Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I am suddenly unable to stream shows from amazon prime as well as roku


  • This topic is locked This topic is locked

#1
arwier

arwier

    Member

  • Member
  • PipPip
  • 85 posts

I have been watching both amazon prime as well as ruku for months now and as of a couple weeks ago it comes up with my browser needs to be updated but when I chech my browsers say I have the latest edition. I tried both opera as well as chrome and both do the same here are the 2 logs you ask for

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-11-2024
Ran by Art (administrator) on ART-PC (Hewlett-Packard HP Compaq 8100 Elite CMT PC) (05-12-2024 20:18:56)
Running from C:\Users\Art\Desktop\FRST64.exe
Loaded Profiles: Art
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Users\Art\AppData\Local\Programs\Opera\95.0.4635.90_0\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Art\AppData\Local\Programs\Opera\95.0.4635.90_0\opera_crashreporter.exe
(CANON INC. -> CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABISWD.EXE
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Opera Norway AS -> Opera Software) C:\Users\Art\AppData\Local\Programs\Opera\95.0.4635.90_0\opera.exe <44>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CNAP3 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP3LAK.EXE [228520 2021-01-02] (CANON INC. -> CANON INC.)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Run: [] => [X]
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Run: [Opera Browser Assistant] => C:\Users\Art\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [5037984 2023-10-30] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Run: [Opera Stable] => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe [2635168 2023-10-30] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MARINE~1.SCR [6938624 2011-06-09] (SereneScreen) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [152064 2013-01-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CNAP3 Monitor: C:\Windows\system32\CNAP3SMD.DLL [1470464 2014-11-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON XP-340 Series 64MonitorBE: C:\Windows\system32\E_YLMBRBE.DLL [182784 2015-12-08] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2008-03-03] (Hewlett Packard) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-26] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {7C5FD3AE-1DAF-431D-98BC-79EE52090C02} - System32\Tasks\{99472F5E-C01B-4B91-9137-2EFA7592DDFE} => C:\Windows\System32\pcalua.exe [9728 2019-02-10] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files (x86)\OpenOffice 4\program\scalc.exe" -d C:\Users\Art\Desktop -c -o "C:\Users\Art\Desktop\May2017Bills.ods"
Task: {67D380F6-8B95-4109-8B0A-CBE97E9C0AD4} - System32\Tasks\{D0F070BE-71C2-4F98-BED0-14ED81A7A042} => E:\_MSSETUP.EXE  (No File)
Task: {7BBF01DC-B8AE-42E6-8F30-08E8146134D3} - System32\Tasks\{F2839577-BF7D-4277-8B8A-B63AEE89C6AF} => C:\Windows\System32\pcalua.exe [9728 2019-02-10] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Art\Downloads\fmsdisk01.exe -d C:\Users\Art\Downloads
Task: {FDCEFB6E-F982-499F-8D9C-FF16C8339940} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {FE887839-7E11-45F3-B917-99F7A03A9354} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-27] (Apple Inc. -> Apple Inc.)
Task: {62F16D2D-6BF5-4449-9628-6B91C08CE1B9} - System32\Tasks\Auslogics\Disk Defrag\Start Disk Defrag on Art logon => C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe [5921032 2022-12-23] (Auslogics Labs Pty Ltd -> Auslogics)
Task: {C677526A-EAB5-4D48-8C8A-44AE76205E4E} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1775752 2013-08-30] (CANON INC. -> CANON INC.) -> /Config:"C:\Program Files\Canon\OIPPESP\CnpspCfg.xml"
Task: {76530735-C7FD-442C-9E8D-C0FE3E33598D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2012456220-316695357-2301545490-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {FF988BA5-04AB-4661-B841-C5D586EDB41F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
Task: {6D43F3A2-07DA-43E8-9C54-27CA2ABE2F8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
Task: {06C59630-0D72-4EC6-AD9B-8C1E520CE97A} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe  do-task "E7CF176E110C211B" (No File)
Task: {E2AF877E-D64C-4194-B7F8-5A13922E9E1D} - System32\Tasks\Opera scheduled assistant Autoupdate 1627571894 => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe [2635168 2023-10-30] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Art\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {CDDF54F3-1128-44C6-B02B-23AB1E6B38B0} - System32\Tasks\Opera scheduled Autoupdate 1627571888 => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe [2635168 2023-10-30] (Opera Norway AS -> Opera Software)
Task: {FFE661D7-25C3-418D-83E4-F91C338CB17A} - System32\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {31500587-F98F-4A30-93F0-BABFD763FBBD} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 agent.mydiabetesdata.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{46456222-9B9B-4384-B862-62B2FAC12445}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{46456222-9B9B-4384-B862-62B2FAC12445}: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{62EBE42C-851F-43FB-B7E2-E9334B0F8D6F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B53D16B1-293E-409A-82FA-2CDF001223F4}: [DhcpNameServer] 192.168.168.244
 
Edge: 
=======
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF DefaultProfile: whx4aer7.default-1627042292606
FF ProfilePath: C:\Users\Art\AppData\Roaming\TomTom\HOME\Profiles\xd4wb18b.default [2021-06-24]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF ProfilePath: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\whx4aer7.default-1627042292606 [2024-11-05]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2024-11-13] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default [2024-12-04]
CHR Notifications: Default -> hxxps://www.wish.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-11-18]
CHR HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
Opera: 
=======
OPR Profile: C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable [2024-12-05]
OPR StartupUrls: Opera Stable -> "hxxps://www.google.com/"
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2024-11-13]
OPR Extension: (Opera Wallet) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2024-11-13]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2024-11-13]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc. -> Apple Inc.)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9424792 2024-11-19] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-06-02] (Malwarebytes Inc. -> Malwarebytes)
S3 ss_conn_launcher_service; C:\Windows\system32\Samsung\EasySetup\ss_conn_launcher.exe [182328 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1256880 2022-07-09] (Windscribe Limited -> Windscribe Limited)
S2 Dexcom Agent Update Service; "C:\Program Files (x86)\Dexcom\Updater\Dexcom.Agent.UpdateService.exe" [X]
S4 TeamViewer9; "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [34416 2017-06-20] (Anvsoft Inc. -> AnvSoft Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [221600 2022-09-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [177112 2022-09-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2022-09-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (西安博汇电子科技有限公司 -> Wireless Data Device)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [78848 2009-12-21] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2022-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 FXVAD; C:\Windows\System32\drivers\fxvad.sys [326120 2021-07-14] (FxSound, LLC -> Windows ® Win 7 DDK provider)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (ZTE CORPORATION -> HandSet Incorporated)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [232000 2024-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [201280 2024-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [80448 2024-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2024-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [149472 2024-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [43368 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [48544 2022-03-19] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2014-11-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [29184 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [31232 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [37888 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94720 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R1 webshieldfilter; C:\Windows\System32\drivers\webshieldfilter.sys [86880 2022-09-27] (Protected Antivirus Limited -> Windows ® Win 7 DDK provider) <==== ATTENTION
S3 WindscribeSplitTunnel; C:\Windows\System32\DRIVERS\WindscribeSplitTunnel.sys [25384 2022-07-09] (Windscribe Limited -> )
R3 windtun420; C:\Windows\System32\DRIVERS\windtun420.sys [38312 2022-03-19] (Windscribe Limited -> WireGuard LLC)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-12-05 20:18 - 2024-12-05 20:21 - 000018902 _____ C:\Users\Art\Desktop\FRST.txt
2024-12-05 20:18 - 2024-12-05 20:18 - 002402816 _____ (Farbar) C:\Users\Art\Desktop\FRST64.exe
2024-11-05 19:14 - 2024-11-06 19:05 - 000000000 ____D C:\ProgramData\Trend Micro
2024-11-05 19:14 - 2024-11-05 19:14 - 000000000 ____D C:\Users\Art\AppData\Local\cleaneronepro-updater
2024-11-05 19:13 - 2024-11-05 19:13 - 000518886 _____ C:\Users\Art\AppData\Local\census.cache
2024-11-05 19:11 - 2024-11-05 19:11 - 000275748 _____ C:\Users\Art\AppData\Local\ars.cache
2024-11-05 18:55 - 2024-11-05 18:56 - 000000000 ____D C:\Program Files\Trend Micro
2024-11-05 18:55 - 2024-11-05 18:55 - 005371368 _____ (Trend Micro Inc.) C:\Users\Art\Downloads\HousecallLauncher64.exe
2024-11-05 18:55 - 2024-11-05 18:55 - 000000036 _____ C:\Users\Art\AppData\Local\housecall.guid.cache
2024-11-05 18:48 - 2024-11-05 18:48 - 000004256 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1627571894
2024-11-05 18:45 - 2024-11-05 18:46 - 097579984 _____ (Opera Software) C:\Users\Art\Downloads\Opera_95.0.4635.90_Setup_x64.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-12-05 20:20 - 2022-10-07 15:39 - 000000000 ____D C:\FRST
2024-12-05 20:20 - 2022-02-11 00:01 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{BF21A923-A93E-412B-9FC4-6EA3E52D3F63}
2024-12-05 20:17 - 2023-05-09 08:59 - 000000000 ____D C:\Users\Art\AppData\Local\Malwarebytes
2024-12-05 19:31 - 2015-05-18 21:15 - 000000000 ____D C:\Program Files (x86)\Google
2024-12-05 19:03 - 2015-11-28 23:20 - 000000384 _____ C:\Windows\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000.job
2024-12-05 17:00 - 2015-11-28 23:20 - 000000384 _____ C:\Windows\Tasks\update-sys.job
2024-12-05 14:25 - 2023-12-29 15:47 - 000029143 _____ C:\Users\Art\Desktop\bills 2024.ods
2024-12-05 04:49 - 2009-07-13 22:45 - 000036096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2024-12-05 04:49 - 2009-07-13 22:45 - 000036096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2024-12-04 04:01 - 2022-07-31 22:39 - 000000000 ____D C:\Users\Art\Downloads\Wrong Place (2022) [720p] [WEBRip] [YTS.MX]
2024-11-26 10:08 - 2024-02-12 01:32 - 000000000 ___RD C:\Users\Art\Desktop\utilities
2024-11-26 10:08 - 2015-05-18 20:10 - 000000000 ____D C:\Users\Art
2024-11-24 22:42 - 2022-07-09 19:44 - 000003436 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-11-24 22:42 - 2022-07-09 19:44 - 000003308 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-11-19 08:15 - 2022-12-06 02:05 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-11-17 15:40 - 2022-11-07 01:21 - 000000000 ____D C:\Users\Art\AppData\Local\BitTorrentHelper
2024-11-17 13:54 - 2022-10-12 03:03 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2024-11-17 13:45 - 2009-07-13 23:13 - 000798694 _____ C:\Windows\system32\PerfStringBackup.INI
2024-11-17 13:45 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2024-11-17 13:39 - 2024-07-10 16:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2024-11-17 13:39 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-11-13 03:05 - 2015-05-18 22:24 - 000000000 ____D C:\Windows\system32\MRT
2024-11-13 03:01 - 2015-05-18 22:24 - 202035632 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-11-06 21:03 - 2022-01-30 02:59 - 000000000 ____D C:\Users\Art\Desktop\pdf files
2024-11-06 19:27 - 2021-07-27 20:26 - 000000000 ____D C:\Users\Art\AppData\Local\CrashDumps
2024-11-06 19:15 - 2024-05-12 15:33 - 000000000 ____D C:\ProgramData\Dexcom
2024-11-06 08:37 - 2015-12-03 17:39 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-11-05 19:28 - 2015-10-03 11:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-11-05 18:48 - 2021-07-29 09:18 - 000004026 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1627571888
 
==================== Files in the root of some directories ========
 
2016-02-17 20:13 - 2016-03-08 02:27 - 000399360 _____ () C:\Program Files\CascLib.dll
2016-02-17 20:13 - 2016-03-08 02:27 - 000326144 _____ () C:\Program Files\DXPRecastPathFinding2.dll
2016-02-19 21:52 - 2016-02-19 21:52 - 000003766 _____ () C:\Program Files\error.txt
2016-02-17 20:13 - 2016-02-01 14:51 - 000301056 _____ (The Apache Software Foundation) C:\Program Files\log4net.dll
2016-02-17 20:13 - 2016-02-01 14:51 - 000510976 _____ (Newtonsoft) C:\Program Files\Newtonsoft.Json.dll
2016-02-17 20:13 - 2016-02-01 14:51 - 000230912 _____ (Alexandre Mutel) C:\Program Files\SharpDX.Direct2D1.dll
2016-02-17 20:13 - 2016-02-01 14:51 - 000558080 _____ (Alexandre Mutel) C:\Program Files\SharpDX.dll
2016-02-17 20:13 - 2016-02-01 14:51 - 000090624 _____ (Alexandre Mutel) C:\Program Files\SharpDX.DXGI.dll
2016-06-20 10:11 - 2013-08-31 13:01 - 000121696 _____ () C:\Program Files\Weather_Meter_V1.7.gadget
2016-01-17 13:28 - 2017-03-28 20:09 - 000000933 _____ () C:\Users\Art\AppData\Roaming\burnaware.ini
2017-07-29 22:33 - 2017-07-30 02:10 - 000000098 _____ () C:\Users\Art\AppData\Roaming\LauncherSettings_live.cfg
2017-07-30 00:01 - 2017-07-30 00:01 - 000000042 _____ () C:\Users\Art\AppData\Roaming\TheHunterSettings_live.cfg
2016-09-26 23:21 - 2016-09-26 23:21 - 000000046 _____ () C:\Users\Art\AppData\Roaming\WB.CFG
2017-10-27 12:33 - 2023-08-24 23:30 - 000000367 _____ () C:\Users\Art\AppData\Roaming\Weather Meter_Settings.ini
2024-11-05 19:11 - 2024-11-05 19:11 - 000275748 _____ () C:\Users\Art\AppData\Local\ars.cache
2016-01-24 08:57 - 2016-02-04 20:50 - 000000031 _____ () C:\Users\Art\AppData\Local\burnaware.ini
2024-11-05 19:13 - 2024-11-05 19:13 - 000518886 _____ () C:\Users\Art\AppData\Local\census.cache
2019-02-28 22:12 - 2022-09-04 01:23 - 000000084 _____ () C:\Users\Art\AppData\Local\DVDPATH.TXT
2024-11-05 18:55 - 2024-11-05 18:55 - 000000036 _____ () C:\Users\Art\AppData\Local\housecall.guid.cache
2019-11-06 18:35 - 2022-03-22 22:07 - 000007668 _____ () C:\Users\Art\AppData\Local\Resmon.ResmonCfg
2021-06-24 06:08 - 2021-06-24 06:08 - 000000003 _____ () C:\Users\Art\AppData\Local\updater.log
2015-11-28 23:20 - 2022-03-05 19:09 - 000000424 _____ () C:\Users\Art\AppData\Local\UserProducts.xml
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2024-12-02 01:14
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-11-2024
Ran by Art (05-12-2024 20:24:28)
Running from C:\Users\Art\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X64) (2015-05-19 02:10:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2012456220-316695357-2301545490-500 - Administrator - Disabled)
Art (S-1-5-21-2012456220-316695357-2301545490-1000 - Administrator - Enabled) => C:\Users\Art
G5PWFULZDC (S-1-5-21-2012456220-316695357-2301545490-1001 - Limited - Enabled) => C:\Users\G5PWFULZDC
Guest (S-1-5-21-2012456220-316695357-2301545490-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2012456220-316695357-2301545490-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 24.004.20272 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD APP SDK Runtime (HKLM\...\{503F672D-6C84-448A-8F8F-4BC35AC83441}) (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B046F915-7A34-7D83-5494-67D8BD488538}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Problem Report Wizard (HKLM\...\{4987DDA3-6101-B196-7717-85818D77E89C}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.) Hidden
AntimalwareEngine (HKLM\...\{5C7A5F94-02E9-4C5D-A594-B1F10865965A}) (Version: 3.0.160.0 - adaware) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 11.0.0.2 - Auslogics Labs Pty Ltd)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 7.0.13.0 - Auslogics Labs Pty Ltd)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 1.2.11 - CANON INC.) Hidden
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.2.11.10002 - CANON INC.)
Canon LBP6230 6240 Uninstaller (HKLM\...\Canon LBP6230 6240) (Version: 6, 3, 1, 0 - Canon Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
Clementine (HKLM-x32\...\Clementine) (Version: 1.3.1 - Clementine)
DVD43 Plug-in v1.0.0.6 (HKLM-x32\...\DVD43 Plug-in_is1) (Version:  - )
DVDStyler v3.2.1 (HKLM\...\DVDStyler_is1) (Version:  - Thüring IT-Consulting)
Easy Photo Scan (HKLM-x32\...\{1021AA9F-6A0A-4128-B89B-1A05A8DD1770}) (Version: 1.00.0009 - Seiko Epson Corporation)
EKS Sherlock (HKLM-x32\...\EKS Sherlock) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.120 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{C9EF1AAF-B542-41C8-A537-1142DA5D4AEC}) (Version: 6.0.3.1 - Hewlett-Packard) Hidden
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.18.34.21 - Hewlett-Packard Company)
HydraVision (HKLM-x32\...\{5F170011-13ED-E84C-7844-6B941CA34F30}) (Version: 4.2.222.0 - Advanced Micro Devices, Inc.) Hidden
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
LG VZW United Drivers (HKLM-x32\...\{BEEBD17D-FF29-4508-8032-2D1FA66F7B77}) (Version: 2.23.1 - LG Electronics)
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.13 - Magical Jelly Bean)
Malwarebytes version 5.2.1.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.1.144 - Malwarebytes)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.23.5.1 - Marvell)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.140 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Free 10.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0 - Mozilla)
Mozilla Thunderbird 78.11.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 78.11.0 (x86 en-US)) (Version: 78.11.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NewFreeScreensaver nfsUnderwaterLife (HKLM-x32\...\nfsUnderwaterLife New Free Screensaver_is1) (Version:  - NewFreeScreensavers.com)
ODT Viewer version 1.0 (HKLM-x32\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
OpenOffice 4.1.10 (HKLM-x32\...\{D909483F-780E-4232-9313-4C24A1B09BE8}) (Version: 4.110.9807 - Apache Software Foundation)
Opera Stable 95.0.4635.90 (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Opera 95.0.4635.90) (Version: 95.0.4635.90 - Opera Software)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Revo Uninstaller Pro 5.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.1.1 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.0 - Prolific Publishing, Inc.)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{F3BA1C5E-51F1-4256-B5FD-0C060D963D35}) (Version: 2.17.0214 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{EDB7BFB3-9B55-4A70-920F-35226A4E4A12}) (Version: 2.16.0504 - Samsung Electronics Co., Ltd.)
Wheel of Fortune Deluxe (remove only) (HKLM-x32\...\Wheel of Fortune Deluxe) (Version:  - )
Windows Driver Package - Canon Printer  (07/02/2019 21.46.0.0) (HKLM\...\7B4C73808C155604A986DC16347581EF007C38D5) (Version: 07/02/2019 21.46.0.0 - Canon)
Windows Driver Package - Dexcom, Inc. (usbser) Ports  (10/21/2021 1.0.0.3) (HKLM\...\3E959A91726151C8A6EB15FBA0EB4C975A5D757C) (Version: 10/21/2021 1.0.0.3 - Dexcom, Inc.)
Windows Driver Package - Intel System  (07/09/2013 9.1.9.1004) (HKLM\...\BD28A75CDFB28255C4F7327AD9EC5B23B9DD7481) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\BF1AD0105EBDCA6E730BE93DE583343339830A7A) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Media Player 9 Series Winter Fun Pack (HKLM-x32\...\{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}) (Version: 1.0.0 - <no manufacturer>)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.4.10 - Windscribe Limited)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B08 - ZTE Corporation)
 
Chrome apps:
============
Pogo (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\7800fd33e6d3fd32066a5d9e92b24b59) (Version: 1.0 - Google\Chrome)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pogo.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=bkjcnfmlobgpbcmjdhpedlfcbcbdgmag
 
==================== Loaded Modules (Whitelisted) =============
 
2021-08-04 14:23 - 2013-01-31 03:21 - 000152064 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2008-03-03 12:35 - 2008-03-03 12:35 - 000153088 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hptcpmib.dll
2008-03-03 12:36 - 2008-03-03 12:36 - 000331264 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\HpTcpMon.dll
2005-04-08 00:27 - 2005-04-08 00:27 - 000132096 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hpzjrd01.dll
2016-02-09 15:25 - 2008-05-07 19:59 - 000099840 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpzpplhn.dll
2008-03-03 12:36 - 2008-03-03 12:36 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\HPTcpMUI.dll
2017-06-24 18:45 - 2015-12-08 13:08 - 000182784 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\E_YLMBRBE.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Version 11) (Whitelisted) =============
 
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\localhost -> localhost
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2024-11-26 11:23 - 2024-11-26 11:23 - 000000864 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 agent.mydiabetesdata.com
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Art\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D46333DB-7ECF-41C1-AC2F-2B393DC04A73}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D3BAF84-2602-4CFD-9A9B-78C8161F808B}] => (Allow) LPort=67
FirewallRules: [{9AFEE362-8358-4F36-839E-8A35E6221800}] => (Allow) LPort=67
FirewallRules: [TCP Query User{CF4DE86D-EDFD-4AB0-9D20-3678EC1E6EBA}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{C774692B-4084-4E6A-A0A1-8F9BE26284FC}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{EF9DB066-48C9-4901-86AC-B95EFCD1832D}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{B31526B4-B506-49B3-8D9C-34BB75BBE376}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{751E0111-15BA-40C5-A5A9-244C106DE5AC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{10DE7053-38C6-447B-B31C-F0EFE7736B87}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{00251023-C09A-46A5-9A82-9B0CF3B4E2C9}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EAAFE318-EBF2-4E2F-A5FC-9981B7FBAECE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5FBA8434-4BBB-4230-AD15-2EE35E4142EC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DB27D4B0-4578-46C4-80F4-EE38C461A1DE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{455C652E-9B33-42F0-863A-639842AF843E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{11583047-D909-4CDC-852E-842DF5145EE0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{11BBDC62-C4AB-4E3C-9090-F172EC9F89B0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F213FB4F-0B24-4AA8-B086-A4D6B067C7BC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{323D8FEE-2D2B-4320-B9F8-17035194A803}C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{8F7E6C6C-BD44-4DC7-A33A-84EBEA42DED1}C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{D0F2414F-FABF-4996-A4C6-B726B7E74BD8}C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{F8B2E8A1-CAFE-4826-8E32-111E0D37F996}C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe (Opera Norway AS -> Opera Software)
 
==================== Restore Points =========================
 
30-11-2024 03:00:14 Windows Update
01-12-2024 03:00:14 Windows Update
02-12-2024 03:00:14 Windows Update
03-12-2024 03:00:14 Windows Update
04-12-2024 03:00:14 Windows Update
05-12-2024 03:00:14 Windows Update
 
==================== Faulty Device Manager Devices ============
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (12/05/2024 01:57:14 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (12/04/2024 06:57:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (12/03/2024 11:37:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (12/03/2024 04:59:14 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (12/02/2024 09:58:59 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (12/01/2024 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location \\FREENAS2\disk1\disk2\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (12/01/2024 02:17:23 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
Error: (11/30/2024 07:24:11 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
 
 
System errors:
=============
Error: (12/05/2024 08:27:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
 
Error: (12/05/2024 03:05:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error (0x80070490 = Element not found.): Update for Windows 7 for x64-based Systems (KB3006137).
 
Error: (12/05/2024 03:02:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error (0x80070490 = Element not found.): Update for Windows 7 for x64-based Systems (KB3068708).
 
Error: (12/05/2024 03:01:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error (0x80070490 = Element not found.): Update for Windows 7 for x64-based Systems (KB2640148).
 
Error: (12/05/2024 03:01:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error (0x80070490 = Element not found.): Update for Windows 7 for x64-based Systems (KB2547666).
 
Error: (12/05/2024 03:01:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error (0x80070490 = Element not found.): Update for Windows 7 for x64-based Systems (KB2919469).
 
Error: (12/05/2024 03:01:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error (0x80070490 = Element not found.): Update for Windows 7 for x64-based Systems (KB2970228).
 
Error: (12/05/2024 03:01:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error (0x80070490 = Element not found.): Update for Windows 7 for x64-based Systems (KB2750841).
 
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard 786H1 v01.02 12/16/2009
Motherboard: Hewlett-Packard 304Bh
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 70%
Total physical RAM: 7991.29 MB
Available physical RAM: 2389.49 MB
Total Virtual: 15980.73 MB
Available Virtual: 6573.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:528.62 GB) (Model: WL1000GSA6472 ATA Device) NTFS
 
\\?\Volume{9dc8774c-fdda-11e4-b284-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 75E2953E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================
 
thank you for any help you can give me
 

 


  • 0

Advertisements


#2
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

Hello , arwier. .! :) 
 
I would like you to run a tool named SecurityCheck to inquire about the current-security-update status of some applications:
 
Scan with SecurityCheck by glax24

  • Temporarily disable Microsoft SmartScreen only if it blocks the download of the software. The program is safe
  • Download SecurityCheck by glax24 from here
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • This tool is safe.   Smartscreen is overly sensitive. You can check the VirusTotal scan of the tool from here
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow it to run
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheckC:\SecurityCheck\SecurityCheck.txt

 

 

  • Start FRST.
  • Hit your Windows Key + R to open a Run window
  • Type Notepad then click OK
  • This will open an empty Notepad document
  • Copy/Paste the following into it (Don't include the word Code: ) .....
Start::
CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Run: [] => [X]
Task: {67D380F6-8B95-4109-8B0A-CBE97E9C0AD4} - System32\Tasks\{D0F070BE-71C2-4F98-BED0-14ED81A7A042} => E:\_MSSETUP.EXE  (No File)
Task: {06C59630-0D72-4EC6-AD9B-8C1E520CE97A} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe  do-task "E7CF176E110C211B" (No File)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
S2 Dexcom Agent Update Service; "C:\Program Files (x86)\Dexcom\Updater\Dexcom.Agent.UpdateService.exe" [X]
S4 TeamViewer9; "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe" [X]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [221600 2022-09-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [177112 2022-09-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2022-09-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
2024-11-05 19:14 - 2024-11-06 19:05 - 000000000 ____D C:\ProgramData\Trend Micro
2024-11-05 18:55 - 2024-11-05 18:56 - 000000000 ____D C:\Program Files\Trend Micro
2024-11-05 18:55 - 2024-11-05 18:55 - 005371368 _____ (Trend Micro Inc.) C:\Users\Art\Downloads\HousecallLauncher64.exe
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} =>  -> No File
FirewallRules: [{8D3BAF84-2602-4CFD-9A9B-78C8161F808B}] => (Allow) LPort=67
FirewallRules: [{9AFEE362-8358-4F36-839E-8A35E6221800}] => (Allow) LPort=67

Hosts:
EmptyTemp:
Reboot:
End::
  • Save it as fixlist.txt to the same location as FRST (must be in this location)
  • NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

  • 0

#3
arwier

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

when I go to dl that file from the link you gave me labeled here it just gives me this

 

Not Found

The requested URL was not found on this server.

Apache/2.4.62 (Debian) Server at tools.safezone.cc Port 80
  • 0

#4
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

Sorry....corrected it :   https://tools.safezo...curityCheck.zip


  • 0

#5
arwier

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 06-12-2024
Ran by Art (06-12-2024 15:27:33) Run:2
Running from C:\Users\Art\Desktop
Loaded Profiles: Art
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
 
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Run: [] => [X]
Task: {67D380F6-8B95-4109-8B0A-CBE97E9C0AD4} - System32\Tasks\{D0F070BE-71C2-4F98-BED0-14ED81A7A042} => E:\_MSSETUP.EXE  (No File)
Task: {06C59630-0D72-4EC6-AD9B-8C1E520CE97A} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe  do-task "E7CF176E110C211B" (No File)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [No File]
S2 Dexcom Agent Update Service; "C:\Program Files (x86)\Dexcom\Updater\Dexcom.Agent.UpdateService.exe" [X]
S4 TeamViewer9; "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe" [X]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [221600 2022-09-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [177112 2022-09-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2022-09-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
2024-11-05 19:14 - 2024-11-06 19:05 - 000000000 ____D C:\ProgramData\Trend Micro
2024-11-05 18:55 - 2024-11-05 18:56 - 000000000 ____D C:\Program Files\Trend Micro
2024-11-05 18:55 - 2024-11-05 18:55 - 005371368 _____ (Trend Micro Inc.) C:\Users\Art\Downloads\HousecallLauncher64.exe
ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} =>  -> No File
FirewallRules: [{8D3BAF84-2602-4CFD-9A9B-78C8161F808B}] => (Allow) LPort=67
FirewallRules: [{9AFEE362-8358-4F36-839E-8A35E6221800}] => (Allow) LPort=67
 
Hosts:
EmptyTemp:
Reboot:
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{67D380F6-8B95-4109-8B0A-CBE97E9C0AD4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67D380F6-8B95-4109-8B0A-CBE97E9C0AD4}" => removed successfully
C:\Windows\System32\Tasks\{D0F070BE-71C2-4F98-BED0-14ED81A7A042} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D0F070BE-71C2-4F98-BED0-14ED81A7A042}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06C59630-0D72-4EC6-AD9B-8C1E520CE97A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06C59630-0D72-4EC6-AD9B-8C1E520CE97A}" => removed successfully
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent E7CF176E110C211B" => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1 => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.14 => removed successfully
HKLM\System\CurrentControlSet\Services\Dexcom Agent Update Service => removed successfully
Dexcom Agent Update Service => service removed successfully
HKLM\System\CurrentControlSet\Services\TeamViewer9 => removed successfully
TeamViewer9 => service removed successfully
avgntflt => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avgntflt => removed successfully
avgntflt => service removed successfully
avipbb => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\avipbb => removed successfully
avipbb => service removed successfully
avkmgr => Unable to stop service.
HKLM\System\CurrentControlSet\Services\avkmgr => removed successfully
avkmgr => service removed successfully
 
"C:\ProgramData\Trend Micro" Folder move:
 
C:\ProgramData\Trend Micro => moved successfully
 
"C:\Program Files\Trend Micro" Folder move:
 
C:\Program Files\Trend Micro => moved successfully
C:\Users\Art\Downloads\HousecallLauncher64.exe => moved successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Fast Explorer => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D3BAF84-2602-4CFD-9A9B-78C8161F808B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9AFEE362-8358-4F36-839E-8A35E6221800}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33552109 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 159412681324 B
Edge => 0 B
Chrome => 472398489 B
Firefox => 0 B
Opera => 550622115 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 265253 B
LocalService => 265253 B
NetworkService => 1177709 B
Art => 1382655179 B
G5PWFULZDC => 1382655179 B
 
RecycleBin => 0 B
EmptyTemp: => 152 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:30:19 ====
 

SecurityCheck by glax24 & Severnyj v.1.4.0.58 [15.08.24]
WebSite: www.safezone.cc
DateLog: 06.12.2024 15:15:50
Path starting: C:\Users\Art\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Art
VersionXML: 12.97is-04.12.2024
___________________________________________________________________________
 
Windows 7 Service Pack 1 Professional (x64) (6.1.7601) Lang: English(0409)
Installation date OS: 19.05.2015 02:10:16
LicenseStatus: Windows® 7, Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Users\Art\AppData\Local\Programs\Opera\Launcher.exe
SystemDrive: C: FS: [NTFS] Capacity: [931.4 Gb] Used: [402.9 Gb] Free: [528.5 Gb]
------------------------------- [ Windows ] -------------------------------
Extended support has ended 14.01.2020, Your operating system may be vulnerable to new types of threats
Internet Explorer 11.0.9600.19180 Warning! Download Update
User Account Control enabled
Automatically download and schedule installation
Date install updates: 2024-12-06 09:02:04
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
Account guest is enabled. Not require a password.
---------------------------- [ Antivirus_WMI ] ----------------------------
Malwarebytes (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (enabled and up to date)
Windows Defender (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 5.2.1.144 v.5.2.1.144 Warning! Download Update
AntimalwareEngine v.3.0.160.0
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft .NET Framework 4.8 v.4.8.03761 Warning! Download Update
Microsoft Edge WebView2 Runtime v.109.0.1518.140 Warning! Download Update
If update errors occur, remove the old version, download and install the new one. Or reinstall Microsoft Edge browser.
OpenOffice 4.1.10 v.4.110.9807 Warning! Download Update
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 5.30 (64-bit) v.5.30.0 Warning! Download Update
---------------------------- [ ProxyAndVPNs ] -----------------------------
Windscribe v.2.4.10 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Acrobat Reader v.24.004.20272 Warning! Download Update
^Please run Acrobat Reader DC and go Help - Check for updates...^
------------------------------- [ Browser ] -------------------------------
Opera Stable 95.0.4635.90 v.95.0.4635.90 Warning! Download Update
Google Chrome v.109.0.5414.120 Warning! Download Update
----------------------------- [ EmailClient ] -----------------------------
Mozilla Thunderbird 78.11.0 (x86 en-US) v.78.11.0 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1344
Windows Defender (WinDefend) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
Auslogics Duplicate File Finder v.7.0.13.0 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
Auslogics Disk Defrag v.11.0.0.2 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program.
----------------------------- [ End of Log ] ------------------------------
 

  • 0

#6
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

Thank you...! How is your system working now..?


  • 0

#7
arwier

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

it is still the same


  • 0

#8
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

it is still the same

 

 

Unfortunately this is expected..As stated. Windows 7 is no longer supported and Microsoft will not be issuing any more updates, you will be more vulnerable to attack with Windows 7. Eventually web sites will no longer give you access because your OS is out of date

 

Extended support has ended 14.01.2020, Your operating system may be vulnerable to new types of threats

 

 

  • Start FRST.
  • Hit your Windows Key + R to open a Run window
  • Type Notepad then click OK
  • This will open an empty Notepad document
  • Copy/Paste the following into it (Don't include the word Code: ) .....
Virusscan: C:\Windows\System32\drivers\webshieldfilter.sys 
  • Save it as fixlist.txt to the same location as FRST (must be in this location)
  • NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Now press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next ....


Malwarebytes AdwCleaner


  • Please download AdwCleaner and save it to your Desktop
  • Close all open programs and browsers
  • Right click on the icon and select Run as administrator
  • Click Scan now
  • Uncheck any detected items you would to keep then click Next
  • If a Preinstalled software was found! screen appears review it if you'd like then click OK
  • Review the list of Preinstalled software and place a check mark in those you do not wish to keep
  • Click Quarantine, then Continue
  • When completed click View Log File
  • Copy and paste the contents in your reply
  • Close the AdwCleaner window

 

Next ....

 

Sophos Scan & Clean

 

  • Download Sophos Scan & Clean and save it to your Desktop
  • Right click on the icon and select Run as administrator
  • Click Next, review the Terms and conditions and if you agree click Next again
  • When completed click Next twice
  • Click Save Log and save the log onto the Desktop
  • Copy and paste the contents of the report in your reply

  • 0

#9
arwier

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 06-12-2024
Ran by Art (08-12-2024 15:38:54) Run:3
Running from C:\Users\Art\Desktop
Loaded Profiles: Art
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Virusscan: C:\Windows\System32\drivers\webshieldfilter.sys
*****************
 
Virusscan: C:\Windows\System32\drivers\webshieldfilter.sys => https://virusscan.jo...njob/vunefaecd4
 
==== End of Fixlog 15:38:57 ====
 
 
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Local)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    12-08-2024
# Duration: 00:00:14
# OS:       Windows 7 Service Pack 1
# Cleaned:  23
# Failed:   0
 
 
***** [ Services ] *****
 
Deleted       webshieldfilter
 
***** [ Folders ] *****
 
Deleted       C:\ProgramData\SecuritySuite
Deleted       C:\Users\Art\Documents\TotalAV
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
 
***** [ Files ] *****
 
Deleted       C:\Windows\System32\drivers\webshieldfilter.sys
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\SSProtect
Deleted       HKLM\SOFTWARE\Classes\*\shell\TotalAV
Deleted       HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted       HKLM\Software\Classes\totalav
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Art\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Art\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}
Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [3637 octets] - [08/12/2024 15:44:26]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Local)
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-08-2024
# Duration: 00:00:15
# OS:       Windows 7 Service Pack 1
# Scanned:  32106
# Detected: 23
 
 
***** [ Services ] *****
 
PUP.Adware.Heuristic            webshieldfilter
 
***** [ Folders ] *****
 
PUP.Optional.Legacy             C:\Users\Art\Documents\TotalAV
PUP.Optional.Legacy             C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
PUP.Optional.PCProtect          C:\ProgramData\SecuritySuite
 
***** [ Files ] *****
 
PUP.Optional.PCProtect          C:\Windows\System32\drivers\webshieldfilter.sys
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.PCProtect          HKCU\Software\SSProtect
PUP.Optional.PCProtect          HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
PUP.Optional.TotalAV            HKLM\SOFTWARE\Classes\*\shell\TotalAV
PUP.Optional.TotalAV            HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV            HKLM\SOFTWARE\Microsoft\Edge\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV            HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV            HKLM\Software\Classes\totalav
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries found.
 
***** [ Preinstalled Software ] *****
 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK 
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\Art\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\Art\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Windows\System32\config\systemprofile\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{61EB474B-67A6-47F4-B1B7-386851BAB3D0} 
Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{F6A11738-3EE4-4573-AEA5-6CD5D491C167} 
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 
 
Sophos Scan & Clean
www.sophos.com
 
   Computer name . . . . : ART-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Art-PC\Art
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2024-12-08 15:58:12
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 2s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 1
 
   Objects scanned . . . : 2,192,510
   Files scanned . . . . : 70,947
   Remnants scanned  . . : 472,596 files / 1,648,967 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Art\Downloads\utweb_installer.exe -> Quarantined
      Size . . . . . . . : 1,788,536 bytes
      Age  . . . . . . . : 595.8 days (2023-04-22 21:09:00)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : F1E1233DA78ADA22A2A84660EF213C1162A35DC2091810CFADAF11DD38222EFC
      Product  . . . . . : uTorrent Web®                                               
      Publisher  . . . . :                                                             
      Description  . . . : uTorrent Web®                                               
      Version  . . . . . : 1.3
      RSA Key Size . . . : 3072
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Sophos . . . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 101.0
 
 
 
 
 

Edited by arwier, 08 December 2024 - 04:16 PM.

  • 0

#10
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

Thank you...! 

 

Fresh FRST logs

Please run FRST tool once more, and attach for me fresh logs:

  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produce two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach these two logs in your next reply.

  • 0

#11
arwier

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts

I am sorry but I don't seem to be able to get the logs to post for some reason I will try once again

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2024
Ran by Art (administrator) on ART-PC (Hewlett-Packard HP Compaq 8100 Elite CMT PC) (09-12-2024 02:10:23)
Running from C:\Users\Art\Desktop\FRST64.exe
Loaded Profiles: Art
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe ->) (Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Disk Defrag\ActionCenter.exe
(C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe ->) (Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Disk Defrag\DiskDefrag.exe
(C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe ->) (Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Disk Defrag\TabCareCenter.exe
(C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe ->) (Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Disk Defrag\TabMakePortable.exe
(C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe ->) (Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Disk Defrag\TabReports.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(explorer.exe ->) (CANON INC. -> CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP3LAK.EXE
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(spool\drivers\x64\3\CNAP3LAK.EXE ->) (CANON INC. -> CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABISWD.EXE <2>
(taskeng.exe ->) (Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CNAP3 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP3LAK.EXE [228520 2021-01-02] (CANON INC. -> CANON INC.)
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Run: [Opera Browser Assistant] => C:\Users\Art\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [5037984 2023-10-30] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Run: [Opera Stable] => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe [2635168 2023-10-30] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MARINE~1.SCR [6938624 2011-06-09] (SereneScreen) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [152064 2013-01-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CNAP3 Monitor: C:\Windows\system32\CNAP3SMD.DLL [1470464 2014-11-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON XP-340 Series 64MonitorBE: C:\Windows\system32\E_YLMBRBE.DLL [182784 2015-12-08] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2008-03-03] (Hewlett Packard) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-26] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * bootdelete
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {7C5FD3AE-1DAF-431D-98BC-79EE52090C02} - System32\Tasks\{99472F5E-C01B-4B91-9137-2EFA7592DDFE} => C:\Windows\System32\pcalua.exe [9728 2019-02-10] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files (x86)\OpenOffice 4\program\scalc.exe" -d C:\Users\Art\Desktop -c -o "C:\Users\Art\Desktop\May2017Bills.ods"
Task: {7BBF01DC-B8AE-42E6-8F30-08E8146134D3} - System32\Tasks\{F2839577-BF7D-4277-8B8A-B63AEE89C6AF} => C:\Windows\System32\pcalua.exe [9728 2019-02-10] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Art\Downloads\fmsdisk01.exe -d C:\Users\Art\Downloads
Task: {FDCEFB6E-F982-499F-8D9C-FF16C8339940} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {FE887839-7E11-45F3-B917-99F7A03A9354} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-27] (Apple Inc. -> Apple Inc.)
Task: {62F16D2D-6BF5-4449-9628-6B91C08CE1B9} - System32\Tasks\Auslogics\Disk Defrag\Start Disk Defrag on Art logon => C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe [5921032 2022-12-23] (Auslogics Labs Pty Ltd -> Auslogics)
Task: {C677526A-EAB5-4D48-8C8A-44AE76205E4E} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1775752 2013-08-30] (CANON INC. -> CANON INC.) -> /Config:"C:\Program Files\Canon\OIPPESP\CnpspCfg.xml"
Task: {76530735-C7FD-442C-9E8D-C0FE3E33598D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2012456220-316695357-2301545490-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {FF988BA5-04AB-4661-B841-C5D586EDB41F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
Task: {6D43F3A2-07DA-43E8-9C54-27CA2ABE2F8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
Task: {E2AF877E-D64C-4194-B7F8-5A13922E9E1D} - System32\Tasks\Opera scheduled assistant Autoupdate 1627571894 => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe [2635168 2023-10-30] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Art\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {CDDF54F3-1128-44C6-B02B-23AB1E6B38B0} - System32\Tasks\Opera scheduled Autoupdate 1627571888 => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe [2635168 2023-10-30] (Opera Norway AS -> Opera Software)
Task: {FFE661D7-25C3-418D-83E4-F91C338CB17A} - System32\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {31500587-F98F-4A30-93F0-BABFD763FBBD} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{46456222-9B9B-4384-B862-62B2FAC12445}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{46456222-9B9B-4384-B862-62B2FAC12445}: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{54E853DD-C72D-4D54-AB21-BFCD1C04FA19}: [NameServer] 10.255.255.2
Tcpip\..\Interfaces\{62EBE42C-851F-43FB-B7E2-E9334B0F8D6F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B53D16B1-293E-409A-82FA-2CDF001223F4}: [DhcpNameServer] 192.168.168.244
 
Edge: 
=======
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF DefaultProfile: whx4aer7.default-1627042292606
FF ProfilePath: C:\Users\Art\AppData\Roaming\TomTom\HOME\Profiles\xd4wb18b.default [2021-06-24]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF ProfilePath: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\whx4aer7.default-1627042292606 [2024-12-08]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2024-11-13] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default [2024-12-09]
CHR Notifications: Default -> hxxps://www.wish.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-11-18]
CHR HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
Opera: 
=======
OPR Profile: C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable [2024-12-09]
OPR StartupUrls: Opera Stable -> "hxxps://www.google.com/"
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2024-11-13]
OPR Extension: (Opera Wallet) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2024-11-13]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2024-11-13]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc. -> Apple Inc.)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9433496 2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-06-02] (Malwarebytes Inc. -> Malwarebytes)
S3 ss_conn_launcher_service; C:\Windows\system32\Samsung\EasySetup\ss_conn_launcher.exe [182328 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1256880 2022-07-09] (Windscribe Limited -> Windscribe Limited)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [34416 2017-06-20] (Anvsoft Inc. -> AnvSoft Inc.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (西安博汇电子科技有限公司 -> Wireless Data Device)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [78848 2009-12-21] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2022-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 FXVAD; C:\Windows\System32\drivers\fxvad.sys [326120 2021-07-14] (FxSound, LLC -> Windows ® Win 7 DDK provider)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (ZTE CORPORATION -> HandSet Incorporated)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [232024 2024-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [201280 2024-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [80448 2024-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2024-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [149472 2024-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [43368 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [48544 2022-03-19] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2014-11-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [29184 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [31232 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [37888 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94720 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 WindscribeSplitTunnel; C:\Windows\System32\DRIVERS\WindscribeSplitTunnel.sys [25384 2022-07-09] (Windscribe Limited -> )
R3 windtun420; C:\Windows\System32\DRIVERS\windtun420.sys [38312 2022-03-19] (Windscribe Limited -> WireGuard LLC)
R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-12-08 16:06 - 2024-12-08 16:06 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2024-12-08 16:06 - 2024-12-08 16:06 - 000000144 _____ C:\Windows\system32\bootdelete.lst
2024-12-08 15:57 - 2024-12-08 15:57 - 000000000 ____D C:\ProgramData\Sophos
2024-12-08 15:55 - 2024-12-08 15:55 - 000262144 _____ C:\Windows\Minidump\120824-18938-01.dmp
2024-12-08 15:54 - 2024-12-08 15:54 - 670408149 _____ C:\Windows\MEMORY.DMP
2024-12-08 15:53 - 2024-12-08 15:57 - 013033968 _____ (Sophos Limited) C:\Users\Art\Desktop\SophosScanAndClean_x64.exe
2024-12-08 15:41 - 2024-12-08 15:47 - 000000000 ____D C:\AdwCleaner
2024-12-08 15:41 - 2024-12-08 15:41 - 008790880 _____ (Malwarebytes) C:\Users\Art\Desktop\adwcleaner.exe
2024-12-06 15:27 - 2024-12-08 15:39 - 000000499 _____ C:\Users\Art\Desktop\Fixlog.txt
2024-12-06 15:27 - 2024-12-06 15:27 - 000000000 ____D C:\Users\Art\Desktop\FRST-OlderVersion
2024-12-06 15:15 - 2024-12-06 15:15 - 000000000 ____D C:\SecurityCheck
2024-12-06 15:14 - 2024-12-06 15:14 - 000000000 ____D C:\Users\Art\Downloads\SecurityCheck
2024-12-06 15:14 - 2024-10-19 00:58 - 000551434 _____ (glax24 (safezone.cc)) C:\Users\Art\Downloads\SecurityCheck.exe
2024-12-06 15:08 - 2024-12-06 15:08 - 000489843 _____ C:\Users\Art\Downloads\SecurityCheck (1).zip
2024-12-06 15:07 - 2024-12-06 15:07 - 000489843 _____ C:\Users\Art\Downloads\SecurityCheck.zip
2024-12-05 20:24 - 2024-12-05 20:33 - 000028822 _____ C:\Users\Art\Desktop\Addition.txt
2024-12-05 20:18 - 2024-12-09 02:11 - 000018509 _____ C:\Users\Art\Desktop\FRST.txt
2024-12-05 20:18 - 2024-12-06 15:27 - 002402304 _____ (Farbar) C:\Users\Art\Desktop\FRST64.exe
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-12-09 02:10 - 2022-10-07 15:39 - 000000000 ____D C:\FRST
2024-12-09 02:09 - 2023-05-09 08:59 - 000000000 ____D C:\Users\Art\AppData\Local\Malwarebytes
2024-12-09 02:09 - 2022-02-11 00:01 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{BF21A923-A93E-412B-9FC4-6EA3E52D3F63}
2024-12-09 01:31 - 2015-05-18 21:15 - 000000000 ____D C:\Program Files (x86)\Google
2024-12-09 01:00 - 2015-11-28 23:20 - 000000384 _____ C:\Windows\Tasks\update-sys.job
2024-12-08 23:03 - 2015-11-28 23:20 - 000000384 _____ C:\Windows\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000.job
2024-12-08 18:29 - 2023-12-29 15:47 - 000029162 _____ C:\Users\Art\Desktop\bills 2024.ods
2024-12-08 16:03 - 2009-07-13 22:45 - 000036096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2024-12-08 16:03 - 2009-07-13 22:45 - 000036096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2024-12-08 16:01 - 2009-07-13 23:13 - 000798694 _____ C:\Windows\system32\PerfStringBackup.INI
2024-12-08 16:01 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2024-12-08 15:55 - 2022-04-17 09:39 - 000000000 ____D C:\Windows\Minidump
2024-12-08 15:55 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-12-08 15:47 - 2015-10-30 11:52 - 000000000 ____D C:\Users\Art\AppData\Local\Hewlett-Packard
2024-12-08 15:47 - 2015-09-11 08:56 - 000000000 ____D C:\Users\Art\AppData\Roaming\Hewlett-Packard
2024-12-08 15:47 - 2015-09-11 02:36 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2024-12-08 15:47 - 2015-09-10 10:58 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2024-12-06 17:40 - 2022-12-06 02:05 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-12-06 15:27 - 2021-12-11 03:30 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-12-04 04:01 - 2022-07-31 22:39 - 000000000 ____D C:\Users\Art\Downloads\Wrong Place (2022) [720p] [WEBRip] [YTS.MX]
2024-11-26 10:08 - 2024-02-12 01:32 - 000000000 ___RD C:\Users\Art\Desktop\utilities
2024-11-26 10:08 - 2015-05-18 20:10 - 000000000 ____D C:\Users\Art
2024-11-24 22:42 - 2022-07-09 19:44 - 000003436 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-11-24 22:42 - 2022-07-09 19:44 - 000003308 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-11-17 15:40 - 2022-11-07 01:21 - 000000000 ____D C:\Users\Art\AppData\Local\BitTorrentHelper
2024-11-17 13:54 - 2022-10-12 03:03 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2024-11-17 13:39 - 2024-07-10 16:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2024-11-13 03:05 - 2015-05-18 22:24 - 000000000 ____D C:\Windows\system32\MRT
2024-11-13 03:01 - 2015-05-18 22:24 - 202035632 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories ========
 
2016-02-17 20:13 - 2016-03-08 02:27 - 000399360 _____ () C:\Program Files\CascLib.dll
2016-02-17 20:13 - 2016-03-08 02:27 - 000326144 _____ () C:\Program Files\DXPRecastPathFinding2.dll
2016-02-19 21:52 - 2016-02-19 21:52 - 000003766 _____ () C:\Program Files\error.txt
2016-02-17 20:13 - 2016-02-01 14:51 - 000301056 _____ (The Apache Software Foundation) C:\Program Files\log4net.dll
2016-02-17 20:13 - 2016-02-01 14:51 - 000510976 _____ (Newtonsoft) C:\Program Files\Newtonsoft.Json.dll
2016-02-17 20:13 - 2016-02-01 14:51 - 000230912 _____ (Alexandre Mutel) C:\Program Files\SharpDX.Direct2D1.dll
2016-02-17 20:13 - 2016-02-01 14:51 - 000558080 _____ (Alexandre Mutel) C:\Program Files\SharpDX.dll
2016-02-17 20:13 - 2016-02-01 14:51 - 000090624 _____ (Alexandre Mutel) C:\Program Files\SharpDX.DXGI.dll
2016-06-20 10:11 - 2013-08-31 13:01 - 000121696 _____ () C:\Program Files\Weather_Meter_V1.7.gadget
2016-01-17 13:28 - 2017-03-28 20:09 - 000000933 _____ () C:\Users\Art\AppData\Roaming\burnaware.ini
2017-07-29 22:33 - 2017-07-30 02:10 - 000000098 _____ () C:\Users\Art\AppData\Roaming\LauncherSettings_live.cfg
2017-07-30 00:01 - 2017-07-30 00:01 - 000000042 _____ () C:\Users\Art\AppData\Roaming\TheHunterSettings_live.cfg
2016-09-26 23:21 - 2016-09-26 23:21 - 000000046 _____ () C:\Users\Art\AppData\Roaming\WB.CFG
2017-10-27 12:33 - 2023-08-24 23:30 - 000000367 _____ () C:\Users\Art\AppData\Roaming\Weather Meter_Settings.ini
2024-11-05 19:11 - 2024-11-05 19:11 - 000275748 _____ () C:\Users\Art\AppData\Local\ars.cache
2016-01-24 08:57 - 2016-02-04 20:50 - 000000031 _____ () C:\Users\Art\AppData\Local\burnaware.ini
2024-11-05 19:13 - 2024-11-05 19:13 - 000518886 _____ () C:\Users\Art\AppData\Local\census.cache
2019-02-28 22:12 - 2022-09-04 01:23 - 000000084 _____ () C:\Users\Art\AppData\Local\DVDPATH.TXT
2024-11-05 18:55 - 2024-11-05 18:55 - 000000036 _____ () C:\Users\Art\AppData\Local\housecall.guid.cache
2019-11-06 18:35 - 2022-03-22 22:07 - 000007668 _____ () C:\Users\Art\AppData\Local\Resmon.ResmonCfg
2021-06-24 06:08 - 2021-06-24 06:08 - 000000003 _____ () C:\Users\Art\AppData\Local\updater.log
2015-11-28 23:20 - 2022-03-05 19:09 - 000000424 _____ () C:\Users\Art\AppData\Local\UserProducts.xml
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2024-12-02 01:14
==================== End of FRST.txt ========================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2024
Ran by Art (09-12-2024 02:11:28)
Running from C:\Users\Art\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X64) (2015-05-19 02:10:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-2012456220-316695357-2301545490-500 - Administrator - Disabled)
Art (S-1-5-21-2012456220-316695357-2301545490-1000 - Administrator - Enabled) => C:\Users\Art
G5PWFULZDC (S-1-5-21-2012456220-316695357-2301545490-1001 - Limited - Enabled) => C:\Users\G5PWFULZDC
Guest (S-1-5-21-2012456220-316695357-2301545490-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2012456220-316695357-2301545490-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 24.004.20272 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD APP SDK Runtime (HKLM\...\{503F672D-6C84-448A-8F8F-4BC35AC83441}) (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B046F915-7A34-7D83-5494-67D8BD488538}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Problem Report Wizard (HKLM\...\{4987DDA3-6101-B196-7717-85818D77E89C}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.) Hidden
AntimalwareEngine (HKLM\...\{5C7A5F94-02E9-4C5D-A594-B1F10865965A}) (Version: 3.0.160.0 - adaware) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 11.0.0.2 - Auslogics Labs Pty Ltd)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 7.0.13.0 - Auslogics Labs Pty Ltd)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 1.2.11 - CANON INC.) Hidden
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.2.11.10002 - CANON INC.)
Canon LBP6230 6240 Uninstaller (HKLM\...\Canon LBP6230 6240) (Version: 6, 3, 1, 0 - Canon Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
Clementine (HKLM-x32\...\Clementine) (Version: 1.3.1 - Clementine)
DVD43 Plug-in v1.0.0.6 (HKLM-x32\...\DVD43 Plug-in_is1) (Version:  - )
DVDStyler v3.2.1 (HKLM\...\DVDStyler_is1) (Version:  - Thüring IT-Consulting)
Easy Photo Scan (HKLM-x32\...\{1021AA9F-6A0A-4128-B89B-1A05A8DD1770}) (Version: 1.00.0009 - Seiko Epson Corporation)
EKS Sherlock (HKLM-x32\...\EKS Sherlock) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.120 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{C9EF1AAF-B542-41C8-A537-1142DA5D4AEC}) (Version: 6.0.3.1 - Hewlett-Packard) Hidden
HydraVision (HKLM-x32\...\{5F170011-13ED-E84C-7844-6B941CA34F30}) (Version: 4.2.222.0 - Advanced Micro Devices, Inc.) Hidden
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
LG VZW United Drivers (HKLM-x32\...\{BEEBD17D-FF29-4508-8032-2D1FA66F7B77}) (Version: 2.23.1 - LG Electronics)
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.13 - Magical Jelly Bean)
Malwarebytes version 5.2.2.154 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.2.154 - Malwarebytes)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.23.5.1 - Marvell)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.140 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Free 10.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Software Limited)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0 - Mozilla)
Mozilla Thunderbird 78.11.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 78.11.0 (x86 en-US)) (Version: 78.11.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NewFreeScreensaver nfsUnderwaterLife (HKLM-x32\...\nfsUnderwaterLife New Free Screensaver_is1) (Version:  - NewFreeScreensavers.com)
ODT Viewer version 1.0 (HKLM-x32\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
OpenOffice 4.1.10 (HKLM-x32\...\{D909483F-780E-4232-9313-4C24A1B09BE8}) (Version: 4.110.9807 - Apache Software Foundation)
Opera Stable 95.0.4635.90 (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Opera 95.0.4635.90) (Version: 95.0.4635.90 - Opera Software)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Revo Uninstaller Pro 5.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.1.1 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.0 - Prolific Publishing, Inc.)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{F3BA1C5E-51F1-4256-B5FD-0C060D963D35}) (Version: 2.17.0214 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{EDB7BFB3-9B55-4A70-920F-35226A4E4A12}) (Version: 2.16.0504 - Samsung Electronics Co., Ltd.)
Wheel of Fortune Deluxe (remove only) (HKLM-x32\...\Wheel of Fortune Deluxe) (Version:  - )
Windows Driver Package - Canon Printer  (07/02/2019 21.46.0.0) (HKLM\...\7B4C73808C155604A986DC16347581EF007C38D5) (Version: 07/02/2019 21.46.0.0 - Canon)
Windows Driver Package - Dexcom, Inc. (usbser) Ports  (10/21/2021 1.0.0.3) (HKLM\...\3E959A91726151C8A6EB15FBA0EB4C975A5D757C) (Version: 10/21/2021 1.0.0.3 - Dexcom, Inc.)
Windows Driver Package - Intel System  (07/09/2013 9.1.9.1004) (HKLM\...\BD28A75CDFB28255C4F7327AD9EC5B23B9DD7481) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\BF1AD0105EBDCA6E730BE93DE583343339830A7A) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Media Player 9 Series Winter Fun Pack (HKLM-x32\...\{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}) (Version: 1.0.0 - <no manufacturer>)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.4.10 - Windscribe Limited)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B08 - ZTE Corporation)
 
Chrome apps:
============
Pogo (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\7800fd33e6d3fd32066a5d9e92b24b59) (Version: 1.0 - Google\Chrome)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pogo.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=bkjcnfmlobgpbcmjdhpedlfcbcbdgmag
 
==================== Loaded Modules (Whitelisted) =============
 
2021-08-04 14:23 - 2013-01-31 03:21 - 000152064 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2008-03-03 12:35 - 2008-03-03 12:35 - 000153088 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hptcpmib.dll
2008-03-03 12:36 - 2008-03-03 12:36 - 000331264 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\HpTcpMon.dll
2005-04-08 00:27 - 2005-04-08 00:27 - 000132096 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hpzjrd01.dll
2016-02-09 15:25 - 2008-05-07 19:59 - 000099840 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpzpplhn.dll
2008-03-03 12:36 - 2008-03-03 12:36 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\HPTcpMUI.dll
2017-06-24 18:45 - 2015-12-08 13:08 - 000182784 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\E_YLMBRBE.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Art\Desktop\SophosScanAndClean_x64.exe:MBAM.Zone.Identifier [54]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Version 11) (Whitelisted) =============
 
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\localhost -> localhost
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2024-12-09 01:08 - 2024-12-09 01:08 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Art\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D46333DB-7ECF-41C1-AC2F-2B393DC04A73}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{CF4DE86D-EDFD-4AB0-9D20-3678EC1E6EBA}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{C774692B-4084-4E6A-A0A1-8F9BE26284FC}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{EF9DB066-48C9-4901-86AC-B95EFCD1832D}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{B31526B4-B506-49B3-8D9C-34BB75BBE376}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{751E0111-15BA-40C5-A5A9-244C106DE5AC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{10DE7053-38C6-447B-B31C-F0EFE7736B87}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{00251023-C09A-46A5-9A82-9B0CF3B4E2C9}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EAAFE318-EBF2-4E2F-A5FC-9981B7FBAECE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5FBA8434-4BBB-4230-AD15-2EE35E4142EC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DB27D4B0-4578-46C4-80F4-EE38C461A1DE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{455C652E-9B33-42F0-863A-639842AF843E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{11583047-D909-4CDC-852E-842DF5145EE0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{11BBDC62-C4AB-4E3C-9090-F172EC9F89B0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F213FB4F-0B24-4AA8-B086-A4D6B067C7BC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{323D8FEE-2D2B-4320-B9F8-17035194A803}C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{8F7E6C6C-BD44-4DC7-A33A-84EBEA42DED1}C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{D0F2414F-FABF-4996-A4C6-B726B7E74BD8}C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{F8B2E8A1-CAFE-4826-8E32-111E0D37F996}C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe (Opera Norway AS -> Opera Software)
 
==================== Restore Points =========================
 
Check "VSS" service
 
 
==================== Faulty Device Manager Devices ============
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (12/09/2024 02:10:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000000017DE0C0.72).  hr = 0x80070005, Access is denied..
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (12/09/2024 02:10:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000000017DE0C0.72).  hr = 0x80070005, Access is denied..
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (12/09/2024 02:10:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000000017DE0C0.72).  hr = 0x80070005, Access is denied..
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (12/09/2024 02:10:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000000017DE0C0.72).  hr = 0x80070005, Access is denied..
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (12/09/2024 02:10:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000000017DE150.72).  hr = 0x80070005, Access is denied..
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (12/09/2024 02:10:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000000017DE150.72).  hr = 0x80070005, Access is denied..
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (12/09/2024 02:10:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,000000000021F310.72).  hr = 0x80070005, Access is denied..
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (12/09/2024 02:10:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000208,SYSTEM\CurrentControlSet\Services\VSS\Diag\Lovelace,0,REG_BINARY,00000000017DDC40.72).  hr = 0x80070005, Access is denied..
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
 
System errors:
=============
Error: (12/09/2024 02:14:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
 
Error: (12/09/2024 02:10:40 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
Access is denied.
 
Error: (12/09/2024 01:08:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (12/09/2024 01:08:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (12/09/2024 01:08:50 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
Error: (12/09/2024 01:08:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (12/09/2024 01:08:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (12/09/2024 01:08:42 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
 
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard 786H1 v01.02 12/16/2009
Motherboard: Hewlett-Packard 304Bh
Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 43%
Total physical RAM: 7991.29 MB
Available physical RAM: 4506.92 MB
Total Virtual: 15980.73 MB
Available Virtual: 12117.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:679.05 GB) (Model: WL1000GSA6472 ATA Device) NTFS
 
\\?\Volume{9dc8774c-fdda-11e4-b284-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 75E2953E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

 


  • 0

#12
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

Thank you..! No signs of an active infection that I can see in your FRST logs.
 
I recommend updating the software in the box below:
 


---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 5.2.1.144 v.5.2.1.144 Warning! Download Update
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft .NET Framework 4.8 v.4.8.03761 Warning! Download Update
Microsoft Edge WebView2 Runtime v.109.0.1518.140 Warning! Download Update
If update errors occur, remove the old version, download and install the new one. Or reinstall Microsoft Edge browser.
OpenOffice 4.1.10 v.4.110.9807 Warning! Download Update
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 5.30 (64-bit) v.5.30.0 Warning! Download Update
---------------------------- [ ProxyAndVPNs ] -----------------------------
Windscribe v.2.4.10 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Acrobat Reader v.24.004.20272 Warning! Download Update
^Please run Acrobat Reader DC and go Help - Check for updates...^
------------------------------- [ Browser ] -------------------------------
Opera Stable 95.0.4635.90 v.95.0.4635.90 Warning! Download Update
Google Chrome v.109.0.5414.120 Warning! Download Update
----------------------------- [ EmailClient ] -----------------------------
Mozilla Thunderbird 78.11.0 (x86 en-US) v.78.11.0 Warning! Download Update

 
KpRm by Kernel-panik

  • Download KpRm and save it to your Desktop (see here if you must use Chrome)
  • Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
  • Right click on the icon and select Run as administrator
  • Click Yes on the Disclaimer
  • Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
  • Click Run
  • Click OK on All operations are completed
  • KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
  • You are free to remove any other tools/reports still remaining
  • Please copy and paste its contents in your next reply.

  • 0

#13
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

 

Extended support has ended 14.01.2020, Your operating system may be vulnerable to new types of threats

 

 

 

 

Important :  Windows 7 is now an officially unsupported Operating System, receiving no security updates or bugfixes since this date. As such, we recommend that all users still running Windows 7 (or earlier Operating Systems) upgrade to the latest available Windows version supported by their hardware.For the majority of users, there are multiple upgrade paths available, and we'd recommend you switch to Windows 10 which has a wide variety of support for older hardware. If your hardware does not support a later Windows version, we'd recommend you either upgrade your hardware or switch to a suitable Linux Distro to give you a wider variety of options.

  • 0

#14
arwier

arwier

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
# Run at 12/10/2024 3:14:21 PM
# KpRm (Kernel-panik) version 2.17.0
# Run by Art from C:\Users\Art\Desktop
# Computer Name: ART-PC
# OS: Windows 7 X64 (7601) (6.1.7601) Service Pack 1
# Number of passes: 2
 
- Checked options -
 
    ~ Delete Tools
    ~ Create Restore Point
    ~ Delete Quarantines after 7 days
 
- Delete Tools -
 
 
  ## AdwCleaner
     [OK] C:\Users\Art\Desktop\adwcleaner.exe deleted
 
  ## FRST
     [OK] C:\Users\Art\Desktop\Addition.txt deleted
     [OK] C:\Users\Art\Desktop\Fixlog.txt deleted
     [OK] C:\Users\Art\Desktop\FRST-OlderVersion deleted
     [OK] C:\Users\Art\Desktop\FRST.txt deleted
     [OK] C:\Users\Art\Desktop\FRST64.exe deleted
 
  ## SecurityCheck
     [OK] C:\Users\Art\Downloads\SecurityCheck.exe deleted
     [OK] C:\Users\Art\Downloads\SecurityCheck\SecurityCheck.exe deleted
     [OK] C:\SecurityCheck deleted
 
- Other Lines -
 
 
  ## Quarantines that will be deleted in 7 days (2024/12/17)
    ~ C:\AdwCleaner (AdwCleaner)
    ~ C:\FRST (FRST)
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named AdwCleaner_BeforeCleaning_08/12/2024_15:46:56 created at 12/08/2024 21:46:56
   ~ [I] RP named Checkpoint by Sophos Scan && Clean created at 12/08/2024 22:06:21
   ~ [I] RP named Device Driver Package Install: Malwarebytes Network adapters created at 12/10/2024 20:32:10
   ~ [I] RP named KpRm created at 12/10/2024 21:14:26
 
-- KPRM finished in 67.87s --

  • 0

#15
icotonev

icotonev

    Trusted Helper

  • Malware Removal
  • 268 posts

Since the computer is now clean, the topic has been marked as Solved.
 
That is all..! Stay Safe...! :)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP