I am sorry but I don't seem to be able to get the logs to post for some reason I will try once again
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2024
Ran by Art (administrator) on ART-PC (Hewlett-Packard HP Compaq 8100 Elite CMT PC) (09-12-2024 02:10:23)
Running from C:\Users\Art\Desktop\FRST64.exe
Loaded Profiles: Art
Platform: Microsoft Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: Opera
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe ->) (Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Disk Defrag\ActionCenter.exe
(C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe ->) (Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Disk Defrag\DiskDefrag.exe
(C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe ->) (Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Disk Defrag\TabCareCenter.exe
(C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe ->) (Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Disk Defrag\TabMakePortable.exe
(C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe ->) (Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Disk Defrag\TabReports.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(explorer.exe ->) (CANON INC. -> CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP3LAK.EXE
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(explorer.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(spool\drivers\x64\3\CNAP3LAK.EXE ->) (CANON INC. -> CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABISWD.EXE <2>
(taskeng.exe ->) (Auslogics Labs Pty Ltd -> Auslogics) C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CNAP3 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP3LAK.EXE [228520 2021-01-02] (CANON INC. -> CANON INC.)
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Run: [Opera Browser Assistant] => C:\Users\Art\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [5037984 2023-10-30] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Run: [Opera Stable] => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe [2635168 2023-10-30] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\MARINE~1.SCR [6938624 2011-06-09] (SereneScreen) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [99840 2008-05-07] (Hewlett-Packard Corporation) [File not signed]
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppWN7: C:\Windows\System32\spool\prtprocs\x64\hpzppWN7.dll [101376 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [152064 2013-01-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CNAP3 Monitor: C:\Windows\system32\CNAP3SMD.DLL [1470464 2014-11-28] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\EPSON XP-340 Series 64MonitorBE: C:\Windows\system32\E_YLMBRBE.DLL [182784 2015-12-08] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2008-03-03] (Hewlett Packard) [File not signed]
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /f
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-26] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * bootdelete
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {7C5FD3AE-1DAF-431D-98BC-79EE52090C02} - System32\Tasks\{99472F5E-C01B-4B91-9137-2EFA7592DDFE} => C:\Windows\System32\pcalua.exe [9728 2019-02-10] (Microsoft Windows -> Microsoft Corporation) -> -a "C:\Program Files (x86)\OpenOffice 4\program\scalc.exe" -d C:\Users\Art\Desktop -c -o "C:\Users\Art\Desktop\May2017Bills.ods"
Task: {7BBF01DC-B8AE-42E6-8F30-08E8146134D3} - System32\Tasks\{F2839577-BF7D-4277-8B8A-B63AEE89C6AF} => C:\Windows\System32\pcalua.exe [9728 2019-02-10] (Microsoft Windows -> Microsoft Corporation) -> -a C:\Users\Art\Downloads\fmsdisk01.exe -d C:\Users\Art\Downloads
Task: {FDCEFB6E-F982-499F-8D9C-FF16C8339940} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {FE887839-7E11-45F3-B917-99F7A03A9354} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-27] (Apple Inc. -> Apple Inc.)
Task: {62F16D2D-6BF5-4449-9628-6B91C08CE1B9} - System32\Tasks\Auslogics\Disk Defrag\Start Disk Defrag on Art logon => C:\Program Files (x86)\Auslogics\Disk Defrag\Integrator.exe [5921032 2022-12-23] (Auslogics Labs Pty Ltd -> Auslogics)
Task: {C677526A-EAB5-4D48-8C8A-44AE76205E4E} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [1775752 2013-08-30] (CANON INC. -> CANON INC.) -> /Config:"C:\Program Files\Canon\OIPPESP\CnpspCfg.xml"
Task: {76530735-C7FD-442C-9E8D-C0FE3E33598D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2012456220-316695357-2301545490-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2746368 2012-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {FF988BA5-04AB-4661-B841-C5D586EDB41F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
Task: {6D43F3A2-07DA-43E8-9C54-27CA2ABE2F8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
Task: {E2AF877E-D64C-4194-B7F8-5A13922E9E1D} - System32\Tasks\Opera scheduled assistant Autoupdate 1627571894 => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe [2635168 2023-10-30] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Art\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {CDDF54F3-1128-44C6-B02B-23AB1E6B38B0} - System32\Tasks\Opera scheduled Autoupdate 1627571888 => C:\Users\Art\AppData\Local\Programs\Opera\launcher.exe [2635168 2023-10-30] (Opera Norway AS -> Opera Software)
Task: {FFE661D7-25C3-418D-83E4-F91C338CB17A} - System32\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {31500587-F98F-4A30-93F0-BABFD763FBBD} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{46456222-9B9B-4384-B862-62B2FAC12445}: [DhcpNameServer] 192.168.0.254
Tcpip\..\Interfaces\{46456222-9B9B-4384-B862-62B2FAC12445}: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{54E853DD-C72D-4D54-AB21-BFCD1C04FA19}: [NameServer] 10.255.255.2
Tcpip\..\Interfaces\{62EBE42C-851F-43FB-B7E2-E9334B0F8D6F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B53D16B1-293E-409A-82FA-2CDF001223F4}: [DhcpNameServer] 192.168.168.244
Edge:
=======
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: whx4aer7.default-1627042292606
FF ProfilePath: C:\Users\Art\AppData\Roaming\TomTom\HOME\Profiles\xd4wb18b.default [2021-06-24]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\
[email protected] [not found]
FF ProfilePath: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\whx4aer7.default-1627042292606 [2024-12-08]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2024-11-13] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default [2024-12-09]
CHR Notifications: Default -> hxxps://www.wish.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-11-18]
CHR HKU\S-1-5-21-2012456220-316695357-2301545490-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable [2024-12-09]
OPR StartupUrls: Opera Stable -> "hxxps://www.google.com/"
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2024-11-13]
OPR Extension: (Opera Wallet) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2024-11-13]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Art\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2024-11-13]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc. -> Apple Inc.)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2021-08-02] (Google Inc -> Google Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9433496 2024-12-07] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-06-02] (Malwarebytes Inc. -> Malwarebytes)
S3 ss_conn_launcher_service; C:\Windows\system32\Samsung\EasySetup\ss_conn_launcher.exe [182328 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1256880 2022-07-09] (Windscribe Limited -> Windscribe Limited)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [34416 2017-06-20] (Anvsoft Inc. -> AnvSoft Inc.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (西安博汇电子科技有限公司 -> Wireless Data Device)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csr_a2dp; C:\Windows\System32\drivers\bthav.sys [78848 2009-12-21] (Microsoft Windows Hardware Compatibility Publisher -> CSR, plc)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2022-06-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 FXVAD; C:\Windows\System32\drivers\fxvad.sys [326120 2021-07-14] (FxSound, LLC -> Windows ® Win 7 DDK provider)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (ZTE CORPORATION -> HandSet Incorporated)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [232024 2024-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [201280 2024-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [80448 2024-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2024-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [149472 2024-12-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [43368 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [48544 2022-03-19] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2014-11-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2014-11-17] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetbus; C:\Windows\System32\DRIVERS\lgvzandnetbus64.sys [29184 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [31232 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [37888 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94720 2015-04-24] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 WindscribeSplitTunnel; C:\Windows\System32\DRIVERS\WindscribeSplitTunnel.sys [25384 2022-07-09] (Windscribe Limited -> )
R3 windtun420; C:\Windows\System32\DRIVERS\windtun420.sys [38312 2022-03-19] (Windscribe Limited -> WireGuard LLC)
R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-12-08 16:06 - 2024-12-08 16:06 - 000012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2024-12-08 16:06 - 2024-12-08 16:06 - 000000144 _____ C:\Windows\system32\bootdelete.lst
2024-12-08 15:57 - 2024-12-08 15:57 - 000000000 ____D C:\ProgramData\Sophos
2024-12-08 15:55 - 2024-12-08 15:55 - 000262144 _____ C:\Windows\Minidump\120824-18938-01.dmp
2024-12-08 15:54 - 2024-12-08 15:54 - 670408149 _____ C:\Windows\MEMORY.DMP
2024-12-08 15:53 - 2024-12-08 15:57 - 013033968 _____ (Sophos Limited) C:\Users\Art\Desktop\SophosScanAndClean_x64.exe
2024-12-08 15:41 - 2024-12-08 15:47 - 000000000 ____D C:\AdwCleaner
2024-12-08 15:41 - 2024-12-08 15:41 - 008790880 _____ (Malwarebytes) C:\Users\Art\Desktop\adwcleaner.exe
2024-12-06 15:27 - 2024-12-08 15:39 - 000000499 _____ C:\Users\Art\Desktop\Fixlog.txt
2024-12-06 15:27 - 2024-12-06 15:27 - 000000000 ____D C:\Users\Art\Desktop\FRST-OlderVersion
2024-12-06 15:15 - 2024-12-06 15:15 - 000000000 ____D C:\SecurityCheck
2024-12-06 15:14 - 2024-12-06 15:14 - 000000000 ____D C:\Users\Art\Downloads\SecurityCheck
2024-12-06 15:14 - 2024-10-19 00:58 - 000551434 _____ (glax24 (safezone.cc)) C:\Users\Art\Downloads\SecurityCheck.exe
2024-12-06 15:08 - 2024-12-06 15:08 - 000489843 _____ C:\Users\Art\Downloads\SecurityCheck (1).zip
2024-12-06 15:07 - 2024-12-06 15:07 - 000489843 _____ C:\Users\Art\Downloads\SecurityCheck.zip
2024-12-05 20:24 - 2024-12-05 20:33 - 000028822 _____ C:\Users\Art\Desktop\Addition.txt
2024-12-05 20:18 - 2024-12-09 02:11 - 000018509 _____ C:\Users\Art\Desktop\FRST.txt
2024-12-05 20:18 - 2024-12-06 15:27 - 002402304 _____ (Farbar) C:\Users\Art\Desktop\FRST64.exe
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-12-09 02:10 - 2022-10-07 15:39 - 000000000 ____D C:\FRST
2024-12-09 02:09 - 2023-05-09 08:59 - 000000000 ____D C:\Users\Art\AppData\Local\Malwarebytes
2024-12-09 02:09 - 2022-02-11 00:01 - 000003910 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{BF21A923-A93E-412B-9FC4-6EA3E52D3F63}
2024-12-09 01:31 - 2015-05-18 21:15 - 000000000 ____D C:\Program Files (x86)\Google
2024-12-09 01:00 - 2015-11-28 23:20 - 000000384 _____ C:\Windows\Tasks\update-sys.job
2024-12-08 23:03 - 2015-11-28 23:20 - 000000384 _____ C:\Windows\Tasks\update-S-1-5-21-2012456220-316695357-2301545490-1000.job
2024-12-08 18:29 - 2023-12-29 15:47 - 000029162 _____ C:\Users\Art\Desktop\bills 2024.ods
2024-12-08 16:03 - 2009-07-13 22:45 - 000036096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2024-12-08 16:03 - 2009-07-13 22:45 - 000036096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2024-12-08 16:01 - 2009-07-13 23:13 - 000798694 _____ C:\Windows\system32\PerfStringBackup.INI
2024-12-08 16:01 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2024-12-08 15:55 - 2022-04-17 09:39 - 000000000 ____D C:\Windows\Minidump
2024-12-08 15:55 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-12-08 15:47 - 2015-10-30 11:52 - 000000000 ____D C:\Users\Art\AppData\Local\Hewlett-Packard
2024-12-08 15:47 - 2015-09-11 08:56 - 000000000 ____D C:\Users\Art\AppData\Roaming\Hewlett-Packard
2024-12-08 15:47 - 2015-09-11 02:36 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2024-12-08 15:47 - 2015-09-10 10:58 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2024-12-06 17:40 - 2022-12-06 02:05 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-12-06 15:27 - 2021-12-11 03:30 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2024-12-04 04:01 - 2022-07-31 22:39 - 000000000 ____D C:\Users\Art\Downloads\Wrong Place (2022) [720p] [WEBRip] [YTS.MX]
2024-11-26 10:08 - 2024-02-12 01:32 - 000000000 ___RD C:\Users\Art\Desktop\utilities
2024-11-26 10:08 - 2015-05-18 20:10 - 000000000 ____D C:\Users\Art
2024-11-24 22:42 - 2022-07-09 19:44 - 000003436 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-11-24 22:42 - 2022-07-09 19:44 - 000003308 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-11-17 15:40 - 2022-11-07 01:21 - 000000000 ____D C:\Users\Art\AppData\Local\BitTorrentHelper
2024-11-17 13:54 - 2022-10-12 03:03 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2024-11-17 13:39 - 2024-07-10 16:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2024-11-13 03:05 - 2015-05-18 22:24 - 000000000 ____D C:\Windows\system32\MRT
2024-11-13 03:01 - 2015-05-18 22:24 - 202035632 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories ========
2016-02-17 20:13 - 2016-03-08 02:27 - 000399360 _____ () C:\Program Files\CascLib.dll
2016-02-17 20:13 - 2016-03-08 02:27 - 000326144 _____ () C:\Program Files\DXPRecastPathFinding2.dll
2016-02-19 21:52 - 2016-02-19 21:52 - 000003766 _____ () C:\Program Files\error.txt
2016-02-17 20:13 - 2016-02-01 14:51 - 000301056 _____ (The Apache Software Foundation) C:\Program Files\log4net.dll
2016-02-17 20:13 - 2016-02-01 14:51 - 000510976 _____ (Newtonsoft) C:\Program Files\Newtonsoft.Json.dll
2016-02-17 20:13 - 2016-02-01 14:51 - 000230912 _____ (Alexandre Mutel) C:\Program Files\SharpDX.Direct2D1.dll
2016-02-17 20:13 - 2016-02-01 14:51 - 000558080 _____ (Alexandre Mutel) C:\Program Files\SharpDX.dll
2016-02-17 20:13 - 2016-02-01 14:51 - 000090624 _____ (Alexandre Mutel) C:\Program Files\SharpDX.DXGI.dll
2016-06-20 10:11 - 2013-08-31 13:01 - 000121696 _____ () C:\Program Files\Weather_Meter_V1.7.gadget
2016-01-17 13:28 - 2017-03-28 20:09 - 000000933 _____ () C:\Users\Art\AppData\Roaming\burnaware.ini
2017-07-29 22:33 - 2017-07-30 02:10 - 000000098 _____ () C:\Users\Art\AppData\Roaming\LauncherSettings_live.cfg
2017-07-30 00:01 - 2017-07-30 00:01 - 000000042 _____ () C:\Users\Art\AppData\Roaming\TheHunterSettings_live.cfg
2016-09-26 23:21 - 2016-09-26 23:21 - 000000046 _____ () C:\Users\Art\AppData\Roaming\WB.CFG
2017-10-27 12:33 - 2023-08-24 23:30 - 000000367 _____ () C:\Users\Art\AppData\Roaming\Weather Meter_Settings.ini
2024-11-05 19:11 - 2024-11-05 19:11 - 000275748 _____ () C:\Users\Art\AppData\Local\ars.cache
2016-01-24 08:57 - 2016-02-04 20:50 - 000000031 _____ () C:\Users\Art\AppData\Local\burnaware.ini
2024-11-05 19:13 - 2024-11-05 19:13 - 000518886 _____ () C:\Users\Art\AppData\Local\census.cache
2019-02-28 22:12 - 2022-09-04 01:23 - 000000084 _____ () C:\Users\Art\AppData\Local\DVDPATH.TXT
2024-11-05 18:55 - 2024-11-05 18:55 - 000000036 _____ () C:\Users\Art\AppData\Local\housecall.guid.cache
2019-11-06 18:35 - 2022-03-22 22:07 - 000007668 _____ () C:\Users\Art\AppData\Local\Resmon.ResmonCfg
2021-06-24 06:08 - 2021-06-24 06:08 - 000000003 _____ () C:\Users\Art\AppData\Local\updater.log
2015-11-28 23:20 - 2022-03-05 19:09 - 000000424 _____ () C:\Users\Art\AppData\Local\UserProducts.xml
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2024-12-02 01:14
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2024
Ran by Art (09-12-2024 02:11:28)
Running from C:\Users\Art\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X64) (2015-05-19 02:10:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2012456220-316695357-2301545490-500 - Administrator - Disabled)
Art (S-1-5-21-2012456220-316695357-2301545490-1000 - Administrator - Enabled) => C:\Users\Art
G5PWFULZDC (S-1-5-21-2012456220-316695357-2301545490-1001 - Limited - Enabled) => C:\Users\G5PWFULZDC
Guest (S-1-5-21-2012456220-316695357-2301545490-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2012456220-316695357-2301545490-1005 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 24.004.20272 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601102}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD APP SDK Runtime (HKLM\...\{503F672D-6C84-448A-8F8F-4BC35AC83441}) (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B046F915-7A34-7D83-5494-67D8BD488538}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Problem Report Wizard (HKLM\...\{4987DDA3-6101-B196-7717-85818D77E89C}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.) Hidden
AntimalwareEngine (HKLM\...\{5C7A5F94-02E9-4C5D-A594-B1F10865965A}) (Version: 3.0.160.0 - adaware) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 11.0.0.2 - Auslogics Labs Pty Ltd)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 7.0.13.0 - Auslogics Labs Pty Ltd)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 1.2.11 - CANON INC.) Hidden
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.2.11.10002 - CANON INC.)
Canon LBP6230 6240 Uninstaller (HKLM\...\Canon LBP6230 6240) (Version: 6, 3, 1, 0 - Canon Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
Clementine (HKLM-x32\...\Clementine) (Version: 1.3.1 - Clementine)
DVD43 Plug-in v1.0.0.6 (HKLM-x32\...\DVD43 Plug-in_is1) (Version: - )
DVDStyler v3.2.1 (HKLM\...\DVDStyler_is1) (Version: - Thüring IT-Consulting)
Easy Photo Scan (HKLM-x32\...\{1021AA9F-6A0A-4128-B89B-1A05A8DD1770}) (Version: 1.00.0009 - Seiko Epson Corporation)
EKS Sherlock (HKLM-x32\...\EKS Sherlock) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.120 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{C9EF1AAF-B542-41C8-A537-1142DA5D4AEC}) (Version: 6.0.3.1 - Hewlett-Packard) Hidden
HydraVision (HKLM-x32\...\{5F170011-13ED-E84C-7844-6B941CA34F30}) (Version: 4.2.222.0 - Advanced Micro Devices, Inc.) Hidden
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
LG VZW United Drivers (HKLM-x32\...\{BEEBD17D-FF29-4508-8032-2D1FA66F7B77}) (Version: 2.23.1 - LG Electronics)
Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.13 - Magical Jelly Bean)
Malwarebytes version 5.2.2.154 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.2.154 - Malwarebytes)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.23.5.1 - Marvell)
Microsoft .NET Framework 4.8 (HKLM\...\{16735AF7-1D8D-3681-94A5-C578A61EC832}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.140 - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127 (HKLM\...\{8678BA04-D161-45BE-ACA4-CC5D13073F35}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127 (HKLM\...\{7DC387B8-E6A2-480C-8EF9-A6E51AE81C19}) (Version: 14.24.28127 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
MiniTool Partition Wizard Free 10.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Software Limited)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0 - Mozilla)
Mozilla Thunderbird 78.11.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 78.11.0 (x86 en-US)) (Version: 78.11.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NewFreeScreensaver nfsUnderwaterLife (HKLM-x32\...\nfsUnderwaterLife New Free Screensaver_is1) (Version: - NewFreeScreensavers.com)
ODT Viewer version 1.0 (HKLM-x32\...\{CAA1B43B-7CDA-4D58-B9A3-1050C358CB2D}_is1) (Version: 1.0 - odtviewer.com)
OpenOffice 4.1.10 (HKLM-x32\...\{D909483F-780E-4232-9313-4C24A1B09BE8}) (Version: 4.110.9807 - Apache Software Foundation)
Opera Stable 95.0.4635.90 (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\Opera 95.0.4635.90) (Version: 95.0.4635.90 - Opera Software)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version: - )
Revo Uninstaller Pro 5.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 5.1.1 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.0 - Prolific Publishing, Inc.)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{F3BA1C5E-51F1-4256-B5FD-0C060D963D35}) (Version: 2.17.0214 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{EDB7BFB3-9B55-4A70-920F-35226A4E4A12}) (Version: 2.16.0504 - Samsung Electronics Co., Ltd.)
Wheel of Fortune Deluxe (remove only) (HKLM-x32\...\Wheel of Fortune Deluxe) (Version: - )
Windows Driver Package - Canon Printer (07/02/2019 21.46.0.0) (HKLM\...\7B4C73808C155604A986DC16347581EF007C38D5) (Version: 07/02/2019 21.46.0.0 - Canon)
Windows Driver Package - Dexcom, Inc. (usbser) Ports (10/21/2021 1.0.0.3) (HKLM\...\3E959A91726151C8A6EB15FBA0EB4C975A5D757C) (Version: 10/21/2021 1.0.0.3 - Dexcom, Inc.)
Windows Driver Package - Intel System (07/09/2013 9.1.9.1004) (HKLM\...\BD28A75CDFB28255C4F7327AD9EC5B23B9DD7481) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - Intel System (07/25/2013 9.1.9.1005) (HKLM\...\BF1AD0105EBDCA6E730BE93DE583343339830A7A) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Media Player 9 Series Winter Fun Pack (HKLM-x32\...\{52C8FAA0-68CA-4AF9-8A7A-92CF3174CC77}) (Version: 1.0.0 - <no manufacturer>)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.4.10 - Windscribe Limited)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2104.1.02B08 - ZTE Corporation)
Chrome apps:
============
Pogo (HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\7800fd33e6d3fd32066a5d9e92b24b59) (Version: 1.0 - Google\Chrome)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-01-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2022-04-04] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing LLC -> WinZip Computing, S.L.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pogo.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=bkjcnfmlobgpbcmjdhpedlfcbcbdgmag
==================== Loaded Modules (Whitelisted) =============
2021-08-04 14:23 - 2013-01-31 03:21 - 000152064 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll
2008-03-03 12:35 - 2008-03-03 12:35 - 000153088 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hptcpmib.dll
2008-03-03 12:36 - 2008-03-03 12:36 - 000331264 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\HpTcpMon.dll
2005-04-08 00:27 - 2005-04-08 00:27 - 000132096 _____ (Hewlett Packard) [File not signed] C:\Windows\System32\hpzjrd01.dll
2016-02-09 15:25 - 2008-05-07 19:59 - 000099840 _____ (Hewlett-Packard Corporation) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\hpzpplhn.dll
2008-03-03 12:36 - 2008-03-03 12:36 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\Windows\System32\HPTcpMUI.dll
2017-06-24 18:45 - 2015-12-08 13:08 - 000182784 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\E_YLMBRBE.DLL
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Art\Desktop\SophosScanAndClean_x64.exe:MBAM.Zone.Identifier [54]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Version 11) (Whitelisted) =============
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2012456220-316695357-2301545490-1000\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2024-12-09 01:08 - 2024-12-09 01:08 - 000000035 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2012456220-316695357-2301545490-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Art\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D46333DB-7ECF-41C1-AC2F-2B393DC04A73}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{CF4DE86D-EDFD-4AB0-9D20-3678EC1E6EBA}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{C774692B-4084-4E6A-A0A1-8F9BE26284FC}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{EF9DB066-48C9-4901-86AC-B95EFCD1832D}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{B31526B4-B506-49B3-8D9C-34BB75BBE376}C:\users\art\appdata\local\programs\opera\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{751E0111-15BA-40C5-A5A9-244C106DE5AC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{10DE7053-38C6-447B-B31C-F0EFE7736B87}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{00251023-C09A-46A5-9A82-9B0CF3B4E2C9}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{EAAFE318-EBF2-4E2F-A5FC-9981B7FBAECE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5FBA8434-4BBB-4230-AD15-2EE35E4142EC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{DB27D4B0-4578-46C4-80F4-EE38C461A1DE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{455C652E-9B33-42F0-863A-639842AF843E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{11583047-D909-4CDC-852E-842DF5145EE0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{11BBDC62-C4AB-4E3C-9090-F172EC9F89B0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F213FB4F-0B24-4AA8-B086-A4D6B067C7BC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.140\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{323D8FEE-2D2B-4320-B9F8-17035194A803}C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{8F7E6C6C-BD44-4DC7-A33A-84EBEA42DED1}C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{D0F2414F-FABF-4996-A4C6-B726B7E74BD8}C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{F8B2E8A1-CAFE-4826-8E32-111E0D37F996}C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe] => (Allow) C:\users\art\appdata\local\programs\opera\95.0.4635.90_0\opera.exe (Opera Norway AS -> Opera Software)
==================== Restore Points =========================
Check "VSS" service
==================== Faulty Device Manager Devices ============
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (12/09/2024 02:10:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000000017DE0C0.72). hr = 0x80070005, Access is denied..
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (12/09/2024 02:10:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000000017DE0C0.72). hr = 0x80070005, Access is denied..
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (12/09/2024 02:10:40 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000000017DE0C0.72). hr = 0x80070005, Access is denied..
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (12/09/2024 02:10:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000000017DE0C0.72). hr = 0x80070005, Access is denied..
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (12/09/2024 02:10:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000000017DE150.72). hr = 0x80070005, Access is denied..
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (12/09/2024 02:10:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,00000000017DE150.72). hr = 0x80070005, Access is denied..
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (12/09/2024 02:10:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000020c,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,000000000021F310.72). hr = 0x80070005, Access is denied..
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (12/09/2024 02:10:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000208,SYSTEM\CurrentControlSet\Services\VSS\Diag\Lovelace,0,REG_BINARY,00000000017DDC40.72). hr = 0x80070005, Access is denied..
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
System errors:
=============
Error: (12/09/2024 02:14:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {BB6DF56B-CACE-11DC-9992-0019B93A3A84} did not register with DCOM within the required timeout.
Error: (12/09/2024 02:10:40 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
Access is denied.
Error: (12/09/2024 01:08:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
Error: (12/09/2024 01:08:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Error: (12/09/2024 01:08:50 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
Error: (12/09/2024 01:08:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535
Error: (12/09/2024 01:08:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535
Error: (12/09/2024 01:08:42 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
==================== Memory info ===========================
BIOS: Hewlett-Packard 786H1 v01.02 12/16/2009
Motherboard: Hewlett-Packard 304Bh
Processor: Intel® Core i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 43%
Total physical RAM: 7991.29 MB
Available physical RAM: 4506.92 MB
Total Virtual: 15980.73 MB
Available Virtual: 12117.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:679.05 GB) (Model: WL1000GSA6472 ATA Device) NTFS
\\?\Volume{9dc8774c-fdda-11e4-b284-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 75E2953E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================