Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

can not start my firewall

Started by arwier , Oct 07 2022 04:14 PM

  • Please log in to reply

#1
arwier
Posted 07 October 2022 - 04:14 PM

arwier

    Member

  • Member
  • PipPip
  • 78 posts

sometime after installing mbam premium a flag showed up for important issues when I clicked on it it said windows could not start my firewall I needed to start it manually so I tried and it won't let me do it that way either it is also popping up a warning about a trojan ocationally  that is an out going following are the 2 text files you requested 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-10-2022 01
Ran by Art (administrator) on ART-PC (Hewlett-Packard HP Compaq 8100 Elite CMT PC) (07-10-2022 16:39:28)
Running from C:\Users\Art\Desktop
Loaded Profiles: Art
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Users\Art\AppData\Local\Programs\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Art\AppData\Local\Programs\Opera\90.0.4480.84\opera_crashreporter.exe
(explorer.exe ->) (CANON INC. -> CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP3LAK.EXE
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Opera Norway AS -> Opera Software) C:\Users\Art\AppData\Local\Programs\Opera\opera.exe <15>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (INTERNET PROJECT LLC -> Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(spool\drivers\x64\3\CNAP3LAK.EXE ->) (CANON INC. -> CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABISWD.EXE <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\Windscribe.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CNAP3 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP3LAK.EXE [228520 2021-01-02] (CANON INC. -> CANON INC.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-22] (Kilonova LLC -> )
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Run: [Opera Browser Assistant] => C:\Users\Art\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MARINE~1.SCR [6938624 2011-06-09] (SereneScreen) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [152064 2013-01-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CNAP3 Monitor: C:\Windows\system32\CNAP3SMD.DLL [1470464 2014-11-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON XP-340 Series 64MonitorBE: C:\Windows\system32\E_YLMBRBE.DLL [182784 2015-12-08] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2008-03-03] (Hewlett Packard) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\106.0.5249.103\Installer\chrmstp.exe [2022-10-05] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06C59630-0D72-4EC6-AD9B-8C1E520CE97A} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {31500587-F98F-4A30-93F0-BABFD763FBBD} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {5FACF251-4467-4E32-B03F-480E52F69FF3} - System32\Tasks\Opera scheduled Autoupdate 1627571888 => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe [2538448 2022-09-05] (Opera Norway AS -> Opera Software)
Task: {6D43F3A2-07DA-43E8-9C54-27CA2ABE2F8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
Task: {76530735-C7FD-442C-9E8D-C0FE3E33598D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2012456220-316695357-2301545490-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {7C5FD3AE-1DAF-431D-98BC-79EE52090C02} - System32\Tasks\{99472F5E-C01B-4B91-9137-2EFA7592DDFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\OpenOffice 4\program\scalc.exe" -d C:\Users\Art\Desktop -c -o "C:\Users\Art\Desktop\May2017Bills.ods"
Task: {AA1FC477-E2D9-4AEE-A46B-938B6C698E3D} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1775752 2013-08-30] (CANON INC. -> CANON INC.) -> /Config:"C:\Program Files\Canon\OIPPESP\CnpspCfg.xml"
Task: {D91F7D29-97EE-4A2A-A9C0-ED4EA47571F5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {FE887839-7E11-45F3-B917-99F7A03A9354} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-27] (Apple Inc. -> Apple Inc.)
Task: {FF988BA5-04AB-4661-B841-C5D586EDB41F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
Task: {FFE661D7-25C3-418D-83E4-F91C338CB17A} - System32\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 23.19.68.138 us-west-047.whiskergalaxy.com   #added by Windscribe, do not modify.
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{46456222-9B9B-4384-B862-62B2FAC12445}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{62EBE42C-851F-43FB-B7E2-E9334B0F8D6F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C2FF94D0-814D-4E8F-90ED-ED9873A2EBF2}: [NameServer] 10.255.255.2
 
