 2022 - 02:53 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts
Thanks.

We will deal with this last issue tomorrow. It’s midnight for me now.
  • 0

#20
arwier
Posted 18 April 2022 - 04:33 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

thank you and goodnight


  • 0

#21
DR M
Posted 19 April 2022 - 05:04 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, arwier. 

 

  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • If prompted, enter a username and password that grants admin rights to the computer.
  • Copy/paste the command below and press on Enter;  
    sc config trustedinstaller start= auto
  • Press Enter. You should get a SUCCESS message.
  • Copy/paste the following command and press Enter. 
    net start trustedinstaller
  • You should receive a message that the service was started.
  • Try the sfc /scannow command again, as you did at Step 2 here.
  • Let me know about the result.

  • 0

#22
arwier
Posted 19 April 2022 - 02:53 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

this is the cmd prompt window

 

 

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.
 
C:\Windows\system32>sc config trustedinstaller start= auto
[SC] ChangeServiceConfig SUCCESS
 
C:\Windows\system32>net start trustedinstaller
The Windows Modules Installer service is starting.
The Windows Modules Installer service was started successfully.
 
 
C:\Windows\system32>sfc /scannow
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
Verification 100% complete.
 
Windows Resource Protection found corrupt files and successfully repaired
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log
 
The system file repair changes will take effect after the next reboot.
 
C:\Windows\system32>

  • 0

#23
DR M
Posted 19 April 2022 - 11:33 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Excellent, arwier!
 
As you see,
 

Windows Resource Protection found corrupt files and successfully repaired them.

 
Now the computer is clean and the corruptions are repaired, one thing remains...

Is there any reason why you haven't upgraded to Windows 10? Support for that operating system ended in January 2020. It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

If you want to upgrade, I suggest the following procedure. It will reinstall and update the operating system and fix any corruptions, without removing any file or program.

  • Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
  • Save the tool on your Desktop and double click to run it.
  • On the License terms page, if you accept the license terms, select Accept.
  • On the What do you want to do page, select Upgrade this PC now, and then select Next.
  • Follow the instructions and select Keep personal files and apps, when you are asked to.
  • It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
  • After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

Let me know if you would like to upgrade now.

If you don't want to do that now, I'll give you instructions to remove the tools we used and create a new restore point.


  • 0

#24
arwier
Posted 20 April 2022 - 12:18 AM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

I don't think I am quite ready to upgrade yet but in the future


Edited by arwier, 20 April 2022 - 01:47 AM.

  • 0

#25
DR M
Posted 20 April 2022 - 02:52 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Fine. I recommend you, however, to do that sooner than later, since it is a matter of security.

 

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0

Advertisements

#26
arwier
Posted 20 April 2022 - 04:53 AM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
# Run at 4/20/2022 5:45:57 AM
# KpRm (Kernel-panik) version 2.9.3
# Run by Art from C:\Users\Art\Desktop
# Computer Name: ART-PC
# OS: Windows 7 X64 (7601) Service Pack 1
# Number of passes: 1
 
- Checked options -
 
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines
 
- Create Registry Backup -
 
   ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\Art\NTUSER.dat backed up
 
     [OK] Registry Backup: C:\KPRM\backup\2022-04-20-05-45-56
 
- Delete Tools -
 
 
  ## AdwCleaner
     [OK] C:\Users\Art\Desktop\adwcleaner(1).exe deleted
     [OK] C:\AdwCleaner deleted
 
  ## ESET Online Scanner
     [OK] C:\Users\Art\Desktop\ESET Online Scanner.lnk deleted
     [OK] C:\Users\Art\Desktop\esetonlinescanner.exe deleted
     [OK] C:\Users\Art\Downloads\esetonlinescanner.exe deleted
     [OK] C:\Users\Art\AppData\Local\ESET\ESETOnlineScanner deleted
 
  ## FRST
     [OK] C:\Users\Art\Desktop\Addition.txt deleted
     [OK] C:\Users\Art\Desktop\Fixlog.txt deleted
     [OK] C:\Users\Art\Desktop\FRST-OlderVersion deleted
     [OK] C:\Users\Art\Desktop\FRST.txt deleted
     [OK] C:\Users\Art\Desktop\FRST64.exe deleted
     [OK] C:\Users\Art\Desktop\misc\FRST-OlderVersion deleted
     [OK] C:\Users\Art\Desktop\misc\FRST64.exe deleted
     [OK] C:\FRST deleted
 
- Restore System Settings -
 
     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files
 
- Restore UAC -
 
     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value
 
- Clear Restore Points -
 
   ~ [OK] RP named Revo Uninstaller Pro's restore point - Auslogics Duplicate File Finder created at 04/16/2022 22:32:32 deleted
   ~ [OK] RP named Revo Uninstaller Pro's restore point - Auslogics Disk Defrag created at 04/16/2022 22:36:02 deleted
   ~ [OK] RP named AdwCleaner_BeforeCleaning_17/04/2022_10:37:40 created at 04/17/2022 15:37:41 deleted
   ~ [OK] RP named AdwCleaner_BeforeCleaning_17/04/2022_14:14:34 created at 04/17/2022 19:14:38 deleted
   ~ [OK] RP named AdwCleaner_BeforeCleaning_17/04/2022_14:26:27 created at 04/17/2022 19:26:30 deleted
   ~ [OK] RP named AdwCleaner_BeforeCleaning_17/04/2022_14:38:16 created at 04/17/2022 19:38:19 deleted
   ~ [OK] RP named Restore Point Created by FRST created at 04/18/2022 20:31:02 deleted
     [OK] All system restore points have been successfully deleted
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named KpRm created at 04/20/2022 10:47:53
 
-- KPRM finished in 147.78s --
 
 
 
thank you very much for all  your help
and as soon as I can afford it I will update to win10  my systems are all made of parts that others threw out

  • 0

#27
DR M
Posted 20 April 2022 - 05:00 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, arwier. 

 

This is the end of the road.  :yes: 


Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now the Security Essentials. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing. ZZZQehw.gif


I'm glad I was able to help you.


  • 0

#28
arwier
Posted 21 April 2022 - 03:34 PM

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

well I thank you very much 


  • 0

#29
DR M
Posted 22 April 2022 - 12:37 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts
You are very welcome. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP