Mysterious PluginModule file appeared on desktop

Started by pastywhitegurl, July 01, 2022, 09:04:32 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2 3 4
User actions

pastywhitegurl

July 01, 2022, 09:04:32 PM
Trying to figure out what to do with this PuginModule folder that appeared on my desktop.   Preliminatry discussion here:
https://www.landzdown.com/computer-problems-questions-and-solutions!/what-is-this-folder/msg206048
This is a screenshot of what is in the folder:
https://www.landzdown.com/computer-problems-questions-and-solutions!/what-is-this-folder/?action=dlattach;attach=8294;image

I have run threat scan with MBAM and also one which included a root kit scan. Neither found anything. However, I'm not sure the root kit scan completed...it came within 10K or so of the usually total files scanned number of the threat scan if not.

Here are the  FUBAR logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-06-2022 01
Ran by Helena (administrator) on HELENA-PC (Dell Inc. OptiPlex 755) (01-07-2022 15:42:52)
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler64.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <16>
(explorer.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\AMT\atchk.exe
(explorer.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\xdcla.exe
(explorer.exe ->) (Ruiware, LLC -> Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(explorer.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(services.exe ->) (Intel) [File not signed] C:\Program Files (x86)\Intel\AMT\LMS.exe
(services.exe ->) (Intel) [File not signed] C:\Program Files (x86)\Intel\AMT\UNS.exe
(services.exe ->) (Lexmark International, Inc. -> ) C:\Windows\System32\lxbvcoms.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.41582.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation) [File not signed]
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [cdloader] => C:\Users\Helena\AppData\Roaming\mjusbsp\cdloader2.exe [59048 2022-01-04] (magicJack, L.P. -> magicJack L.P.)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1223560 2017-05-07] (Ruiware, LLC -> Ruiware)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [MicrosoftEdgeAutoLaunch_FEC2D14AA1F15DAD90F56E6F9A07DBED] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Uninstall 22.111.0522.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\22.111.0522.0002" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\MountPoints2: {251e69fc-d200-11ec-9ccd-0014d1fa11a1} - "F:\VZW_Software_upgrade_assistant.exe"
HKLM\...\Windows x64\Print Processors\Lexmark 2200 Series Print Processor: lxbvpp6c.dll
HKLM\...\Windows x64\Print Processors\spe__PC: C:\Windows\System32\spool\prtprocs\x64\spe__pc.dll [41984 2012-12-06] (Windows (R) Codename Longhorn DDK provider) [File not signed]
HKLM\...\Windows x64\Print Processors\SUGO3PC: C:\Windows\System32\spool\prtprocs\x64\sugo3pc.dll [27648 2006-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Windows x64\Print Processors\sxa6mPC: C:\Windows\System32\spool\prtprocs\x64\sxa6mpc.dll [43520 2014-02-20] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\usp02PC: C:\Windows\System32\spool\prtprocs\x64\usp02pc.dll [43520 2014-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\Xerox Network PC Fax Print Processor: C:\Windows\System32\spool\prtprocs\x64\XrxFaxProc64.dll [146944 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\...\Print\Monitors\2200 Series Port: C:\WINDOWS\system32\lxbvlmpm.dll [488448 2007-04-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\spe__ Langmon: C:\WINDOWS\system32\spe__l.dll [34304 2011-04-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\SUGO3 Langmon: C:\WINDOWS\system32\sugo3l6.dll [22016 2006-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\sxa6m Langmon: C:\WINDOWS\system32\sxa6mlm.dll [34304 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\usp02 Langmon: C:\WINDOWS\system32\usp02l.dll [29184 2014-04-16] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Xerox MFP PC Fax Port: C:\WINDOWS\system32\XrxFaxPort64.dll [280064 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.66\Installer\chrmstp.exe [2022-06-29] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\103.1.40.109\Installer\chrmstp.exe [2022-06-28] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageRetriever.lnk [2016-04-06]
ShortcutTarget: ImageRetriever.lnk -> C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\xdcla.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2016-04-06]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.) [File not signed]
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08066272-E4CE-44F8-BAA8-8D9F63C44088} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1817527B-916E-4828-9064-8B9C7C88F4BD} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {1A327E14-3348-4D82-BA9F-3D9156844511} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {1F5FF165-2F20-44BA-A566-AE70B1099F0C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {26EA4B1A-5F1F-46D0-ADB9-64874994F0DB} - System32\Tasks\{26FF5CE4-1B64-467B-A8F9-E1AFBECA0043} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
Task: {2A914597-8D60-4C8A-845F-7C6B9698411F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {2D14430F-8DB9-4A17-9A63-376EE205AC65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {3BE1F1BC-5BE6-4B1A-9974-AA07DE8A3B5C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
Task: {403DA6FD-63E7-4F7E-9F2A-0D545410941E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4A68B9CC-69D1-400C-8369-85BB21D1881B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4ABC4334-7813-4F8E-A6CA-F73EF6DCF744} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {52AAFEA1-9569-4FAA-BFF8-247BB70FDFA3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {53C1002C-A1F8-4AC1-9A14-4076D4475F99} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {5691B2A8-0468-4C5C-87DD-CFA539E133B3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {69D28494-AF77-4BB4-8498-C02DA9A82FB5} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {6E227D86-F9B2-46DD-80F4-7FDD3F52F855} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {79269E68-B26F-4D8B-8166-7BF427E3FB12} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {7BEFDAC2-DF77-4486-AE5E-9638D19CB8A4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges (No File)
Task: {7C8CB8C9-96A6-441F-8406-88CA84AE83D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {862F6BDE-AB5D-41B7-9C59-13842AE6F2F3} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9C578E9E-58F8-478E-904A-B9428EBFD5B2} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {A51DE8EF-2078-40EB-BA7D-EC285D170034} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B687CEBE-FA8A-4F43-8016-F92A8D5862E7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {BBFBE970-925D-4581-A00D-EE4177311E62} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File)
Task: {BCD07FC1-F311-442F-8093-A5A7B42733F2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {BE3C0C64-EAB0-4DB2-ACD8-3D3FCB3E6C18} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {BF8070BE-5E8B-402E-880C-2C676A4D7314} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {C659F16F-A4C3-45C9-B031-2805B488C642} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {D3BB3CF2-C59B-49F6-8422-5FB23EC4C4E3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {D3DD5E21-E529-4A67-860E-FA96754EE492} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {D982EE24-A772-438C-A60F-39628F96627F} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {D9C1DFA0-E865-487F-8C6D-63AB6EC1DF12} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {E0612474-1111-4866-BE32-277060951C9F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {E5681874-1A34-4209-90C0-66CF30C5E85A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EEDE1370-0002-495D-A32F-C4061417EDF6} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {EF264487-B955-4558-8484-48085101BC1A} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {F1113B51-1D61-4A41-B21F-92142178CB98} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {F3384579-64DC-40C1-B982-CFAA66121805} - System32\Tasks\{388ED8BB-DE22-4551-8878-F11FF5D89FEE} => C:\Windows\system32\pcalua.exe -a C:\Users\Helena\AppData\Local\Temp\Shockwave_Installer_FF.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
Task: {F4433939-EA79-44A2-B68E-86991B328547} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {F943D144-419E-4482-B61E-002605CE1FEA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fee10231-d6e0-42e1-a19b-a0f5a78c86cc}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\Helena\Desktop
Edge Notifications: HKU\S-1-5-21-831887293-3776352801-720962199-1001 -> hxxps://web.skype.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (Ghostery – Privacy Ad Blocker) -> EdgeExtension_GhosteryGhostery_kzkqe0pn505dg => C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.6.0_neutral__kzkqe0pn505dg [2020-07-20]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-01]
Edge DownloadDir: Default -> C:\Users\Helena\Desktop
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Textarea Cache) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chpphekfimlabghbdankokcohcmnbmab [2020-10-21]
Edge Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-15]
Edge Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2022-06-29]
Edge Extension: (Measure-it) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gbaokpnhddikgoalopfdjjhgahfcecge [2021-06-07]
Edge Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lhnbdlbhcokmgpjenkjolnhdnkphnkam [2022-06-29]
Edge Extension: (uBlock Origin) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2022-05-15]
Edge Extension: (Weather Forecast) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\phklfmbdnakdekionmpfdiihnmijfpnl [2022-02-08]

FireFox:
========
FF DefaultProfile: n27s1rnq.default
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default [2022-04-22]
FF DownloadDir: C:\Users\Helena\Desktop
FF Session Restore: Mozilla\Firefox\Profiles\n27s1rnq.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\n27s1rnq.default -> hxxp://mail.google.com; hxxps://mail.google.com; hxxp://us-mg6.mail.yahoo.com; hxxps://us-mg6.mail.yahoo.com; hxxps://twitter.com; hxxps://us-mg4.mail.yahoo.com; hxxps://mg.mail.yahoo.com; hxxps://mail.yahoo.com
FF Extension: (Disconnect) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\2.0@disconnect.me.xpi [2020-05-16]
FF Extension: (Archive URL) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\@save-url-to-wayback-machine-firefox-addon.xpi [2020-05-16]
FF Extension: (Copy Link Text) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\copylinktext@brett(2).zamir [2014-05-11] [Legacy] [not signed]
FF Extension: (Edit) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\edit@eros.man.xpi [2020-05-16]
FF Extension: (eSnipe.com SnipeIt!) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\esnipesnipeit@esnipe.com.xpi [2018-02-10] [UpdateUrl:hxxps://www.esnipe.com/SnipeIt_FirefoxExtension/update.json]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firefox@ghostery.com.xpi [2020-07-31]
FF Extension: (Tampermonkey) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firefox@tampermonkey.net.xpi [2020-05-16]
FF Extension: (pinterest-guest) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-SWdspnBEetWxoA@jetpack.xpi [2020-05-16]
FF Extension: (Copy Selected Links) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-vs5odTmtIydjMg@jetpack.xpi [2020-05-16]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2020-07-31]
FF Extension: (Open With) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\openwith@darktrojan(2).net [2014-05-11] [Legacy] [not signed]
FF Extension: (SuperStop) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\superstop@gavinsharp.com.xpi [2018-06-20]
FF Extension: (Textarea Cache) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\textarea-cache-lite@wildsky.cc.xpi [2020-05-16]
FF Extension: (uBlock Origin) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\uBlock0@raymondhill.net.xpi [2020-05-24]
FF Extension: (YesScript2) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\yesscript202@example.org.xpi [2020-06-08]
FF Extension: (YouTube to MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\youtube2mp3@mondayx(2).de [2014-05-11] [Legacy] [not signed]
FF Extension: (Imagus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{00000f2a-7cde-4f20-83ed-434fcb420d71}.xpi [2020-05-16] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Image Block X) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{0035bf10-3f36-4d60-b92d-08c1a8b060a6}.xpi [2020-05-16]
FF Extension: (Screengrab!) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-06-20]
FF Extension: (FireShot) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (LittleFox) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi [2020-05-16]
FF Extension: (Empty Cache Button) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2017-12-16]
FF Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2020-06-21]
FF Extension: (Text Link) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2020-05-16]
FF Extension: (InFormEnter+) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi [2020-05-24]
FF Extension: (ColorZilla) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-12-12]
FF Extension: (Stylus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}.xpi [2020-05-16]
FF Extension: (bbCodeWebex) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7e19f8dd-0cf6-498a-8072-bae5b2db65e5}.xpi [2020-05-27]
FF Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{853d1586-e2ab-4387-a7fd-1f7f894d2651}.xpi [2020-05-24]
FF Extension: (Clippings) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}.xpi [2020-05-19]
FF Extension: (YouTube Downloader Converter MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2020-05-16]
FF Extension: (Weather) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a79a9c4c-9c3f-4bf4-9e58-6574cc0b7ecb}.xpi [2020-05-24]
FF Extension: (Simple stylish) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a8e5fca1-24ae-4de6-b3c4-80d2d316f8f9}.xpi [2019-11-16]
FF Extension: (ruler) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{b1355a29-9265-4b5e-a3ad-e9d61265d5ac}.xpi [2020-05-16]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-05-25]
FF Extension: (Adblock Plus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (Top and Bottom scroll buttons) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d8c7bd7f-3e7d-456a-be71-29973917ec72}.xpi [2020-05-16]
FF Extension: (IE View Lite) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}(2) [2014-05-11] [Legacy] [not signed]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\cnet.xml [2009-11-14]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\mozilla-add-ons.xml [2008-09-06]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\technorati.xml [2008-09-11]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\webster.xml [2008-09-18]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\wordpresscom.xml [2016-03-16]
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default [2022-06-14]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> hxxp://zionfirefriends.com
FF Session Restore: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> is enabled.
FF Extension: (Lazarus: Form Recovery) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\lazarus@interclue.com.xpi [2018-06-16] [Legacy]
FF Extension: (Ad-Bye - For Facebook) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\s.alfa@idev.com.xpi [2018-10-02] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\uBlock0@raymondhill.net.xpi [2021-08-09] [Legacy] [not signed]
FF Extension: (YesScript) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\yesscript@userstyles.org.xpi [2018-10-02] [Legacy]
FF Extension: (FireShot) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2021-02-02] [Legacy] [not signed]
FF Extension: (Back to Top) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}.xpi [2018-09-28] [Legacy] [not signed]
FF Extension: (Forecast & Weather on the Button) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{4d60e663-9c10-48d9-895a-801285687ced}.xpi [2020-01-23] [Legacy] [not signed]
FF Extension: (Color Identifier) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{89850e1c-c80b-4179-81fe-79a9f313400d}.xpi [2018-09-09] [Legacy] [not signed]
FF Extension: (Open With Edge, IE, Chrome, and More) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{ab91ffec-fe2a-440e-99ca-5260e0ea0c06}.xpi [2019-12-25] [Legacy] [not signed]
FF Extension: (BBCodeXtra) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2018-09-09] [Legacy]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\searchplugins\amazoncom.xml [2022-06-14]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\searchplugins\pale-moon-add-ons.xml [2022-06-14]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [No File]
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [No File]
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PDF Viewer 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation -> Zeon Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default [2022-06-18]
CHR DownloadDir: C:\Users\Helena\Desktop
CHR Notifications: Default -> hxxps://twitter.com
CHR StartupUrls: Default -> "hxxp://if.invisionfree.com/search/?c=5","hxxp://www.drudgereport.com/","hxxps://us-mg6.mail.yahoo.com/neo/launch?.rand=e2tudim4rqkvc","hxxp://www.landzdown.com/index.php","hxxp://www.accuweather.com/en/us/kansas-city-mo/64106/hourly-weather-forecast/329441","hxxp://if.invisionfree.com/pages/ircchat/","hxxp://www.official-drivers.com/installer/?seed=lexmark&gclid=COTq45Duor4CFQcSMwodZQEANA","hxxp://hcgdietinfo.com/hcgdietforums/search.php?searchid=4234517"
CHR Extension: (ColorZilla) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2019-01-20]
CHR Extension: (uBlock Origin) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-05-02]
CHR Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-02]
CHR Extension: (Google Search) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Tidy Sidebar) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2019-01-20]
CHR Extension: (bbCodeInsert) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhckbmeeagkjnabhfaindkhmofncedln [2019-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-02]
CHR Extension: (HTML5 Autoplay Blocker) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppkihnmgkncknjlfkkjgfgoifkcgii [2019-12-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-02]
CHR Extension: (Weather) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\iolcbmjhmpdheggkocibajddahbeiglb [2021-09-01]
CHR Extension: (Measure-it) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jocbgkoackihphodedlefohapackjmna [2019-01-20]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2022-05-02]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-01]
CHR Extension: (Image Background Color) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjaolenabdfhmpndkmnbojmjefdpago [2019-02-27]
CHR Extension: (Image Size Info) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihdhfbfoagfkpcncinlbhfdgpegcigf [2021-09-01]
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-12-16]
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\System Profile [2022-04-28]

Brave:
=======
BRA Profile: C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-07-01]
BRA DownloadDir: C:\Users\Helena\Desktop
BRA DefaultSearchURL: Default -> hxxps://search.brave.com/search?q={searchTerms}&source=desktop
BRA DefaultSearchKeyword: Default -> :br
BRA DefaultSuggestURL: Default -> hxxps://search.brave.com/api/suggest?q={searchTerms}
BRA Extension: (Textarea Cache) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\chpphekfimlabghbdankokcohcmnbmab [2022-02-14]
BRA Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-05]
BRA Extension: (Measure-it) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jocbgkoackihphodedlefohapackjmna [2022-02-14]
BRA Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\piajkpdbaniagacofgklljacgjhefjeh [2022-06-20]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-06-30]
BRA Extension: (Brave NTP background images) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-03-10]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-06-23]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-06-30]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-06-30]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-06-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [847886 2019-10-15] (Microsoft Windows -> )
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-05-11] (Macrovision Europe Ltd.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 lxbv_device; C:\WINDOWS\system32\lxbvcoms.exe [566704 2007-04-25] (Lexmark International, Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8677120 2022-06-23] (Malwarebytes Inc. -> Malwarebytes)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe [220488 2013-02-26] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] (Samsung Electronics CO., LTD. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254368 2022-06-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2014-04-21] (Xerox Corporation.) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-06-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74680 2022-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-06-29] (Malwarebytes Inc. -> Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-01 15:42 - 2022-07-01 15:46 - 000042301 _____ C:\Users\Helena\Desktop\FRST.txt
2022-07-01 15:38 - 2022-07-01 15:38 - 002369024 _____ (Farbar) C:\Users\Helena\Desktop\FRST64.exe
2022-06-29 08:05 - 2022-06-29 08:05 - 000074680 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-06-29 08:04 - 2022-06-29 08:04 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-06-29 08:04 - 2022-06-29 08:04 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-06-28 23:44 - 2022-06-28 23:44 - 000479744 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000011787 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-06-28 23:43 - 2022-06-28 23:43 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-06-28 23:42 - 2022-06-28 23:42 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-06-28 23:42 - 2022-06-28 23:42 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-06-28 23:10 - 2022-06-28 23:10 - 000000000 ___HD C:\$WinREAgent
2022-06-23 12:25 - 2022-06-23 12:25 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-06-23 12:20 - 2022-06-23 12:20 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-06-13 19:56 - 2022-06-13 19:57 - 035896816 _____ (Telegram FZ-LLC ) C:\Users\Helena\Desktop\tsetup-x64.3.7.3.exe
2022-06-09 22:22 - 2022-06-29 22:36 - 000000377 _____ C:\Users\Helena\Desktop\CourseNotes.txt
2022-06-09 12:03 - 2022-06-09 12:03 - 000112264 _____ C:\Users\Helena\Desktop\Carbs are Critical One Week Menu.pdf
2022-06-02 20:53 - 2022-06-02 20:53 - 006971230 _____ C:\Users\Helena\Desktop\BusinessStartup101WorkbookJeniHott1-220508-132859.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-01 15:44 - 2017-10-02 10:53 - 000000000 ____D C:\FRST
2022-07-01 15:23 - 2020-08-26 23:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-01 15:23 - 2014-05-10 19:29 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-01 13:26 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-01 12:42 - 2021-12-04 16:54 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\IGDump
2022-07-01 12:24 - 2021-10-05 16:28 - 000000000 ____D C:\Users\Helena\AppData\Roaming\discord
2022-07-01 11:55 - 2021-10-05 16:27 - 000000000 ____D C:\Users\Helena\AppData\Local\Discord
2022-07-01 10:32 - 2021-12-12 23:47 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-831887293-3776352801-720962199-1001
2022-07-01 10:32 - 2020-08-27 00:17 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-831887293-3776352801-720962199-1001
2022-07-01 10:32 - 2020-08-26 05:29 - 000002429 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-01 10:30 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-01 10:30 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-01 10:24 - 2020-08-27 00:17 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2022-06-29 19:35 - 2015-08-08 22:50 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-06-29 19:35 - 2014-05-10 19:30 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-06-29 08:20 - 2015-08-07 23:01 - 000000000 ____D C:\Users\Helena\AppData\Roaming\mjusbsp
2022-06-29 08:19 - 2015-08-07 23:01 - 000001086 _____ C:\Users\Helena\Desktop\magicJack.lnk
2022-06-29 08:19 - 2015-08-07 23:01 - 000001072 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2022-06-29 08:10 - 2020-08-27 00:07 - 000971878 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-06-29 08:10 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-06-29 08:03 - 2020-08-27 00:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-06-29 08:03 - 2020-08-26 23:47 - 002352568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-06-29 08:03 - 2020-08-26 23:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-06-29 08:02 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-06-29 07:59 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-06-29 07:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-06-28 23:52 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-06-28 23:42 - 2020-08-26 23:51 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-06-28 22:24 - 2014-05-10 15:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-06-28 22:11 - 2014-05-10 15:21 - 145918784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-06-28 18:14 - 2021-04-06 11:46 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-06-28 18:14 - 2021-04-06 11:46 - 000002330 _____ C:\Users\Public\Desktop\Brave.lnk
2022-06-28 14:56 - 2020-12-01 09:01 - 000000682 _____ C:\Users\Helena\Desktop\ShoppingList.txt
2022-06-27 17:04 - 2015-01-02 20:59 - 000000000 ____D C:\Users\Helena\Documents\Dance
2022-06-25 11:19 - 2018-06-19 20:06 - 000000000 ____D C:\ProgramData\Packages
2022-06-25 11:18 - 2020-08-21 13:20 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-06-25 11:18 - 2020-08-21 13:20 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-06-24 23:16 - 2015-04-01 12:39 - 000000000 ____D C:\Users\Helena\AppData\Local\CrashDumps
2022-06-24 15:39 - 2020-04-22 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-06-23 21:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-06-23 08:17 - 2019-07-22 10:30 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-06-22 20:09 - 2018-02-18 19:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-16 01:11 - 2020-08-27 00:17 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-06-16 01:11 - 2020-08-27 00:17 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-06-11 17:07 - 2021-10-05 16:28 - 000002279 _____ C:\Users\Helena\Desktop\Discord.lnk
2022-06-03 23:13 - 2020-07-07 12:30 - 000002118 _____ C:\Users\Helena\Desktop\OPM.txt

==================== Files in the root of some directories ========

2019-06-01 15:36 - 2019-06-01 15:36 - 000003584 _____ () C:\Users\Helena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-26 12:28 - 2019-03-16 08:22 - 000000600 _____ () C:\Users\Helena\AppData\Local\PUTTY.RND
2018-10-20 22:40 - 2018-10-20 22:40 - 000002938 _____ () C:\Users\Helena\AppData\Local\recently-used.xbel
2014-05-25 18:06 - 2018-06-05 21:44 - 000007597 _____ () C:\Users\Helena\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2022 01
Ran by Helena (01-07-2022 15:48:34)
Running from C:\Users\Helena\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) (2020-08-27 05:19:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-831887293-3776352801-720962199-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-831887293-3776352801-720962199-503 - Limited - Disabled)
Guest (S-1-5-21-831887293-3776352801-720962199-501 - Limited - Disabled)
Helena (S-1-5-21-831887293-3776352801-720962199-1001 - Administrator - Enabled) => C:\Users\Helena
HomeGroupUser$ (S-1-5-21-831887293-3776352801-720962199-1009 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-831887293-3776352801-720962199-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Anchor Service CS3 (HKLM-x32\...\{90176341-0A8B-4CCC-A78D-F862228A6B95}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (HKLM-x32\...\{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (HKLM-x32\...\{9C9824D9-9000-4373-A6A5-D0E5D4831394}) (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (HKLM-x32\...\{08B32819-6EEF-4057-AEDA-5AB681A36A23}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (HKLM-x32\...\{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}) (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (HKLM-x32\...\{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (HKLM-x32\...\{A2D81E70-2A98-4A08-A628-94388B063C5E}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (HKLM-x32\...\{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (HKLM-x32\...\{51846830-E7B2-4218-8968-B77F0FF475B8}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (HKLM-x32\...\{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (HKLM-x32\...\{95655ED4-7CA5-46DF-907F-7144877A32E5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (HKLM-x32\...\{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (HKLM-x32\...\{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (HKLM-x32\...\{6ABE0BEE-D572-4FE8-B434-9E72A289431B}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (HKLM-x32\...\{04AF207D-9A77-465A-8B76-991F6AB66245}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (HKLM-x32\...\{54793AA1-5001-42F4-ABB6-C364617C6078}) (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (HKLM-x32\...\{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}) (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}) (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Setup (HKLM-x32\...\{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (HKLM-x32\...\{29E5EA97-5F74-4A57-B8B2-D4F169117183}) (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (HKLM-x32\...\{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (HKLM-x32\...\{E69AE897-9E0B-485C-8552-7841F48D42D8}) (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (HKLM-x32\...\{D0DFF92A-492E-4C40-B862-A74A173C25C5}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (HKLM-x32\...\{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (HKLM-x32\...\{802771A9-A856-4A41-ACF7-1450E523C923}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Audacity 2.4.1 (HKLM-x32\...\Audacity_is1) (Version: 2.4.1 - Audacity Team)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9045 - )
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 103.1.40.109 - Brave Software Inc)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.50.854.0 - Logitech) Hidden
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
Discord (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.41.1 (HKLM-x32\...\FileZilla Client) (Version: 3.41.1 - Tim Kosse)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.66 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Image Retriever (HKLM-x32\...\{5F0EECDE-4C30-48A0-AEFD-9F3E06811465}) (Version: 11.0 - Nuance Communications, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LibreOffice 5.1.5.2 (HKLM\...\{DDDB2EB8-D3A0-484A-BB24-9611754D29C4}) (Version: 5.1.5.2 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (HKLM-x32\...\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (HKLM-x32\...\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Help_main (HKLM-x32\...\{1651216E-E7AD-4250-92A1-FB8ED61391C9}) (Version: 13.50.862.0 - Logitech) Hidden
LWS Launcher (HKLM-x32\...\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}) (Version: 13.50.859.0 - Logitech) Hidden
LWS Motion Detection (HKLM-x32\...\{71E66D3F-A009-44AB-8784-75E2819BA4BA}) (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (HKLM-x32\...\{08610298-29AE-445B-B37D-EFBE05802967}) (Version: 13.50.861.0 - Logitech) Hidden
LWS Twitter (HKLM-x32\...\{174A3B31-4C43-43DD-866F-73C9DB887B48}) (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (HKLM-x32\...\{EED027B7-0DB6-404B-8F45-6DFEE34A0441}) (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (HKLM-x32\...\{8937D274-C281-42E4-8CDB-A0B2DF979189}) (Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (HKLM-x32\...\{9DAEA76B-E50F-4272-A595-0124E826553D}) (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (HKLM-x32\...\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}) (Version: 13.31.1038.0 - Logitech) Hidden
magicJack (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\magicJack) (Version: 4.18.11491.8038 - magicJack L.P.)
Malwarebytes version 4.5.10.200 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.10.200 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{26784146-6E05-3FF9-9335-786C7C0FB5BE}) (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) (HKLM\...\{25E80DAA-FD87-DCE5-202C-CC02F6673002}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.37 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\OneDriveSetup.exe) (Version: 22.121.0605.0002 - Microsoft Corporation)
Microsoft Security Client (HKLM\...\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}) (Version: 4.8.0204.0 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKL

pastywhitegurl

#1
July 01, 2022, 09:08:27 PM
Remainder of  Addition.txt log:

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 98.0.2 (x64 en-US)) (Version: 98.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 98.0.2.8116 - Mozilla)
OmniPage (HKLM-x32\...\{0FEAC8E3-FBBD-4C01-BB2F-3EA7AD374757}) (Version: 18.1.0001 - Nuance Communications, Inc.)
Pale Moon 29.4.6 (x86 en-US) (HKLM-x32\...\Pale Moon 29.4.6 (x86 en-US)) (Version: 29.4.6 - Moonchild Productions)
PaperPort (HKLM-x32\...\{760F8DD0-D8A0-44A4-9F15-58051A68D633}) (Version: 14.2.0001 - Nuance Communications, Inc.)
PaperPort Image Printer (HKLM\...\{CA925CBC-6B0D-40E1-BE59-193DA7DAE920}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Viewer (HKLM-x32\...\{5A90D3BD-E31D-40B4-8005-6D6B6C6B300E}) (Version: 7.20.3219 - Nuance Communications, Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Skype version 8.85 (HKLM-x32\...\Skype_is1) (Version: 8.85 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.5491 - Analog Devices)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{8D327827-8FDE-45D8-AD3C-5CB4371BC533}) (Version: 4.21.0205 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{930FA71B-703F-4178-9FE8-1BCAA359E6EE}) (Version: 4.18.1201 - Samsung Electronics Co., Ltd.)
Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.05.93 (4/11/2014) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.00(4/21/2014) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.01 (5/20/2014) - Xerox Corporation)
Zoom (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\ZoomUMX) (Version: 5.10.6 (5889) - Zoom Video Communications, Inc.)

Packages:
=========
Ghostery – Privacy Ad Blocker -> C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.6.0_neutral__kzkqe0pn505dg [2020-07-20] (Ghostery)
HexChat -> C:\Program Files\WindowsApps\39215TingPing.HexChat_2.16.0.0_x86__fqe8h3fzrj50c [2021-12-04] (TingPing)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-28] (HP Inc.)
Logitech Camera Controller -> C:\Program Files\WindowsApps\E97CB0A1.LogitechCameraController_1.0.0.135_x86__wd885nsp30hay [2015-08-09] (LOGITECH Europe S.A.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.5310.0_x64__8wekyb3d8bbwe [2022-06-06] (Microsoft Studios) [MS Ad]
Newsmax TV -> C:\Program Files\WindowsApps\NewsmaxMediaInc.NewsmaxTV_2.0.0.0_neutral__wzre3exa0cyap [2020-11-29] (Newsmax Media Inc)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-17] (Microsoft Corporation)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2015-11-12] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll () [File not signed]
ContextMenuHandlers1: [!XrxFax0] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax1] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax2] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax3] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax4] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax5] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax6] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax7] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2012-11-18 19:16 - 2012-11-18 19:16 - 004808704 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\BCGCBPRO1100.dll
2014-05-14 16:59 - 2012-12-06 01:46 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\spe__pc.dll
2014-04-21 04:36 - 2014-04-21 04:36 - 000111616 _____ (Xerox Corporation.) [File not signed] C:\Program Files (x86)\Xerox\Easy Printer Manager\CustomTimer.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 001580032 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxEngine64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000192000 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000146944 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\XrxFaxProc64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000280064 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\System32\XrxFaxPort64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
DownloadDir: C:\Users\Helena\Desktop
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PDF Viewer 7\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation -> Zeon Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-831887293-3776352801-720962199-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "PDFProHook"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C708961B-0BCE-49F1-B45D-08B5BF92B75A}] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{F58BE963-0C20-491E-B43A-B8996961E06F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{D359D1E0-68F2-4F68-8F46-C51D464CD490}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{9F61700E-171F-4C5B-9ED1-CB0972EE99F5}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{78F2C9A1-BBBA-4CC6-B16C-78FB2130F628}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{92754EFD-8A92-46B5-8D3B-18728758B5B8}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{5F6DB663-0F9D-4EBD-965C-8CD99F2FB227}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{49E21789-99A7-4F11-AA7F-902C401DE6CA}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{E223B679-9DDF-49AD-A1E0-CF2683EC0C07}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{04F201AE-4DF3-409D-9ABB-57C2AE92B6BB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{58E8E43C-3E07-4AA5-8463-B6DC3EC1251F}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{AF3FD539-0C98-407C-8E64-4D2470D3C642}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{63FF7ED6-45DF-4FE2-92E9-FE88DA8C4D85}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{325F527D-106B-45B9-94BF-B2BEDE48E772}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{FC6ED370-2564-4DA1-969A-62828079D9F8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{062919F5-8F2C-496A-89B5-11DDD1147074}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{33DD97EF-6A44-4205-99A3-371D0665ACFC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{344089DB-4519-432A-9CDB-FC6C5473BE44}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{9D92BF02-4743-4266-80A1-9428548084FB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{D3023B7A-56DD-46F9-B919-EDADA94759A0}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{86FF4CF8-51A0-4803-8853-751A89DF3B23}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{36E93662-45C6-4463-979B-627008168B24}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{97781A04-8AC0-48C4-87A4-05B66E37453B}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{C982AB76-982C-4F99-83E2-B5402F8296B4}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{CC31AB0D-BFD9-4242-B9ED-6F56C324851D}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{BCDE1B16-8B65-48D7-99AE-27DC5D4F2226}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{C6440625-AF29-4CAC-9A7B-120BA1331F83}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{79AD34C0-4270-4780-9B42-33C6CBD00962}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\Ereg\Ereg.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [{54575F65-E526-489C-9952-E03369823C15}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\Ereg\Ereg.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [{DD8E5967-8B47-44AB-9D20-23D6CEA8DC05}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage18.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [{2D49D126-F83E-45FB-90B1-DC424D46040A}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage18.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [UDP Query User{79274DEA-4344-49BA-8447-DB3B44C2F54B}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{35B14486-AA8A-4F27-8D68-1C86ABCD48A8}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{6512DF6B-F01F-4965-966F-5C4C5DEB93EC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{C1E18C13-5610-4FA2-89ED-612D6B2751ED}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{9DDE1097-BE1F-46D8-8E56-B60B562F6543}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [UDP Query User{EB7C78DD-60AE-43FB-93BE-9D3E3D020F77}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{20DC34DB-A30B-4DBF-831B-A54379AAE580}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [UDP Query User{DED88290-5AF3-4A5E-BE81-5E1E0A966201}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe => No File
FirewallRules: [TCP Query User{35287505-472A-4C0A-A78A-04626C58EC0A}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe => No File
FirewallRules: [{20F4B574-F3CA-4515-89E5-A825B42C24BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BEEB081D-8416-421B-9299-152874C3DE33}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{774F924B-F8EE-42C4-99DE-DE4467682134}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe (Lexmark International, Inc. -> Lexmark International Inc.)
FirewallRules: [{9F9CEA1B-2A67-4102-8221-8A71F04EC115}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe (Lexmark International, Inc. -> Lexmark International Inc.)
FirewallRules: [{20D52E51-1A40-48EF-A190-605002395C88}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{C960470E-1338-4F34-B0C5-51DF60DFCC0B}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{41A76461-A847-4ED3-ADDF-2B14667B1B14}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe => No File
FirewallRules: [{51F55BA3-98FB-47DE-A789-E7D769386793}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe => No File
FirewallRules: [UDP Query User{F5976D48-B0AD-4171-8854-3F83EAFCF912}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9A151D56-8271-4E2A-828C-193DE19CAEE4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{153A47F5-FC9D-4AE8-AB23-F5647C4B7125}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin => No File
FirewallRules: [TCP Query User{D1CC3547-BB26-47A2-B6F2-B04CA515DAC5}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin => No File
FirewallRules: [UDP Query User{DF1720A9-63DB-4188-BD7D-1B35A9CC68FB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C13A1328-23FF-47A6-9A2A-C5B9CFF77D87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D5AB136F-A188-4D45-B211-E8699A1257E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7DBA3833-7704-41D7-BF87-0B1555D2427D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D3B03BF7-A420-4045-96A8-F9E72281B4A9}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{620EA53E-5F9B-46A0-AE0C-B833A7B6B783}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{29A29FD9-59D8-4661-9714-2DEBAC833454}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5B6088DD-8771-4EB9-88DC-F8240349E8C8}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{042B0F6B-198F-414B-B71F-35B17E6F2441}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7E4F0B1E-A1F7-41B7-85FA-62F2CED9FE98}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B35A3149-605F-42B0-8C8E-509208A3AADE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{38637F5F-9703-4FD1-9A86-21E840D30DA4}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{B6D7D8A6-DD1E-46EB-955B-143CBF0EAE3F}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{48B55577-0BCD-4590-95ED-706A5F6B8C87}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C0A27E00-C044-45BA-ADF0-B0CC320E704E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BFA0627E-C944-475A-A9D2-A8D615ECA5AF}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{D3E159AD-09F1-475A-B961-38F4F890F6B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

13-06-2022 20:02:49 b4 telegram install
23-06-2022 11:55:46 b4 MB restart
28-06-2022 22:45:08 Windows Modules Installer
28-06-2022 23:03:00 Windows Modules Installer
28-06-2022 23:11:10 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: ========================

Application errors:
==================
Error: (06/30/2022 06:52:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SecHealthUI.exe version 10.0.19041.1741 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1770

Start Time: 01d88cdc25a67669

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

Report Id: 7814071f-be0e-44b9-a559-be60305e9cc0

Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.1682_neutral__cw5n1h2txyewy

Faulting package-relative application ID: SecHealthUI

Hang type: Quiesce

Error: (06/29/2022 08:19:40 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "C:\Users\Helena\AppData\Roaming\mjusbsp\st00000\mjsetup.exe".Error in manifest or policy file "C:\Users\Helena\AppData\Roaming\mjusbsp\st00000\mjsetup.exe" on line 4.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (06/29/2022 08:18:49 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "C:\Users\Helena\AppData\Roaming\mjusbsp\in00000\mjsetup.exe".Error in manifest or policy file "C:\Users\Helena\AppData\Roaming\mjusbsp\in00000\mjsetup.exe" on line 4.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (06/28/2022 11:05:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program StartMenuExperienceHost.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1488

Start Time: 01d88724a41b158a

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

Report Id: 16801879-cc1f-42d4-83d6-6babfe36dbdd

Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Hang type: Quiesce

Error: (06/28/2022 11:04:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Msn.Weather.exe version 4.53.2206.7002 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 7e4

Start Time: 01d88b6d160a96f9

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.41582.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe

Report Id:

Faulting package full name: Microsoft.BingWeather_4.53.41582.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Hang type: Activation

Error: (06/28/2022 01:57:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.1682 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2c7c

Start Time: 01d88a5034360beb

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Report Id: 462f31dc-477b-4d9c-a085-f4306d206625

Faulting package full name: Microsoft.Windows.Search_1.14.4.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: ShellFeedsUI

Hang type: Quiesce

Error: (06/27/2022 12:32:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.1682 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2908

Start Time: 01d888fb575836f6

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Report Id: 6b98019b-661b-49f2-ab02-1a7d7c6e86da

Faulting package full name: Microsoft.Windows.Search_1.14.4.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: ShellFeedsUI

Hang type: Quiesce

Error: (06/25/2022 07:58:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.1682 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 22c8

Start Time: 01d887277d3319db

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Report Id: eafa6f91-3073-4a35-a59d-2f6f52cb2ea5

Faulting package full name: Microsoft.Windows.Search_1.14.4.19041_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: ShellFeedsUI

Hang type: Quiesce


System errors:
=============
Error: (07/01/2022 03:55:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/01/2022 03:50:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/01/2022 03:45:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/01/2022 03:40:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/01/2022 03:35:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/01/2022 03:30:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/01/2022 03:25:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/01/2022 03:20:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.


Windows Defender:
================
Date: 2022-07-01 11:23:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-06-28 20:51:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-06-27 20:45:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-06-26 20:29:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-06-25 20:29:56
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-01-13 17:51:27
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2022-01-02 21:53:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A09 03/11/2008
Motherboard: Dell Inc. 0GM819
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 90%
Total physical RAM: 3956.61 MB
Available physical RAM: 380.68 MB
Total Virtual: 10100.61 MB
Available Virtual: 4772.08 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:926.93 GB) (Free:833.94 GB) (Model: Hitachi HDS721010KLA330 ATA Device) NTFS

\\?\Volume{6462e9a1-d38d-11e3-9305-806e6f6e6963}\ (System) (Fixed) (Total:3.76 GB) (Free:0.56 GB) NTFS
\\?\Volume{c07cf236-0000-0000-0000-00ace8000000}\ () (Fixed) (Total:0.82 GB) (Free:0.41 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C07CF236)
Partition 1: (Active) - (Size=3.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=926.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=844 MB) - (Type=27)

==================== End of Addition.txt =======================

DR M

#2
July 02, 2022, 09:59:23 AM
Hi, pastywhitegurl.

I'll be helping you with your computer's issues.

These are my first comments/instructions:

1. RAM

These lines are from your logs:

Percentage of memory in use: 90%
Total physical RAM: 3956.61 MB
Available physical RAM: 380.68 MB

That means you have only 4GB RAM installed, and 90% of it is in use. So the slowness you are experiencing is rather related to a lack of sufficient resources to run your programs. 380MB is not enough to work with. The best solution would be to install additional memory. Here you can run a free RAM wizard to determine which RAM is compatible with your motherboard. You download and run a small program, which will scan your computer and then recommend compatible RAM. You don't have to buy from them, but you can find out how much RAM the computer can accept.


2. Verizon

You said here:

QuoteWhich brings up another question:   why is there a verizon folder anyway?  I've never used verizon for my phone service or anything else that I can recall.

However, you have two Verizon programs installed, based on your logs:

Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung

I read about the latter:

QuoteThis helps you update the software on your Samsung device using your computer

I don't know how it works, but since you have these programs installed, I'm not surprised about the folder appeared on the Desktop. In case you don't use/need the programs, you can uninstall them of course.


3. Uninstall WinPatrol

Although WinPatrol did a really good job in previous versions of Windows, there is no need to keep it in a Windows 10 and 11 computer, since these everything is taken care by the system. Have, also, in mind that the product is no longer get updates, so actually it doesn't serve any purpose right now.

3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code (auto:0) Select
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FirewallRules: [{C708961B-0BCE-49F1-B45D-08B5BF92B75A}] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{F58BE963-0C20-491E-B43A-B8996961E06F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{D359D1E0-68F2-4F68-8F46-C51D464CD490}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{92754EFD-8A92-46B5-8D3B-18728758B5B8}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{5F6DB663-0F9D-4EBD-965C-8CD99F2FB227}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{49E21789-99A7-4F11-AA7F-902C401DE6CA}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{E223B679-9DDF-49AD-A1E0-CF2683EC0C07}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [UDP Query User{DED88290-5AF3-4A5E-BE81-5E1E0A966201}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe => No File
FirewallRules: [TCP Query User{35287505-472A-4C0A-A78A-04626C58EC0A}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe => No File
FirewallRules: [{41A76461-A847-4ED3-ADDF-2B14667B1B14}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe => No File
FirewallRules: [{51F55BA3-98FB-47DE-A789-E7D769386793}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe => No File
FirewallRules: [UDP Query User{153A47F5-FC9D-4AE8-AB23-F5647C4B7125}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin => No File
FirewallRules: [TCP Query User{D1CC3547-BB26-47A2-B6F2-B04CA515DAC5}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin => No File
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Uninstall 22.111.0522.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\22.111.0522.0002" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\MountPoints2: {251e69fc-d200-11ec-9ccd-0014d1fa11a1} - "F:\VZW_Software_upgrade_assistant.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {1A327E14-3348-4D82-BA9F-3D9156844511} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {1F5FF165-2F20-44BA-A566-AE70B1099F0C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {2A914597-8D60-4C8A-845F-7C6B9698411F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {3BE1F1BC-5BE6-4B1A-9974-AA07DE8A3B5C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
Task: {403DA6FD-63E7-4F7E-9F2A-0D545410941E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {52AAFEA1-9569-4FAA-BFF8-247BB70FDFA3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {5691B2A8-0468-4C5C-87DD-CFA539E133B3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {6E227D86-F9B2-46DD-80F4-7FDD3F52F855} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {79269E68-B26F-4D8B-8166-7BF427E3FB12} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {7BEFDAC2-DF77-4486-AE5E-9638D19CB8A4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges (No File)
Task: {A51DE8EF-2078-40EB-BA7D-EC285D170034} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {B687CEBE-FA8A-4F43-8016-F92A8D5862E7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {BBFBE970-925D-4581-A00D-EE4177311E62} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File)
Task: {BCD07FC1-F311-442F-8093-A5A7B42733F2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {BE3C0C64-EAB0-4DB2-ACD8-3D3FCB3E6C18} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C659F16F-A4C3-45C9-B031-2805B488C642} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {D3BB3CF2-C59B-49F6-8422-5FB23EC4C4E3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {D3DD5E21-E529-4A67-860E-FA96754EE492} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {D9C1DFA0-E865-487F-8C6D-63AB6EC1DF12} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {E0612474-1111-4866-BE32-277060951C9F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {EEDE1370-0002-495D-A32F-C4061417EDF6} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {F1113B51-1D61-4A41-B21F-92142178CB98} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {F3384579-64DC-40C1-B982-CFAA66121805} - System32\Tasks\{388ED8BB-DE22-4551-8878-F11FF5D89FEE} => C:\Windows\system32\pcalua.exe -a C:\Users\Helena\AppData\Local\Temp\Shockwave_Installer_FF.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
Task: {F4433939-EA79-44A2-B68E-86991B328547} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {F943D144-419E-4482-B61E-002605CE1FEA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {53C1002C-A1F8-4AC1-9A14-4076D4475F99} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {69D28494-AF77-4BB4-8498-C02DA9A82FB5} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {9C578E9E-58F8-478E-904A-B9428EBFD5B2} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {BF8070BE-5E8B-402E-880C-2C676A4D7314} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {D982EE24-A772-438C-A60F-39628F96627F} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {EF264487-B955-4558-8484-48085101BC1A} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [No File]
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [No File]
U3 idsvc; no ImagePath
HKLM\...\StartupApproved\Run32: => "PDFProHook"
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::

  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.





























In your next reply please post:

1. If you successfully uninstalled WinPatrol and (if you decided to) Verizon programs.
2. The fixlog.txt
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

pastywhitegurl

#3
July 02, 2022, 05:28:39 PM
I made a restore point, then uninstalled Win Patrol. I was only keeping it to see when new start up programs were added.  So not really necessary. Gone now. :)

I (eventually) successfully uninstalled the Verizon programs and moved the ModulesPlugins folder that started this whole thing to the recycle bin.

I ran the memory check tool and my machine cannot accept any extra RAM.  Maybe you can suggest some ways I can maximize what I have?

I ran the FIX on the FRST program, and it seemed to get in a loop and then became unresponsive, and while that was happening, I checked task manager and found that  Windows Module Installer process is maxing out the disk useage.  Memory is in the 70% range.  Also both MB and Defender were using a lot more resources than normal.   I tried to restart the installer service as recommended in some windows forum posts, but that option was grayed out.  I tried the "refresh" option but that didn't seem to do anything.     

I tried a restart, and even though my June updates had successfully  installed, there was a notice that windows was preparing updates.   That went on for an hour, then I shut down the computer and restarted it an hour or so later.  It again came up saying it was  35% done preparing updates (?) and then the windows music played and my home screen appeared.  I tried to uninstall the 2 Verizon programs, but the first one got stuck in a loop and couldn't complete.  So I shut down completely again.  After logging in,  Windows Module Installer Worker was maxing the Disk useage still.  So I ended the process.   I was then able to revert the aborted uninstall and uninstall both verizon programs.  I have moved the PluginModules folder that started this whole thing to the recycle bin.  The Windows Module Installer Worker has restarted itself and is again maxing out the Disk. 

The FRST fix finally completed after the third try, so it is the third try fixlog.txt that is posted.  If you need to see the first two, I did save them and can post if you wish.  After the reboot required by the end of the fixit program, I have put windows updates on pause and the worker process is not active now.  Power useage is back to normal for now.

Something is wrong with windows updates, because on reboot, I saw the  updates 35% complete again notice, but not a notice that they were completed--went from 35% right to the home screen.

=========================================

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-06-2022 01
Ran by Helena (02-07-2022 11:22:27) Run:3
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FirewallRules: [{C708961B-0BCE-49F1-B45D-08B5BF92B75A}] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{F58BE963-0C20-491E-B43A-B8996961E06F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{D359D1E0-68F2-4F68-8F46-C51D464CD490}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{92754EFD-8A92-46B5-8D3B-18728758B5B8}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{5F6DB663-0F9D-4EBD-965C-8CD99F2FB227}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{49E21789-99A7-4F11-AA7F-902C401DE6CA}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{E223B679-9DDF-49AD-A1E0-CF2683EC0C07}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [UDP Query User{DED88290-5AF3-4A5E-BE81-5E1E0A966201}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe => No File
FirewallRules: [TCP Query User{35287505-472A-4C0A-A78A-04626C58EC0A}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe => No File
FirewallRules: [{41A76461-A847-4ED3-ADDF-2B14667B1B14}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe => No File
FirewallRules: [{51F55BA3-98FB-47DE-A789-E7D769386793}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe => No File
FirewallRules: [UDP Query User{153A47F5-FC9D-4AE8-AB23-F5647C4B7125}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin => No File
FirewallRules: [TCP Query User{D1CC3547-BB26-47A2-B6F2-B04CA515DAC5}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin => No File
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Uninstall 22.111.0522.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\22.111.0522.0002" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\MountPoints2: {251e69fc-d200-11ec-9ccd-0014d1fa11a1} - "F:\VZW_Software_upgrade_assistant.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {1A327E14-3348-4D82-BA9F-3D9156844511} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {1F5FF165-2F20-44BA-A566-AE70B1099F0C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {2A914597-8D60-4C8A-845F-7C6B9698411F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {3BE1F1BC-5BE6-4B1A-9974-AA07DE8A3B5C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
Task: {403DA6FD-63E7-4F7E-9F2A-0D545410941E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {52AAFEA1-9569-4FAA-BFF8-247BB70FDFA3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {5691B2A8-0468-4C5C-87DD-CFA539E133B3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {6E227D86-F9B2-46DD-80F4-7FDD3F52F855} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {79269E68-B26F-4D8B-8166-7BF427E3FB12} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {7BEFDAC2-DF77-4486-AE5E-9638D19CB8A4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges (No File)
Task: {A51DE8EF-2078-40EB-BA7D-EC285D170034} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {B687CEBE-FA8A-4F43-8016-F92A8D5862E7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {BBFBE970-925D-4581-A00D-EE4177311E62} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File)
Task: {BCD07FC1-F311-442F-8093-A5A7B42733F2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {BE3C0C64-EAB0-4DB2-ACD8-3D3FCB3E6C18} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C659F16F-A4C3-45C9-B031-2805B488C642} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {D3BB3CF2-C59B-49F6-8422-5FB23EC4C4E3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {D3DD5E21-E529-4A67-860E-FA96754EE492} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {D9C1DFA0-E865-487F-8C6D-63AB6EC1DF12} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {E0612474-1111-4866-BE32-277060951C9F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {EEDE1370-0002-495D-A32F-C4061417EDF6} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {F1113B51-1D61-4A41-B21F-92142178CB98} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {F3384579-64DC-40C1-B982-CFAA66121805} - System32\Tasks\{388ED8BB-DE22-4551-8878-F11FF5D89FEE} => C:\Windows\system32\pcalua.exe -a C:\Users\Helena\AppData\Local\Temp\Shockwave_Installer_FF.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
Task: {F4433939-EA79-44A2-B68E-86991B328547} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {F943D144-419E-4482-B61E-002605CE1FEA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {53C1002C-A1F8-4AC1-9A14-4076D4475F99} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {69D28494-AF77-4BB4-8498-C02DA9A82FB5} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {9C578E9E-58F8-478E-904A-B9428EBFD5B2} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {BF8070BE-5E8B-402E-880C-2C676A4D7314} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {D982EE24-A772-438C-A60F-39628F96627F} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {EF264487-B955-4558-8484-48085101BC1A} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [No File]
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [No File]
U3 idsvc; no ImagePath
HKLM\...\StartupApproved\Run32: => "PDFProHook"
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
"C:\ProgramData\TEMP" => ":5C321E34" ADS not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C708961B-0BCE-49F1-B45D-08B5BF92B75A}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F58BE963-0C20-491E-B43A-B8996961E06F}C:\program files (x86)\skype\phone\skype.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D359D1E0-68F2-4F68-8F46-C51D464CD490}C:\program files (x86)\skype\phone\skype.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92754EFD-8A92-46B5-8D3B-18728758B5B8}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F6DB663-0F9D-4EBD-965C-8CD99F2FB227}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49E21789-99A7-4F11-AA7F-902C401DE6CA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E223B679-9DDF-49AD-A1E0-CF2683EC0C07}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DED88290-5AF3-4A5E-BE81-5E1E0A966201}C:\program files\pale moon\palemoon.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{35287505-472A-4C0A-A78A-04626C58EC0A}C:\program files\pale moon\palemoon.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41A76461-A847-4ED3-ADDF-2B14667B1B14}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51F55BA3-98FB-47DE-A789-E7D769386793}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{153A47F5-FC9D-4AE8-AB23-F5647C4B7125}C:\program files (x86)\libreoffice 4\program\soffice.bin" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D1CC3547-BB26-47A2-B6F2-B04CA515DAC5}C:\program files (x86)\libreoffice 4\program\soffice.bin" => not found
"HKU\S-1-5-21-831887293-3776352801-720962199-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => not found
"HKU\S-1-5-21-831887293-3776352801-720962199-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => not found
"HKU\S-1-5-21-831887293-3776352801-720962199-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 22.111.0522.0002" => not found
HKU\S-1-5-21-831887293-3776352801-720962199-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{251e69fc-d200-11ec-9ccd-0014d1fa11a1} => not found
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found
"C:\ProgramData\NTUSER.pol" => not found
HKLM\SOFTWARE\Policies\Google => not found
HKLM\SOFTWARE\Policies\Microsoft\Edge => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A327E14-3348-4D82-BA9F-3D9156844511}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F5FF165-2F20-44BA-A566-AE70B1099F0C}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A914597-8D60-4C8A-845F-7C6B9698411F}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BE1F1BC-5BE6-4B1A-9974-AA07DE8A3B5C}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{403DA6FD-63E7-4F7E-9F2A-0D545410941E}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52AAFEA1-9569-4FAA-BFF8-247BB70FDFA3}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5691B2A8-0468-4C5C-87DD-CFA539E133B3}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E227D86-F9B2-46DD-80F4-7FDD3F52F855}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79269E68-B26F-4D8B-8166-7BF427E3FB12}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1 => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BEFDAC2-DF77-4486-AE5E-9638D19CB8A4}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A51DE8EF-2078-40EB-BA7D-EC285D170034}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B687CEBE-FA8A-4F43-8016-F92A8D5862E7}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBFBE970-925D-4581-A00D-EE4177311E62}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCD07FC1-F311-442F-8093-A5A7B42733F2}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE3C0C64-EAB0-4DB2-ACD8-3D3FCB3E6C18}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C659F16F-A4C3-45C9-B031-2805B488C642}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3BB3CF2-C59B-49F6-8422-5FB23EC4C4E3}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2 => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3DD5E21-E529-4A67-860E-FA96754EE492}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9C1DFA0-E865-487F-8C6D-63AB6EC1DF12}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0612474-1111-4866-BE32-277060951C9F}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEDE1370-0002-495D-A32F-C4061417EDF6}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1113B51-1D61-4A41-B21F-92142178CB98}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3384579-64DC-40C1-B982-CFAA66121805}" => not found
"C:\WINDOWS\System32\Tasks\{388ED8BB-DE22-4551-8878-F11FF5D89FEE}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{388ED8BB-DE22-4551-8878-F11FF5D89FEE}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4433939-EA79-44A2-B68E-86991B328547}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F943D144-419E-4482-B61E-002605CE1FEA}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControlsMigration" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53C1002C-A1F8-4AC1-9A14-4076D4475F99}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\MobilePC\HotStart" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControls" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69D28494-AF77-4BB4-8498-C02DA9A82FB5}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\AutoWake" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C578E9E-58F8-478E-904A-B9428EBFD5B2}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF8070BE-5E8B-402E-880C-2C676A4D7314}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D982EE24-A772-438C-A60F-39628F96627F}" => not found
"C:\WINDOWS\System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent E7CF176E110C211B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF264487-B955-4558-8484-48085101BC1A}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin => not found
idsvc => service not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\PDFProHook" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PDFProHook" => not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully

========= DISM /Online /Cleanup-Image /RestoreHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.844

Image Version: 10.0.19044.1766


[==                         3.8%                           ]

[==                         3.8%                           ]

[==                         3.9%                           ]

[==                         4.0%                           ]

[==                         4.1%                           ]

[==                         4.4%                           ]

[==                         4.5%                           ]

[==                         4.7%                           ]

[==                         4.8%                           ]

[==                         4.9%                           ]

[==                         4.9%                           ]

[==                         5.1%                           ]

[==                         5.1%                           ]

[===                        5.2%                           ]

[===                        5.3%                           ]

[===                        5.4%                           ]

[===                        5.5%                           ]

[===                        5.6%                           ]

[===                        5.7%                           ]

[===                        5.9%                           ]

[===                        6.0%                           ]

[===                        6.2%                           ]

[===                        6.3%                           ]

[===                        6.6%                           ]

[===                        6.9%                           ]

[====                       7.1%                           ]

[====                       7.2%                           ]

[====                       7.3%                           ]

[====                       7.5%                           ]

[====                       7.7%                           ]

[====                       8.0%                           ]

[====                       8.2%                           ]

[====                       8.5%                           ]

[=====                      8.8%                           ]

[=====                      9.1%                           ]

[=====                      9.2%                           ]

[=====                      9.4%                           ]

[=====                      9.5%                           ]

[=====                      9.7%                           ]

[=====                      9.9%                           ]

[=====                      10.0%                          ]

[=====                      10.0%                          ]

[=====                      10.3%                          ]

[======                     10.6%                          ]

[======                     10.8%                          ]

[======                     10.9%                          ]

[======                     11.2%                          ]

[======                     11.4%                          ]

[======                     11.6%                          ]

[======                     11.8%                          ]

[======                     12.0%                          ]

[=======                    12.2%                          ]

[=======                    12.4%                          ]

[=======                    12.6%                          ]

[=======                    12.7%                          ]

[=======                    12.7%                          ]

[=======                    12.8%                          ]

[=======                    13.1%                          ]

[=======                    13.1%                          ]

[=======                    13.2%                          ]

[=======                    13.4%                          ]

[=======                    13.5%                          ]

[=======                    13.7%                          ]

[=======                    13.7%                          ]

[========                   14.3%                          ]

[========                   14.3%                          ]

[========                   14.6%                          ]

[========                   14.9%                          ]

[========                   15.2%                          ]

[========                   15.4%                          ]

[=========                  15.7%                          ]

[=========                  16.2%                          ]

[=========                  17.2%                          ]

[==========                 18.2%                          ]

[==========                 18.6%                          ]

[==========                 18.9%                          ]

[===========                19.4%                          ]

[===========                19.7%                          ]

[===========                19.9%                          ]

[===========                20.3%                          ]

[============               20.8%                          ]

[============               21.0%                          ]

[============               21.4%                          ]

[============               21.9%                          ]

[============               22.3%                          ]

[=============              22.8%                          ]

[=============              23.0%                          ]

[=============              23.5%                          ]

[=============              23.6%                          ]

[=============              23.8%                          ]

[==============             24.2%                          ]

[==============             24.5%                          ]

[==============             24.6%                          ]

[==============             24.8%                          ]

[==============             24.8%                          ]

[==============             25.1%                          ]

[==============             25.4%                          ]

[==============             25.6%                          ]

[==============             25.7%                          ]

[===============            26.0%                          ]

[===============            26.1%                          ]

[===============            26.2%                          ]

[===============            26.3%                          ]

[===============            26.3%                          ]

[===============            26.4%                          ]

[===============            26.6%                          ]

[===============            26.8%                          ]

[===============            26.9%                          ]

[===============            27.2%                          ]

[===============            27.5%                          ]

[================           27.8%                          ]

[================           28.2%                          ]

[================           28.6%                          ]

[================           29.0%                          ]

[=================          29.4%                          ]

[=================          29.7%                          ]

[=================          30.0%                          ]

[=================          30.3%                          ]

[=================          30.7%                          ]

[=================          30.9%                          ]

[==================         31.2%                          ]

[==================         31.3%                          ]

[==================         31.4%                          ]

[==================         31.5%                          ]

[==================         31.6%                          ]

[==================         31.8%                          ]

[==================         31.8%                          ]

[==================         31.9%                          ]

[==================         32.0%                          ]

[==================         32.1%                          ]

[==================         32.2%                          ]

[==================         32.5%                          ]

[==================         32.7%                          ]

[===================        33.1%                          ]

[===================        33.2%                          ]

[===================        33.3%                          ]

[===================        33.6%                          ]

[===================        33.9%                          ]

[===================        34.0%                          ]

[===================        34.1%                          ]

[===================        34.3%                          ]

[====================       34.6%                          ]

[====================       34.6%                          ]

[====================       34.8%                          ]

[====================       35.0%                          ]

[====================       35.3%                          ]

[====================       35.4%                          ]

[====================       35.6%                          ]

[====================       35.9%                          ]

[====================       36.0%                          ]

[====================       36.0%                          ]

[====================       36.1%                          ]

[====================       36.2%                          ]

[=====================      36.2%                          ]

[=====================      36.2%                          ]

[=====================      36.3%                          ]

[=====================      36.4%                          ]

[=====================      36.5%                          ]

[=====================      36.5%                          ]

[=====================      36.8%                          ]

[=====================      37.3%                          ]

[=====================      37.4%                          ]

[=====================      37.5%                          ]

[=====================      37.5%                          ]

[=====================      37.6%                          ]

[=====================      37.7%                          ]

[=====================      37.7%                          ]

[=====================      37.7%                          ]

[=====================      37.7%                          ]

[=====================      37.8%                          ]

[=====================      37.9%                          ]

[======================     38.0%                          ]

[======================     38.0%                          ]

[======================     38.0%                         

pastywhitegurl

#4
July 02, 2022, 05:35:02 PM
(continued with next entry:)

[======================     38.0%                          ]

[======================     38.1%                          ]

[======================     38.1%                          ]

[======================     38.3%                          ]

[======================     38.3%                          ]

[======================     38.3%                          ]

[======================     38.5%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.6%                          ]

[======================     38.7%                          ]

[======================     38.7%                          ]

[======================     38.8%                          ]

[======================     38.8%                          ]

[======================     38.9%                          ]

[======================     38.9%                          ]

[======================     38.9%                          ]

[======================     39.0%                          ]

[======================     39.0%                          ]

[======================     39.1%                          ]

[======================     39.1%                          ]

[======================     39.2%                          ]

[======================     39.2%                          ]

[======================     39.3%                          ]

[======================     39.3%                          ]

[======================     39.4%                          ]

[======================     39.5%                          ]

[======================     39.5%                          ]

[======================     39.5%                          ]

[======================     39.6%                          ]

[=======================    39.8%                          ]

[=======================    39.8%                          ]

[=======================    39.8%                          ]

[=======================    39.9%                          ]

[=======================    40.0%                          ]

[=======================    40.1%                          ]

[=======================    40.2%                          ]

[=======================    40.2%                          ]

[=======================    40.4%                          ]

[=======================    40.5%                          ]

[=======================    40.5%                          ]

[=======================    40.6%                          ]

[=======================    40.7%                          ]

[=======================    40.8%                          ]

[=======================    40.8%                          ]

[=======================    41.0%                          ]

[=======================    41.1%                          ]

[=======================    41.3%                          ]

[=======================    41.3%                          ]

[========================   41.5%                          ]

[========================   41.7%                          ]

[========================   41.7%                          ]

[========================   41.7%                          ]

[========================   42.0%                          ]

[========================   42.0%                          ]

[========================   42.2%                          ]

[========================   42.3%                          ]

[========================   42.5%                          ]

[========================   42.5%                          ]

[========================   42.6%                          ]

[========================   42.9%                          ]

Error: 1726

The remote procedure call failed.

The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log

========= End of CMD: =========


========= SFC /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 877154586 B
Java, Discord, Steam htmlcache => 50931412 B
Windows/system/drivers => 460418228 B
Edge => 979929 B
Chrome => 70615564 B
Brave => 1166947884 B
Firefox => 138261926 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 16384 B
ProgramData => 16384 B
Public => 16384 B
systemprofile => 16384 B
systemprofile32 => 16384 B
LocalService => 32768 B
NetworkService => 2341200 B
Helena => 215376191 B
DefaultAppPool => 215392575 B

RecycleBin => 576964123 B
EmptyTemp: => 3.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:04:39 ====

DR M

#5
July 02, 2022, 06:18:31 PM
Hi.

I see that your computer can accept up to 8GB RAM: https://www.crucial.com/compatible-upgrade-for/dell/optiplex-755-series-(desktop-mini-tower-and-small-form-factor)

What was the message you got after you ran the RAM wizard?

A couple of other things to have in mind:

Never shut down the computer while updating. You can harm it that way.

Never do other things while running a fix. You said the fix got into a loop and it was not responsive. Although you thought that, it was running. Since I included specific commands in it, it needed its time.

Anyway, please let the updates to get completed before we continue. Do not shut the computer in the middle of updating. Give it as much of time as it needs. It would be better not to use the computer during the procedure, since it will become slow. When you are ready, let me know. I will be waiting for you.


Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

pastywhitegurl

#6
July 02, 2022, 06:59:00 PM
Thank you Dr.M!
I have run this program before and it always finished quickly, so I didn't realize it might have more going on this time and assumed it was stuck.

You may not believe this, but this was the first time I've ever ignored the "do not turn off your computer" warning when restarting Windows.   But after an hour of waiting for it to progress beyond 35%, it seemed like the only option was to shut down.  I should have posted and asked what to do. :(

I ran the memory scan tool again.  Screenshot is attached of results. Under the DRAM tab, it said the following: "We do not have compatible memory upgrades for your system at this time.  There are, however, options to add internal or external SSD."
I have no experience with those.

The link you posted leads me to a 404 page

I let the computer search for updates.  It found a definitions update for defender and installed it. The control panel now says my computer is up to date. I then restarted windows and it booted normally without any "windows is preparing updates" messages.  So hopefully whatever was glitching has been sorted.

Thankyou for sticking with me!   

DR M

#7
July 02, 2022, 07:22:06 PM
You are welcome, pastywhitegurl.

Strange about the link. The result was similar to what you got.

The thing is that they don't have compatible memory for your computer. So you can buy from elsewhere. Let's leave this for the end of the procedure. You do not need an SSD.

The FRST fix was successfully completed. The "not found" indications show that the items included were removed.

Also, the System File Checker utility revealed corrupt files which were successfully repaired.

Let's continue with Malwarebytes now. You said that you already ran a scan, which probably didn't complete. Let's try once more.

Run Malwarebytes (scan only)

  • Open Malwarebytes.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Code (auto:0) Select
Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.

  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Threat Scan Summary window open.
If threats are not found, click View Report and proceed to the two last steps below.

If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.

  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

I'll not give instructions about anything else now, just to check what is going to happen with Malwarebytes. Again, give it time to finish.




Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

pastywhitegurl

#8
July 02, 2022, 08:31:26 PM
Thankfully, it didn't take hours this time.   No infections found.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/2/22
Scan Time: 2:36 PM
Log File: 444abfa8-fa3e-11ec-afb1-001e4fece3a3.json

-Software Information-
Version: 4.5.10.200
Components Version: 1.0.1709
Update Package Version: 1.0.56699
License: Premium

-System Information-
OS: Windows 10 (Build 19044.1766)
CPU: x64
File System: NTFS
User: Helena-PC\Helena

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 342604
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 23 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

DR M

#9
July 03, 2022, 07:44:11 AM
Very good!

Let's make another scan with AdwCleaner:

Run AdwCleaner (scan only)

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.

    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.

    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

pastywhitegurl

#10
July 03, 2022, 11:55:13 AM
That was a quick one. :)   Computer is running much better now.  Way less resources being used.

# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build:    03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-03-2022
# Duration: 00:00:41
# OS:       Windows 10 Pro
# Scanned:  32061
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.SamsungSmartSwitch   Folder   C:\Users\Helena\AppData\Roaming\SAMSUNG\SMART SWITCH PC



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

DR M

#11
July 03, 2022, 12:24:00 PM
Hello.

Everything is clean. The only item detected has to do with pre-installed software.

C:\Users\Helena\AppData\Roaming\SAMSUNG\SMART SWITCH PC

Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.

You can either remove the folder manually and then restart, or proceed to the following:


  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.

    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.

    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.

    • Click Restart Now.
    ==========================

    Once your computer has restarted:

    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.
    ===========================

    Regardless of your decision about removing pre-installed software, I would now like to check fresh FRST logs, to ensure that everything is fine:


    • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
    • Press Scan button and wait for a while.
    • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
    • Please copy and paste the content of these two logs in your next reply.
    ===========================

    In your next reply please post:

    1. What did you do with the preinstalled software and the AdwCleaner[C0*].txt in case you removed it.
    2. The fresh FRST logs, Addition and FRST.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

winchester73

#12
July 03, 2022, 01:28:53 PM
Reading DR M's reply got me thinking (always dangerous) about the Samsung Smart Switch entry. 

It appears FusNetworkManager could be related to that as it can be a Samsung item:  https://threatinfo.net/files/FusNetworkManager.dll-c1945c44f7d097ca19a50bb018382c6c

Then I saw you use Firefox.  Ever since v98, file download behavior has changed, now all downloads are automatically saved somewhere to the computer (rather than a temp folder).  In my case, the default is set to my desktop, so everything I download (pdf, jpg, exe, etc) now appears on my desktop ... I actually find this to be a bit of a pain in most cases, especially when I just want to open and read a pdf.  The result is always a bunch of things to delete from the desktop when I shut down for the day.

Did you recently update the Smart Switch program via download in Firefox, maybe around the time this folder appeared on your desktop?
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

DR M

#13
July 03, 2022, 01:41:47 PM
Hi, Winchester. :)

In fact there are more Samsung programs installed:

Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)

These were not detected as pre-installed.

The FusNetworkManager.dll and the other one, were related to the Verizons programs, also involving Samsung:

Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{8D327827-8FDE-45D8-AD3C-5CB4371BC533}) (Version: 4.21.0205 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{930FA71B-703F-4178-9FE8-1BCAA359E6EE}) (Version: 4.18.1201 - Samsung Electronics Co., Ltd.)

As to the Firefox downlowded things directory, you are right. From the log:

FF DownloadDir: C:\Users\Helena\Desktop
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

pastywhitegurl

#14
July 03, 2022, 06:58:44 PM
I used the quarantine option to get rid of SAMSUNG SMART SWITCH.   However I was not prompted to restart the computer.  Do I need to do that anyway before posting the new FRST logs?

I'm pretty sure the Smart Switch program was something I downloaded in order to transfer my contacts to my new Samsung phone from the old phone.  The two .dll files that were on my desktop are gone. I didn't realize when I put them in the recycle bin that the cleanup process would delete them, so they are no more.   I'm happy to get rid of any Samsung programs still on the computer.  If need something later, I can always download it again.

As for FireFox, it is not my main browser now. I just use it for  testing web designs.  I do keep it up to date. I have not used it to download anything  for quite a while.  The Smart Switch program was likely downloaded sometime around  this past Oct/Nov when I got my new phone.

========================



# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build:    03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-03-2022
# Duration: 00:00:07
# OS:       Windows 10 Pro
# Cleaned:  1
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.SamsungSmartSwitch   Folder   C:\Users\Helena\AppData\Roaming\SAMSUNG\SMART SWITCH PC


*************************

  • Delete Tracing Keys
  • Reset Winsock

    *************************

    AdwCleaner[S00].txt - [1473 octets] - [03/07/2022 06:51:08]
    AdwCleaner[S01].txt - [1534 octets] - [03/07/2022 13:47:21]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
Print
Go Up Pages1 2 3 4
User actions