Edge: 
=======
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF DefaultProfile: whx4aer7.default-1627042292606
FF ProfilePath: C:\Users\Art\AppData\Roaming\TomTom\HOME\Profiles\xd4wb18b.default [2021-06-24]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF ProfilePath: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\whx4aer7.default-1627042292606 [2022-04-18]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-09-07] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default [2022-10-07]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-26]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
Opera: 
=======
OPR Profile: C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable [2022-10-07]
OPR Notifications: Opera Stable -> hxxps://myhomenetwork.att.com
OPR StartupUrls: Opera Stable -> "hxxp://google.com/"
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-06-30]
OPR Extension: (Opera Wallet) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2022-10-07]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-13]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc. -> Apple Inc.)
S3 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [73200 2018-10-10] (INTERNET PROJECT LLC -> Freemake)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [15856 2018-10-10] (INTERNET PROJECT LLC -> Ellora Assets Corp.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8765464 2022-09-03] (Malwarebytes Inc. -> Malwarebytes)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1256880 2022-07-09] (Windscribe Limited -> Windscribe Limited)
S4 TeamViewer9; "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [34416 2017-06-20] (Anvsoft Inc. -> AnvSoft Inc.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (西安博汇电子科技有限公司 -> Wireless Data Device)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [78848 2009-12-21] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2022-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 FXVAD; C:\Windows\System32\drivers\fxvad.sys [326120 2021-07-14] (FxSound, LLC -> Windows ® Win 7 DDK provider)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (ZTE CORPORATION -> HandSet Incorporated)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193488 2022-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [75216 2022-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2022-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [149432 2022-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [48544 2022-03-19] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2014-11-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [29184 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [31232 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [37888 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94720 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 WindscribeSplitTunnel; C:\Windows\System32\DRIVERS\WindscribeSplitTunnel.sys [25384 2022-07-09] (Windscribe Limited -> )
R3 windtun420; C:\Windows\System32\DRIVERS\windtun420.sys [38312 2022-03-19] (Windscribe Limited -> WireGuard LLC)
S3 MpKslbb6e0e65; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4542B7-CE09-4B0F-B52E-C2B466C57C9A}\MpKslDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-07 16:39 - 2022-10-07 16:40 - 000017051 _____ C:\Users\Art\Desktop\FRST.txt
2022-10-07 16:39 - 2022-10-07 16:39 - 000000000 ____D C:\Users\Art\Desktop\FRST-OlderVersion
2022-10-07 16:39 - 2022-10-07 16:39 - 000000000 ____D C:\FRST
2022-10-07 16:37 - 2022-10-07 16:39 - 002372096 _____ (Farbar) C:\Users\Art\Desktop\FRST64.exe
2022-10-02 14:07 - 2022-10-02 14:07 - 000193488 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2022-10-02 14:07 - 2022-10-02 14:07 - 000149432 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2022-10-02 14:07 - 2022-10-02 14:07 - 000075216 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2022-09-28 03:10 - 2022-09-28 03:10 - 000000000 ____D C:\Users\Art\AppData\Roaming\com.adobe.dunamis
2022-09-27 15:17 - 2022-09-27 15:17 - 000143489 _____ C:\Users\Art\Downloads\EasyPayTermsAgreement.pdf
2022-09-26 15:01 - 2022-10-02 14:07 - 000239544 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-09-26 15:01 - 2022-10-02 14:07 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-09-21 14:14 - 2022-09-30 02:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-07 16:28 - 2022-02-11 01:01 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{BF21A923-A93E-412B-9FC4-6EA3E52D3F63}
2022-10-07 16:21 - 2015-05-18 22:15 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-07 15:03 - 2015-11-29 00:20 - 000000384 _____ C:\Windows\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000.job
2022-10-07 13:00 - 2015-11-29 00:20 - 000000384 _____ C:\Windows\Tasks\update-sys.job
2022-10-07 03:30 - 2009-07-13 23:45 - 000036096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2022-10-07 03:30 - 2009-07-13 23:45 - 000036096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2022-10-06 23:23 - 2022-01-02 13:06 - 000028216 _____ C:\Users\Art\Desktop\Bills 2022.ods
2022-10-06 23:23 - 2021-08-02 05:35 - 000108032 ___SH C:\Users\Art\Desktop\Thumbs.db
2022-10-05 20:22 - 2021-08-02 10:35 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-10-05 20:22 - 2021-08-02 10:35 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-10-03 02:00 - 2018-08-13 07:29 - 000000000 ____D C:\Users\Art\AppData\LocalLow\Mozilla
2022-10-03 00:30 - 2020-02-03 10:23 - 000000000 ____D C:\ProgramData\Mozilla
2022-10-01 04:40 - 2015-12-03 18:39 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2022-09-30 03:24 - 2021-09-20 23:49 - 000000000 ____D C:\Users\Art\Desktop\temp sort music
2022-09-30 02:27 - 2015-10-03 12:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-09-28 03:03 - 2009-07-14 00:13 - 000798694 _____ C:\Windows\system32\PerfStringBackup.INI
2022-09-28 03:03 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2022-09-28 02:58 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-09-24 23:11 - 2015-12-10 06:23 - 000000000 ____D C:\Users\Art\AppData\Local\ElevatedDiagnostics
2022-09-20 08:21 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2022-09-11 20:02 - 2015-12-03 18:39 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-09-07 11:56 - 2021-07-29 10:18 - 000004026 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1627571888
 
==================== Files in the root of some directories ========
 
2016-02-17 21:13 - 2016-03-08 03:27 - 000399360 _____ () C:\Program Files\CascLib.dll
2016-02-17 21:13 - 2016-03-08 03:27 - 000326144 _____ () C:\Program Files\DXPRecastPathFinding2.dll
2016-02-19 22:52 - 2016-02-19 22:52 - 000003766 _____ () C:\Program Files\error.txt
2016-02-17 21:13 - 2016-02-01 15:51 - 000301056 _____ (The Apache Software Foundation) C:\Program Files\log4net.dll
2016-02-17 21:13 - 2016-02-01 15:51 - 000510976 _____ (Newtonsoft) C:\Program Files\Newtonsoft.Json.dll
2016-02-17 21:13 - 2016-02-01 15:51 - 000230912 _____ (Alexandre Mutel) C:\Program Files\SharpDX.Direct2D1.dll
2016-02-17 21:13 - 2016-02-01 15:51 - 000558080 _____ (Alexandre Mutel) C:\Program Files\SharpDX.dll
2016-02-17 21:13 - 2016-02-01 15:51 - 000090624 _____ (Alexandre Mutel) C:\Program Files\SharpDX.DXGI.dll
2016-06-20 11:11 - 2013-08-31 14:01 - 000121696 _____ () C:\Program Files\Weather_Meter_V1.7.gadget
2016-01-17 14:28 - 2017-03-28 21:09 - 000000933 _____ () C:\Users\Art\AppData\Roaming\burnaware.ini
2017-07-29 23:33 - 2017-07-30 03:10 - 000000098 _____ () C:\Users\Art\AppData\Roaming\LauncherSettings_live.cfg
2017-07-30 01:01 - 2017-07-30 01:01 - 000000042 _____ () C:\Users\Art\AppData\Roaming\TheHunterSettings_live.cfg
2016-09-27 00:21 - 2016-09-27 00:21 - 000000046 _____ () C:\Users\Art\AppData\Roaming\WB.CFG
2017-10-27 13:33 - 2020-06-03 13:29 - 000000367 _____ () C:\Users\Art\AppData\Roaming\Weather Meter_Settings.ini
2016-01-24 09:57 - 2016-02-04 21:50 - 000000031 _____ () C:\Users\Art\AppData\Local\burnaware.ini
2019-02-28 23:12 - 2022-09-04 02:23 - 000000084 _____ () C:\Users\Art\AppData\Local\DVDPATH.TXT
2019-11-06 19:35 - 2022-03-22 23:07 - 000007668 _____ () C:\Users\Art\AppData\Local\Resmon.ResmonCfg
2021-06-24 07:08 - 2021-06-24 07:08 - 000000003 _____ () C:\Users\Art\AppData\Local\updater.log
2015-11-29 00:20 - 2022-03-05 20:09 - 000000424 _____ () C:\Users\Art\AppData\Local\UserProducts.xml
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2022-10-04 04:31
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-10-2022 01
Ran by Art (07-10-2022 16:40:32)
Running from C:\Users\Art\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X64) (2015-05-19 02:10:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2012456220-316695357-2301545490-500 - Administrator - Disabled)
Art (S-1-5-21-2012456220-316695357-2301545490-1000 - Administrator - Enabled) => C:\Users\Art
G5PWFULZDC (S-1-5-21-2012456220-316695357-2301545490-1001 - Limited - Enabled) => C:\Users\G5PWFULZDC
Guest (S-1-5-21-2012456220-316695357-2301545490-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2012456220-316695357-2301545490-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\uTorrent) (Version: 3.5.5.46348 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.002.20212 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD APP SDK Runtime (HKLM\...\{503F672D-6C84-448A-8F8F-4BC35AC83441}) (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B046F915-7A34-7D83-5494-67D8BD488538}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Problem Report Wizard (HKLM\...\{4987DDA3-6101-B196-7717-85818D77E89C}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.) Hidden
AntimalwareEngine (HKLM\...\{5C7A5F94-02E9-4C5D-A594-B1F10865965A}) (Version: 3.0.160.0 - adaware) Hidden
Any Video Converter Ultimate 6.2.4 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 7.0.13.0 - Auslogics Labs Pty Ltd)
AVCWare DVD Copy 2 (HKLM-x32\...\AVCWare DVD Copy 2) (Version: 2.0.4.20170210 - AVCWare)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 1.2.11 - CANON INC.) Hidden
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.2.11.10002 - CANON INC.)
Canon LBP6230 6240 Uninstaller (HKLM\...\Canon LBP6230 6240) (Version: 6, 3, 1, 0 - Canon Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
Clementine (HKLM-x32\...\Clementine) (Version: 1.3.1 - Clementine)
DVD43 Plug-in v1.0.0.6 (HKLM-x32\...\DVD43 Plug-in_is1) (Version:  - )
DVD-Cloner 2019 (HKLM-x32\...\DVD-Cloner 2019_is1) (Version: 16.10.0.1444 - OpenCloner Inc.)
Easy Photo Scan (HKLM-x32\...\{1021AA9F-6A0A-4128-B89B-1A05A8DD1770}) (Version: 1.00.0009 - Seiko Epson Corporation)
EKS Sherlock (HKLM-x32\...\EKS Sherlock) (Version:  - )
Filmotech v3.9.1 (HKLM\...\Filmotech_is1) (Version: 3.9.1 - )
Freemake Video Converter version 4.1.10 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 106.0.5249.103 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{C9EF1AAF-B542-41C8-A537-1142DA5D4AEC}) (Version: 6.0.3.1 - Hewlett-Packard) Hidden
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.18.34.21 - Hewlett-Packard Company)
HydraVision (HKLM-x32\...\{5F170011-13ED-E84C-7844-6B941CA34F30}) (Version: 4.2.222.0 - Advanced Micro Devices, Inc.) Hidden
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
LG VZW United Drivers (HKLM-x32\...\{BEEBD17D-FF29-4508-8032-2D1FA66F7B77}) (Version: 2.23.1 - LG Electronics)
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.13 - Magical Jelly Bean)
Malwarebytes version 4.5.14.210 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.14.210 - Malwarebytes)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.23.5.1 - Marvell)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.34 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Money Shared Libraries (HKLM-x32\...\{7F1B3341-A94E-4F5C-B587-CA0EB964221E}) (Version: 17.0.0.3817 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Free 10.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0 - Mozilla)
Mozilla Thunderbird 78.11.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 78.11.0 (x86 en-US)) (Version: 78.11.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NewFreeScreensaver nfsUnderwaterLife (HKLM-x32\...\nfsUnderwaterLife New Free Screensaver_is1) (Version:  - NewFreeScreensavers.com)
ODT Viewer version 1.0 (HKLM-x32\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
OpenOffice 4.1.10 (HKLM-x32\...\{D909483F-780E-4232-9313-4C24A1B09BE8}) (Version: 4.110.9807 - Apache Software Foundation)
Opera Stable 90.0.4480.84 (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Opera 90.0.4480.84) (Version: 90.0.4480.84 - Opera Software)
Outbyte AVArmor (HKLM\...\{6D2DE302-B1E4-47BC-A870-83089CA9A6D8}_is1) (Version: 4.1.2.62618 - Outbyte Computing Pty Ltd)
Pogo (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\7800fd33e6d3fd32066a5d9e92b24b59) (Version: 1.0 - Google\Chrome)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Revo Uninstaller Pro 5.0.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.0.5 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.0 - Prolific Publishing, Inc.)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{F3BA1C5E-51F1-4256-B5FD-0C060D963D35}) (Version: 2.17.0214 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{EDB7BFB3-9B55-4A70-920F-35226A4E4A12}) (Version: 2.16.0504 - Samsung Electronics Co., Ltd.)
Windows Driver Package - Canon Printer  (07/02/2019 21.46.0.0) (HKLM\...\7B4C73808C155604A986DC16347581EF007C38D5) (Version: 07/02/2019 21.46.0.0 - Canon)
Windows Driver Package - Intel System  (07/09/2013 9.1.9.1004) (HKLM\...\BD28A75CDFB28255C4F7327AD9EC5B23B9DD7481) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\BF1AD0105EBDCA6E730BE93DE583343339830A7A) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Media Player 9 Series Winter Fun Pack (HKLM-x32\...\{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}) (Version: 1.0.0 - <no manufacturer>)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.4.10 - Windscribe Limited)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B08 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pogo.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=bkjcnfmlobgpbcmjdhpedlfcbcbdgmag
 
==================== Loaded Modules (Whitelisted) =============
 
2018-05-23 08:58 - 2022-07-09 20:05 - 002854912 _____ () [File not signed] C:\Program Files (x86)\Windscribe\libGLESv2.dll
2018-07-06 01:14 - 2022-07-09 20:05 - 000074752 _____ () [File not signed] C:\Program Files (x86)\Windscribe\zlib1.dll
2021-08-04 15:23 - 2013-01-31 04:21 - 000152064 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2008-03-03 13:35 - 2008-03-03 13:35 - 000153088 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hptcpmib.dll
2008-03-03 13:36 - 2008-03-03 13:36 - 000331264 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\HpTcpMon.dll
2005-04-08 01:27 - 2005-04-08 01:27 - 000132096 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hpzjrd01.dll
2016-02-09 16:25 - 2008-05-07 20:59 - 000099840 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpzpplhn.dll
2008-03-03 13:36 - 2008-03-03 13:36 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\HPTcpMUI.dll
2017-06-24 19:45 - 2015-12-08 14:08 - 000182784 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\E_YLMBRBE.DLL
2018-07-06 01:14 - 2022-07-09 20:05 - 000168448 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\cares.dll
2018-05-23 08:58 - 2022-07-09 20:05 - 000419840 _____ (The curl library, hxxps://curl.se/) [File not signed] C:\Program Files (x86)\Windscribe\libcurl.dll
2022-03-19 02:52 - 2022-07-09 20:05 - 002227712 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\libcrypto-1_1.dll
2022-03-19 02:52 - 2022-07-09 20:05 - 000532992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\libssl-1_1.dll
2022-07-09 20:05 - 2022-07-09 20:05 - 000026624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qgif.dll
2022-07-09 20:05 - 2022-07-09 20:05 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qico.dll
2022-07-09 20:05 - 2022-07-09 20:05 - 000382464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qjpeg.dll
2022-07-09 20:05 - 2022-07-09 20:05 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qsvg.dll
2022-07-09 20:05 - 2022-07-09 20:05 - 001171456 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Windscribe\platforms\qwindows.dll
2018-05-23 08:58 - 2022-07-09 20:05 - 005104640 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Core.dll
2018-05-23 08:58 - 2022-07-09 20:05 - 004101120 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Gui.dll
2018-05-23 08:58 - 2022-07-09 20:05 - 001072128 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Network.dll
2022-03-19 02:52 - 2022-07-09 20:05 - 000270336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Svg.dll
2018-05-23 08:58 - 2022-07-09 20:05 - 004573696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Widgets.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Version 11) (Whitelisted) ==========
 
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\localhost -> localhost
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-10-07 16:06 - 2022-10-07 16:20 - 000000907 _____ C:\Windows\system32\drivers\etc\hosts
23.19.68.138 us-west-047.whiskergalaxy.com   #added by Windscribe, do not modify.
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Art\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.255.255.2 - 192.168.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D46333DB-7ECF-41C1-AC2F-2B393DC04A73}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D3BAF84-2602-4CFD-9A9B-78C8161F808B}] => (Allow) LPort=67
FirewallRules: [{9AFEE362-8358-4F36-839E-8A35E6221800}] => (Allow) LPort=67
FirewallRules: [TCP Query User{CF4DE86D-EDFD-4AB0-9D20-3678EC1E6EBA}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{C774692B-4084-4E6A-A0A1-8F9BE26284FC}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{EF9DB066-48C9-4901-86AC-B95EFCD1832D}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{B31526B4-B506-49B3-8D9C-34BB75BBE376}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{751E0111-15BA-40C5-A5A9-244C106DE5AC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6868B33F-0F1F-466A-89AE-E0541A290A6E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe => No File
FirewallRules: [{91FF91AF-7EC2-4DB1-8F29-B9D710587095}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe => No File
FirewallRules: [{62E12E00-C0D8-4E58-88E3-C858B74C3346}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe => No File
FirewallRules: [{C5A99A89-BB8A-41D0-A191-5F6CF3849EBD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe => No File
FirewallRules: [{10DE7053-38C6-447B-B31C-F0EFE7736B87}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{00251023-C09A-46A5-9A82-9B0CF3B4E2C9}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{1A7EC659-0A95-4DB8-AD0E-D758FD284153}] => (Allow) C:\Users\Art\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{87A2D837-A8F3-41AA-BB35-2DBE8B50ACF5}] => (Allow) C:\Users\Art\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{6863FA1B-6FCA-42EC-B43F-DBE345469C48}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.49\msedgewebview2.exe => No File
FirewallRules: [{14F2CA62-FF8B-4056-9BF3-08AF7047A580}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.62\msedgewebview2.exe => No File
FirewallRules: [{EAAFE318-EBF2-4E2F-A5FC-9981B7FBAECE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{30CC7BA3-EDE4-46CA-B034-2642BA42CF47}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.71\msedgewebview2.exe => No File
FirewallRules: [{18465B9D-E91D-4B7D-BD13-552BB03C687B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe => No File
FirewallRules: [{5FBA8434-4BBB-4230-AD15-2EE35E4142EC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F3C772B6-2CEE-4E23-BB17-132C0DF422E2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.47\msedgewebview2.exe => No File
FirewallRules: [{DB27D4B0-4578-46C4-80F4-EE38C461A1DE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{556DADB7-969F-4F05-8E73-71283931588E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.54\msedgewebview2.exe => No File
FirewallRules: [{455C652E-9B33-42F0-863A-639842AF843E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F5CC9086-669F-45DC-9654-859F73F27FFD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.63\msedgewebview2.exe => No File
FirewallRules: [{11583047-D909-4CDC-852E-842DF5145EE0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{C14DFC68-E419-4705-B1A2-5DA498C3DA02}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\104.0.1293.70\msedgewebview2.exe => No File
FirewallRules: [{11BBDC62-C4AB-4E3C-9090-F172EC9F89B0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
24-09-2022 00:00:01 Scheduled Checkpoint
02-10-2022 03:57:41 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/03/2022 02:00:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (10/02/2022 07:13:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (10/02/2022 07:00:08 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location \\FREENAS2\disk1\disk2\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (10/01/2022 11:40:11 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (10/01/2022 05:11:12 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (09/30/2022 09:43:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (09/29/2022 03:07:12 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (09/28/2022 07:04:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
 
System errors:
=============
Error: (10/07/2022 04:43:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
 
Error: (10/07/2022 04:21:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (10/07/2022 04:21:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (10/07/2022 04:21:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143 = There are no more endpoints available from the endpoint mapper..
 
Error: (10/07/2022 04:21:25 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (10/07/2022 04:21:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (10/07/2022 04:21:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (10/07/2022 04:21:00 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143 = There are no more endpoints available from the endpoint mapper..
 
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard 786H1 v01.02 12/16/2009
Motherboard: Hewlett-Packard 304Bh
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 58%
Total physical RAM: 7991.29 MB
Available physical RAM: 3311.82 MB
Total Virtual: 15980.73 MB
Available Virtual: 9301.08 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:698.58 GB) (Model: WL1000GSA6472 ATA Device) NTFS
 
\\?\Volume{9dc8774c-fdda-11e4-b284-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 75E2953E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================
 
thank you in advance for any help you can give me and I know you will want me to remove at least one program and I will do so when you tell me to

 


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP