Mysterious PluginModule file appeared on desktop

Started by pastywhitegurl, July 01, 2022, 09:04:32 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

DR M

Hello.

Yes, always restart the computer after uninstalling a program.

QuoteI'm happy to get rid of any Samsung programs still on the computer.

This is what I would ask you as a next step: uninstall everything you don't need/use. Since you are dealing with a memory issue (RAM), this is something that would help a bit.

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate any program you don't need/use.
  • Select them, one by one, and click Uninstall.
  • Restart the computer at the end of the procedure.
Provide the fresh FRST logs, after you uninstall any program and restart.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

pastywhitegurl

I've removed a few programs, but I have questions about others, as I don't know if they are being used by something else.  Like the samsung universal print driver2.   I wondered if since it was a universal driver, if it was being used by my xerox printer?  And the Paperport program advised updates had to be made before it could be uninstalled, so I aborted that uninstall process because I didn't know what that would involve.  Maybe I can post some others after you see the FRST logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-06-2022 01
Ran by Helena (administrator) on HELENA-PC (Dell Inc. OptiPlex 755) (03-07-2022 14:57:41)
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler64.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\AMT\atchk.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(explorer.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(services.exe ->) (Intel) [File not signed] C:\Program Files (x86)\Intel\AMT\LMS.exe
(services.exe ->) (Intel) [File not signed] C:\Program Files (x86)\Intel\AMT\UNS.exe
(services.exe ->) (Lexmark International, Inc. -> ) C:\Windows\System32\lxbvcoms.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(services.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.41582.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation) [File not signed]
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [cdloader] => C:\Users\Helena\AppData\Roaming\mjusbsp\cdloader2.exe [59048 2022-01-04] (magicJack, L.P. -> magicJack L.P.)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [MicrosoftEdgeAutoLaunch_FEC2D14AA1F15DAD90F56E6F9A07DBED] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-06-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Lexmark 2200 Series Print Processor: lxbvpp6c.dll
HKLM\...\Windows x64\Print Processors\spe__PC: C:\Windows\System32\spool\prtprocs\x64\spe__pc.dll [41984 2012-12-06] (Windows (R) Codename Longhorn DDK provider) [File not signed]
HKLM\...\Windows x64\Print Processors\SUGO3PC: C:\Windows\System32\spool\prtprocs\x64\sugo3pc.dll [27648 2006-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Windows x64\Print Processors\sxa6mPC: C:\Windows\System32\spool\prtprocs\x64\sxa6mpc.dll [43520 2014-02-20] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\usp02PC: C:\Windows\System32\spool\prtprocs\x64\usp02pc.dll [43520 2014-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\Xerox Network PC Fax Print Processor: C:\Windows\System32\spool\prtprocs\x64\XrxFaxProc64.dll [146944 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\...\Print\Monitors\2200 Series Port: C:\WINDOWS\system32\lxbvlmpm.dll [488448 2007-04-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\spe__ Langmon: C:\WINDOWS\system32\spe__l.dll [34304 2011-04-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\SUGO3 Langmon: C:\WINDOWS\system32\sugo3l6.dll [22016 2006-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\sxa6m Langmon: C:\WINDOWS\system32\sxa6mlm.dll [34304 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\usp02 Langmon: C:\WINDOWS\system32\usp02l.dll [29184 2014-04-16] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Xerox MFP PC Fax Port: C:\WINDOWS\system32\XrxFaxPort64.dll [280064 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.66\Installer\chrmstp.exe [2022-06-29] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\103.1.40.109\Installer\chrmstp.exe [2022-06-28] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2016-04-06]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.) [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08066272-E4CE-44F8-BAA8-8D9F63C44088} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1817527B-916E-4828-9064-8B9C7C88F4BD} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {26EA4B1A-5F1F-46D0-ADB9-64874994F0DB} - System32\Tasks\{26FF5CE4-1B64-467B-A8F9-E1AFBECA0043} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
Task: {2D14430F-8DB9-4A17-9A63-376EE205AC65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {3B0264B6-A933-4D1E-9B38-E53BA8C33C77} - \Mozilla\Firefox Default Browser Agent E7CF176E110C211B -> No File <==== ATTENTION
Task: {4A68B9CC-69D1-400C-8369-85BB21D1881B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4ABC4334-7813-4F8E-A6CA-F73EF6DCF744} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7C8CB8C9-96A6-441F-8406-88CA84AE83D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {862F6BDE-AB5D-41B7-9C59-13842AE6F2F3} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {E5681874-1A34-4209-90C0-66CF30C5E85A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fee10231-d6e0-42e1-a19b-a0f5a78c86cc}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\Helena\Desktop
Edge Notifications: HKU\S-1-5-21-831887293-3776352801-720962199-1001 -> hxxps://web.skype.com
Edge Extension: (Ghostery – Privacy Ad Blocker) -> EdgeExtension_GhosteryGhostery_kzkqe0pn505dg => C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.6.0_neutral__kzkqe0pn505dg [2020-07-20]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-02]
Edge DownloadDir: Default -> C:\Users\Helena\Desktop
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Textarea Cache) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chpphekfimlabghbdankokcohcmnbmab [2020-10-21]
Edge Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-15]
Edge Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2022-06-29]
Edge Extension: (Measure-it) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gbaokpnhddikgoalopfdjjhgahfcecge [2021-06-07]
Edge Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lhnbdlbhcokmgpjenkjolnhdnkphnkam [2022-06-29]
Edge Extension: (uBlock Origin) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2022-05-15]
Edge Extension: (Weather Forecast) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\phklfmbdnakdekionmpfdiihnmijfpnl [2022-02-08]

FireFox:
========
FF DefaultProfile: n27s1rnq.default
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default [2022-07-02]
FF DownloadDir: C:\Users\Helena\Desktop
FF Session Restore: Mozilla\Firefox\Profiles\n27s1rnq.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\n27s1rnq.default -> hxxp://mail.google.com; hxxps://mail.google.com; hxxp://us-mg6.mail.yahoo.com; hxxps://us-mg6.mail.yahoo.com; hxxps://twitter.com; hxxps://us-mg4.mail.yahoo.com; hxxps://mg.mail.yahoo.com; hxxps://mail.yahoo.com
FF Extension: (Disconnect) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\2.0@disconnect.me.xpi [2020-05-16]
FF Extension: (Archive URL) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\@save-url-to-wayback-machine-firefox-addon.xpi [2020-05-16]
FF Extension: (Copy Link Text) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\copylinktext@brett(2).zamir [2014-05-11] [Legacy] [not signed]
FF Extension: (Edit) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\edit@eros.man.xpi [2020-05-16]
FF Extension: (eSnipe.com SnipeIt!) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\esnipesnipeit@esnipe.com.xpi [2018-02-10] [UpdateUrl:hxxps://www.esnipe.com/SnipeIt_FirefoxExtension/update.json]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firefox@ghostery.com.xpi [2020-07-31]
FF Extension: (Tampermonkey) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firefox@tampermonkey.net.xpi [2020-05-16]
FF Extension: (pinterest-guest) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-SWdspnBEetWxoA@jetpack.xpi [2020-05-16]
FF Extension: (Copy Selected Links) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-vs5odTmtIydjMg@jetpack.xpi [2020-05-16]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2020-07-31]
FF Extension: (Open With) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\openwith@darktrojan(2).net [2014-05-11] [Legacy] [not signed]
FF Extension: (SuperStop) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\superstop@gavinsharp.com.xpi [2018-06-20]
FF Extension: (Textarea Cache) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\textarea-cache-lite@wildsky.cc.xpi [2020-05-16]
FF Extension: (uBlock Origin) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\uBlock0@raymondhill.net.xpi [2020-05-24]
FF Extension: (YesScript2) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\yesscript202@example.org.xpi [2020-06-08]
FF Extension: (YouTube to MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\youtube2mp3@mondayx(2).de [2014-05-11] [Legacy] [not signed]
FF Extension: (Imagus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{00000f2a-7cde-4f20-83ed-434fcb420d71}.xpi [2020-05-16] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Image Block X) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{0035bf10-3f36-4d60-b92d-08c1a8b060a6}.xpi [2020-05-16]
FF Extension: (Screengrab!) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-06-20]
FF Extension: (FireShot) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (LittleFox) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi [2020-05-16]
FF Extension: (Empty Cache Button) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2017-12-16]
FF Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2020-06-21]
FF Extension: (Text Link) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2020-05-16]
FF Extension: (InFormEnter+) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi [2020-05-24]
FF Extension: (ColorZilla) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-12-12]
FF Extension: (Stylus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}.xpi [2020-05-16]
FF Extension: (bbCodeWebex) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7e19f8dd-0cf6-498a-8072-bae5b2db65e5}.xpi [2020-05-27]
FF Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{853d1586-e2ab-4387-a7fd-1f7f894d2651}.xpi [2020-05-24]
FF Extension: (Clippings) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}.xpi [2020-05-19]
FF Extension: (YouTube Downloader Converter MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2020-05-16]
FF Extension: (Weather) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a79a9c4c-9c3f-4bf4-9e58-6574cc0b7ecb}.xpi [2020-05-24]
FF Extension: (Simple stylish) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a8e5fca1-24ae-4de6-b3c4-80d2d316f8f9}.xpi [2019-11-16]
FF Extension: (ruler) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{b1355a29-9265-4b5e-a3ad-e9d61265d5ac}.xpi [2020-05-16]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-05-25]
FF Extension: (Adblock Plus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (Top and Bottom scroll buttons) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d8c7bd7f-3e7d-456a-be71-29973917ec72}.xpi [2020-05-16]
FF Extension: (IE View Lite) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}(2) [2014-05-11] [Legacy] [not signed]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\cnet.xml [2009-11-14]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\mozilla-add-ons.xml [2008-09-06]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\technorati.xml [2008-09-11]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\webster.xml [2008-09-18]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\wordpresscom.xml [2016-03-16]
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default [2022-06-14]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> hxxp://zionfirefriends.com
FF Session Restore: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> is enabled.
FF Extension: (Lazarus: Form Recovery) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\lazarus@interclue.com.xpi [2018-06-16] [Legacy]
FF Extension: (Ad-Bye - For Facebook) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\s.alfa@idev.com.xpi [2018-10-02] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\uBlock0@raymondhill.net.xpi [2021-08-09] [Legacy] [not signed]
FF Extension: (YesScript) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\yesscript@userstyles.org.xpi [2018-10-02] [Legacy]
FF Extension: (FireShot) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2021-02-02] [Legacy] [not signed]
FF Extension: (Back to Top) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}.xpi [2018-09-28] [Legacy] [not signed]
FF Extension: (Forecast & Weather on the Button) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{4d60e663-9c10-48d9-895a-801285687ced}.xpi [2020-01-23] [Legacy] [not signed]
FF Extension: (Color Identifier) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{89850e1c-c80b-4179-81fe-79a9f313400d}.xpi [2018-09-09] [Legacy] [not signed]
FF Extension: (Open With Edge, IE, Chrome, and More) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{ab91ffec-fe2a-440e-99ca-5260e0ea0c06}.xpi [2019-12-25] [Legacy] [not signed]
FF Extension: (BBCodeXtra) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2018-09-09] [Legacy]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\searchplugins\amazoncom.xml [2022-06-14]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\searchplugins\pale-moon-add-ons.xml [2022-06-14]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default [2022-07-02]
CHR DownloadDir: C:\Users\Helena\Desktop
CHR Notifications: Default -> hxxps://twitter.com
CHR StartupUrls: Default -> "hxxp://if.invisionfree.com/search/?c=5","hxxp://www.drudgereport.com/","hxxps://us-mg6.mail.yahoo.com/neo/launch?.rand=e2tudim4rqkvc","hxxp://www.landzdown.com/index.php","hxxp://www.accuweather.com/en/us/kansas-city-mo/64106/hourly-weather-forecast/329441","hxxp://if.invisionfree.com/pages/ircchat/","hxxp://www.official-drivers.com/installer/?seed=lexmark&gclid=COTq45Duor4CFQcSMwodZQEANA","hxxp://hcgdietinfo.com/hcgdietforums/search.php?searchid=4234517"
CHR Extension: (ColorZilla) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2019-01-20]
CHR Extension: (uBlock Origin) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-05-02]
CHR Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-02]
CHR Extension: (Google Search) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Tidy Sidebar) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2019-01-20]
CHR Extension: (bbCodeInsert) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhckbmeeagkjnabhfaindkhmofncedln [2019-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-02]
CHR Extension: (HTML5 Autoplay Blocker) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppkihnmgkncknjlfkkjgfgoifkcgii [2019-12-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-02]
CHR Extension: (Weather) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\iolcbmjhmpdheggkocibajddahbeiglb [2021-09-01]
CHR Extension: (Measure-it) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jocbgkoackihphodedlefohapackjmna [2019-01-20]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2022-05-02]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-01]
CHR Extension: (Image Background Color) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjaolenabdfhmpndkmnbojmjefdpago [2019-02-27]
CHR Extension: (Image Size Info) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihdhfbfoagfkpcncinlbhfdgpegcigf [2021-09-01]
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-07-02]
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\System Profile [2022-07-02]

Brave:
=======
BRA Profile: C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-07-03]
BRA DownloadDir: C:\Users\Helena\Desktop
BRA DefaultSearchURL: Default -> hxxps://search.brave.com/search?q={searchTerms}&source=desktop
BRA DefaultSearchKeyword: Default -> :br
BRA DefaultSuggestURL: Default -> hxxps://search.brave.com/api/suggest?q={searchTerms}
BRA Extension: (Textarea Cache) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\chpphekfimlabghbdankokcohcmnbmab [2022-02-14]
BRA Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-05]
BRA Extension: (Measure-it) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jocbgkoackihphodedlefohapackjmna [2022-02-14]
BRA Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\piajkpdbaniagacofgklljacgjhefjeh [2022-06-20]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-06-30]
BRA Extension: (Brave NTP background images) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-03-10]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-06-23]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-07-02]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-07-02]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-06-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [847886 2019-10-15] (Microsoft Windows -> )
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-05-11] (Macrovision Europe Ltd.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 lxbv_device; C:\WINDOWS\system32\lxbvcoms.exe [566704 2007-04-25] (Lexmark International, Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8677120 2022-06-23] (Malwarebytes Inc. -> Malwarebytes)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe [220488 2013-02-26] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] (Samsung Electronics CO., LTD. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254368 2022-06-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2014-04-21] (Xerox Corporation.) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-03] (Malwarebytes Inc. -> Malwarebytes)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-22] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-03 14:57 - 2022-07-03 15:00 - 000032278 _____ C:\Users\Helena\Desktop\FRST.txt
2022-07-03 14:51 - 2022-07-03 14:51 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-03 14:50 - 2022-07-03 14:50 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-03 14:50 - 2022-07-03 14:50 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-03 06:49 - 2022-07-03 13:49 - 000000000 ____D C:\AdwCleaner
2022-07-03 06:47 - 2022-07-03 06:47 - 008551608 _____ (Malwarebytes) C:\Users\Helena\Desktop\AdwCleaner.exe
2022-07-02 10:22 - 2022-07-02 13:39 - 000029982 _____ C:\Users\Helena\Desktop\Fixlog - Copy.txt
2022-07-02 09:21 - 2022-07-02 09:21 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-02 08:45 - 2022-07-02 08:46 - 000279560 _____ C:\Users\Helena\Desktop\CrucialScan.exe
2022-07-01 17:11 - 2022-07-02 09:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-07-01 16:23 - 2022-07-01 16:23 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-07-01 15:38 - 2022-07-01 15:38 - 002369024 _____ (Farbar) C:\Users\Helena\Desktop\FRST64.exe
2022-06-28 23:44 - 2022-06-28 23:44 - 000479744 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000011787 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-06-28 23:43 - 2022-06-28 23:43 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-06-28 23:42 - 2022-06-28 23:42 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-06-28 23:42 - 2022-06-28 23:42 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-06-28 23:10 - 2022-06-28 23:10 - 000000000 ___HD C:\$WinREAgent
2022-06-09 22:22 - 2022-06-29 22:36 - 000000377 _____ C:\Users\Helena\Desktop\CourseNotes.txt
2022-06-09 12:03 - 2022-06-09 12:03 - 000112264 _____ C:\Users\Helena\Desktop\Carbs are Critical One Week Menu.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-03 14:59 - 2017-10-02 10:53 - 000000000 ____D C:\FRST
2022-07-03 14:53 - 2015-04-01 12:39 - 000000000 ____D C:\Users\Helena\AppData\Local\CrashDumps
2022-07-03 14:53 - 2014-05-10 19:29 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-03 14:51 - 2021-12-04 16:54 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\IGDump
2022-07-03 14:50 - 2020-08-27 00:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-03 14:50 - 2020-08-26 23:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-03 14:50 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-03 14:49 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-03 14:37 - 2016-04-06 17:08 - 000000000 ____D C:\ProgramData\Nuance
2022-07-03 14:37 - 2016-04-06 17:08 - 000000000 ____D C:\Program Files (x86)\Xerox Scan To PC Desktop 12
2022-07-03 14:30 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-03 14:25 - 2016-04-20 17:54 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2022-07-03 13:49 - 2018-06-06 14:52 - 000000000 ____D C:\Users\Helena\AppData\Roaming\Samsung
2022-07-03 13:40 - 2020-08-26 23:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-03 13:11 - 2020-08-27 00:17 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2022-07-02 18:19 - 2020-08-21 13:20 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-02 18:19 - 2020-08-21 13:20 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-02 18:19 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-02 18:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-02 12:05 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-02 12:03 - 2016-11-14 20:27 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\Temp
2022-07-02 11:14 - 2015-08-07 23:01 - 000001086 _____ C:\Users\Helena\Desktop\magicJack.lnk
2022-07-02 11:14 - 2015-08-07 23:01 - 000001072 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2022-07-02 11:14 - 2015-08-07 23:01 - 000000000 ____D C:\Users\Helena\AppData\Roaming\mjusbsp
2022-07-02 11:11 - 2015-08-07 23:01 - 000000000 ____D C:\Users\Helena\AppData\Local\magicJack
2022-07-02 10:07 - 2014-05-11 17:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-02 10:07 - 2014-05-11 10:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-07-02 09:03 - 2021-10-05 16:28 - 000000000 ____D C:\Users\Helena\AppData\Roaming\discord
2022-07-02 09:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2022-07-02 09:03 - 2009-07-13 22:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-07-02 08:48 - 2021-10-05 16:27 - 000000000 ____D C:\Users\Helena\AppData\Local\Discord
2022-07-02 08:40 - 2014-05-10 18:40 - 000000000 ____D C:\Users\Helena\AppData\Roaming\WinPatrol
2022-07-02 08:40 - 2014-05-10 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2022-07-02 08:40 - 2014-05-10 17:01 - 000000000 ____D C:\ProgramData\InstallMate
2022-07-01 17:12 - 2022-03-31 10:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-01 17:12 - 2016-11-17 23:38 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\Mozilla
2022-07-01 17:11 - 2014-05-11 17:31 - 000001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-01 10:32 - 2021-12-12 23:47 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-831887293-3776352801-720962199-1001
2022-07-01 10:32 - 2020-08-27 00:17 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-831887293-3776352801-720962199-1001
2022-07-01 10:32 - 2020-08-26 05:29 - 000002429 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-06-29 19:35 - 2015-08-08 22:50 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-06-29 19:35 - 2014-05-10 19:30 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-06-29 08:10 - 2020-08-27 00:07 - 000971878 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-06-29 08:03 - 2020-08-26 23:47 - 002352568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-06-29 07:59 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-06-29 07:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-06-28 23:42 - 2020-08-26 23:51 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-06-28 22:24 - 2014-05-10 15:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-06-28 22:11 - 2014-05-10 15:21 - 145918784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-06-28 18:14 - 2021-04-06 11:46 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-06-28 18:14 - 2021-04-06 11:46 - 000002330 _____ C:\Users\Public\Desktop\Brave.lnk
2022-06-28 14:56 - 2020-12-01 09:01 - 000000682 _____ C:\Users\Helena\Desktop\ShoppingList.txt
2022-06-27 17:04 - 2015-01-02 20:59 - 000000000 ____D C:\Users\Helena\Documents\Dance
2022-06-25 11:19 - 2018-06-19 20:06 - 000000000 ____D C:\ProgramData\Packages
2022-06-24 15:39 - 2020-04-22 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-06-23 21:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-06-23 08:17 - 2019-07-22 10:30 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-06-22 20:09 - 2018-02-18 19:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-16 01:11 - 2020-08-27 00:17 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-06-16 01:11 - 2020-08-27 00:17 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-06-11 17:07 - 2021-10-05 16:28 - 000002279 _____ C:\Users\Helena\Desktop\Discord.lnk
2022-06-03 23:13 - 2020-07-07 12:30 - 000002118 _____ C:\Users\Helena\Desktop\OPM.txt

==================== Files in the root of some directories ========

2019-06-01 15:36 - 2019-06-01 15:36 - 000003584 _____ () C:\Users\Helena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-26 12:28 - 2019-03-16 08:22 - 000000600 _____ () C:\Users\Helena\AppData\Local\PUTTY.RND
2018-10-20 22:40 - 2018-10-20 22:40 - 000002938 _____ () C:\Users\Helena\AppData\Local\recently-used.xbel
2014-05-25 18:06 - 2018-06-05 21:44 - 000007597 _____ () C:\Users\Helena\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2022 01
Ran by Helena (03-07-2022 15:03:25)
Running from C:\Users\Helena\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) (2020-08-27 05:19:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-831887293-3776352801-720962199-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-831887293-3776352801-720962199-503 - Limited - Disabled)
Guest (S-1-5-21-831887293-3776352801-720962199-501 - Limited - Disabled)
Helena (S-1-5-21-831887293-3776352801-720962199-1001 - Administrator - Enabled) => C:\Users\Helena
HomeGroupUser$ (S-1-5-21-831887293-3776352801-720962199-1009 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-831887293-3776352801-720962199-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Anchor Service CS3 (HKLM-x32\...\{90176341-0A8B-4CCC-A78D-F862228A6B95}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (HKLM-x32\...\{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (HKLM-x32\...\{9C9824D9-9000-4373-A6A5-D0E5D4831394}) (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (HKLM-x32\...\{08B32819-6EEF-4057-AEDA-5AB681A36A23}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (HKLM-x32\...\{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}) (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (HKLM-x32\...\{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (HKLM-x32\...\{A2D81E70-2A98-4A08-A628-94388B063C5E}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (HKLM-x32\...\{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (HKLM-x32\...\{51846830-E7B2-4218-8968-B77F0FF475B8}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (HKLM-x32\...\{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (HKLM-x32\...\{95655ED4-7CA5-46DF-907F-7144877A32E5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (HKLM-x32\...\{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (HKLM-x32\...\{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (HKLM-x32\...\{6ABE0BEE-D572-4FE8-B434-9E72A289431B}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (HKLM-x32\...\{04AF207D-9A77-465A-8B76-991F6AB66245}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (HKLM-x32\...\{54793AA1-5001-42F4-ABB6-C364617C6078}) (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (HKLM-x32\...\{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}) (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}) (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Setup (HKLM-x32\...\{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (HKLM-x32\...\{29E5EA97-5F74-4A57-B8B2-D4F169117183}) (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (HKLM-x32\...\{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (HKLM-x32\...\{E69AE897-9E0B-485C-8552-7841F48D42D8}) (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (HKLM-x32\...\{D0DFF92A-492E-4C40-B862-A74A173C25C5}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (HKLM-x32\...\{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (HKLM-x32\...\{802771A9-A856-4A41-ACF7-1450E523C923}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Audacity 2.4.1 (HKLM-x32\...\Audacity_is1) (Version: 2.4.1 - Audacity Team)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9045 - )
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 103.1.40.109 - Brave Software Inc)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.50.854.0 - Logitech) Hidden
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
Discord (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.66 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LibreOffice 5.1.5.2 (HKLM\...\{DDDB2EB8-D3A0-484A-BB24-9611754D29C4}) (Version: 5.1.5.2 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (HKLM-x32\...\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (HKLM-x32\...\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Help_main (HKLM-x32\...\{1651216E-E7AD-4250-92A1-FB8ED61391C9}) (Version: 13.50.862.0 - Logitech) Hidden
LWS Launcher (HKLM-x32\...\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}) (Version: 13.50.859.0 - Logitech) Hidden
LWS Motion Detection (HKLM-x32\...\{71E66D3F-A009-44AB-8784-75E2819BA4BA}) (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (HKLM-x32\...\{08610298-29AE-445B-B37D-EFBE05802967}) (Version: 13.50.861.0 - Logitech) Hidden
LWS Twitter (HKLM-x32\...\{174A3B31-4C43-43DD-866F-73C9DB887B48}) (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (HKLM-x32\...\{EED027B7-0DB6-404B-8F45-6DFEE34A0441}) (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (HKLM-x32\...\{8937D274-C281-42E4-8CDB-A0B2DF979189}) (Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (HKLM-x32\...\{9DAEA76B-E50F-4272-A595-0124E826553D}) (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (HKLM-x32\...\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}) (Version: 13.31.1038.0 - Logitech) Hidden
magicJack (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\magicJack) (Version: 4.18.11491.8038 - magicJack L.P.)
Malwarebytes version 4.5.10.200 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.10.200 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{26784146-6E05-3FF9-9335-786C7C0FB5BE}) (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) (HKLM\...\{25E80DAA-FD87-DCE5-202C-CC02F6673002}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.44 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\OneDriveSetup.exe) (Version: 22.121.0605.0002 - Microsoft Corporation)
Microsoft Security Client (HKLM\...\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}) (Version: 4.8.0204.0 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0 (x64 en-US)) (Version: 102.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 102.0.0.8209 - Mozilla)
OmniPage (HKLM-x32\...\{0FEAC8E3-FBBD-4C01-BB2F-3EA7AD374757}) (Version: 18.1.0001 - Nuance Communications, Inc.)
Pale Moon 29.4.6 (x86 en-US) (HKLM-x32\...\Pale Moon 29.4.6 (x86 en-US)) (Version: 29.4.6 - Moonchild Productions)
PaperPort (HKLM-x32\...\{760F8DD0-D8A0-44A4-9F15-58051A68D633}) (Version: 14.2.0001 - Nuance Communications, Inc.)
PaperPort Image Printer (HKLM\...\{CA925CBC-6B0D-40E1-BE59-193DA7DAE920}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Skype version 8.85 (HKLM-x32\...\Skype_is1) (Version: 8.85 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.5491 - Analog Devices)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.05.93 (4/11/2014) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.00(4/21/2014) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.01 (5/20/2014) - Xerox Corporation)
Zoom (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\ZoomUMX) (Version: 5.10.6 (5889) - Zoom Video Communications, Inc.)

Packages:
=========
Ghostery – Privacy Ad Blocker -> C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.6.0_neutral__kzkqe0pn505dg [2020-07-20] (Ghostery)
HexChat -> C:\Program Files\WindowsApps\39215TingPing.HexChat_2.16.0.0_x86__fqe8h3fzrj50c [2021-12-04] (TingPing)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-28] (HP Inc.)
Logitech Camera Controller -> C:\Program Files\WindowsApps\E97CB0A1.LogitechCameraController_1.0.0.135_x86__wd885nsp30hay [2015-08-09] (LOGITECH Europe S.A.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.5310.0_x64__8wekyb3d8bbwe [2022-06-06] (Microsoft Studios) [MS Ad]
Newsmax TV -> C:\Program Files\WindowsApps\NewsmaxMediaInc.NewsmaxTV_2.0.0.0_neutral__wzre3exa0cyap [2020-11-29] (Newsmax Media Inc)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-17] (Microsoft Corporation)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2015-11-12] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll () [File not signed]
ContextMenuHandlers1: [!XrxFax0] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax1] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax2] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax3] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax4] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax5] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax6] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax7] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2014-05-14 16:59 - 2012-12-06 01:46 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\spe__pc.dll
2014-04-21 04:36 - 2014-04-21 04:36 - 000111616 _____ (Xerox Corporation.) [File not signed] C:\Program Files (x86)\Xerox\Easy Printer Manager\CustomTimer.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 001580032 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxEngine64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000192000 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000146944 _____ (Xerox Corporation.) [File not signed] C:\WIND

pastywhitegurl

==================== Loaded Modules (Whitelisted) =============

2014-05-14 16:59 - 2012-12-06 01:46 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\spe__pc.dll
2014-04-21 04:36 - 2014-04-21 04:36 - 000111616 _____ (Xerox Corporation.) [File not signed] C:\Program Files (x86)\Xerox\Easy Printer Manager\CustomTimer.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 001580032 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxEngine64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000192000 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000146944 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\XrxFaxProc64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000280064 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\System32\XrxFaxPort64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

DownloadDir: C:\Users\Helena\Desktop

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-831887293-3776352801-720962199-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_FEC2D14AA1F15DAD90F56E6F9A07DBED"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9F61700E-171F-4C5B-9ED1-CB0972EE99F5}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{78F2C9A1-BBBA-4CC6-B16C-78FB2130F628}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{04F201AE-4DF3-409D-9ABB-57C2AE92B6BB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{58E8E43C-3E07-4AA5-8463-B6DC3EC1251F}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{AF3FD539-0C98-407C-8E64-4D2470D3C642}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{63FF7ED6-45DF-4FE2-92E9-FE88DA8C4D85}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{325F527D-106B-45B9-94BF-B2BEDE48E772}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{FC6ED370-2564-4DA1-969A-62828079D9F8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{062919F5-8F2C-496A-89B5-11DDD1147074}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{33DD97EF-6A44-4205-99A3-371D0665ACFC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{344089DB-4519-432A-9CDB-FC6C5473BE44}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{9D92BF02-4743-4266-80A1-9428548084FB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{D3023B7A-56DD-46F9-B919-EDADA94759A0}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{86FF4CF8-51A0-4803-8853-751A89DF3B23}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{36E93662-45C6-4463-979B-627008168B24}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{97781A04-8AC0-48C4-87A4-05B66E37453B}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{C982AB76-982C-4F99-83E2-B5402F8296B4}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{CC31AB0D-BFD9-4242-B9ED-6F56C324851D}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{BCDE1B16-8B65-48D7-99AE-27DC5D4F2226}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{C6440625-AF29-4CAC-9A7B-120BA1331F83}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{79AD34C0-4270-4780-9B42-33C6CBD00962}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\Ereg\Ereg.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [{54575F65-E526-489C-9952-E03369823C15}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\Ereg\Ereg.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [{DD8E5967-8B47-44AB-9D20-23D6CEA8DC05}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage18.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [{2D49D126-F83E-45FB-90B1-DC424D46040A}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage18.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [UDP Query User{79274DEA-4344-49BA-8447-DB3B44C2F54B}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{35B14486-AA8A-4F27-8D68-1C86ABCD48A8}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{6512DF6B-F01F-4965-966F-5C4C5DEB93EC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{C1E18C13-5610-4FA2-89ED-612D6B2751ED}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{9DDE1097-BE1F-46D8-8E56-B60B562F6543}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [UDP Query User{EB7C78DD-60AE-43FB-93BE-9D3E3D020F77}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{20DC34DB-A30B-4DBF-831B-A54379AAE580}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{20F4B574-F3CA-4515-89E5-A825B42C24BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BEEB081D-8416-421B-9299-152874C3DE33}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{774F924B-F8EE-42C4-99DE-DE4467682134}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe (Lexmark International, Inc. -> Lexmark International Inc.)
FirewallRules: [{9F9CEA1B-2A67-4102-8221-8A71F04EC115}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe (Lexmark International, Inc. -> Lexmark International Inc.)
FirewallRules: [{20D52E51-1A40-48EF-A190-605002395C88}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{C960470E-1338-4F34-B0C5-51DF60DFCC0B}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [UDP Query User{F5976D48-B0AD-4171-8854-3F83EAFCF912}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9A151D56-8271-4E2A-828C-193DE19CAEE4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{DF1720A9-63DB-4188-BD7D-1B35A9CC68FB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C13A1328-23FF-47A6-9A2A-C5B9CFF77D87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D5AB136F-A188-4D45-B211-E8699A1257E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7DBA3833-7704-41D7-BF87-0B1555D2427D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D3B03BF7-A420-4045-96A8-F9E72281B4A9}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{620EA53E-5F9B-46A0-AE0C-B833A7B6B783}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{29A29FD9-59D8-4661-9714-2DEBAC833454}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5B6088DD-8771-4EB9-88DC-F8240349E8C8}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{042B0F6B-198F-414B-B71F-35B17E6F2441}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7E4F0B1E-A1F7-41B7-85FA-62F2CED9FE98}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B35A3149-605F-42B0-8C8E-509208A3AADE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{38637F5F-9703-4FD1-9A86-21E840D30DA4}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{B6D7D8A6-DD1E-46EB-955B-143CBF0EAE3F}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{48B55577-0BCD-4590-95ED-706A5F6B8C87}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C0A27E00-C044-45BA-ADF0-B0CC320E704E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BFA0627E-C944-475A-A9D2-A8D615ECA5AF}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{D3E159AD-09F1-475A-B961-38F4F890F6B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

13-06-2022 20:02:49 b4 telegram install
23-06-2022 11:55:46 b4 MB restart
28-06-2022 22:45:08 Windows Modules Installer
28-06-2022 23:03:00 Windows Modules Installer
28-06-2022 23:11:10 Windows Modules Installer
02-07-2022 08:38:11 b4LandzdownFix
03-07-2022 13:48:56 AdwCleaner_BeforeCleaning_03/07/2022_13:48:48
03-07-2022 14:24:18 Removed Windows PC Health Check
03-07-2022 14:36:44 Removed PDF Viewer.
03-07-2022 14:38:19 Removed Image Retriever.
03-07-2022 14:40:35 Removed PaperPort.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/03/2022 02:53:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBar.exe, version: 5.722.5052.0, time stamp: 0x6274ca9c
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1741, time stamp: 0xe9b4a91b
Exception code: 0xc0000409
Fault offset: 0x000000000010fa32
Faulting process id: 0x2034
Faulting application start time: 0x01d88f1666c1d596
Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.722.5052.0_x64__8wekyb3d8bbwe\GameBar.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 7d87fcba-dfda-4114-9d73-879504ab94d1
Faulting package full name: Microsoft.XboxGamingOverlay_5.722.5052.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (07/02/2022 12:06:04 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (07/02/2022 11:23:53 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (07/02/2022 11:22:35 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d141fd98-bfa6-4df7-a881-21a20225b655}

Error: (07/02/2022 11:17:28 AM) (Source: MsiInstaller) (EventID: 11704) (User: Helena-PC)
Description: Product: Verizon Wireless Software Utility Application for Android - Samsung -- Error 1704.An installation for Verizon Wireless Software Upgrade Assistant - Samsung(ar) is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (07/02/2022 11:13:58 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "C:\Users\Helena\AppData\Roaming\mjusbsp\st00000\mjsetup.exe".Error in manifest or policy file "C:\Users\Helena\AppData\Roaming\mjusbsp\st00000\mjsetup.exe" on line 4.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (07/02/2022 11:13:49 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "C:\Users\Helena\AppData\Roaming\mjusbsp\in00000\mjsetup.exe".Error in manifest or policy file "C:\Users\Helena\AppData\Roaming\mjusbsp\in00000\mjsetup.exe" on line 4.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (07/02/2022 11:12:34 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "C:\Users\Helena\AppData\Roaming\mjusbsp\st00000\mjsetup.exe".Error in manifest or policy file "C:\Users\Helena\AppData\Roaming\mjusbsp\st00000\mjsetup.exe" on line 4.
Multiple requestedPrivileges elements are not allowed in manifest.


System errors:
=============
Error: (07/03/2022 03:05:27 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/03/2022 03:00:27 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/03/2022 02:55:27 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/03/2022 02:50:39 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/03/2022 02:50:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The W3SVC service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.

Error: (07/03/2022 02:50:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.

Error: (07/03/2022 02:50:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetMsmqActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.

Error: (07/03/2022 02:50:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.


Windows Defender:
================
Date: 2022-07-02 00:04:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-01 11:23:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-06-28 20:51:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-06-27 20:45:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-06-26 20:29:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-01-13 17:51:27
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2022-01-02 21:53:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A09 03/11/2008
Motherboard: Dell Inc. 0GM819
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 65%
Total physical RAM: 3956.61 MB
Available physical RAM: 1348.25 MB
Total Virtual: 8308.61 MB
Available Virtual: 5418.98 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:926.93 GB) (Free:829.02 GB) (Model: Hitachi HDS721010KLA330 ATA Device) NTFS

\\?\Volume{6462e9a1-d38d-11e3-9305-806e6f6e6963}\ (System) (Fixed) (Total:3.76 GB) (Free:0.56 GB) NTFS
\\?\Volume{c07cf236-0000-0000-0000-00ace8000000}\ () (Fixed) (Total:0.82 GB) (Free:0.41 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C07CF236)
Partition 1: (Active) - (Size=3.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=926.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=844 MB) - (Type=27)

==================== End of Addition.txt =======================

pastywhitegurl

On the FireFox question....I remember that I did download  some profile info not too long ago to set up a different browser, so that may explain the find.

DR M

Hi, PWG.  :)

Since it's almost midnight here, I'll review your logs tomorrow.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

pastywhitegurl

Thanks for the heads up on timing.  Most appreciated. :)

DR M

Hi, PWG. :)

QuoteI've removed a few programs, but I have questions about others, as I don't know if they are being used by something else.  Like the samsung universal print driver2.   I wondered if since it was a universal driver, if it was being used by my xerox printer?

Your thoughts are correct. Taking a good look into your logs, I see that there is a good amount of items related to printing devices. I wouldn't touch them, unless I was sure that they don't affect any of your printing activities.

Also see the following line (there are more). Although having to do with your Xerox printer, see the company in the parenthesis: Samnsung Electronics.

FirewallRules: [{04F201AE-4DF3-409D-9ABB-57C2AE92B6BB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )

1. FRST fix

Just some tidiness.

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code (auto:0) Select
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
Task: {3B0264B6-A933-4D1E-9B38-E53BA8C33C77} - \Mozilla\Firefox Default Browser Agent E7CF176E110C211B -> No File <==== ATTENTION
2022-07-02 08:40 - 2014-05-10 18:40 - 000000000 ____D C:\Users\Helena\AppData\Roaming\WinPatrol
2022-07-02 08:40 - 2014-05-10 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
EmptyTemp:
End::


  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.


2. RAM

The new logs show that RAM in use dropped to 65% after uninstalling some programs. However, it's good to add RAM, since 4GB is the minimum you can have to run your programs effectively.

I did some search for you and found that the computer (Dell Inc. OptiPlex 755) has 4 slots accepting 2GB each. So you can buy 2x2GB RAM sticks and increase your RAM from 4 to 8GB. It is a Desktop, right?

https://www.compuram.biz/memory/dell/desktop-workstation/optiplex/series/755/?st=tab_maxmem

https://www.amazon.com/OptiPlex-Desktop-PC2-5300-Memory-BRANDS/dp/B00D6Q5BJA


In your next reply please post:

1. The fixlog.txt
2. Any remaining issue/question/concern regarding this computer


Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

pastywhitegurl

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-07-2022
Ran by Helena (04-07-2022 13:03:48) Run:4
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
Task: {3B0264B6-A933-4D1E-9B38-E53BA8C33C77} - \Mozilla\Firefox Default Browser Agent E7CF176E110C211B -> No File <==== ATTENTION
2022-07-02 08:40 - 2014-05-10 18:40 - 000000000 ____D C:\Users\Helena\AppData\Roaming\WinPatrol
2022-07-02 08:40 - 2014-05-10 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CDAServer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B0264B6-A933-4D1E-9B38-E53BA8C33C77}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B0264B6-A933-4D1E-9B38-E53BA8C33C77}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent E7CF176E110C211B" => not found
C:\Users\Helena\AppData\Roaming\WinPatrol => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40178194 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 113089 B
Edge => 0 B
Chrome => 0 B
Brave => 535228892 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 9610 B
Helena => 5706707 B
DefaultAppPool => 5706707 B

RecycleBin => 533713358 B
EmptyTemp: => 1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:07:13 ====



Yes, I have a desktop PC.

On adding more RAM, I have a vague memory of someone telling me I couldn't add anymore memory to this refurbished machine.  (Is it possible all four slots are filled with 1GB ram memory modules?) How would I verify that there are empty slots when I could add more RAM?  And is that something that is easy to add?  I  only have plugged things into the back of the tower, not messed with anything inside of it.  The link you gave me was for 4  2GB modules.  Would I be replacing what is already in my machine?  (This question probably tells you how clueless I am....) I watched a couple videos, but I didn't see anyone replace existing panels, just add them.

I'm attaching screenshots of my add/remove programs list.  My questions are about the following?

I don't use these.  I use the Xerox printer programs and Windows Fax&Scan.   I think they were installed with a Samsung laser printer that has been replaced by the Xerox Work Centre.   Safe to uninstall?
Nuance Communications programs:
OmniPage
PaperPort
PaperPort Image Printer

Related to the printer? seems to be some kind of mobile interface facilitator.  Safe to uninstall?
Samsung
SUABnR

Seems odd to have a Windows update in this list.  Do I need to do anything about it?
Update for Windows 10 for x64 based Systems

pastywhitegurl

First screenshot did not attach.  Here it is


If you see anything else that seems unnecessary, please comment.

DR M

Hi.

QuoteOn adding more RAM, I have a vague memory of someone telling me I couldn't add anymore memory to this refurbished machine.  (Is it possible all four slots are filled with 1GB ram memory modules?) How would I verify that there are empty slots when I could add more RAM?  And is that something that is easy to add?  I  only have plugged things into the back of the tower, not messed with anything inside of it.  The link you gave me was for 4  2GB modules.  Would I be replacing what is already in my machine?  (This question probably tells you how clueless I am....) I watched a couple videos, but I didn't see anyone replace existing panels, just add them.

No need to replace the existing memory, unless you have 1GB in each slot.

Do the following to check how many slots are in use:

Open the Task Manager and go to the Performance tab. Select Memory and under the memory graph, look for the Slots used field. It will tell you how many of the total slots are currently in use. We know that you have 4GB RAM now, so we can understand how these 4GB are distributed in the slots.

As to the following, if you don't use them, you can uninstall them. In any case you can search about each one (and about any other program) and decide if you want them. I can't decide for you. :)

OmniPage
PaperPort
PaperPort Image Printer
SUABnR

Something I noticed, there is a lot of Adobe and Logitech stuff installed, probably related to the Photoshop and Camera software. They are hidden and you can't see them in the Installed programs list in Control Panel, but you can see them in the Addition log.

No need to do anything about the Update.

In case you uninstall other programs, restart and post fresh FRST logs. Perhaps we will have to remove some remnants.

Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

pastywhitegurl

OK.  I will probably remove the samsung and nuance programs since it seems safe to do so.

I use Photoshop regularly, and the Logitech programs run my camera and microphones, so I imagine all those related programs are needed.


Performance > Memory says:

Speed 667 MHz
Slots used: 4 of 4
Form Factor DIMM
Hardware Reserved: 139MB

Thank you for the detailed reply.  Sounds like I should order the 4  2GB RAM sticks.  The replacement process doesn't look too difficult.   

DR M

QuoteSlots used: 4 of 4

The worst scenario.

Let me see fresh FRST logs, when you are ready.

See you tomorrow.  :)

Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."

pastywhitegurl

Of course I would have the worst case scenario.  Lucky me!
Removed 4 programs, rebooted.  Ran new FRST scan

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-07-2022
Ran by Helena (administrator) on HELENA-PC (Dell Inc. OptiPlex 755) (04-07-2022 15:37:08)
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler64.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\AMT\atchk.exe
(explorer.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(services.exe ->) (Intel) [File not signed] C:\Program Files (x86)\Intel\AMT\LMS.exe
(services.exe ->) (Intel) [File not signed] C:\Program Files (x86)\Intel\AMT\UNS.exe
(services.exe ->) (Lexmark International, Inc. -> ) C:\Windows\System32\lxbvcoms.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(services.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.41582.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation) [File not signed]
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [cdloader] => C:\Users\Helena\AppData\Roaming\mjusbsp\cdloader2.exe [59048 2022-01-04] (magicJack, L.P. -> magicJack L.P.)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [MicrosoftEdgeAutoLaunch_FEC2D14AA1F15DAD90F56E6F9A07DBED] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-06-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Lexmark 2200 Series Print Processor: lxbvpp6c.dll
HKLM\...\Windows x64\Print Processors\spe__PC: C:\Windows\System32\spool\prtprocs\x64\spe__pc.dll [41984 2012-12-06] (Windows (R) Codename Longhorn DDK provider) [File not signed]
HKLM\...\Windows x64\Print Processors\SUGO3PC: C:\Windows\System32\spool\prtprocs\x64\sugo3pc.dll [27648 2006-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Windows x64\Print Processors\sxa6mPC: C:\Windows\System32\spool\prtprocs\x64\sxa6mpc.dll [43520 2014-02-20] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\usp02PC: C:\Windows\System32\spool\prtprocs\x64\usp02pc.dll [43520 2014-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\Xerox Network PC Fax Print Processor: C:\Windows\System32\spool\prtprocs\x64\XrxFaxProc64.dll [146944 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\...\Print\Monitors\2200 Series Port: C:\WINDOWS\system32\lxbvlmpm.dll [488448 2007-04-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\spe__ Langmon: C:\WINDOWS\system32\spe__l.dll [34304 2011-04-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\SUGO3 Langmon: C:\WINDOWS\system32\sugo3l6.dll [22016 2006-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\sxa6m Langmon: C:\WINDOWS\system32\sxa6mlm.dll [34304 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\usp02 Langmon: C:\WINDOWS\system32\usp02l.dll [29184 2014-04-16] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Xerox MFP PC Fax Port: C:\WINDOWS\system32\XrxFaxPort64.dll [280064 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.66\Installer\chrmstp.exe [2022-06-29] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\103.1.40.109\Installer\chrmstp.exe [2022-06-28] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2016-04-06]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.) [File not signed]
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08066272-E4CE-44F8-BAA8-8D9F63C44088} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1817527B-916E-4828-9064-8B9C7C88F4BD} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {26EA4B1A-5F1F-46D0-ADB9-64874994F0DB} - System32\Tasks\{26FF5CE4-1B64-467B-A8F9-E1AFBECA0043} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
Task: {2D14430F-8DB9-4A17-9A63-376EE205AC65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {4A68B9CC-69D1-400C-8369-85BB21D1881B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4ABC4334-7813-4F8E-A6CA-F73EF6DCF744} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7C8CB8C9-96A6-441F-8406-88CA84AE83D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {862F6BDE-AB5D-41B7-9C59-13842AE6F2F3} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {E5681874-1A34-4209-90C0-66CF30C5E85A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fee10231-d6e0-42e1-a19b-a0f5a78c86cc}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\Helena\Desktop
Edge Notifications: HKU\S-1-5-21-831887293-3776352801-720962199-1001 -> hxxps://web.skype.com
Edge Extension: (Ghostery – Privacy Ad Blocker) -> EdgeExtension_GhosteryGhostery_kzkqe0pn505dg => C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.6.0_neutral__kzkqe0pn505dg [2020-07-20]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-02]
Edge DownloadDir: Default -> C:\Users\Helena\Desktop
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Textarea Cache) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chpphekfimlabghbdankokcohcmnbmab [2020-10-21]
Edge Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-15]
Edge Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2022-06-29]
Edge Extension: (Measure-it) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gbaokpnhddikgoalopfdjjhgahfcecge [2021-06-07]
Edge Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lhnbdlbhcokmgpjenkjolnhdnkphnkam [2022-06-29]
Edge Extension: (uBlock Origin) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2022-05-15]
Edge Extension: (Weather Forecast) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\phklfmbdnakdekionmpfdiihnmijfpnl [2022-02-08]

FireFox:
========
FF DefaultProfile: n27s1rnq.default
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default [2022-07-04]
FF DownloadDir: C:\Users\Helena\Desktop
FF Session Restore: Mozilla\Firefox\Profiles\n27s1rnq.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\n27s1rnq.default -> hxxp://mail.google.com; hxxps://mail.google.com; hxxp://us-mg6.mail.yahoo.com; hxxps://us-mg6.mail.yahoo.com; hxxps://twitter.com; hxxps://us-mg4.mail.yahoo.com; hxxps://mg.mail.yahoo.com; hxxps://mail.yahoo.com
FF Extension: (Disconnect) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\2.0@disconnect.me.xpi [2020-05-16]
FF Extension: (Archive URL) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\@save-url-to-wayback-machine-firefox-addon.xpi [2020-05-16]
FF Extension: (Copy Link Text) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\copylinktext@brett(2).zamir [2014-05-11] [Legacy] [not signed]
FF Extension: (Edit) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\edit@eros.man.xpi [2020-05-16]
FF Extension: (eSnipe.com SnipeIt!) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\esnipesnipeit@esnipe.com.xpi [2018-02-10] [UpdateUrl:hxxps://www.esnipe.com/SnipeIt_FirefoxExtension/update.json]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firefox@ghostery.com.xpi [2020-07-31]
FF Extension: (Tampermonkey) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firefox@tampermonkey.net.xpi [2020-05-16]
FF Extension: (pinterest-guest) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-SWdspnBEetWxoA@jetpack.xpi [2020-05-16]
FF Extension: (Copy Selected Links) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-vs5odTmtIydjMg@jetpack.xpi [2020-05-16]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2020-07-31]
FF Extension: (Open With) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\openwith@darktrojan(2).net [2014-05-11] [Legacy] [not signed]
FF Extension: (SuperStop) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\superstop@gavinsharp.com.xpi [2018-06-20]
FF Extension: (Textarea Cache) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\textarea-cache-lite@wildsky.cc.xpi [2020-05-16]
FF Extension: (uBlock Origin) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\uBlock0@raymondhill.net.xpi [2020-05-24]
FF Extension: (YesScript2) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\yesscript202@example.org.xpi [2020-06-08]
FF Extension: (YouTube to MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\youtube2mp3@mondayx(2).de [2014-05-11] [Legacy] [not signed]
FF Extension: (Imagus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{00000f2a-7cde-4f20-83ed-434fcb420d71}.xpi [2020-05-16] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Image Block X) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{0035bf10-3f36-4d60-b92d-08c1a8b060a6}.xpi [2020-05-16]
FF Extension: (Screengrab!) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-06-20]
FF Extension: (FireShot) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (LittleFox) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi [2020-05-16]
FF Extension: (Empty Cache Button) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2017-12-16]
FF Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2020-06-21]
FF Extension: (Text Link) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2020-05-16]
FF Extension: (InFormEnter+) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi [2020-05-24]
FF Extension: (ColorZilla) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-12-12]
FF Extension: (Stylus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}.xpi [2020-05-16]
FF Extension: (bbCodeWebex) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7e19f8dd-0cf6-498a-8072-bae5b2db65e5}.xpi [2020-05-27]
FF Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{853d1586-e2ab-4387-a7fd-1f7f894d2651}.xpi [2020-05-24]
FF Extension: (Clippings) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}.xpi [2020-05-19]
FF Extension: (YouTube Downloader Converter MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2020-05-16]
FF Extension: (Weather) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a79a9c4c-9c3f-4bf4-9e58-6574cc0b7ecb}.xpi [2020-05-24]
FF Extension: (Simple stylish) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a8e5fca1-24ae-4de6-b3c4-80d2d316f8f9}.xpi [2019-11-16]
FF Extension: (ruler) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{b1355a29-9265-4b5e-a3ad-e9d61265d5ac}.xpi [2020-05-16]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-05-25]
FF Extension: (Adblock Plus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (Top and Bottom scroll buttons) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d8c7bd7f-3e7d-456a-be71-29973917ec72}.xpi [2020-05-16]
FF Extension: (IE View Lite) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}(2) [2014-05-11] [Legacy] [not signed]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\cnet.xml [2009-11-14]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\mozilla-add-ons.xml [2008-09-06]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\technorati.xml [2008-09-11]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\webster.xml [2008-09-18]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\wordpresscom.xml [2016-03-16]
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default [2022-06-14]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> hxxp://zionfirefriends.com
FF Session Restore: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> is enabled.
FF Extension: (Lazarus: Form Recovery) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\lazarus@interclue.com.xpi [2018-06-16] [Legacy]
FF Extension: (Ad-Bye - For Facebook) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\s.alfa@idev.com.xpi [2018-10-02] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\uBlock0@raymondhill.net.xpi [2021-08-09] [Legacy] [not signed]
FF Extension: (YesScript) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\yesscript@userstyles.org.xpi [2018-10-02] [Legacy]
FF Extension: (FireShot) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2021-02-02] [Legacy] [not signed]
FF Extension: (Back to Top) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}.xpi [2018-09-28] [Legacy] [not signed]
FF Extension: (Forecast & Weather on the Button) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{4d60e663-9c10-48d9-895a-801285687ced}.xpi [2020-01-23] [Legacy] [not signed]
FF Extension: (Color Identifier) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{89850e1c-c80b-4179-81fe-79a9f313400d}.xpi [2018-09-09] [Legacy] [not signed]
FF Extension: (Open With Edge, IE, Chrome, and More) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{ab91ffec-fe2a-440e-99ca-5260e0ea0c06}.xpi [2019-12-25] [Legacy] [not signed]
FF Extension: (BBCodeXtra) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2018-09-09] [Legacy]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\searchplugins\amazoncom.xml [2022-06-14]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\searchplugins\pale-moon-add-ons.xml [2022-06-14]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default [2022-07-02]
CHR DownloadDir: C:\Users\Helena\Desktop
CHR Notifications: Default -> hxxps://twitter.com
CHR StartupUrls: Default -> "hxxp://if.invisionfree.com/search/?c=5","hxxp://www.drudgereport.com/","hxxps://us-mg6.mail.yahoo.com/neo/launch?.rand=e2tudim4rqkvc","hxxp://www.landzdown.com/index.php","hxxp://www.accuweather.com/en/us/kansas-city-mo/64106/hourly-weather-forecast/329441","hxxp://if.invisionfree.com/pages/ircchat/","hxxp://www.official-drivers.com/installer/?seed=lexmark&gclid=COTq45Duor4CFQcSMwodZQEANA","hxxp://hcgdietinfo.com/hcgdietforums/search.php?searchid=4234517"
CHR Extension: (ColorZilla) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2019-01-20]
CHR Extension: (uBlock Origin) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-05-02]
CHR Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-02]
CHR Extension: (Google Search) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Tidy Sidebar) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2019-01-20]
CHR Extension: (bbCodeInsert) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhckbmeeagkjnabhfaindkhmofncedln [2019-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-02]
CHR Extension: (HTML5 Autoplay Blocker) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppkihnmgkncknjlfkkjgfgoifkcgii [2019-12-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-02]
CHR Extension: (Weather) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\iolcbmjhmpdheggkocibajddahbeiglb [2021-09-01]
CHR Extension: (Measure-it) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jocbgkoackihphodedlefohapackjmna [2019-01-20]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2022-05-02]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-01]
CHR Extension: (Image Background Color) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjaolenabdfhmpndkmnbojmjefdpago [2019-02-27]
CHR Extension: (Image Size Info) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihdhfbfoagfkpcncinlbhfdgpegcigf [2021-09-01]
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-07-02]
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\System Profile [2022-07-02]

Brave:
=======
BRA Profile: C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-07-04]
BRA DownloadDir: C:\Users\Helena\Desktop
BRA DefaultSearchURL: Default -> hxxps://search.brave.com/search?q={searchTerms}&source=desktop
BRA DefaultSearchKeyword: Default -> :br
BRA DefaultSuggestURL: Default -> hxxps://search.brave.com/api/suggest?q={searchTerms}
BRA Extension: (Textarea Cache) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\chpphekfimlabghbdankokcohcmnbmab [2022-02-14]
BRA Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-05]
BRA Extension: (Measure-it) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jocbgkoackihphodedlefohapackjmna [2022-02-14]
BRA Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\piajkpdbaniagacofgklljacgjhefjeh [2022-06-20]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-07-04]
BRA Extension: (Brave NTP background images) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-03-10]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-06-23]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-07-04]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-07-04]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-06-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [847886 2019-10-15] (Microsoft Windows -> )
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-05-11] (Macrovision Europe Ltd.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 lxbv_device; C:\WINDOWS\system32\lxbvcoms.exe [566704 2007-04-25] (Lexmark International, Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8677120 2022-06-23] (Malwarebytes Inc. -> Malwarebytes)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] (Samsung Electronics CO., LTD. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254368 2022-06-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2014-04-21] (Xerox Corporation.) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-04] (Malwarebytes Inc. -> Malwarebytes)
S3 MpKsl6b89b7b8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{508C0B10-B9E0-4184-9D8E-D183F89372BD}\MpKslDrv.sys [141568 2022-07-04] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-22] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-04 15:37 - 2022-07-04 15:39 - 000031975 _____ C:\Users\Helena\Desktop\FRST.txt
2022-07-04 15:29 - 2022-07-04 15:29 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-04 15:29 - 2022-07-04 15:29 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-04 15:29 - 2022-07-04 15:29 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-03 22:10 - 2022-07-03 22:13 - 000370854 __RSH C:\ProgramData\ntuser.pol
2022-07-03 06:49 - 2022-07-03 13:49 - 000000000 ____D C:\AdwCleaner
2022-07-03 06:47 - 2022-07-03 06:47 - 008551608 _____ (Malwarebytes) C:\Users\Helena\Desktop\AdwCleaner.exe
2022-07-02 09:21 - 2022-07-02 09:21 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-02 08:45 - 2022-07-02 08:46 - 000279560 _____ C:\Users\Helena\Desktop\CrucialScan.exe
2022-07-01 17:11 - 2022-07-02 09:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-07-01 16:23 - 2022-07-01 16:23 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-07-01 15:38 - 2022-07-04 13:03 - 002369024 _____ (Farbar) C:\Users\Helena\Desktop\FRST64.exe
2022-06-28 23:44 - 2022-06-28 23:44 - 000479744 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000011787 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-06-28 23:43 - 2022-06-28 23:43 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-06-28 23:42 - 2022-06-28 23:42 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-06-28 23:42 - 2022-06-28 23:42 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-06-28 23:10 - 2022-06-28 23:10 - 000000000 ___HD C:\$WinREAgent
2022-06-09 22:22 - 2022-06-29 22:36 - 000000377 _____ C:\Users\Helena\Desktop\CourseNotes.txt
2022-06-09 12:03 - 2022-06-09 12:03 - 000112264 _____ C:\Users\Helena\Desktop\Carbs are Critical One Week Menu.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-07-04 15:39 - 2017-10-02 10:53 - 000000000 ____D C:\FRST
2022-07-04 15:31 - 2014-05-10 19:29 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-04 15:29 - 2021-12-04 16:54 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\IGDump
2022-07-04 15:28 - 2020-08-27 00:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-04 15:28 - 2020-08-26 23:47 - 002343688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-04 15:28 - 2020-08-26 23:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-04 15:28 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-04 15:27 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-04 15:24 - 2016-01-03 20:56 - 000000000 ____D C:\Program Files (x86)\Samsung
2022-07-04 15:24 - 2012-08-15 10:44 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-07-04 15:16 - 2016-04-06 17:08 - 000000000 ____D C:\ProgramData\ScanSoft
2022-07-04 15:15 - 2015-04-01 12:39 - 000000000 ____D C:\Users\Helena\AppData\Local\CrashDumps
2022-07-04 14:47 - 2020-08-27 00:17 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2022-07-04 14:27 - 2020-08-26 23:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-03 22:13 - 2014-05-14 17:57 - 000000000 ____D C:\ProgramData\TEMP
2022-07-03 22:11 - 2014-05-14 17:57 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2022-07-03 22:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2022-07-03 22:10 - 2009-07-13 22:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-07-03 14:37 - 2016-04-06 17:08 - 000000000 ____D C:\ProgramData\Nuance
2022-07-03 14:30 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-03 14:25 - 2016-04-20 17:54 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2022-07-03 13:49 - 2018-06-06 14:52 - 000000000 ____D C:\Users\Helena\AppData\Roaming\Samsung
2022-07-02 18:19 - 2020-08-21 13:20 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-02 18:19 - 2020-08-21 13:20 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-02 18:19 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-02 18:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-02 12:05 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-02 12:03 - 2016-11-14 20:27 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\Temp
2022-07-02 11:14 - 2015-08-07 23:01 - 000001086 _____ C:\Users\Helena\Desktop\magicJack.lnk
2022-07-02 11:14 - 2015-08-07 23:01 - 000001072 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2022-07-02 11:14 - 2015-08-07 23:01 - 000000000 ____D C:\Users\Helena\AppData\Roaming\mjusbsp
2022-07-02 11:11 - 2015-08-07 23:01 - 000000000 ____D C:\Users\Helena\AppData\Local\magicJack
2022-07-02 10:07 - 2014-05-11 17:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-02 10:07 - 2014-05-11 10:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-07-02 09:03 - 2021-10-05 16:28 - 000000000 ____D C:\Users\Helena\AppData\Roaming\discord
2022-07-02 08:48 - 2021-10-05 16:27 - 000000000 ____D C:\Users\Helena\AppData\Local\Discord
2022-07-02 08:40 - 2014-05-10 17:01 - 000000000 ____D C:\ProgramData\InstallMate
2022-07-01 17:12 - 2022-03-31 10:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-01 17:12 - 2016-11-17 23:38 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\Mozilla
2022-07-01 17:11 - 2014-05-11 17:31 - 000001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-01 10:32 - 2021-12-12 23:47 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-831887293-3776352801-720962199-1001
2022-07-01 10:32 - 2020-08-27 00:17 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-831887293-3776352801-720962199-1001
2022-07-01 10:32 - 2020-08-26 05:29 - 000002429 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-06-29 19:35 - 2015-08-08 22:50 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-06-29 19:35 - 2014-05-10 19:30 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-06-29 08:10 - 2020-08-27 00:07 - 000971878 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-06-29 07:59 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-06-29 07:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-06-28 23:42 - 2020-08-26 23:51 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-06-28 22:24 - 2014-05-10 15:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-06-28 22:11 - 2014-05-10 15:21 - 145918784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-06-28 18:14 - 2021-04-06 11:46 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-06-28 18:14 - 2021-04-06 11:46 - 000002330 _____ C:\Users\Public\Desktop\Brave.lnk
2022-06-28 14:56 - 2020-12-01 09:01 - 000000682 _____ C:\Users\Helena\Desktop\ShoppingList.txt
2022-06-27 17:04 - 2015-01-02 20:59 - 000000000 ____D C:\Users\Helena\Documents\Dance
2022-06-25 11:19 - 2018-06-19 20:06 - 000000000 ____D C:\ProgramData\Packages
2022-06-24 15:39 - 2020-04-22 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-06-23 21:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-06-23 08:17 - 2019-07-22 10:30 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-06-22 20:09 - 2018-02-18 19:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-16 01:11 - 2020-08-27 00:17 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-06-16 01:11 - 2020-08-27 00:17 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-06-11 17:07 - 2021-10-05 16:28 - 000002279 _____ C:\Users\Helena\Desktop\Discord.lnk

==================== Files in the root of some directories ========

2019-06-01 15:36 - 2019-06-01 15:36 - 000003584 _____ () C:\Users\Helena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-26 12:28 - 2019-03-16 08:22 - 000000600 _____ () C:\Users\Helena\AppData\Local\PUTTY.RND
2018-10-20 22:40 - 2018-10-20 22:40 - 000002938 _____ () C:\Users\Helena\AppData\Local\recently-used.xbel
2014-05-25 18:06 - 2018-06-05 21:44 - 000007597 _____ () C:\Users\Helena\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


pastywhitegurl

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2022
Ran by Helena (04-07-2022 15:42:43)
Running from C:\Users\Helena\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) (2020-08-27 05:19:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-831887293-3776352801-720962199-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-831887293-3776352801-720962199-503 - Limited - Disabled)
Guest (S-1-5-21-831887293-3776352801-720962199-501 - Limited - Disabled)
Helena (S-1-5-21-831887293-3776352801-720962199-1001 - Administrator - Enabled) => C:\Users\Helena
HomeGroupUser$ (S-1-5-21-831887293-3776352801-720962199-1009 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-831887293-3776352801-720962199-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Anchor Service CS3 (HKLM-x32\...\{90176341-0A8B-4CCC-A78D-F862228A6B95}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (HKLM-x32\...\{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (HKLM-x32\...\{9C9824D9-9000-4373-A6A5-D0E5D4831394}) (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (HKLM-x32\...\{08B32819-6EEF-4057-AEDA-5AB681A36A23}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (HKLM-x32\...\{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}) (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (HKLM-x32\...\{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (HKLM-x32\...\{A2D81E70-2A98-4A08-A628-94388B063C5E}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (HKLM-x32\...\{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (HKLM-x32\...\{51846830-E7B2-4218-8968-B77F0FF475B8}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (HKLM-x32\...\{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (HKLM-x32\...\{95655ED4-7CA5-46DF-907F-7144877A32E5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (HKLM-x32\...\{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (HKLM-x32\...\{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (HKLM-x32\...\{6ABE0BEE-D572-4FE8-B434-9E72A289431B}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (HKLM-x32\...\{04AF207D-9A77-465A-8B76-991F6AB66245}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (HKLM-x32\...\{54793AA1-5001-42F4-ABB6-C364617C6078}) (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (HKLM-x32\...\{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}) (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}) (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Setup (HKLM-x32\...\{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (HKLM-x32\...\{29E5EA97-5F74-4A57-B8B2-D4F169117183}) (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (HKLM-x32\...\{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (HKLM-x32\...\{E69AE897-9E0B-485C-8552-7841F48D42D8}) (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (HKLM-x32\...\{D0DFF92A-492E-4C40-B862-A74A173C25C5}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (HKLM-x32\...\{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (HKLM-x32\...\{802771A9-A856-4A41-ACF7-1450E523C923}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Audacity 2.4.1 (HKLM-x32\...\Audacity_is1) (Version: 2.4.1 - Audacity Team)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9045 - )
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 103.1.40.109 - Brave Software Inc)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.50.854.0 - Logitech) Hidden
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
Discord (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.66 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LibreOffice 5.1.5.2 (HKLM\...\{DDDB2EB8-D3A0-484A-BB24-9611754D29C4}) (Version: 5.1.5.2 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (HKLM-x32\...\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (HKLM-x32\...\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Help_main (HKLM-x32\...\{1651216E-E7AD-4250-92A1-FB8ED61391C9}) (Version: 13.50.862.0 - Logitech) Hidden
LWS Launcher (HKLM-x32\...\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}) (Version: 13.50.859.0 - Logitech) Hidden
LWS Motion Detection (HKLM-x32\...\{71E66D3F-A009-44AB-8784-75E2819BA4BA}) (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (HKLM-x32\...\{08610298-29AE-445B-B37D-EFBE05802967}) (Version: 13.50.861.0 - Logitech) Hidden
LWS Twitter (HKLM-x32\...\{174A3B31-4C43-43DD-866F-73C9DB887B48}) (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (HKLM-x32\...\{EED027B7-0DB6-404B-8F45-6DFEE34A0441}) (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (HKLM-x32\...\{8937D274-C281-42E4-8CDB-A0B2DF979189}) (Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (HKLM-x32\...\{9DAEA76B-E50F-4272-A595-0124E826553D}) (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (HKLM-x32\...\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}) (Version: 13.31.1038.0 - Logitech) Hidden
magicJack (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\magicJack) (Version: 4.18.11491.8038 - magicJack L.P.)
Malwarebytes version 4.5.10.200 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.10.200 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{26784146-6E05-3FF9-9335-786C7C0FB5BE}) (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) (HKLM\...\{25E80DAA-FD87-DCE5-202C-CC02F6673002}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.44 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\OneDriveSetup.exe) (Version: 22.121.0605.0002 - Microsoft Corporation)
Microsoft Security Client (HKLM\...\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}) (Version: 4.8.0204.0 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0 (x64 en-US)) (Version: 102.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 102.0.0.8209 - Mozilla)
Pale Moon 29.4.6 (x86 en-US) (HKLM-x32\...\Pale Moon 29.4.6 (x86 en-US)) (Version: 29.4.6 - Moonchild Productions)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Skype version 8.85 (HKLM-x32\...\Skype_is1) (Version: 8.85 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.5491 - Analog Devices)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.05.93 (4/11/2014) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.00(4/21/2014) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.01 (5/20/2014) - Xerox Corporation)
Zoom (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\ZoomUMX) (Version: 5.10.6 (5889) - Zoom Video Communications, Inc.)

Packages:
=========
Ghostery – Privacy Ad Blocker -> C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.6.0_neutral__kzkqe0pn505dg [2020-07-20] (Ghostery)
HexChat -> C:\Program Files\WindowsApps\39215TingPing.HexChat_2.16.0.0_x86__fqe8h3fzrj50c [2021-12-04] (TingPing)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-28] (HP Inc.)
Logitech Camera Controller -> C:\Program Files\WindowsApps\E97CB0A1.LogitechCameraController_1.0.0.135_x86__wd885nsp30hay [2015-08-09] (LOGITECH Europe S.A.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.5310.0_x64__8wekyb3d8bbwe [2022-06-06] (Microsoft Studios) [MS Ad]
Newsmax TV -> C:\Program Files\WindowsApps\NewsmaxMediaInc.NewsmaxTV_2.0.0.0_neutral__wzre3exa0cyap [2020-11-29] (Newsmax Media Inc)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-17] (Microsoft Corporation)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2015-11-12] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll () [File not signed]
ContextMenuHandlers1: [!XrxFax0] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax1] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax2] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax3] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax4] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax5] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax6] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax7] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2014-05-14 16:59 - 2012-12-06 01:46 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\spe__pc.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 001580032 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxEngine64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000192000 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000288768 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxUser64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000146944 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\XrxFaxProc64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000280064 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\System32\XrxFaxPort64.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

DownloadDir: C:\Users\Helena\Desktop

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-831887293-3776352801-720962199-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_FEC2D14AA1F15DAD90F56E6F9A07DBED"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9F61700E-171F-4C5B-9ED1-CB0972EE99F5}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{78F2C9A1-BBBA-4CC6-B16C-78FB2130F628}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{04F201AE-4DF3-409D-9ABB-57C2AE92B6BB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{58E8E43C-3E07-4AA5-8463-B6DC3EC1251F}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{AF3FD539-0C98-407C-8E64-4D2470D3C642}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{63FF7ED6-45DF-4FE2-92E9-FE88DA8C4D85}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{325F527D-106B-45B9-94BF-B2BEDE48E772}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{FC6ED370-2564-4DA1-969A-62828079D9F8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{062919F5-8F2C-496A-89B5-11DDD1147074}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{33DD97EF-6A44-4205-99A3-371D0665ACFC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{344089DB-4519-432A-9CDB-FC6C5473BE44}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{9D92BF02-4743-4266-80A1-9428548084FB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{D3023B7A-56DD-46F9-B919-EDADA94759A0}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{86FF4CF8-51A0-4803-8853-751A89DF3B23}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{36E93662-45C6-4463-979B-627008168B24}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{97781A04-8AC0-48C4-87A4-05B66E37453B}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{C982AB76-982C-4F99-83E2-B5402F8296B4}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{CC31AB0D-BFD9-4242-B9ED-6F56C324851D}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{BCDE1B16-8B65-48D7-99AE-27DC5D4F2226}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{C6440625-AF29-4CAC-9A7B-120BA1331F83}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [UDP Query User{79274DEA-4344-49BA-8447-DB3B44C2F54B}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{35B14486-AA8A-4F27-8D68-1C86ABCD48A8}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{6512DF6B-F01F-4965-966F-5C4C5DEB93EC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{C1E18C13-5610-4FA2-89ED-612D6B2751ED}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{9DDE1097-BE1F-46D8-8E56-B60B562F6543}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [UDP Query User{EB7C78DD-60AE-43FB-93BE-9D3E3D020F77}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{20DC34DB-A30B-4DBF-831B-A54379AAE580}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{20F4B574-F3CA-4515-89E5-A825B42C24BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BEEB081D-8416-421B-9299-152874C3DE33}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{774F924B-F8EE-42C4-99DE-DE4467682134}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe (Lexmark International, Inc. -> Lexmark International Inc.)
FirewallRules: [{9F9CEA1B-2A67-4102-8221-8A71F04EC115}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe (Lexmark International, Inc. -> Lexmark International Inc.)
FirewallRules: [{20D52E51-1A40-48EF-A190-605002395C88}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{C960470E-1338-4F34-B0C5-51DF60DFCC0B}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [UDP Query User{F5976D48-B0AD-4171-8854-3F83EAFCF912}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9A151D56-8271-4E2A-828C-193DE19CAEE4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{DF1720A9-63DB-4188-BD7D-1B35A9CC68FB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C13A1328-23FF-47A6-9A2A-C5B9CFF77D87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D5AB136F-A188-4D45-B211-E8699A1257E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7DBA3833-7704-41D7-BF87-0B1555D2427D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D3B03BF7-A420-4045-96A8-F9E72281B4A9}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{620EA53E-5F9B-46A0-AE0C-B833A7B6B783}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{29A29FD9-59D8-4661-9714-2DEBAC833454}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5B6088DD-8771-4EB9-88DC-F8240349E8C8}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{042B0F6B-198F-414B-B71F-35B17E6F2441}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7E4F0B1E-A1F7-41B7-85FA-62F2CED9FE98}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B35A3149-605F-42B0-8C8E-509208A3AADE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{38637F5F-9703-4FD1-9A86-21E840D30DA4}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{B6D7D8A6-DD1E-46EB-955B-143CBF0EAE3F}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{48B55577-0BCD-4590-95ED-706A5F6B8C87}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C0A27E00-C044-45BA-ADF0-B0CC320E704E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BFA0627E-C944-475A-A9D2-A8D615ECA5AF}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{D3E159AD-09F1-475A-B961-38F4F890F6B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

13-06-2022 20:02:49 b4 telegram install
23-06-2022 11:55:46 b4 MB restart
28-06-2022 22:45:08 Windows Modules Installer
28-06-2022 23:03:00 Windows Modules Installer
28-06-2022 23:11:10 Windows Modules Installer
02-07-2022 08:38:11 b4LandzdownFix
03-07-2022 13:48:56 AdwCleaner_BeforeCleaning_03/07/2022_13:48:48
03-07-2022 14:24:18 Removed Windows PC Health Check
03-07-2022 14:36:44 Removed PDF Viewer.
03-07-2022 14:38:19 Removed Image Retriever.
03-07-2022 14:40:35 Removed PaperPort.
04-07-2022 15:09:36 Removed PaperPort.
04-07-2022 15:13:24 Removed PaperPort Image Printer.
04-07-2022 15:14:37 Removed OmniPage.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/04/2022 03:15:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.19041.1, time stamp: 0x25d5450e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1766, time stamp: 0x270baf18
Exception code: 0xe06d7363
Fault offset: 0x0012c3a2
Faulting process id: 0x15dc
Faulting application start time: 0x01d88fe2c4610784
Faulting application path: C:\Windows\syswow64\MsiExec.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 3d61f98f-dd3a-4636-b7f4-507b3a77b3d0
Faulting package full name:
Faulting package-relative application ID:

Error: (07/04/2022 03:12:41 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Helena-PC)
Description: Application or service 'PDFProFiltSrvPP' could not be restarted.

Error: (07/04/2022 03:11:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.19041.1, time stamp: 0x25d5450e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1766, time stamp: 0x270baf18
Exception code: 0xe06d7363
Fault offset: 0x0012c3a2
Faulting process id: 0x26cc
Faulting application start time: 0x01d88fe2257cebfc
Faulting application path: C:\Windows\syswow64\MsiExec.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: c2a7adc5-b69b-4f7a-9c46-3966e775f53c
Faulting package full name:
Faulting package-relative application ID:

Error: (07/04/2022 03:00:37 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).

Error: (07/04/2022 01:05:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (07/04/2022 01:03:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c987c0f2-30a8-4c6a-9053-f740963b0dc0}

Error: (07/03/2022 02:53:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBar.exe, version: 5.722.5052.0, time stamp: 0x6274ca9c
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1741, time stamp: 0xe9b4a91b
Exception code: 0xc0000409
Fault offset: 0x000000000010fa32
Faulting process id: 0x2034
Faulting application start time: 0x01d88f1666c1d596
Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.722.5052.0_x64__8wekyb3d8bbwe\GameBar.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 7d87fcba-dfda-4114-9d73-879504ab94d1
Faulting package full name: Microsoft.XboxGamingOverlay_5.722.5052.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (07/02/2022 12:06:04 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]


System errors:
=============
Error: (07/04/2022 03:43:52 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/04/2022 03:38:52 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/04/2022 03:33:52 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/04/2022 03:28:55 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (07/04/2022 03:28:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The W3SVC service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.

Error: (07/04/2022 03:28:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.

Error: (07/04/2022 03:28:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.

Error: (07/04/2022 03:28:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetMsmqActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.


Windows Defender:
================
Date: 2022-07-03 22:36:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-03 20:53:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-02 00:04:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-07-01 11:23:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2022-06-28 20:51:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2022-01-13 17:51:27
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2022-01-02 21:53:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A09 03/11/2008
Motherboard: Dell Inc. 0GM819
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 66%
Total physical RAM: 3956.61 MB
Available physical RAM: 1341.87 MB
Total Virtual: 7924.61 MB
Available Virtual: 4927.87 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:926.93 GB) (Free:828.71 GB) (Model: Hitachi HDS721010KLA330 ATA Device) NTFS

\\?\Volume{6462e9a1-d38d-11e3-9305-806e6f6e6963}\ (System) (Fixed) (Total:3.76 GB) (Free:0.56 GB) NTFS
\\?\Volume{c07cf236-0000-0000-0000-00ace8000000}\ () (Fixed) (Total:0.82 GB) (Free:0.41 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C07CF236)
Partition 1: (Active) - (Size=3.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=926.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=844 MB) - (Type=27)

==================== End of Addition.txt =======================

DR M

Hi, PWG.

Logs are good.

Something I would like to investigate:

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code (auto:0) Select
Start::
CloseProcesses:
type C:\ProgramData\NTUSER.pol
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge
GroupPolicy: Restriction - Chrome <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
End::


  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.
Grecian Geek

"Count your blessings, remember your prayers..."

"In one of the stars I shall be living. In one of them I shall be laughing. And so it will be as if all the stars will be laughing when you look at the sky at night.. You, only you, will have stars that can laugh..."