Trying to figure out what to do with this PuginModule folder that appeared on my desktop. Preliminatry discussion here:
https://www.landzdown.com/computer-problems-questions-and-solutions!/what-is-this-folder/msg206048
This is a screenshot of what is in the folder:
https://www.landzdown.com/computer-problems-questions-and-solutions!/what-is-this-folder/?action=dlattach;attach=8294;image
I have run threat scan with MBAM and also one which included a root kit scan. Neither found anything. However, I'm not sure the root kit scan completed...it came within 10K or so of the usually total files scanned number of the threat scan if not.
Here are the FUBAR logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-06-2022 01
Ran by Helena (administrator) on HELENA-PC (Dell Inc. OptiPlex 755) (01-07-2022 15:42:52)
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler64.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <16>
(explorer.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\AMT\atchk.exe
(explorer.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\xdcla.exe
(explorer.exe ->) (Ruiware, LLC -> Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(explorer.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(services.exe ->) (Intel) [File not signed] C:\Program Files (x86)\Intel\AMT\LMS.exe
(services.exe ->) (Intel) [File not signed] C:\Program Files (x86)\Intel\AMT\UNS.exe
(services.exe ->) (Lexmark International, Inc. -> ) C:\Windows\System32\lxbvcoms.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.41582.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation) [File not signed]
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [cdloader] => C:\Users\Helena\AppData\Roaming\mjusbsp\cdloader2.exe [59048 2022-01-04] (magicJack, L.P. -> magicJack L.P.)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe [1223560 2017-05-07] (Ruiware, LLC -> Ruiware)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [MicrosoftEdgeAutoLaunch_FEC2D14AA1F15DAD90F56E6F9A07DBED] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-06-22] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Uninstall 22.111.0522.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\22.111.0522.0002" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\MountPoints2: {251e69fc-d200-11ec-9ccd-0014d1fa11a1} - "F:\VZW_Software_upgrade_assistant.exe"
HKLM\...\Windows x64\Print Processors\Lexmark 2200 Series Print Processor: lxbvpp6c.dll
HKLM\...\Windows x64\Print Processors\spe__PC: C:\Windows\System32\spool\prtprocs\x64\spe__pc.dll [41984 2012-12-06] (Windows (R) Codename Longhorn DDK provider) [File not signed]
HKLM\...\Windows x64\Print Processors\SUGO3PC: C:\Windows\System32\spool\prtprocs\x64\sugo3pc.dll [27648 2006-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Windows x64\Print Processors\sxa6mPC: C:\Windows\System32\spool\prtprocs\x64\sxa6mpc.dll [43520 2014-02-20] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\usp02PC: C:\Windows\System32\spool\prtprocs\x64\usp02pc.dll [43520 2014-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\Xerox Network PC Fax Print Processor: C:\Windows\System32\spool\prtprocs\x64\XrxFaxProc64.dll [146944 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\...\Print\Monitors\2200 Series Port: C:\WINDOWS\system32\lxbvlmpm.dll [488448 2007-04-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\spe__ Langmon: C:\WINDOWS\system32\spe__l.dll [34304 2011-04-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\SUGO3 Langmon: C:\WINDOWS\system32\sugo3l6.dll [22016 2006-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\sxa6m Langmon: C:\WINDOWS\system32\sxa6mlm.dll [34304 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\usp02 Langmon: C:\WINDOWS\system32\usp02l.dll [29184 2014-04-16] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Xerox MFP PC Fax Port: C:\WINDOWS\system32\XrxFaxPort64.dll [280064 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.66\Installer\chrmstp.exe [2022-06-29] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\103.1.40.109\Installer\chrmstp.exe [2022-06-28] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageRetriever.lnk [2016-04-06]
ShortcutTarget: ImageRetriever.lnk -> C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\xdcla.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2016-04-06]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.) [File not signed]
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08066272-E4CE-44F8-BAA8-8D9F63C44088} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1817527B-916E-4828-9064-8B9C7C88F4BD} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {1A327E14-3348-4D82-BA9F-3D9156844511} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {1F5FF165-2F20-44BA-A566-AE70B1099F0C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {26EA4B1A-5F1F-46D0-ADB9-64874994F0DB} - System32\Tasks\{26FF5CE4-1B64-467B-A8F9-E1AFBECA0043} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
Task: {2A914597-8D60-4C8A-845F-7C6B9698411F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {2D14430F-8DB9-4A17-9A63-376EE205AC65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {3BE1F1BC-5BE6-4B1A-9974-AA07DE8A3B5C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
Task: {403DA6FD-63E7-4F7E-9F2A-0D545410941E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4A68B9CC-69D1-400C-8369-85BB21D1881B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4ABC4334-7813-4F8E-A6CA-F73EF6DCF744} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {52AAFEA1-9569-4FAA-BFF8-247BB70FDFA3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {53C1002C-A1F8-4AC1-9A14-4076D4475F99} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {5691B2A8-0468-4C5C-87DD-CFA539E133B3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {69D28494-AF77-4BB4-8498-C02DA9A82FB5} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {6E227D86-F9B2-46DD-80F4-7FDD3F52F855} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {79269E68-B26F-4D8B-8166-7BF427E3FB12} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {7BEFDAC2-DF77-4486-AE5E-9638D19CB8A4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges (No File)
Task: {7C8CB8C9-96A6-441F-8406-88CA84AE83D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {862F6BDE-AB5D-41B7-9C59-13842AE6F2F3} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9C578E9E-58F8-478E-904A-B9428EBFD5B2} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {A51DE8EF-2078-40EB-BA7D-EC285D170034} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B687CEBE-FA8A-4F43-8016-F92A8D5862E7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {BBFBE970-925D-4581-A00D-EE4177311E62} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File)
Task: {BCD07FC1-F311-442F-8093-A5A7B42733F2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {BE3C0C64-EAB0-4DB2-ACD8-3D3FCB3E6C18} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {BF8070BE-5E8B-402E-880C-2C676A4D7314} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {C659F16F-A4C3-45C9-B031-2805B488C642} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {D3BB3CF2-C59B-49F6-8422-5FB23EC4C4E3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {D3DD5E21-E529-4A67-860E-FA96754EE492} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {D982EE24-A772-438C-A60F-39628F96627F} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {D9C1DFA0-E865-487F-8C6D-63AB6EC1DF12} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {E0612474-1111-4866-BE32-277060951C9F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {E5681874-1A34-4209-90C0-66CF30C5E85A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EEDE1370-0002-495D-A32F-C4061417EDF6} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {EF264487-B955-4558-8484-48085101BC1A} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {F1113B51-1D61-4A41-B21F-92142178CB98} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {F3384579-64DC-40C1-B982-CFAA66121805} - System32\Tasks\{388ED8BB-DE22-4551-8878-F11FF5D89FEE} => C:\Windows\system32\pcalua.exe -a C:\Users\Helena\AppData\Local\Temp\Shockwave_Installer_FF.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
Task: {F4433939-EA79-44A2-B68E-86991B328547} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {F943D144-419E-4482-B61E-002605CE1FEA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fee10231-d6e0-42e1-a19b-a0f5a78c86cc}: [DhcpNameServer] 192.168.1.1
Edge:
=======
DownloadDir: C:\Users\Helena\Desktop
Edge Notifications: HKU\S-1-5-21-831887293-3776352801-720962199-1001 -> hxxps://web.skype.com
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (Ghostery – Privacy Ad Blocker) -> EdgeExtension_GhosteryGhostery_kzkqe0pn505dg => C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.6.0_neutral__kzkqe0pn505dg [2020-07-20]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-01]
Edge DownloadDir: Default -> C:\Users\Helena\Desktop
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Textarea Cache) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chpphekfimlabghbdankokcohcmnbmab [2020-10-21]
Edge Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-15]
Edge Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2022-06-29]
Edge Extension: (Measure-it) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gbaokpnhddikgoalopfdjjhgahfcecge [2021-06-07]
Edge Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lhnbdlbhcokmgpjenkjolnhdnkphnkam [2022-06-29]
Edge Extension: (uBlock Origin) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2022-05-15]
Edge Extension: (Weather Forecast) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\phklfmbdnakdekionmpfdiihnmijfpnl [2022-02-08]
FireFox:
========
FF DefaultProfile: n27s1rnq.default
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default [2022-04-22]
FF DownloadDir: C:\Users\Helena\Desktop
FF Session Restore: Mozilla\Firefox\Profiles\n27s1rnq.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\n27s1rnq.default -> hxxp://mail.google.com; hxxps://mail.google.com; hxxp://us-mg6.mail.yahoo.com; hxxps://us-mg6.mail.yahoo.com; hxxps://twitter.com; hxxps://us-mg4.mail.yahoo.com; hxxps://mg.mail.yahoo.com; hxxps://mail.yahoo.com
FF Extension: (Disconnect) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\2.0@disconnect.me.xpi [2020-05-16]
FF Extension: (Archive URL) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\@save-url-to-wayback-machine-firefox-addon.xpi [2020-05-16]
FF Extension: (Copy Link Text) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\copylinktext@brett(2).zamir [2014-05-11] [Legacy] [not signed]
FF Extension: (Edit) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\edit@eros.man.xpi [2020-05-16]
FF Extension: (eSnipe.com SnipeIt!) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\esnipesnipeit@esnipe.com.xpi [2018-02-10] [UpdateUrl:hxxps://www.esnipe.com/SnipeIt_FirefoxExtension/update.json]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firefox@ghostery.com.xpi [2020-07-31]
FF Extension: (Tampermonkey) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firefox@tampermonkey.net.xpi [2020-05-16]
FF Extension: (pinterest-guest) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-SWdspnBEetWxoA@jetpack.xpi [2020-05-16]
FF Extension: (Copy Selected Links) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-vs5odTmtIydjMg@jetpack.xpi [2020-05-16]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2020-07-31]
FF Extension: (Open With) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\openwith@darktrojan(2).net [2014-05-11] [Legacy] [not signed]
FF Extension: (SuperStop) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\superstop@gavinsharp.com.xpi [2018-06-20]
FF Extension: (Textarea Cache) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\textarea-cache-lite@wildsky.cc.xpi [2020-05-16]
FF Extension: (uBlock Origin) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\uBlock0@raymondhill.net.xpi [2020-05-24]
FF Extension: (YesScript2) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\yesscript202@example.org.xpi [2020-06-08]
FF Extension: (YouTube to MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\youtube2mp3@mondayx(2).de [2014-05-11] [Legacy] [not signed]
FF Extension: (Imagus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{00000f2a-7cde-4f20-83ed-434fcb420d71}.xpi [2020-05-16] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Image Block X) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{0035bf10-3f36-4d60-b92d-08c1a8b060a6}.xpi [2020-05-16]
FF Extension: (Screengrab!) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-06-20]
FF Extension: (FireShot) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (LittleFox) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi [2020-05-16]
FF Extension: (Empty Cache Button) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2017-12-16]
FF Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2020-06-21]
FF Extension: (Text Link) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2020-05-16]
FF Extension: (InFormEnter+) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi [2020-05-24]
FF Extension: (ColorZilla) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-12-12]
FF Extension: (Stylus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}.xpi [2020-05-16]
FF Extension: (bbCodeWebex) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7e19f8dd-0cf6-498a-8072-bae5b2db65e5}.xpi [2020-05-27]
FF Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{853d1586-e2ab-4387-a7fd-1f7f894d2651}.xpi [2020-05-24]
FF Extension: (Clippings) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}.xpi [2020-05-19]
FF Extension: (YouTube Downloader Converter MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2020-05-16]
FF Extension: (Weather) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a79a9c4c-9c3f-4bf4-9e58-6574cc0b7ecb}.xpi [2020-05-24]
FF Extension: (Simple stylish) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a8e5fca1-24ae-4de6-b3c4-80d2d316f8f9}.xpi [2019-11-16]
FF Extension: (ruler) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{b1355a29-9265-4b5e-a3ad-e9d61265d5ac}.xpi [2020-05-16]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-05-25]
FF Extension: (Adblock Plus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (Top and Bottom scroll buttons) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d8c7bd7f-3e7d-456a-be71-29973917ec72}.xpi [2020-05-16]
FF Extension: (IE View Lite) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}(2) [2014-05-11] [Legacy] [not signed]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\cnet.xml [2009-11-14]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\mozilla-add-ons.xml [2008-09-06]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\technorati.xml [2008-09-11]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\webster.xml [2008-09-18]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\wordpresscom.xml [2016-03-16]
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default [2022-06-14]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> hxxp://zionfirefriends.com
FF Session Restore: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> is enabled.
FF Extension: (Lazarus: Form Recovery) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\lazarus@interclue.com.xpi [2018-06-16] [Legacy]
FF Extension: (Ad-Bye - For Facebook) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\s.alfa@idev.com.xpi [2018-10-02] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\uBlock0@raymondhill.net.xpi [2021-08-09] [Legacy] [not signed]
FF Extension: (YesScript) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\yesscript@userstyles.org.xpi [2018-10-02] [Legacy]
FF Extension: (FireShot) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2021-02-02] [Legacy] [not signed]
FF Extension: (Back to Top) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}.xpi [2018-09-28] [Legacy] [not signed]
FF Extension: (Forecast & Weather on the Button) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{4d60e663-9c10-48d9-895a-801285687ced}.xpi [2020-01-23] [Legacy] [not signed]
FF Extension: (Color Identifier) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{89850e1c-c80b-4179-81fe-79a9f313400d}.xpi [2018-09-09] [Legacy] [not signed]
FF Extension: (Open With Edge, IE, Chrome, and More) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{ab91ffec-fe2a-440e-99ca-5260e0ea0c06}.xpi [2019-12-25] [Legacy] [not signed]
FF Extension: (BBCodeXtra) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2018-09-09] [Legacy]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\searchplugins\amazoncom.xml [2022-06-14]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\searchplugins\pale-moon-add-ons.xml [2022-06-14]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [No File]
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [No File]
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PDF Viewer 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation -> Zeon Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default [2022-06-18]
CHR DownloadDir: C:\Users\Helena\Desktop
CHR Notifications: Default -> hxxps://twitter.com
CHR StartupUrls: Default -> "hxxp://if.invisionfree.com/search/?c=5","hxxp://www.drudgereport.com/","hxxps://us-mg6.mail.yahoo.com/neo/launch?.rand=e2tudim4rqkvc","hxxp://www.landzdown.com/index.php","hxxp://www.accuweather.com/en/us/kansas-city-mo/64106/hourly-weather-forecast/329441","hxxp://if.invisionfree.com/pages/ircchat/","hxxp://www.official-drivers.com/installer/?seed=lexmark&gclid=COTq45Duor4CFQcSMwodZQEANA","hxxp://hcgdietinfo.com/hcgdietforums/search.php?searchid=4234517"
CHR Extension: (ColorZilla) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2019-01-20]
CHR Extension: (uBlock Origin) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-05-02]
CHR Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-02]
CHR Extension: (Google Search) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Tidy Sidebar) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2019-01-20]
CHR Extension: (bbCodeInsert) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhckbmeeagkjnabhfaindkhmofncedln [2019-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-02]
CHR Extension: (HTML5 Autoplay Blocker) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppkihnmgkncknjlfkkjgfgoifkcgii [2019-12-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-02]
CHR Extension: (Weather) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\iolcbmjhmpdheggkocibajddahbeiglb [2021-09-01]
CHR Extension: (Measure-it) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jocbgkoackihphodedlefohapackjmna [2019-01-20]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2022-05-02]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-01]
CHR Extension: (Image Background Color) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjaolenabdfhmpndkmnbojmjefdpago [2019-02-27]
CHR Extension: (Image Size Info) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihdhfbfoagfkpcncinlbhfdgpegcigf [2021-09-01]
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-12-16]
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\System Profile [2022-04-28]
Brave:
=======
BRA Profile: C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-07-01]
BRA DownloadDir: C:\Users\Helena\Desktop
BRA DefaultSearchURL: Default -> hxxps://search.brave.com/search?q={searchTerms}&source=desktop
BRA DefaultSearchKeyword: Default -> :br
BRA DefaultSuggestURL: Default -> hxxps://search.brave.com/api/suggest?q={searchTerms}
BRA Extension: (Textarea Cache) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\chpphekfimlabghbdankokcohcmnbmab [2022-02-14]
BRA Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-05]
BRA Extension: (Measure-it) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jocbgkoackihphodedlefohapackjmna [2022-02-14]
BRA Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\piajkpdbaniagacofgklljacgjhefjeh [2022-06-20]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-06-30]
BRA Extension: (Brave NTP background images) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-03-10]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-06-23]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-06-30]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-06-30]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-06-29]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [847886 2019-10-15] (Microsoft Windows -> )
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-05-11] (Macrovision Europe Ltd.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 lxbv_device; C:\WINDOWS\system32\lxbvcoms.exe [566704 2007-04-25] (Lexmark International, Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8677120 2022-06-23] (Malwarebytes Inc. -> Malwarebytes)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe [220488 2013-02-26] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] (Samsung Electronics CO., LTD. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254368 2022-06-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2014-04-21] (Xerox Corporation.) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-06-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74680 2022-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-06-29] (Malwarebytes Inc. -> Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-01 15:42 - 2022-07-01 15:46 - 000042301 _____ C:\Users\Helena\Desktop\FRST.txt
2022-07-01 15:38 - 2022-07-01 15:38 - 002369024 _____ (Farbar) C:\Users\Helena\Desktop\FRST64.exe
2022-06-29 08:05 - 2022-06-29 08:05 - 000074680 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-06-29 08:04 - 2022-06-29 08:04 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-06-29 08:04 - 2022-06-29 08:04 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-06-28 23:44 - 2022-06-28 23:44 - 000479744 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000011787 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-06-28 23:43 - 2022-06-28 23:43 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-06-28 23:42 - 2022-06-28 23:42 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-06-28 23:42 - 2022-06-28 23:42 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-06-28 23:10 - 2022-06-28 23:10 - 000000000 ___HD C:\$WinREAgent
2022-06-23 12:25 - 2022-06-23 12:25 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-06-23 12:20 - 2022-06-23 12:20 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-06-13 19:56 - 2022-06-13 19:57 - 035896816 _____ (Telegram FZ-LLC ) C:\Users\Helena\Desktop\tsetup-x64.3.7.3.exe
2022-06-09 22:22 - 2022-06-29 22:36 - 000000377 _____ C:\Users\Helena\Desktop\CourseNotes.txt
2022-06-09 12:03 - 2022-06-09 12:03 - 000112264 _____ C:\Users\Helena\Desktop\Carbs are Critical One Week Menu.pdf
2022-06-02 20:53 - 2022-06-02 20:53 - 006971230 _____ C:\Users\Helena\Desktop\BusinessStartup101WorkbookJeniHott1-220508-132859.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-01 15:44 - 2017-10-02 10:53 - 000000000 ____D C:\FRST
2022-07-01 15:23 - 2020-08-26 23:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-01 15:23 - 2014-05-10 19:29 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-01 13:26 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-01 12:42 - 2021-12-04 16:54 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\IGDump
2022-07-01 12:24 - 2021-10-05 16:28 - 000000000 ____D C:\Users\Helena\AppData\Roaming\discord
2022-07-01 11:55 - 2021-10-05 16:27 - 000000000 ____D C:\Users\Helena\AppData\Local\Discord
2022-07-01 10:32 - 2021-12-12 23:47 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-831887293-3776352801-720962199-1001
2022-07-01 10:32 - 2020-08-27 00:17 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-831887293-3776352801-720962199-1001
2022-07-01 10:32 - 2020-08-26 05:29 - 000002429 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-01 10:30 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-01 10:30 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-01 10:24 - 2020-08-27 00:17 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2022-06-29 19:35 - 2015-08-08 22:50 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-06-29 19:35 - 2014-05-10 19:30 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-06-29 08:20 - 2015-08-07 23:01 - 000000000 ____D C:\Users\Helena\AppData\Roaming\mjusbsp
2022-06-29 08:19 - 2015-08-07 23:01 - 000001086 _____ C:\Users\Helena\Desktop\magicJack.lnk
2022-06-29 08:19 - 2015-08-07 23:01 - 000001072 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2022-06-29 08:10 - 2020-08-27 00:07 - 000971878 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-06-29 08:10 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-06-29 08:03 - 2020-08-27 00:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-06-29 08:03 - 2020-08-26 23:47 - 002352568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-06-29 08:03 - 2020-08-26 23:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-06-29 08:02 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-06-29 07:59 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-06-29 07:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-06-28 23:52 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-06-28 23:42 - 2020-08-26 23:51 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-06-28 22:24 - 2014-05-10 15:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-06-28 22:11 - 2014-05-10 15:21 - 145918784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-06-28 18:14 - 2021-04-06 11:46 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-06-28 18:14 - 2021-04-06 11:46 - 000002330 _____ C:\Users\Public\Desktop\Brave.lnk
2022-06-28 14:56 - 2020-12-01 09:01 - 000000682 _____ C:\Users\Helena\Desktop\ShoppingList.txt
2022-06-27 17:04 - 2015-01-02 20:59 - 000000000 ____D C:\Users\Helena\Documents\Dance
2022-06-25 11:19 - 2018-06-19 20:06 - 000000000 ____D C:\ProgramData\Packages
2022-06-25 11:18 - 2020-08-21 13:20 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-06-25 11:18 - 2020-08-21 13:20 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-06-24 23:16 - 2015-04-01 12:39 - 000000000 ____D C:\Users\Helena\AppData\Local\CrashDumps
2022-06-24 15:39 - 2020-04-22 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-06-23 21:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-06-23 08:17 - 2019-07-22 10:30 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-06-22 20:09 - 2018-02-18 19:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-16 01:11 - 2020-08-27 00:17 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-06-16 01:11 - 2020-08-27 00:17 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-06-11 17:07 - 2021-10-05 16:28 - 000002279 _____ C:\Users\Helena\Desktop\Discord.lnk
2022-06-03 23:13 - 2020-07-07 12:30 - 000002118 _____ C:\Users\Helena\Desktop\OPM.txt
==================== Files in the root of some directories ========
2019-06-01 15:36 - 2019-06-01 15:36 - 000003584 _____ () C:\Users\Helena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-26 12:28 - 2019-03-16 08:22 - 000000600 _____ () C:\Users\Helena\AppData\Local\PUTTY.RND
2018-10-20 22:40 - 2018-10-20 22:40 - 000002938 _____ () C:\Users\Helena\AppData\Local\recently-used.xbel
2014-05-25 18:06 - 2018-06-05 21:44 - 000007597 _____ () C:\Users\Helena\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2022 01
Ran by Helena (01-07-2022 15:48:34)
Running from C:\Users\Helena\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) (2020-08-27 05:19:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-831887293-3776352801-720962199-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-831887293-3776352801-720962199-503 - Limited - Disabled)
Guest (S-1-5-21-831887293-3776352801-720962199-501 - Limited - Disabled)
Helena (S-1-5-21-831887293-3776352801-720962199-1001 - Administrator - Enabled) => C:\Users\Helena
HomeGroupUser$ (S-1-5-21-831887293-3776352801-720962199-1009 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-831887293-3776352801-720962199-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Anchor Service CS3 (HKLM-x32\...\{90176341-0A8B-4CCC-A78D-F862228A6B95}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (HKLM-x32\...\{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (HKLM-x32\...\{9C9824D9-9000-4373-A6A5-D0E5D4831394}) (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (HKLM-x32\...\{08B32819-6EEF-4057-AEDA-5AB681A36A23}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (HKLM-x32\...\{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}) (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (HKLM-x32\...\{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (HKLM-x32\...\{A2D81E70-2A98-4A08-A628-94388B063C5E}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (HKLM-x32\...\{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (HKLM-x32\...\{51846830-E7B2-4218-8968-B77F0FF475B8}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (HKLM-x32\...\{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (HKLM-x32\...\{95655ED4-7CA5-46DF-907F-7144877A32E5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (HKLM-x32\...\{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (HKLM-x32\...\{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (HKLM-x32\...\{6ABE0BEE-D572-4FE8-B434-9E72A289431B}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (HKLM-x32\...\{04AF207D-9A77-465A-8B76-991F6AB66245}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (HKLM-x32\...\{54793AA1-5001-42F4-ABB6-C364617C6078}) (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (HKLM-x32\...\{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}) (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}) (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Setup (HKLM-x32\...\{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (HKLM-x32\...\{29E5EA97-5F74-4A57-B8B2-D4F169117183}) (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (HKLM-x32\...\{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (HKLM-x32\...\{E69AE897-9E0B-485C-8552-7841F48D42D8}) (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (HKLM-x32\...\{D0DFF92A-492E-4C40-B862-A74A173C25C5}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (HKLM-x32\...\{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (HKLM-x32\...\{802771A9-A856-4A41-ACF7-1450E523C923}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Audacity 2.4.1 (HKLM-x32\...\Audacity_is1) (Version: 2.4.1 - Audacity Team)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9045 - )
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 103.1.40.109 - Brave Software Inc)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.50.854.0 - Logitech) Hidden
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
Discord (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.41.1 (HKLM-x32\...\FileZilla Client) (Version: 3.41.1 - Tim Kosse)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.66 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Image Retriever (HKLM-x32\...\{5F0EECDE-4C30-48A0-AEFD-9F3E06811465}) (Version: 11.0 - Nuance Communications, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LibreOffice 5.1.5.2 (HKLM\...\{DDDB2EB8-D3A0-484A-BB24-9611754D29C4}) (Version: 5.1.5.2 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (HKLM-x32\...\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (HKLM-x32\...\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Help_main (HKLM-x32\...\{1651216E-E7AD-4250-92A1-FB8ED61391C9}) (Version: 13.50.862.0 - Logitech) Hidden
LWS Launcher (HKLM-x32\...\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}) (Version: 13.50.859.0 - Logitech) Hidden
LWS Motion Detection (HKLM-x32\...\{71E66D3F-A009-44AB-8784-75E2819BA4BA}) (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (HKLM-x32\...\{08610298-29AE-445B-B37D-EFBE05802967}) (Version: 13.50.861.0 - Logitech) Hidden
LWS Twitter (HKLM-x32\...\{174A3B31-4C43-43DD-866F-73C9DB887B48}) (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (HKLM-x32\...\{EED027B7-0DB6-404B-8F45-6DFEE34A0441}) (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (HKLM-x32\...\{8937D274-C281-42E4-8CDB-A0B2DF979189}) (Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (HKLM-x32\...\{9DAEA76B-E50F-4272-A595-0124E826553D}) (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (HKLM-x32\...\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}) (Version: 13.31.1038.0 - Logitech) Hidden
magicJack (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\magicJack) (Version: 4.18.11491.8038 - magicJack L.P.)
Malwarebytes version 4.5.10.200 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.10.200 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{26784146-6E05-3FF9-9335-786C7C0FB5BE}) (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) (HKLM\...\{25E80DAA-FD87-DCE5-202C-CC02F6673002}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.37 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\OneDriveSetup.exe) (Version: 22.121.0605.0002 - Microsoft Corporation)
Microsoft Security Client (HKLM\...\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}) (Version: 4.8.0204.0 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKL
Remainder of Addition.txt log:
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 98.0.2 (x64 en-US)) (Version: 98.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 98.0.2.8116 - Mozilla)
OmniPage (HKLM-x32\...\{0FEAC8E3-FBBD-4C01-BB2F-3EA7AD374757}) (Version: 18.1.0001 - Nuance Communications, Inc.)
Pale Moon 29.4.6 (x86 en-US) (HKLM-x32\...\Pale Moon 29.4.6 (x86 en-US)) (Version: 29.4.6 - Moonchild Productions)
PaperPort (HKLM-x32\...\{760F8DD0-D8A0-44A4-9F15-58051A68D633}) (Version: 14.2.0001 - Nuance Communications, Inc.)
PaperPort Image Printer (HKLM\...\{CA925CBC-6B0D-40E1-BE59-193DA7DAE920}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Viewer (HKLM-x32\...\{5A90D3BD-E31D-40B4-8005-6D6B6C6B300E}) (Version: 7.20.3219 - Nuance Communications, Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Skype version 8.85 (HKLM-x32\...\Skype_is1) (Version: 8.85 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.5491 - Analog Devices)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{8D327827-8FDE-45D8-AD3C-5CB4371BC533}) (Version: 4.21.0205 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{930FA71B-703F-4178-9FE8-1BCAA359E6EE}) (Version: 4.18.1201 - Samsung Electronics Co., Ltd.)
Windows PC Health Check (HKLM\...\{014B7442-C784-45D3-A152-F7D2C651F28A}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.05.93 (4/11/2014) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.00(4/21/2014) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.01 (5/20/2014) - Xerox Corporation)
Zoom (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\ZoomUMX) (Version: 5.10.6 (5889) - Zoom Video Communications, Inc.)
Packages:
=========
Ghostery – Privacy Ad Blocker -> C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.6.0_neutral__kzkqe0pn505dg [2020-07-20] (Ghostery)
HexChat -> C:\Program Files\WindowsApps\39215TingPing.HexChat_2.16.0.0_x86__fqe8h3fzrj50c [2021-12-04] (TingPing)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-28] (HP Inc.)
Logitech Camera Controller -> C:\Program Files\WindowsApps\E97CB0A1.LogitechCameraController_1.0.0.135_x86__wd885nsp30hay [2015-08-09] (LOGITECH Europe S.A.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.5310.0_x64__8wekyb3d8bbwe [2022-06-06] (Microsoft Studios) [MS Ad]
Newsmax TV -> C:\Program Files\WindowsApps\NewsmaxMediaInc.NewsmaxTV_2.0.0.0_neutral__wzre3exa0cyap [2020-11-29] (Newsmax Media Inc)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-17] (Microsoft Corporation)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2015-11-12] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll () [File not signed]
ContextMenuHandlers1: [!XrxFax0] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax1] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax2] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax3] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax4] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax5] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax6] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax7] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2012-11-18 19:16 - 2012-11-18 19:16 - 004808704 _____ (BCGSoft Ltd) [File not signed] C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\BCGCBPRO1100.dll
2014-05-14 16:59 - 2012-12-06 01:46 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\spe__pc.dll
2014-04-21 04:36 - 2014-04-21 04:36 - 000111616 _____ (Xerox Corporation.) [File not signed] C:\Program Files (x86)\Xerox\Easy Printer Manager\CustomTimer.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 001580032 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxEngine64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000192000 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000146944 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\XrxFaxProc64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000280064 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\System32\XrxFaxPort64.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
DownloadDir: C:\Users\Helena\Desktop
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PDF Viewer 7\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation -> Zeon Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "PDFProHook"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{C708961B-0BCE-49F1-B45D-08B5BF92B75A}] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{F58BE963-0C20-491E-B43A-B8996961E06F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{D359D1E0-68F2-4F68-8F46-C51D464CD490}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{9F61700E-171F-4C5B-9ED1-CB0972EE99F5}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{78F2C9A1-BBBA-4CC6-B16C-78FB2130F628}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{92754EFD-8A92-46B5-8D3B-18728758B5B8}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{5F6DB663-0F9D-4EBD-965C-8CD99F2FB227}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{49E21789-99A7-4F11-AA7F-902C401DE6CA}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{E223B679-9DDF-49AD-A1E0-CF2683EC0C07}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{04F201AE-4DF3-409D-9ABB-57C2AE92B6BB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{58E8E43C-3E07-4AA5-8463-B6DC3EC1251F}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{AF3FD539-0C98-407C-8E64-4D2470D3C642}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{63FF7ED6-45DF-4FE2-92E9-FE88DA8C4D85}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{325F527D-106B-45B9-94BF-B2BEDE48E772}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{FC6ED370-2564-4DA1-969A-62828079D9F8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{062919F5-8F2C-496A-89B5-11DDD1147074}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{33DD97EF-6A44-4205-99A3-371D0665ACFC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{344089DB-4519-432A-9CDB-FC6C5473BE44}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{9D92BF02-4743-4266-80A1-9428548084FB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{D3023B7A-56DD-46F9-B919-EDADA94759A0}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{86FF4CF8-51A0-4803-8853-751A89DF3B23}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{36E93662-45C6-4463-979B-627008168B24}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{97781A04-8AC0-48C4-87A4-05B66E37453B}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{C982AB76-982C-4F99-83E2-B5402F8296B4}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{CC31AB0D-BFD9-4242-B9ED-6F56C324851D}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{BCDE1B16-8B65-48D7-99AE-27DC5D4F2226}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{C6440625-AF29-4CAC-9A7B-120BA1331F83}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{79AD34C0-4270-4780-9B42-33C6CBD00962}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\Ereg\Ereg.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [{54575F65-E526-489C-9952-E03369823C15}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\Ereg\Ereg.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [{DD8E5967-8B47-44AB-9D20-23D6CEA8DC05}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage18.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [{2D49D126-F83E-45FB-90B1-DC424D46040A}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage18.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [UDP Query User{79274DEA-4344-49BA-8447-DB3B44C2F54B}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{35B14486-AA8A-4F27-8D68-1C86ABCD48A8}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{6512DF6B-F01F-4965-966F-5C4C5DEB93EC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{C1E18C13-5610-4FA2-89ED-612D6B2751ED}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{9DDE1097-BE1F-46D8-8E56-B60B562F6543}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [UDP Query User{EB7C78DD-60AE-43FB-93BE-9D3E3D020F77}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{20DC34DB-A30B-4DBF-831B-A54379AAE580}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [UDP Query User{DED88290-5AF3-4A5E-BE81-5E1E0A966201}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe => No File
FirewallRules: [TCP Query User{35287505-472A-4C0A-A78A-04626C58EC0A}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe => No File
FirewallRules: [{20F4B574-F3CA-4515-89E5-A825B42C24BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BEEB081D-8416-421B-9299-152874C3DE33}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{774F924B-F8EE-42C4-99DE-DE4467682134}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe (Lexmark International, Inc. -> Lexmark International Inc.)
FirewallRules: [{9F9CEA1B-2A67-4102-8221-8A71F04EC115}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe (Lexmark International, Inc. -> Lexmark International Inc.)
FirewallRules: [{20D52E51-1A40-48EF-A190-605002395C88}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{C960470E-1338-4F34-B0C5-51DF60DFCC0B}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{41A76461-A847-4ED3-ADDF-2B14667B1B14}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe => No File
FirewallRules: [{51F55BA3-98FB-47DE-A789-E7D769386793}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe => No File
FirewallRules: [UDP Query User{F5976D48-B0AD-4171-8854-3F83EAFCF912}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9A151D56-8271-4E2A-828C-193DE19CAEE4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{153A47F5-FC9D-4AE8-AB23-F5647C4B7125}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin => No File
FirewallRules: [TCP Query User{D1CC3547-BB26-47A2-B6F2-B04CA515DAC5}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin => No File
FirewallRules: [UDP Query User{DF1720A9-63DB-4188-BD7D-1B35A9CC68FB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C13A1328-23FF-47A6-9A2A-C5B9CFF77D87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D5AB136F-A188-4D45-B211-E8699A1257E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7DBA3833-7704-41D7-BF87-0B1555D2427D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D3B03BF7-A420-4045-96A8-F9E72281B4A9}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{620EA53E-5F9B-46A0-AE0C-B833A7B6B783}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{29A29FD9-59D8-4661-9714-2DEBAC833454}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5B6088DD-8771-4EB9-88DC-F8240349E8C8}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{042B0F6B-198F-414B-B71F-35B17E6F2441}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7E4F0B1E-A1F7-41B7-85FA-62F2CED9FE98}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B35A3149-605F-42B0-8C8E-509208A3AADE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{38637F5F-9703-4FD1-9A86-21E840D30DA4}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{B6D7D8A6-DD1E-46EB-955B-143CBF0EAE3F}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{48B55577-0BCD-4590-95ED-706A5F6B8C87}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C0A27E00-C044-45BA-ADF0-B0CC320E704E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BFA0627E-C944-475A-A9D2-A8D615ECA5AF}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{D3E159AD-09F1-475A-B961-38F4F890F6B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
13-06-2022 20:02:49 b4 telegram install
23-06-2022 11:55:46 b4 MB restart
28-06-2022 22:45:08 Windows Modules Installer
28-06-2022 23:03:00 Windows Modules Installer
28-06-2022 23:11:10 Windows Modules Installer
==================== Faulty Device Manager Devices ============
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: ========================
Application errors:
==================
Error: (06/30/2022 06:52:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SecHealthUI.exe version 10.0.19041.1741 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1770
Start Time: 01d88cdc25a67669
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Report Id: 7814071f-be0e-44b9-a559-be60305e9cc0
Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.1682_neutral__cw5n1h2txyewy
Faulting package-relative application ID: SecHealthUI
Hang type: Quiesce
Error: (06/29/2022 08:19:40 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "C:\Users\Helena\AppData\Roaming\mjusbsp\st00000\mjsetup.exe".Error in manifest or policy file "C:\Users\Helena\AppData\Roaming\mjusbsp\st00000\mjsetup.exe" on line 4.
Multiple requestedPrivileges elements are not allowed in manifest.
Error: (06/29/2022 08:18:49 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "C:\Users\Helena\AppData\Roaming\mjusbsp\in00000\mjsetup.exe".Error in manifest or policy file "C:\Users\Helena\AppData\Roaming\mjusbsp\in00000\mjsetup.exe" on line 4.
Multiple requestedPrivileges elements are not allowed in manifest.
Error: (06/28/2022 11:05:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program StartMenuExperienceHost.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1488
Start Time: 01d88724a41b158a
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Report Id: 16801879-cc1f-42d4-83d6-6babfe36dbdd
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Hang type: Quiesce
Error: (06/28/2022 11:04:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Msn.Weather.exe version 4.53.2206.7002 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 7e4
Start Time: 01d88b6d160a96f9
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.41582.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
Report Id:
Faulting package full name: Microsoft.BingWeather_4.53.41582.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Hang type: Activation
Error: (06/28/2022 01:57:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.1682 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2c7c
Start Time: 01d88a5034360beb
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: 462f31dc-477b-4d9c-a085-f4306d206625
Faulting package full name: Microsoft.Windows.Search_1.14.4.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: ShellFeedsUI
Hang type: Quiesce
Error: (06/27/2022 12:32:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.1682 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2908
Start Time: 01d888fb575836f6
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: 6b98019b-661b-49f2-ab02-1a7d7c6e86da
Faulting package full name: Microsoft.Windows.Search_1.14.4.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: ShellFeedsUI
Hang type: Quiesce
Error: (06/25/2022 07:58:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.1682 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 22c8
Start Time: 01d887277d3319db
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Report Id: eafa6f91-3073-4a35-a59d-2f6f52cb2ea5
Faulting package full name: Microsoft.Windows.Search_1.14.4.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: ShellFeedsUI
Hang type: Quiesce
System errors:
=============
Error: (07/01/2022 03:55:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/01/2022 03:50:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/01/2022 03:45:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/01/2022 03:40:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/01/2022 03:35:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/01/2022 03:30:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/01/2022 03:25:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/01/2022 03:20:36 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Windows Defender:
================
Date: 2022-07-01 11:23:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-06-28 20:51:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-06-27 20:45:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-06-26 20:29:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-06-25 20:29:56
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-01-13 17:51:27
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2022-01-02 21:53:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A09 03/11/2008
Motherboard: Dell Inc. 0GM819
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 90%
Total physical RAM: 3956.61 MB
Available physical RAM: 380.68 MB
Total Virtual: 10100.61 MB
Available Virtual: 4772.08 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:926.93 GB) (Free:833.94 GB) (Model: Hitachi HDS721010KLA330 ATA Device) NTFS
\\?\Volume{6462e9a1-d38d-11e3-9305-806e6f6e6963}\ (System) (Fixed) (Total:3.76 GB) (Free:0.56 GB) NTFS
\\?\Volume{c07cf236-0000-0000-0000-00ace8000000}\ () (Fixed) (Total:0.82 GB) (Free:0.41 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C07CF236)
Partition 1: (Active) - (Size=3.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=926.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=844 MB) - (Type=27)
==================== End of Addition.txt =======================
Hi, pastywhitegurl.
I'll be helping you with your computer's issues.
These are my first comments/instructions:
1. RAMThese lines are from your logs:
Percentage of memory in use: 90%
Total physical RAM: 3956.61 MB
Available physical RAM: 380.68 MB
That means you have only 4GB RAM installed, and 90% of it is in use. So the slowness you are experiencing is rather related to a lack of sufficient resources to run your programs. 380MB is not enough to work with. The best solution would be to install additional memory. Here (https://www.crucial.com/) you can run a free RAM wizard to determine which RAM is compatible with your motherboard. You download and run a small program, which will scan your computer and then recommend compatible RAM. You don't have to buy from them, but you can find out how much RAM the computer can accept.
2. VerizonYou said here: (https://www.landzdown.com/computer-problems-questions-and-solutions!/what-is-this-folder/msg206042/#msg206042)
QuoteWhich brings up another question: why is there a verizon folder anyway? I've never used verizon for my phone service or anything else that I can recall.
However, you have two Verizon programs installed, based on your logs:
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
I read (https://www.verizon.com/support/knowledge-base-80200/) about the latter:
QuoteThis helps you update the software on your Samsung device using your computer
I don't know how it works, but since you have these programs installed, I'm not surprised about the folder appeared on the Desktop. In case you don't use/need the programs, you can uninstall them of course.
3. Uninstall WinPatrolAlthough WinPatrol did a really good job in previous versions of Windows, there is no need to keep it in a Windows 10 and 11 computer, since these everything is taken care by the system. Have, also, in mind that the product is no longer get updates, so actually it doesn't serve any purpose right now.
3. FRST fixPlease do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system- Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FirewallRules: [{C708961B-0BCE-49F1-B45D-08B5BF92B75A}] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{F58BE963-0C20-491E-B43A-B8996961E06F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{D359D1E0-68F2-4F68-8F46-C51D464CD490}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{92754EFD-8A92-46B5-8D3B-18728758B5B8}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{5F6DB663-0F9D-4EBD-965C-8CD99F2FB227}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{49E21789-99A7-4F11-AA7F-902C401DE6CA}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{E223B679-9DDF-49AD-A1E0-CF2683EC0C07}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [UDP Query User{DED88290-5AF3-4A5E-BE81-5E1E0A966201}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe => No File
FirewallRules: [TCP Query User{35287505-472A-4C0A-A78A-04626C58EC0A}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe => No File
FirewallRules: [{41A76461-A847-4ED3-ADDF-2B14667B1B14}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe => No File
FirewallRules: [{51F55BA3-98FB-47DE-A789-E7D769386793}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe => No File
FirewallRules: [UDP Query User{153A47F5-FC9D-4AE8-AB23-F5647C4B7125}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin => No File
FirewallRules: [TCP Query User{D1CC3547-BB26-47A2-B6F2-B04CA515DAC5}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin => No File
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Uninstall 22.111.0522.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\22.111.0522.0002" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\MountPoints2: {251e69fc-d200-11ec-9ccd-0014d1fa11a1} - "F:\VZW_Software_upgrade_assistant.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {1A327E14-3348-4D82-BA9F-3D9156844511} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {1F5FF165-2F20-44BA-A566-AE70B1099F0C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {2A914597-8D60-4C8A-845F-7C6B9698411F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {3BE1F1BC-5BE6-4B1A-9974-AA07DE8A3B5C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
Task: {403DA6FD-63E7-4F7E-9F2A-0D545410941E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {52AAFEA1-9569-4FAA-BFF8-247BB70FDFA3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {5691B2A8-0468-4C5C-87DD-CFA539E133B3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {6E227D86-F9B2-46DD-80F4-7FDD3F52F855} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {79269E68-B26F-4D8B-8166-7BF427E3FB12} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {7BEFDAC2-DF77-4486-AE5E-9638D19CB8A4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges (No File)
Task: {A51DE8EF-2078-40EB-BA7D-EC285D170034} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {B687CEBE-FA8A-4F43-8016-F92A8D5862E7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {BBFBE970-925D-4581-A00D-EE4177311E62} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File)
Task: {BCD07FC1-F311-442F-8093-A5A7B42733F2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {BE3C0C64-EAB0-4DB2-ACD8-3D3FCB3E6C18} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C659F16F-A4C3-45C9-B031-2805B488C642} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {D3BB3CF2-C59B-49F6-8422-5FB23EC4C4E3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {D3DD5E21-E529-4A67-860E-FA96754EE492} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {D9C1DFA0-E865-487F-8C6D-63AB6EC1DF12} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {E0612474-1111-4866-BE32-277060951C9F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {EEDE1370-0002-495D-A32F-C4061417EDF6} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {F1113B51-1D61-4A41-B21F-92142178CB98} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {F3384579-64DC-40C1-B982-CFAA66121805} - System32\Tasks\{388ED8BB-DE22-4551-8878-F11FF5D89FEE} => C:\Windows\system32\pcalua.exe -a C:\Users\Helena\AppData\Local\Temp\Shockwave_Installer_FF.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
Task: {F4433939-EA79-44A2-B68E-86991B328547} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {F943D144-419E-4482-B61E-002605CE1FEA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {53C1002C-A1F8-4AC1-9A14-4076D4475F99} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {69D28494-AF77-4BB4-8498-C02DA9A82FB5} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {9C578E9E-58F8-478E-904A-B9428EBFD5B2} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {BF8070BE-5E8B-402E-880C-2C676A4D7314} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {D982EE24-A772-438C-A60F-39628F96627F} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {EF264487-B955-4558-8484-48085101BC1A} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [No File]
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [No File]
U3 idsvc; no ImagePath
HKLM\...\StartupApproved\Run32: => "PDFProHook"
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
- Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Please post the log in your next reply.
In your next reply please post:1. If you successfully uninstalled WinPatrol and (if you decided to) Verizon programs.
2. The fixlog.txt
I made a restore point, then uninstalled Win Patrol. I was only keeping it to see when new start up programs were added. So not really necessary. Gone now. :)
I (eventually) successfully uninstalled the Verizon programs and moved the ModulesPlugins folder that started this whole thing to the recycle bin.
I ran the memory check tool and my machine cannot accept any extra RAM. Maybe you can suggest some ways I can maximize what I have?
I ran the FIX on the FRST program, and it seemed to get in a loop and then became unresponsive, and while that was happening, I checked task manager and found that Windows Module Installer process is maxing out the disk useage. Memory is in the 70% range. Also both MB and Defender were using a lot more resources than normal. I tried to restart the installer service as recommended in some windows forum posts, but that option was grayed out. I tried the "refresh" option but that didn't seem to do anything.
I tried a restart, and even though my June updates had successfully installed, there was a notice that windows was preparing updates. That went on for an hour, then I shut down the computer and restarted it an hour or so later. It again came up saying it was 35% done preparing updates (?) and then the windows music played and my home screen appeared. I tried to uninstall the 2 Verizon programs, but the first one got stuck in a loop and couldn't complete. So I shut down completely again. After logging in, Windows Module Installer Worker was maxing the Disk useage still. So I ended the process. I was then able to revert the aborted uninstall and uninstall both verizon programs. I have moved the PluginModules folder that started this whole thing to the recycle bin. The Windows Module Installer Worker has restarted itself and is again maxing out the Disk.
The FRST fix finally completed after the third try, so it is the third try fixlog.txt that is posted. If you need to see the first two, I did save them and can post if you wish. After the reboot required by the end of the fixit program, I have put windows updates on pause and the worker process is not active now. Power useage is back to normal for now.
Something is wrong with windows updates, because on reboot, I saw the updates 35% complete again notice, but not a notice that they were completed--went from 35% right to the home screen.
=========================================
Fix result of Farbar Recovery Scan Tool (x64) Version: 30-06-2022 01
Ran by Helena (02-07-2022 11:22:27) Run:3
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
FirewallRules: [{C708961B-0BCE-49F1-B45D-08B5BF92B75A}] => (Block) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{F58BE963-0C20-491E-B43A-B8996961E06F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{D359D1E0-68F2-4F68-8F46-C51D464CD490}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe => No File
FirewallRules: [{92754EFD-8A92-46B5-8D3B-18728758B5B8}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{5F6DB663-0F9D-4EBD-965C-8CD99F2FB227}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{49E21789-99A7-4F11-AA7F-902C401DE6CA}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [{E223B679-9DDF-49AD-A1E0-CF2683EC0C07}] => (Allow) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe => No File
FirewallRules: [UDP Query User{DED88290-5AF3-4A5E-BE81-5E1E0A966201}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe => No File
FirewallRules: [TCP Query User{35287505-472A-4C0A-A78A-04626C58EC0A}C:\program files\pale moon\palemoon.exe] => (Allow) C:\program files\pale moon\palemoon.exe => No File
FirewallRules: [{41A76461-A847-4ED3-ADDF-2B14667B1B14}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe => No File
FirewallRules: [{51F55BA3-98FB-47DE-A789-E7D769386793}] => (Allow) C:\Windows\SysWOW64\lxbvcoms.exe => No File
FirewallRules: [UDP Query User{153A47F5-FC9D-4AE8-AB23-F5647C4B7125}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin => No File
FirewallRules: [TCP Query User{D1CC3547-BB26-47A2-B6F2-B04CA515DAC5}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin => No File
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\RunOnce: [Uninstall 22.111.0522.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Helena\AppData\Local\Microsoft\OneDrive\22.111.0522.0002" (No File)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\MountPoints2: {251e69fc-d200-11ec-9ccd-0014d1fa11a1} - "F:\VZW_Software_upgrade_assistant.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {1A327E14-3348-4D82-BA9F-3D9156844511} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {1F5FF165-2F20-44BA-A566-AE70B1099F0C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {2A914597-8D60-4C8A-845F-7C6B9698411F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {3BE1F1BC-5BE6-4B1A-9974-AA07DE8A3B5C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
Task: {403DA6FD-63E7-4F7E-9F2A-0D545410941E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {52AAFEA1-9569-4FAA-BFF8-247BB70FDFA3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {5691B2A8-0468-4C5C-87DD-CFA539E133B3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {6E227D86-F9B2-46DD-80F4-7FDD3F52F855} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {79269E68-B26F-4D8B-8166-7BF427E3FB12} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {7BEFDAC2-DF77-4486-AE5E-9638D19CB8A4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges (No File)
Task: {A51DE8EF-2078-40EB-BA7D-EC285D170034} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {B687CEBE-FA8A-4F43-8016-F92A8D5862E7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {BBFBE970-925D-4581-A00D-EE4177311E62} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File)
Task: {BCD07FC1-F311-442F-8093-A5A7B42733F2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {BE3C0C64-EAB0-4DB2-ACD8-3D3FCB3E6C18} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {C659F16F-A4C3-45C9-B031-2805B488C642} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {D3BB3CF2-C59B-49F6-8422-5FB23EC4C4E3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {D3DD5E21-E529-4A67-860E-FA96754EE492} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {D9C1DFA0-E865-487F-8C6D-63AB6EC1DF12} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {E0612474-1111-4866-BE32-277060951C9F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {EEDE1370-0002-495D-A32F-C4061417EDF6} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {F1113B51-1D61-4A41-B21F-92142178CB98} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {F3384579-64DC-40C1-B982-CFAA66121805} - System32\Tasks\{388ED8BB-DE22-4551-8878-F11FF5D89FEE} => C:\Windows\system32\pcalua.exe -a C:\Users\Helena\AppData\Local\Temp\Shockwave_Installer_FF.exe -d "C:\Program Files (x86)\Mozilla Firefox" <==== ATTENTION
Task: {F4433939-EA79-44A2-B68E-86991B328547} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {F943D144-419E-4482-B61E-002605CE1FEA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {53C1002C-A1F8-4AC1-9A14-4076D4475F99} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {69D28494-AF77-4BB4-8498-C02DA9A82FB5} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {9C578E9E-58F8-478E-904A-B9428EBFD5B2} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {BF8070BE-5E8B-402E-880C-2C676A4D7314} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {D982EE24-A772-438C-A60F-39628F96627F} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
Task: {EF264487-B955-4558-8484-48085101BC1A} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1211151.dll [No File]
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [No File]
U3 idsvc; no ImagePath
HKLM\...\StartupApproved\Run32: => "PDFProHook"
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
*****************
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
"C:\ProgramData\TEMP" => ":5C321E34" ADS not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\System32\blank.htm" => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\"Local Page"="C:\Windows\SysWOW64\blank.htm" => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C708961B-0BCE-49F1-B45D-08B5BF92B75A}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F58BE963-0C20-491E-B43A-B8996961E06F}C:\program files (x86)\skype\phone\skype.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D359D1E0-68F2-4F68-8F46-C51D464CD490}C:\program files (x86)\skype\phone\skype.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92754EFD-8A92-46B5-8D3B-18728758B5B8}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F6DB663-0F9D-4EBD-965C-8CD99F2FB227}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{49E21789-99A7-4F11-AA7F-902C401DE6CA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E223B679-9DDF-49AD-A1E0-CF2683EC0C07}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DED88290-5AF3-4A5E-BE81-5E1E0A966201}C:\program files\pale moon\palemoon.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{35287505-472A-4C0A-A78A-04626C58EC0A}C:\program files\pale moon\palemoon.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{41A76461-A847-4ED3-ADDF-2B14667B1B14}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51F55BA3-98FB-47DE-A789-E7D769386793}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{153A47F5-FC9D-4AE8-AB23-F5647C4B7125}C:\program files (x86)\libreoffice 4\program\soffice.bin" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D1CC3547-BB26-47A2-B6F2-B04CA515DAC5}C:\program files (x86)\libreoffice 4\program\soffice.bin" => not found
"HKU\S-1-5-21-831887293-3776352801-720962199-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => not found
"HKU\S-1-5-21-831887293-3776352801-720962199-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => not found
"HKU\S-1-5-21-831887293-3776352801-720962199-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 22.111.0522.0002" => not found
HKU\S-1-5-21-831887293-3776352801-720962199-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{251e69fc-d200-11ec-9ccd-0014d1fa11a1} => not found
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found
"C:\ProgramData\NTUSER.pol" => not found
HKLM\SOFTWARE\Policies\Google => not found
HKLM\SOFTWARE\Policies\Microsoft\Edge => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A327E14-3348-4D82-BA9F-3D9156844511}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F5FF165-2F20-44BA-A566-AE70B1099F0C}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A914597-8D60-4C8A-845F-7C6B9698411F}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BE1F1BC-5BE6-4B1A-9974-AA07DE8A3B5C}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{403DA6FD-63E7-4F7E-9F2A-0D545410941E}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52AAFEA1-9569-4FAA-BFF8-247BB70FDFA3}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5691B2A8-0468-4C5C-87DD-CFA539E133B3}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E227D86-F9B2-46DD-80F4-7FDD3F52F855}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79269E68-B26F-4D8B-8166-7BF427E3FB12}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1 => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BEFDAC2-DF77-4486-AE5E-9638D19CB8A4}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A51DE8EF-2078-40EB-BA7D-EC285D170034}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B687CEBE-FA8A-4F43-8016-F92A8D5862E7}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBFBE970-925D-4581-A00D-EE4177311E62}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate_scheduled => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCD07FC1-F311-442F-8093-A5A7B42733F2}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE3C0C64-EAB0-4DB2-ACD8-3D3FCB3E6C18}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C659F16F-A4C3-45C9-B031-2805B488C642}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3BB3CF2-C59B-49F6-8422-5FB23EC4C4E3}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2 => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3DD5E21-E529-4A67-860E-FA96754EE492}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9C1DFA0-E865-487F-8C6D-63AB6EC1DF12}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0612474-1111-4866-BE32-277060951C9F}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEDE1370-0002-495D-A32F-C4061417EDF6}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1113B51-1D61-4A41-B21F-92142178CB98}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3384579-64DC-40C1-B982-CFAA66121805}" => not found
"C:\WINDOWS\System32\Tasks\{388ED8BB-DE22-4551-8878-F11FF5D89FEE}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{388ED8BB-DE22-4551-8878-F11FF5D89FEE}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4433939-EA79-44A2-B68E-86991B328547}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F943D144-419E-4482-B61E-002605CE1FEA}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControlsMigration" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53C1002C-A1F8-4AC1-9A14-4076D4475F99}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\MobilePC\HotStart" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControls" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69D28494-AF77-4BB4-8498-C02DA9A82FB5}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\AutoWake" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C578E9E-58F8-478E-904A-B9428EBFD5B2}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF8070BE-5E8B-402E-880C-2C676A4D7314}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D982EE24-A772-438C-A60F-39628F96627F}" => not found
"C:\WINDOWS\System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent E7CF176E110C211B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF264487-B955-4558-8484-48085101BC1A}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => not found
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin => not found
idsvc => service not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\PDFProHook" => not found
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PDFProHook" => not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 => removed successfully
========= DISM /Online /Cleanup-Image /RestoreHealth =========
Deployment Image Servicing and Management tool
Version: 10.0.19041.844
Image Version: 10.0.19044.1766
[== 3.8% ]
[== 3.8% ]
[== 3.9% ]
[== 4.0% ]
[== 4.1% ]
[== 4.4% ]
[== 4.5% ]
[== 4.7% ]
[== 4.8% ]
[== 4.9% ]
[== 4.9% ]
[== 5.1% ]
[== 5.1% ]
[=== 5.2% ]
[=== 5.3% ]
[=== 5.4% ]
[=== 5.5% ]
[=== 5.6% ]
[=== 5.7% ]
[=== 5.9% ]
[=== 6.0% ]
[=== 6.2% ]
[=== 6.3% ]
[=== 6.6% ]
[=== 6.9% ]
[==== 7.1% ]
[==== 7.2% ]
[==== 7.3% ]
[==== 7.5% ]
[==== 7.7% ]
[==== 8.0% ]
[==== 8.2% ]
[==== 8.5% ]
[===== 8.8% ]
[===== 9.1% ]
[===== 9.2% ]
[===== 9.4% ]
[===== 9.5% ]
[===== 9.7% ]
[===== 9.9% ]
[===== 10.0% ]
[===== 10.0% ]
[===== 10.3% ]
[====== 10.6% ]
[====== 10.8% ]
[====== 10.9% ]
[====== 11.2% ]
[====== 11.4% ]
[====== 11.6% ]
[====== 11.8% ]
[====== 12.0% ]
[======= 12.2% ]
[======= 12.4% ]
[======= 12.6% ]
[======= 12.7% ]
[======= 12.7% ]
[======= 12.8% ]
[======= 13.1% ]
[======= 13.1% ]
[======= 13.2% ]
[======= 13.4% ]
[======= 13.5% ]
[======= 13.7% ]
[======= 13.7% ]
[======== 14.3% ]
[======== 14.3% ]
[======== 14.6% ]
[======== 14.9% ]
[======== 15.2% ]
[======== 15.4% ]
[========= 15.7% ]
[========= 16.2% ]
[========= 17.2% ]
[========== 18.2% ]
[========== 18.6% ]
[========== 18.9% ]
[=========== 19.4% ]
[=========== 19.7% ]
[=========== 19.9% ]
[=========== 20.3% ]
[============ 20.8% ]
[============ 21.0% ]
[============ 21.4% ]
[============ 21.9% ]
[============ 22.3% ]
[============= 22.8% ]
[============= 23.0% ]
[============= 23.5% ]
[============= 23.6% ]
[============= 23.8% ]
[============== 24.2% ]
[============== 24.5% ]
[============== 24.6% ]
[============== 24.8% ]
[============== 24.8% ]
[============== 25.1% ]
[============== 25.4% ]
[============== 25.6% ]
[============== 25.7% ]
[=============== 26.0% ]
[=============== 26.1% ]
[=============== 26.2% ]
[=============== 26.3% ]
[=============== 26.3% ]
[=============== 26.4% ]
[=============== 26.6% ]
[=============== 26.8% ]
[=============== 26.9% ]
[=============== 27.2% ]
[=============== 27.5% ]
[================ 27.8% ]
[================ 28.2% ]
[================ 28.6% ]
[================ 29.0% ]
[================= 29.4% ]
[================= 29.7% ]
[================= 30.0% ]
[================= 30.3% ]
[================= 30.7% ]
[================= 30.9% ]
[================== 31.2% ]
[================== 31.3% ]
[================== 31.4% ]
[================== 31.5% ]
[================== 31.6% ]
[================== 31.8% ]
[================== 31.8% ]
[================== 31.9% ]
[================== 32.0% ]
[================== 32.1% ]
[================== 32.2% ]
[================== 32.5% ]
[================== 32.7% ]
[=================== 33.1% ]
[=================== 33.2% ]
[=================== 33.3% ]
[=================== 33.6% ]
[=================== 33.9% ]
[=================== 34.0% ]
[=================== 34.1% ]
[=================== 34.3% ]
[==================== 34.6% ]
[==================== 34.6% ]
[==================== 34.8% ]
[==================== 35.0% ]
[==================== 35.3% ]
[==================== 35.4% ]
[==================== 35.6% ]
[==================== 35.9% ]
[==================== 36.0% ]
[==================== 36.0% ]
[==================== 36.1% ]
[==================== 36.2% ]
[===================== 36.2% ]
[===================== 36.2% ]
[===================== 36.3% ]
[===================== 36.4% ]
[===================== 36.5% ]
[===================== 36.5% ]
[===================== 36.8% ]
[===================== 37.3% ]
[===================== 37.4% ]
[===================== 37.5% ]
[===================== 37.5% ]
[===================== 37.6% ]
[===================== 37.7% ]
[===================== 37.7% ]
[===================== 37.7% ]
[===================== 37.7% ]
[===================== 37.8% ]
[===================== 37.9% ]
[====================== 38.0% ]
[====================== 38.0% ]
[====================== 38.0%
(continued with next entry:)
[====================== 38.0% ]
[====================== 38.1% ]
[====================== 38.1% ]
[====================== 38.3% ]
[====================== 38.3% ]
[====================== 38.3% ]
[====================== 38.5% ]
[====================== 38.6% ]
[====================== 38.6% ]
[====================== 38.6% ]
[====================== 38.6% ]
[====================== 38.7% ]
[====================== 38.7% ]
[====================== 38.8% ]
[====================== 38.8% ]
[====================== 38.9% ]
[====================== 38.9% ]
[====================== 38.9% ]
[====================== 39.0% ]
[====================== 39.0% ]
[====================== 39.1% ]
[====================== 39.1% ]
[====================== 39.2% ]
[====================== 39.2% ]
[====================== 39.3% ]
[====================== 39.3% ]
[====================== 39.4% ]
[====================== 39.5% ]
[====================== 39.5% ]
[====================== 39.5% ]
[====================== 39.6% ]
[======================= 39.8% ]
[======================= 39.8% ]
[======================= 39.8% ]
[======================= 39.9% ]
[======================= 40.0% ]
[======================= 40.1% ]
[======================= 40.2% ]
[======================= 40.2% ]
[======================= 40.4% ]
[======================= 40.5% ]
[======================= 40.5% ]
[======================= 40.6% ]
[======================= 40.7% ]
[======================= 40.8% ]
[======================= 40.8% ]
[======================= 41.0% ]
[======================= 41.1% ]
[======================= 41.3% ]
[======================= 41.3% ]
[======================== 41.5% ]
[======================== 41.7% ]
[======================== 41.7% ]
[======================== 41.7% ]
[======================== 42.0% ]
[======================== 42.0% ]
[======================== 42.2% ]
[======================== 42.3% ]
[======================== 42.5% ]
[======================== 42.5% ]
[======================== 42.6% ]
[======================== 42.9% ]
Error: 1726
The remote procedure call failed.
The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
========= End of CMD: =========
========= SFC /scannow =========
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 877154586 B
Java, Discord, Steam htmlcache => 50931412 B
Windows/system/drivers => 460418228 B
Edge => 979929 B
Chrome => 70615564 B
Brave => 1166947884 B
Firefox => 138261926 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 16384 B
ProgramData => 16384 B
Public => 16384 B
systemprofile => 16384 B
systemprofile32 => 16384 B
LocalService => 32768 B
NetworkService => 2341200 B
Helena => 215376191 B
DefaultAppPool => 215392575 B
RecycleBin => 576964123 B
EmptyTemp: => 3.5 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 12:04:39 ====
Hi.
I see that your computer can accept up to 8GB RAM: https://www.crucial.com/compatible-upgrade-for/dell/optiplex-755-series-(desktop-mini-tower-and-small-form-factor)
What was the message you got after you ran the RAM wizard?
A couple of other things to have in mind:
Never shut down the computer while updating. You can harm it that way.
Never do other things while running a fix. You said the fix got into a loop and it was not responsive. Although you thought that, it was running. Since I included specific commands in it, it needed its time.
Anyway, please let the updates to get completed before we continue. Do not shut the computer in the middle of updating. Give it as much of time as it needs. It would be better not to use the computer during the procedure, since it will become slow. When you are ready, let me know. I will be waiting for you.
Thank you Dr.M!
I have run this program before and it always finished quickly, so I didn't realize it might have more going on this time and assumed it was stuck.
You may not believe this, but this was the first time I've ever ignored the "do not turn off your computer" warning when restarting Windows. But after an hour of waiting for it to progress beyond 35%, it seemed like the only option was to shut down. I should have posted and asked what to do. :(
I ran the memory scan tool again. Screenshot is attached of results. Under the DRAM tab, it said the following: "We do not have compatible memory upgrades for your system at this time. There are, however, options to add internal or external SSD."
I have no experience with those.
The link you posted leads me to a 404 page
I let the computer search for updates. It found a definitions update for defender and installed it. The control panel now says my computer is up to date. I then restarted windows and it booted normally without any "windows is preparing updates" messages. So hopefully whatever was glitching has been sorted.
Thankyou for sticking with me!
You are welcome, pastywhitegurl.
Strange about the link. The result was similar to what you got.
The thing is that they don't have compatible memory for your computer. So you can buy from elsewhere. Let's leave this for the end of the procedure. You do not need an SSD.
The FRST fix was successfully completed. The "not found" indications show that the items included were removed.
Also, the System File Checker utility revealed corrupt files which were successfully repaired.
Let's continue with Malwarebytes now. You said that you already ran a scan, which probably didn't complete. Let's try once more.
Run Malwarebytes (scan only)
- Open Malwarebytes.
- Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
Under the title Scan Options, all the options are checked.
Under the title Windows Security Center (Premium only) the option is NOT checked.
Under the title Potentially unwanted items all options are set to Always.
- Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
- When finished, you will see the Threat Scan Summary window open.
If threats are not found, click
View Report and proceed to the
two last steps below. If threats are found, make sure that
all threats are not selected, close the program and proceed to the next steps below.
- Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
- Find the report with the most recent date and double click on it.
- Click on Export and then Copy to Clipboard.
- Paste its content here, in your next reply.
I'll not give instructions about anything else now, just to check what is going to happen with Malwarebytes. Again, give it time to finish.
Thankfully, it didn't take hours this time. No infections found.
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 7/2/22
Scan Time: 2:36 PM
Log File: 444abfa8-fa3e-11ec-afb1-001e4fece3a3.json
-Software Information-
Version: 4.5.10.200
Components Version: 1.0.1709
Update Package Version: 1.0.56699
License: Premium
-System Information-
OS: Windows 10 (Build 19044.1766)
CPU: x64
File System: NTFS
User: Helena-PC\Helena
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 342604
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 23 min, 42 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Very good!
Let's make another scan with AdwCleaner:
Run AdwCleaner (scan only)Download
AdwCleaner (https://www.bleepingcomputer.com/download/adwcleaner/) and save it to your desktop.
- Double click AdwCleaner.exe to run it.
- Click Scan Now.
- When the scan has finished, a Scan Results window will open.
- Click Cancel (at this point do not attempt to Quarantine anything that is found)
- Now click the Log Files tab.
- Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
- A Notepad file will open containing the results of the scan.
- Please post the contents of the file in your next reply.
That was a quick one. :) Computer is running much better now. Way less resources being used.
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-03-2022
# Duration: 00:00:41
# OS: Windows 10 Pro
# Scanned: 32061
# Detected: 1
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.SamsungSmartSwitch Folder C:\Users\Helena\AppData\Roaming\SAMSUNG\SMART SWITCH PC
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Hello.
Everything is clean. The only item detected has to do with pre-installed software.
C:\Users\Helena\AppData\Roaming\SAMSUNG\SMART SWITCH PC
Preinstalled Software is software that was apparently installed when the device was new, which you may or may not use. Personally, I do not keep anything I don't use/need. But it's your computer, so your decision.
You can either remove the folder manually and then restart, or proceed to the following:
- Double click AdwCleaner.exe on your Desktop, to run it as you did before.
- Click Scan Now.
- When the scan has finished a Scan Results window will open.
- Please check all the boxes and then click Quarantine.
- Click Next.
- If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
- Check any pre-installed software items you want to remove.
- Click Quarantine.
- A prompt to save your work will appear.
- Click Continue when you're ready to proceed.
- A prompt to restart your computer will appear.
==========================
Once your computer has restarted:
- If it doesn't open automatically, please start AdwCleaner.
- Click the Log Files tab.
- Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
- A Notepad file will open containing the results of the removal.
- Please post the contents of the file in your next reply.
===========================
Regardless of your decision about removing pre-installed software, I would now like to check fresh FRST logs, to ensure that everything is fine:
- Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
- Press Scan button and wait for a while.
- The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
- Please copy and paste the content of these two logs in your next reply.
===========================
In your next reply please post:
1. What did you do with the preinstalled software and the AdwCleaner[C0*].txt in case you removed it.
2. The fresh FRST logs, Addition and FRST.
Reading DR M's reply got me thinking (always dangerous) about the Samsung Smart Switch entry.
It appears FusNetworkManager could be related to that as it can be a Samsung item: https://threatinfo.net/files/FusNetworkManager.dll-c1945c44f7d097ca19a50bb018382c6c
Then I saw you use Firefox. Ever since v98, file download behavior has changed, now all downloads are automatically saved somewhere to the computer (rather than a temp folder). In my case, the default is set to my desktop, so everything I download (pdf, jpg, exe, etc) now appears on my desktop ... I actually find this to be a bit of a pain in most cases, especially when I just want to open and read a pdf. The result is always a bunch of things to delete from the desktop when I shut down for the day.
Did you recently update the Smart Switch program via download in Firefox, maybe around the time this folder appeared on your desktop?
Hi, Winchester. :)
In fact there are more Samsung programs installed:
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
These were not detected as pre-installed.
The FusNetworkManager.dll and the other one, were related to the Verizons programs, also involving Samsung:
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{8D327827-8FDE-45D8-AD3C-5CB4371BC533}) (Version: 4.21.0205 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{930FA71B-703F-4178-9FE8-1BCAA359E6EE}) (Version: 4.18.1201 - Samsung Electronics Co., Ltd.)
As to the Firefox downlowded things directory, you are right. From the log:
FF DownloadDir: C:\Users\Helena\Desktop
I used the quarantine option to get rid of SAMSUNG SMART SWITCH. However I was not prompted to restart the computer. Do I need to do that anyway before posting the new FRST logs?
I'm pretty sure the Smart Switch program was something I downloaded in order to transfer my contacts to my new Samsung phone from the old phone. The two .dll files that were on my desktop are gone. I didn't realize when I put them in the recycle bin that the cleanup process would delete them, so they are no more. I'm happy to get rid of any Samsung programs still on the computer. If need something later, I can always download it again.
As for FireFox, it is not my main browser now. I just use it for testing web designs. I do keep it up to date. I have not used it to download anything for quite a while. The Smart Switch program was likely downloaded sometime around this past Oct/Nov when I got my new phone.
========================
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-03-2022
# Duration: 00:00:07
# OS: Windows 10 Pro
# Cleaned: 1
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.SamsungSmartSwitch Folder C:\Users\Helena\AppData\Roaming\SAMSUNG\SMART SWITCH PC
*************************
- Delete Tracing Keys
- Reset Winsock
*************************
AdwCleaner[S00].txt - [1473 octets] - [03/07/2022 06:51:08]
AdwCleaner[S01].txt - [1534 octets] - [03/07/2022 13:47:21]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
Hello.
Yes, always restart the computer after uninstalling a program.
QuoteI'm happy to get rid of any Samsung programs still on the computer.
This is what I would ask you as a next step: uninstall everything you don't need/use. Since you are dealing with a memory issue (RAM), this is something that would help a bit.
- Press the Windows Key + R.
- Type appwiz.cpl in the Run box and click OK.
- The Add/Remove Programs list will open. Locate any program you don't need/use.
- Select them, one by one, and click Uninstall.
- Restart the computer at the end of the procedure.
Provide the fresh FRST logs, after you uninstall any program and restart.
I've removed a few programs, but I have questions about others, as I don't know if they are being used by something else. Like the samsung universal print driver2. I wondered if since it was a universal driver, if it was being used by my xerox printer? And the Paperport program advised updates had to be made before it could be uninstalled, so I aborted that uninstall process because I didn't know what that would involve. Maybe I can post some others after you see the FRST logs.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-06-2022 01
Ran by Helena (administrator) on HELENA-PC (Dell Inc. OptiPlex 755) (03-07-2022 14:57:41)
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler64.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\AMT\atchk.exe
(explorer.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(explorer.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(services.exe ->) (Intel) [File not signed] C:\Program Files (x86)\Intel\AMT\LMS.exe
(services.exe ->) (Intel) [File not signed] C:\Program Files (x86)\Intel\AMT\UNS.exe
(services.exe ->) (Lexmark International, Inc. -> ) C:\Windows\System32\lxbvcoms.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(services.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.41582.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation) [File not signed]
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [cdloader] => C:\Users\Helena\AppData\Roaming\mjusbsp\cdloader2.exe [59048 2022-01-04] (magicJack, L.P. -> magicJack L.P.)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [MicrosoftEdgeAutoLaunch_FEC2D14AA1F15DAD90F56E6F9A07DBED] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-06-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Lexmark 2200 Series Print Processor: lxbvpp6c.dll
HKLM\...\Windows x64\Print Processors\spe__PC: C:\Windows\System32\spool\prtprocs\x64\spe__pc.dll [41984 2012-12-06] (Windows (R) Codename Longhorn DDK provider) [File not signed]
HKLM\...\Windows x64\Print Processors\SUGO3PC: C:\Windows\System32\spool\prtprocs\x64\sugo3pc.dll [27648 2006-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Windows x64\Print Processors\sxa6mPC: C:\Windows\System32\spool\prtprocs\x64\sxa6mpc.dll [43520 2014-02-20] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\usp02PC: C:\Windows\System32\spool\prtprocs\x64\usp02pc.dll [43520 2014-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\Xerox Network PC Fax Print Processor: C:\Windows\System32\spool\prtprocs\x64\XrxFaxProc64.dll [146944 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\...\Print\Monitors\2200 Series Port: C:\WINDOWS\system32\lxbvlmpm.dll [488448 2007-04-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\spe__ Langmon: C:\WINDOWS\system32\spe__l.dll [34304 2011-04-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\SUGO3 Langmon: C:\WINDOWS\system32\sugo3l6.dll [22016 2006-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\sxa6m Langmon: C:\WINDOWS\system32\sxa6mlm.dll [34304 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\usp02 Langmon: C:\WINDOWS\system32\usp02l.dll [29184 2014-04-16] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Xerox MFP PC Fax Port: C:\WINDOWS\system32\XrxFaxPort64.dll [280064 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.66\Installer\chrmstp.exe [2022-06-29] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\103.1.40.109\Installer\chrmstp.exe [2022-06-28] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2016-04-06]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.) [File not signed]
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08066272-E4CE-44F8-BAA8-8D9F63C44088} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1817527B-916E-4828-9064-8B9C7C88F4BD} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {26EA4B1A-5F1F-46D0-ADB9-64874994F0DB} - System32\Tasks\{26FF5CE4-1B64-467B-A8F9-E1AFBECA0043} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
Task: {2D14430F-8DB9-4A17-9A63-376EE205AC65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {3B0264B6-A933-4D1E-9B38-E53BA8C33C77} - \Mozilla\Firefox Default Browser Agent E7CF176E110C211B -> No File <==== ATTENTION
Task: {4A68B9CC-69D1-400C-8369-85BB21D1881B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4ABC4334-7813-4F8E-A6CA-F73EF6DCF744} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7C8CB8C9-96A6-441F-8406-88CA84AE83D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {862F6BDE-AB5D-41B7-9C59-13842AE6F2F3} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {E5681874-1A34-4209-90C0-66CF30C5E85A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fee10231-d6e0-42e1-a19b-a0f5a78c86cc}: [DhcpNameServer] 192.168.1.1
Edge:
=======
DownloadDir: C:\Users\Helena\Desktop
Edge Notifications: HKU\S-1-5-21-831887293-3776352801-720962199-1001 -> hxxps://web.skype.com
Edge Extension: (Ghostery – Privacy Ad Blocker) -> EdgeExtension_GhosteryGhostery_kzkqe0pn505dg => C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.6.0_neutral__kzkqe0pn505dg [2020-07-20]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-02]
Edge DownloadDir: Default -> C:\Users\Helena\Desktop
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Textarea Cache) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chpphekfimlabghbdankokcohcmnbmab [2020-10-21]
Edge Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-15]
Edge Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2022-06-29]
Edge Extension: (Measure-it) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gbaokpnhddikgoalopfdjjhgahfcecge [2021-06-07]
Edge Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lhnbdlbhcokmgpjenkjolnhdnkphnkam [2022-06-29]
Edge Extension: (uBlock Origin) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2022-05-15]
Edge Extension: (Weather Forecast) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\phklfmbdnakdekionmpfdiihnmijfpnl [2022-02-08]
FireFox:
========
FF DefaultProfile: n27s1rnq.default
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default [2022-07-02]
FF DownloadDir: C:\Users\Helena\Desktop
FF Session Restore: Mozilla\Firefox\Profiles\n27s1rnq.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\n27s1rnq.default -> hxxp://mail.google.com; hxxps://mail.google.com; hxxp://us-mg6.mail.yahoo.com; hxxps://us-mg6.mail.yahoo.com; hxxps://twitter.com; hxxps://us-mg4.mail.yahoo.com; hxxps://mg.mail.yahoo.com; hxxps://mail.yahoo.com
FF Extension: (Disconnect) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\2.0@disconnect.me.xpi [2020-05-16]
FF Extension: (Archive URL) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\@save-url-to-wayback-machine-firefox-addon.xpi [2020-05-16]
FF Extension: (Copy Link Text) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\copylinktext@brett(2).zamir [2014-05-11] [Legacy] [not signed]
FF Extension: (Edit) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\edit@eros.man.xpi [2020-05-16]
FF Extension: (eSnipe.com SnipeIt!) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\esnipesnipeit@esnipe.com.xpi [2018-02-10] [UpdateUrl:hxxps://www.esnipe.com/SnipeIt_FirefoxExtension/update.json]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firefox@ghostery.com.xpi [2020-07-31]
FF Extension: (Tampermonkey) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firefox@tampermonkey.net.xpi [2020-05-16]
FF Extension: (pinterest-guest) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-SWdspnBEetWxoA@jetpack.xpi [2020-05-16]
FF Extension: (Copy Selected Links) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-vs5odTmtIydjMg@jetpack.xpi [2020-05-16]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2020-07-31]
FF Extension: (Open With) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\openwith@darktrojan(2).net [2014-05-11] [Legacy] [not signed]
FF Extension: (SuperStop) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\superstop@gavinsharp.com.xpi [2018-06-20]
FF Extension: (Textarea Cache) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\textarea-cache-lite@wildsky.cc.xpi [2020-05-16]
FF Extension: (uBlock Origin) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\uBlock0@raymondhill.net.xpi [2020-05-24]
FF Extension: (YesScript2) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\yesscript202@example.org.xpi [2020-06-08]
FF Extension: (YouTube to MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\youtube2mp3@mondayx(2).de [2014-05-11] [Legacy] [not signed]
FF Extension: (Imagus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{00000f2a-7cde-4f20-83ed-434fcb420d71}.xpi [2020-05-16] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Image Block X) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{0035bf10-3f36-4d60-b92d-08c1a8b060a6}.xpi [2020-05-16]
FF Extension: (Screengrab!) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-06-20]
FF Extension: (FireShot) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (LittleFox) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi [2020-05-16]
FF Extension: (Empty Cache Button) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2017-12-16]
FF Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2020-06-21]
FF Extension: (Text Link) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2020-05-16]
FF Extension: (InFormEnter+) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi [2020-05-24]
FF Extension: (ColorZilla) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-12-12]
FF Extension: (Stylus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}.xpi [2020-05-16]
FF Extension: (bbCodeWebex) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7e19f8dd-0cf6-498a-8072-bae5b2db65e5}.xpi [2020-05-27]
FF Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{853d1586-e2ab-4387-a7fd-1f7f894d2651}.xpi [2020-05-24]
FF Extension: (Clippings) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}.xpi [2020-05-19]
FF Extension: (YouTube Downloader Converter MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2020-05-16]
FF Extension: (Weather) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a79a9c4c-9c3f-4bf4-9e58-6574cc0b7ecb}.xpi [2020-05-24]
FF Extension: (Simple stylish) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a8e5fca1-24ae-4de6-b3c4-80d2d316f8f9}.xpi [2019-11-16]
FF Extension: (ruler) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{b1355a29-9265-4b5e-a3ad-e9d61265d5ac}.xpi [2020-05-16]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-05-25]
FF Extension: (Adblock Plus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (Top and Bottom scroll buttons) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d8c7bd7f-3e7d-456a-be71-29973917ec72}.xpi [2020-05-16]
FF Extension: (IE View Lite) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}(2) [2014-05-11] [Legacy] [not signed]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\cnet.xml [2009-11-14]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\mozilla-add-ons.xml [2008-09-06]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\technorati.xml [2008-09-11]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\webster.xml [2008-09-18]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\wordpresscom.xml [2016-03-16]
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default [2022-06-14]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> hxxp://zionfirefriends.com
FF Session Restore: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> is enabled.
FF Extension: (Lazarus: Form Recovery) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\lazarus@interclue.com.xpi [2018-06-16] [Legacy]
FF Extension: (Ad-Bye - For Facebook) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\s.alfa@idev.com.xpi [2018-10-02] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\uBlock0@raymondhill.net.xpi [2021-08-09] [Legacy] [not signed]
FF Extension: (YesScript) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\yesscript@userstyles.org.xpi [2018-10-02] [Legacy]
FF Extension: (FireShot) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2021-02-02] [Legacy] [not signed]
FF Extension: (Back to Top) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}.xpi [2018-09-28] [Legacy] [not signed]
FF Extension: (Forecast & Weather on the Button) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{4d60e663-9c10-48d9-895a-801285687ced}.xpi [2020-01-23] [Legacy] [not signed]
FF Extension: (Color Identifier) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{89850e1c-c80b-4179-81fe-79a9f313400d}.xpi [2018-09-09] [Legacy] [not signed]
FF Extension: (Open With Edge, IE, Chrome, and More) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{ab91ffec-fe2a-440e-99ca-5260e0ea0c06}.xpi [2019-12-25] [Legacy] [not signed]
FF Extension: (BBCodeXtra) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2018-09-09] [Legacy]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\searchplugins\amazoncom.xml [2022-06-14]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\searchplugins\pale-moon-add-ons.xml [2022-06-14]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default [2022-07-02]
CHR DownloadDir: C:\Users\Helena\Desktop
CHR Notifications: Default -> hxxps://twitter.com
CHR StartupUrls: Default -> "hxxp://if.invisionfree.com/search/?c=5","hxxp://www.drudgereport.com/","hxxps://us-mg6.mail.yahoo.com/neo/launch?.rand=e2tudim4rqkvc","hxxp://www.landzdown.com/index.php","hxxp://www.accuweather.com/en/us/kansas-city-mo/64106/hourly-weather-forecast/329441","hxxp://if.invisionfree.com/pages/ircchat/","hxxp://www.official-drivers.com/installer/?seed=lexmark&gclid=COTq45Duor4CFQcSMwodZQEANA","hxxp://hcgdietinfo.com/hcgdietforums/search.php?searchid=4234517"
CHR Extension: (ColorZilla) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2019-01-20]
CHR Extension: (uBlock Origin) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-05-02]
CHR Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-02]
CHR Extension: (Google Search) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Tidy Sidebar) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2019-01-20]
CHR Extension: (bbCodeInsert) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhckbmeeagkjnabhfaindkhmofncedln [2019-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-02]
CHR Extension: (HTML5 Autoplay Blocker) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppkihnmgkncknjlfkkjgfgoifkcgii [2019-12-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-02]
CHR Extension: (Weather) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\iolcbmjhmpdheggkocibajddahbeiglb [2021-09-01]
CHR Extension: (Measure-it) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jocbgkoackihphodedlefohapackjmna [2019-01-20]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2022-05-02]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-01]
CHR Extension: (Image Background Color) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjaolenabdfhmpndkmnbojmjefdpago [2019-02-27]
CHR Extension: (Image Size Info) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihdhfbfoagfkpcncinlbhfdgpegcigf [2021-09-01]
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-07-02]
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\System Profile [2022-07-02]
Brave:
=======
BRA Profile: C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-07-03]
BRA DownloadDir: C:\Users\Helena\Desktop
BRA DefaultSearchURL: Default -> hxxps://search.brave.com/search?q={searchTerms}&source=desktop
BRA DefaultSearchKeyword: Default -> :br
BRA DefaultSuggestURL: Default -> hxxps://search.brave.com/api/suggest?q={searchTerms}
BRA Extension: (Textarea Cache) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\chpphekfimlabghbdankokcohcmnbmab [2022-02-14]
BRA Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-05]
BRA Extension: (Measure-it) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jocbgkoackihphodedlefohapackjmna [2022-02-14]
BRA Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\piajkpdbaniagacofgklljacgjhefjeh [2022-06-20]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-06-30]
BRA Extension: (Brave NTP background images) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-03-10]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-06-23]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-07-02]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-07-02]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-06-29]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [847886 2019-10-15] (Microsoft Windows -> )
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-05-11] (Macrovision Europe Ltd.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 lxbv_device; C:\WINDOWS\system32\lxbvcoms.exe [566704 2007-04-25] (Lexmark International, Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8677120 2022-06-23] (Malwarebytes Inc. -> Malwarebytes)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Xerox Scan To PC Desktop 12\PaperPort 14\PDFProFiltSrvPP.exe [220488 2013-02-26] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] (Samsung Electronics CO., LTD. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254368 2022-06-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2014-04-21] (Xerox Corporation.) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-03] (Malwarebytes Inc. -> Malwarebytes)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-03 14:57 - 2022-07-03 15:00 - 000032278 _____ C:\Users\Helena\Desktop\FRST.txt
2022-07-03 14:51 - 2022-07-03 14:51 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-03 14:50 - 2022-07-03 14:50 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-03 14:50 - 2022-07-03 14:50 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-03 06:49 - 2022-07-03 13:49 - 000000000 ____D C:\AdwCleaner
2022-07-03 06:47 - 2022-07-03 06:47 - 008551608 _____ (Malwarebytes) C:\Users\Helena\Desktop\AdwCleaner.exe
2022-07-02 10:22 - 2022-07-02 13:39 - 000029982 _____ C:\Users\Helena\Desktop\Fixlog - Copy.txt
2022-07-02 09:21 - 2022-07-02 09:21 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-02 08:45 - 2022-07-02 08:46 - 000279560 _____ C:\Users\Helena\Desktop\CrucialScan.exe
2022-07-01 17:11 - 2022-07-02 09:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-07-01 16:23 - 2022-07-01 16:23 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-07-01 15:38 - 2022-07-01 15:38 - 002369024 _____ (Farbar) C:\Users\Helena\Desktop\FRST64.exe
2022-06-28 23:44 - 2022-06-28 23:44 - 000479744 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000011787 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-06-28 23:43 - 2022-06-28 23:43 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-06-28 23:42 - 2022-06-28 23:42 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-06-28 23:42 - 2022-06-28 23:42 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-06-28 23:10 - 2022-06-28 23:10 - 000000000 ___HD C:\$WinREAgent
2022-06-09 22:22 - 2022-06-29 22:36 - 000000377 _____ C:\Users\Helena\Desktop\CourseNotes.txt
2022-06-09 12:03 - 2022-06-09 12:03 - 000112264 _____ C:\Users\Helena\Desktop\Carbs are Critical One Week Menu.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-03 14:59 - 2017-10-02 10:53 - 000000000 ____D C:\FRST
2022-07-03 14:53 - 2015-04-01 12:39 - 000000000 ____D C:\Users\Helena\AppData\Local\CrashDumps
2022-07-03 14:53 - 2014-05-10 19:29 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-03 14:51 - 2021-12-04 16:54 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\IGDump
2022-07-03 14:50 - 2020-08-27 00:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-03 14:50 - 2020-08-26 23:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-03 14:50 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-03 14:49 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-03 14:37 - 2016-04-06 17:08 - 000000000 ____D C:\ProgramData\Nuance
2022-07-03 14:37 - 2016-04-06 17:08 - 000000000 ____D C:\Program Files (x86)\Xerox Scan To PC Desktop 12
2022-07-03 14:30 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-03 14:25 - 2016-04-20 17:54 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2022-07-03 13:49 - 2018-06-06 14:52 - 000000000 ____D C:\Users\Helena\AppData\Roaming\Samsung
2022-07-03 13:40 - 2020-08-26 23:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-03 13:11 - 2020-08-27 00:17 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2022-07-02 18:19 - 2020-08-21 13:20 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-02 18:19 - 2020-08-21 13:20 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-02 18:19 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-02 18:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-02 12:05 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-02 12:03 - 2016-11-14 20:27 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\Temp
2022-07-02 11:14 - 2015-08-07 23:01 - 000001086 _____ C:\Users\Helena\Desktop\magicJack.lnk
2022-07-02 11:14 - 2015-08-07 23:01 - 000001072 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2022-07-02 11:14 - 2015-08-07 23:01 - 000000000 ____D C:\Users\Helena\AppData\Roaming\mjusbsp
2022-07-02 11:11 - 2015-08-07 23:01 - 000000000 ____D C:\Users\Helena\AppData\Local\magicJack
2022-07-02 10:07 - 2014-05-11 17:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-02 10:07 - 2014-05-11 10:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-07-02 09:03 - 2021-10-05 16:28 - 000000000 ____D C:\Users\Helena\AppData\Roaming\discord
2022-07-02 09:03 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2022-07-02 09:03 - 2009-07-13 22:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-07-02 08:48 - 2021-10-05 16:27 - 000000000 ____D C:\Users\Helena\AppData\Local\Discord
2022-07-02 08:40 - 2014-05-10 18:40 - 000000000 ____D C:\Users\Helena\AppData\Roaming\WinPatrol
2022-07-02 08:40 - 2014-05-10 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2022-07-02 08:40 - 2014-05-10 17:01 - 000000000 ____D C:\ProgramData\InstallMate
2022-07-01 17:12 - 2022-03-31 10:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-01 17:12 - 2016-11-17 23:38 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\Mozilla
2022-07-01 17:11 - 2014-05-11 17:31 - 000001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-01 10:32 - 2021-12-12 23:47 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-831887293-3776352801-720962199-1001
2022-07-01 10:32 - 2020-08-27 00:17 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-831887293-3776352801-720962199-1001
2022-07-01 10:32 - 2020-08-26 05:29 - 000002429 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-06-29 19:35 - 2015-08-08 22:50 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-06-29 19:35 - 2014-05-10 19:30 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-06-29 08:10 - 2020-08-27 00:07 - 000971878 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-06-29 08:03 - 2020-08-26 23:47 - 002352568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-06-29 07:59 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-06-29 07:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-06-28 23:42 - 2020-08-26 23:51 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-06-28 22:24 - 2014-05-10 15:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-06-28 22:11 - 2014-05-10 15:21 - 145918784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-06-28 18:14 - 2021-04-06 11:46 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-06-28 18:14 - 2021-04-06 11:46 - 000002330 _____ C:\Users\Public\Desktop\Brave.lnk
2022-06-28 14:56 - 2020-12-01 09:01 - 000000682 _____ C:\Users\Helena\Desktop\ShoppingList.txt
2022-06-27 17:04 - 2015-01-02 20:59 - 000000000 ____D C:\Users\Helena\Documents\Dance
2022-06-25 11:19 - 2018-06-19 20:06 - 000000000 ____D C:\ProgramData\Packages
2022-06-24 15:39 - 2020-04-22 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-06-23 21:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-06-23 08:17 - 2019-07-22 10:30 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-06-22 20:09 - 2018-02-18 19:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-16 01:11 - 2020-08-27 00:17 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-06-16 01:11 - 2020-08-27 00:17 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-06-11 17:07 - 2021-10-05 16:28 - 000002279 _____ C:\Users\Helena\Desktop\Discord.lnk
2022-06-03 23:13 - 2020-07-07 12:30 - 000002118 _____ C:\Users\Helena\Desktop\OPM.txt
==================== Files in the root of some directories ========
2019-06-01 15:36 - 2019-06-01 15:36 - 000003584 _____ () C:\Users\Helena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-26 12:28 - 2019-03-16 08:22 - 000000600 _____ () C:\Users\Helena\AppData\Local\PUTTY.RND
2018-10-20 22:40 - 2018-10-20 22:40 - 000002938 _____ () C:\Users\Helena\AppData\Local\recently-used.xbel
2014-05-25 18:06 - 2018-06-05 21:44 - 000007597 _____ () C:\Users\Helena\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2022 01
Ran by Helena (03-07-2022 15:03:25)
Running from C:\Users\Helena\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) (2020-08-27 05:19:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-831887293-3776352801-720962199-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-831887293-3776352801-720962199-503 - Limited - Disabled)
Guest (S-1-5-21-831887293-3776352801-720962199-501 - Limited - Disabled)
Helena (S-1-5-21-831887293-3776352801-720962199-1001 - Administrator - Enabled) => C:\Users\Helena
HomeGroupUser$ (S-1-5-21-831887293-3776352801-720962199-1009 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-831887293-3776352801-720962199-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Anchor Service CS3 (HKLM-x32\...\{90176341-0A8B-4CCC-A78D-F862228A6B95}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (HKLM-x32\...\{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (HKLM-x32\...\{9C9824D9-9000-4373-A6A5-D0E5D4831394}) (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (HKLM-x32\...\{08B32819-6EEF-4057-AEDA-5AB681A36A23}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (HKLM-x32\...\{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}) (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (HKLM-x32\...\{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (HKLM-x32\...\{A2D81E70-2A98-4A08-A628-94388B063C5E}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (HKLM-x32\...\{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (HKLM-x32\...\{51846830-E7B2-4218-8968-B77F0FF475B8}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (HKLM-x32\...\{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (HKLM-x32\...\{95655ED4-7CA5-46DF-907F-7144877A32E5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (HKLM-x32\...\{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (HKLM-x32\...\{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (HKLM-x32\...\{6ABE0BEE-D572-4FE8-B434-9E72A289431B}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (HKLM-x32\...\{04AF207D-9A77-465A-8B76-991F6AB66245}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (HKLM-x32\...\{54793AA1-5001-42F4-ABB6-C364617C6078}) (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (HKLM-x32\...\{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}) (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}) (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Setup (HKLM-x32\...\{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (HKLM-x32\...\{29E5EA97-5F74-4A57-B8B2-D4F169117183}) (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (HKLM-x32\...\{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (HKLM-x32\...\{E69AE897-9E0B-485C-8552-7841F48D42D8}) (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (HKLM-x32\...\{D0DFF92A-492E-4C40-B862-A74A173C25C5}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (HKLM-x32\...\{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (HKLM-x32\...\{802771A9-A856-4A41-ACF7-1450E523C923}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Audacity 2.4.1 (HKLM-x32\...\Audacity_is1) (Version: 2.4.1 - Audacity Team)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9045 - )
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 103.1.40.109 - Brave Software Inc)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.50.854.0 - Logitech) Hidden
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
Discord (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.66 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LibreOffice 5.1.5.2 (HKLM\...\{DDDB2EB8-D3A0-484A-BB24-9611754D29C4}) (Version: 5.1.5.2 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (HKLM-x32\...\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (HKLM-x32\...\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Help_main (HKLM-x32\...\{1651216E-E7AD-4250-92A1-FB8ED61391C9}) (Version: 13.50.862.0 - Logitech) Hidden
LWS Launcher (HKLM-x32\...\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}) (Version: 13.50.859.0 - Logitech) Hidden
LWS Motion Detection (HKLM-x32\...\{71E66D3F-A009-44AB-8784-75E2819BA4BA}) (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (HKLM-x32\...\{08610298-29AE-445B-B37D-EFBE05802967}) (Version: 13.50.861.0 - Logitech) Hidden
LWS Twitter (HKLM-x32\...\{174A3B31-4C43-43DD-866F-73C9DB887B48}) (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (HKLM-x32\...\{EED027B7-0DB6-404B-8F45-6DFEE34A0441}) (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (HKLM-x32\...\{8937D274-C281-42E4-8CDB-A0B2DF979189}) (Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (HKLM-x32\...\{9DAEA76B-E50F-4272-A595-0124E826553D}) (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (HKLM-x32\...\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}) (Version: 13.31.1038.0 - Logitech) Hidden
magicJack (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\magicJack) (Version: 4.18.11491.8038 - magicJack L.P.)
Malwarebytes version 4.5.10.200 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.10.200 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{26784146-6E05-3FF9-9335-786C7C0FB5BE}) (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) (HKLM\...\{25E80DAA-FD87-DCE5-202C-CC02F6673002}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.44 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\OneDriveSetup.exe) (Version: 22.121.0605.0002 - Microsoft Corporation)
Microsoft Security Client (HKLM\...\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}) (Version: 4.8.0204.0 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0 (x64 en-US)) (Version: 102.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 102.0.0.8209 - Mozilla)
OmniPage (HKLM-x32\...\{0FEAC8E3-FBBD-4C01-BB2F-3EA7AD374757}) (Version: 18.1.0001 - Nuance Communications, Inc.)
Pale Moon 29.4.6 (x86 en-US) (HKLM-x32\...\Pale Moon 29.4.6 (x86 en-US)) (Version: 29.4.6 - Moonchild Productions)
PaperPort (HKLM-x32\...\{760F8DD0-D8A0-44A4-9F15-58051A68D633}) (Version: 14.2.0001 - Nuance Communications, Inc.)
PaperPort Image Printer (HKLM\...\{CA925CBC-6B0D-40E1-BE59-193DA7DAE920}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Skype version 8.85 (HKLM-x32\...\Skype_is1) (Version: 8.85 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.5491 - Analog Devices)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
SUABnR (HKLM-x32\...\{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.05.93 (4/11/2014) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.00(4/21/2014) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.01 (5/20/2014) - Xerox Corporation)
Zoom (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\ZoomUMX) (Version: 5.10.6 (5889) - Zoom Video Communications, Inc.)
Packages:
=========
Ghostery – Privacy Ad Blocker -> C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.6.0_neutral__kzkqe0pn505dg [2020-07-20] (Ghostery)
HexChat -> C:\Program Files\WindowsApps\39215TingPing.HexChat_2.16.0.0_x86__fqe8h3fzrj50c [2021-12-04] (TingPing)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-28] (HP Inc.)
Logitech Camera Controller -> C:\Program Files\WindowsApps\E97CB0A1.LogitechCameraController_1.0.0.135_x86__wd885nsp30hay [2015-08-09] (LOGITECH Europe S.A.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.5310.0_x64__8wekyb3d8bbwe [2022-06-06] (Microsoft Studios) [MS Ad]
Newsmax TV -> C:\Program Files\WindowsApps\NewsmaxMediaInc.NewsmaxTV_2.0.0.0_neutral__wzre3exa0cyap [2020-11-29] (Newsmax Media Inc)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-17] (Microsoft Corporation)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2015-11-12] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll () [File not signed]
ContextMenuHandlers1: [!XrxFax0] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax1] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax2] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax3] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax4] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax5] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax6] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax7] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2014-05-14 16:59 - 2012-12-06 01:46 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\spe__pc.dll
2014-04-21 04:36 - 2014-04-21 04:36 - 000111616 _____ (Xerox Corporation.) [File not signed] C:\Program Files (x86)\Xerox\Easy Printer Manager\CustomTimer.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 001580032 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxEngine64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000192000 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000146944 _____ (Xerox Corporation.) [File not signed] C:\WIND
==================== Loaded Modules (Whitelisted) =============
2014-05-14 16:59 - 2012-12-06 01:46 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\spe__pc.dll
2014-04-21 04:36 - 2014-04-21 04:36 - 000111616 _____ (Xerox Corporation.) [File not signed] C:\Program Files (x86)\Xerox\Easy Printer Manager\CustomTimer.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 001580032 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxEngine64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000192000 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000146944 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\XrxFaxProc64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000280064 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\System32\XrxFaxPort64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
DownloadDir: C:\Users\Helena\Desktop
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_FEC2D14AA1F15DAD90F56E6F9A07DBED"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9F61700E-171F-4C5B-9ED1-CB0972EE99F5}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{78F2C9A1-BBBA-4CC6-B16C-78FB2130F628}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{04F201AE-4DF3-409D-9ABB-57C2AE92B6BB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{58E8E43C-3E07-4AA5-8463-B6DC3EC1251F}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{AF3FD539-0C98-407C-8E64-4D2470D3C642}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{63FF7ED6-45DF-4FE2-92E9-FE88DA8C4D85}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{325F527D-106B-45B9-94BF-B2BEDE48E772}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{FC6ED370-2564-4DA1-969A-62828079D9F8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{062919F5-8F2C-496A-89B5-11DDD1147074}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{33DD97EF-6A44-4205-99A3-371D0665ACFC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{344089DB-4519-432A-9CDB-FC6C5473BE44}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{9D92BF02-4743-4266-80A1-9428548084FB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{D3023B7A-56DD-46F9-B919-EDADA94759A0}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{86FF4CF8-51A0-4803-8853-751A89DF3B23}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{36E93662-45C6-4463-979B-627008168B24}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{97781A04-8AC0-48C4-87A4-05B66E37453B}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{C982AB76-982C-4F99-83E2-B5402F8296B4}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{CC31AB0D-BFD9-4242-B9ED-6F56C324851D}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{BCDE1B16-8B65-48D7-99AE-27DC5D4F2226}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{C6440625-AF29-4CAC-9A7B-120BA1331F83}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{79AD34C0-4270-4780-9B42-33C6CBD00962}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\Ereg\Ereg.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [{54575F65-E526-489C-9952-E03369823C15}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\Ereg\Ereg.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [{DD8E5967-8B47-44AB-9D20-23D6CEA8DC05}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage18.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [{2D49D126-F83E-45FB-90B1-DC424D46040A}] => (Allow) C:\Program Files (x86)\Xerox Scan To PC Desktop 12\OmniPage 18\OmniPage18.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FirewallRules: [UDP Query User{79274DEA-4344-49BA-8447-DB3B44C2F54B}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{35B14486-AA8A-4F27-8D68-1C86ABCD48A8}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{6512DF6B-F01F-4965-966F-5C4C5DEB93EC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{C1E18C13-5610-4FA2-89ED-612D6B2751ED}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{9DDE1097-BE1F-46D8-8E56-B60B562F6543}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [UDP Query User{EB7C78DD-60AE-43FB-93BE-9D3E3D020F77}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{20DC34DB-A30B-4DBF-831B-A54379AAE580}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{20F4B574-F3CA-4515-89E5-A825B42C24BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BEEB081D-8416-421B-9299-152874C3DE33}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{774F924B-F8EE-42C4-99DE-DE4467682134}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe (Lexmark International, Inc. -> Lexmark International Inc.)
FirewallRules: [{9F9CEA1B-2A67-4102-8221-8A71F04EC115}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe (Lexmark International, Inc. -> Lexmark International Inc.)
FirewallRules: [{20D52E51-1A40-48EF-A190-605002395C88}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{C960470E-1338-4F34-B0C5-51DF60DFCC0B}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [UDP Query User{F5976D48-B0AD-4171-8854-3F83EAFCF912}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9A151D56-8271-4E2A-828C-193DE19CAEE4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{DF1720A9-63DB-4188-BD7D-1B35A9CC68FB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C13A1328-23FF-47A6-9A2A-C5B9CFF77D87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D5AB136F-A188-4D45-B211-E8699A1257E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7DBA3833-7704-41D7-BF87-0B1555D2427D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D3B03BF7-A420-4045-96A8-F9E72281B4A9}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{620EA53E-5F9B-46A0-AE0C-B833A7B6B783}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{29A29FD9-59D8-4661-9714-2DEBAC833454}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5B6088DD-8771-4EB9-88DC-F8240349E8C8}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{042B0F6B-198F-414B-B71F-35B17E6F2441}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7E4F0B1E-A1F7-41B7-85FA-62F2CED9FE98}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B35A3149-605F-42B0-8C8E-509208A3AADE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{38637F5F-9703-4FD1-9A86-21E840D30DA4}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{B6D7D8A6-DD1E-46EB-955B-143CBF0EAE3F}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{48B55577-0BCD-4590-95ED-706A5F6B8C87}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C0A27E00-C044-45BA-ADF0-B0CC320E704E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BFA0627E-C944-475A-A9D2-A8D615ECA5AF}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{D3E159AD-09F1-475A-B961-38F4F890F6B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
13-06-2022 20:02:49 b4 telegram install
23-06-2022 11:55:46 b4 MB restart
28-06-2022 22:45:08 Windows Modules Installer
28-06-2022 23:03:00 Windows Modules Installer
28-06-2022 23:11:10 Windows Modules Installer
02-07-2022 08:38:11 b4LandzdownFix
03-07-2022 13:48:56 AdwCleaner_BeforeCleaning_03/07/2022_13:48:48
03-07-2022 14:24:18 Removed Windows PC Health Check
03-07-2022 14:36:44 Removed PDF Viewer.
03-07-2022 14:38:19 Removed Image Retriever.
03-07-2022 14:40:35 Removed PaperPort.
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (07/03/2022 02:53:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBar.exe, version: 5.722.5052.0, time stamp: 0x6274ca9c
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1741, time stamp: 0xe9b4a91b
Exception code: 0xc0000409
Fault offset: 0x000000000010fa32
Faulting process id: 0x2034
Faulting application start time: 0x01d88f1666c1d596
Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.722.5052.0_x64__8wekyb3d8bbwe\GameBar.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 7d87fcba-dfda-4114-9d73-879504ab94d1
Faulting package full name: Microsoft.XboxGamingOverlay_5.722.5052.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Error: (07/02/2022 12:06:04 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
Error: (07/02/2022 11:23:53 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (07/02/2022 11:22:35 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d141fd98-bfa6-4df7-a881-21a20225b655}
Error: (07/02/2022 11:17:28 AM) (Source: MsiInstaller) (EventID: 11704) (User: Helena-PC)
Description: Product: Verizon Wireless Software Utility Application for Android - Samsung -- Error 1704.An installation for Verizon Wireless Software Upgrade Assistant - Samsung(ar) is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
Error: (07/02/2022 11:13:58 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "C:\Users\Helena\AppData\Roaming\mjusbsp\st00000\mjsetup.exe".Error in manifest or policy file "C:\Users\Helena\AppData\Roaming\mjusbsp\st00000\mjsetup.exe" on line 4.
Multiple requestedPrivileges elements are not allowed in manifest.
Error: (07/02/2022 11:13:49 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "C:\Users\Helena\AppData\Roaming\mjusbsp\in00000\mjsetup.exe".Error in manifest or policy file "C:\Users\Helena\AppData\Roaming\mjusbsp\in00000\mjsetup.exe" on line 4.
Multiple requestedPrivileges elements are not allowed in manifest.
Error: (07/02/2022 11:12:34 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "C:\Users\Helena\AppData\Roaming\mjusbsp\st00000\mjsetup.exe".Error in manifest or policy file "C:\Users\Helena\AppData\Roaming\mjusbsp\st00000\mjsetup.exe" on line 4.
Multiple requestedPrivileges elements are not allowed in manifest.
System errors:
=============
Error: (07/03/2022 03:05:27 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/03/2022 03:00:27 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/03/2022 02:55:27 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/03/2022 02:50:39 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/03/2022 02:50:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The W3SVC service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (07/03/2022 02:50:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (07/03/2022 02:50:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetMsmqActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (07/03/2022 02:50:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Windows Defender:
================
Date: 2022-07-02 00:04:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-01 11:23:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-06-28 20:51:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-06-27 20:45:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-06-26 20:29:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-01-13 17:51:27
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2022-01-02 21:53:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A09 03/11/2008
Motherboard: Dell Inc. 0GM819
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 65%
Total physical RAM: 3956.61 MB
Available physical RAM: 1348.25 MB
Total Virtual: 8308.61 MB
Available Virtual: 5418.98 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:926.93 GB) (Free:829.02 GB) (Model: Hitachi HDS721010KLA330 ATA Device) NTFS
\\?\Volume{6462e9a1-d38d-11e3-9305-806e6f6e6963}\ (System) (Fixed) (Total:3.76 GB) (Free:0.56 GB) NTFS
\\?\Volume{c07cf236-0000-0000-0000-00ace8000000}\ () (Fixed) (Total:0.82 GB) (Free:0.41 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C07CF236)
Partition 1: (Active) - (Size=3.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=926.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=844 MB) - (Type=27)
==================== End of Addition.txt =======================
On the FireFox question....I remember that I did download some profile info not too long ago to set up a different browser, so that may explain the find.
Hi, PWG. :)
Since it's almost midnight here, I'll review your logs tomorrow.
Thanks for the heads up on timing. Most appreciated. :)
Hi, PWG. :)
QuoteI've removed a few programs, but I have questions about others, as I don't know if they are being used by something else. Like the samsung universal print driver2. I wondered if since it was a universal driver, if it was being used by my xerox printer?
Your thoughts are correct. Taking a good look into your logs, I see that there is a good amount of items related to printing devices. I wouldn't touch them, unless I was sure that they don't affect any of your printing activities.
Also see the following line (there are more). Although having to do with your Xerox printer, see the company in the parenthesis: Samnsung Electronics.
FirewallRules: [{04F201AE-4DF3-409D-9ABB-57C2AE92B6BB}] => (Allow) C:\Program Files (x86)\
Xerox\Easy Document Creator\EDC.exe (
Samsung Electronics CO., LTD. -> )
1. FRST fixJust some tidiness.
Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
Task: {3B0264B6-A933-4D1E-9B38-E53BA8C33C77} - \Mozilla\Firefox Default Browser Agent E7CF176E110C211B -> No File <==== ATTENTION
2022-07-02 08:40 - 2014-05-10 18:40 - 000000000 ____D C:\Users\Helena\AppData\Roaming\WinPatrol
2022-07-02 08:40 - 2014-05-10 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
EmptyTemp:
End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Post the log in your next reply.
2. RAMThe new logs show that RAM in use dropped to 65% after uninstalling some programs. However, it's good to add RAM, since 4GB is the minimum you can have to run your programs effectively.
I did some search for you and found that the computer (Dell Inc. OptiPlex 755) has 4 slots accepting 2GB each. So you can buy 2x2GB RAM sticks and increase your RAM from 4 to 8GB. It is a Desktop, right?
https://www.compuram.biz/memory/dell/desktop-workstation/optiplex/series/755/?st=tab_maxmem
https://www.amazon.com/OptiPlex-Desktop-PC2-5300-Memory-BRANDS/dp/B00D6Q5BJA
In your next reply please post:1. The fixlog.txt
2. Any remaining issue/question/concern regarding this computer
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-07-2022
Ran by Helena (04-07-2022 13:03:48) Run:4
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
Task: {3B0264B6-A933-4D1E-9B38-E53BA8C33C77} - \Mozilla\Firefox Default Browser Agent E7CF176E110C211B -> No File <==== ATTENTION
2022-07-02 08:40 - 2014-05-10 18:40 - 000000000 ____D C:\Users\Helena\AppData\Roaming\WinPatrol
2022-07-02 08:40 - 2014-05-10 17:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
EmptyTemp:
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CDAServer" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B0264B6-A933-4D1E-9B38-E53BA8C33C77}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B0264B6-A933-4D1E-9B38-E53BA8C33C77}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent E7CF176E110C211B" => not found
C:\Users\Helena\AppData\Roaming\WinPatrol => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40178194 B
Java, Discord, Steam htmlcache => 0 B
Windows/system/drivers => 113089 B
Edge => 0 B
Chrome => 0 B
Brave => 535228892 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 9610 B
Helena => 5706707 B
DefaultAppPool => 5706707 B
RecycleBin => 533713358 B
EmptyTemp: => 1 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 13:07:13 ====
Yes, I have a desktop PC.
On adding more RAM, I have a vague memory of someone telling me I couldn't add anymore memory to this refurbished machine. (Is it possible all four slots are filled with 1GB ram memory modules?) How would I verify that there are empty slots when I could add more RAM? And is that something that is easy to add? I only have plugged things into the back of the tower, not messed with anything inside of it. The link you gave me was for 4 2GB modules. Would I be replacing what is already in my machine? (This question probably tells you how clueless I am....) I watched a couple videos, but I didn't see anyone replace existing panels, just add them.
I'm attaching screenshots of my add/remove programs list. My questions are about the following?
I don't use these. I use the Xerox printer programs and Windows Fax&Scan. I think they were installed with a Samsung laser printer that has been replaced by the Xerox Work Centre. Safe to uninstall?
Nuance Communications programs:
OmniPage
PaperPort
PaperPort Image Printer
Related to the printer? seems to be some kind of mobile interface facilitator. Safe to uninstall?
Samsung
SUABnR
Seems odd to have a Windows update in this list. Do I need to do anything about it?
Update for Windows 10 for x64 based Systems
First screenshot did not attach. Here it is
If you see anything else that seems unnecessary, please comment.
Hi.
QuoteOn adding more RAM, I have a vague memory of someone telling me I couldn't add anymore memory to this refurbished machine. (Is it possible all four slots are filled with 1GB ram memory modules?) How would I verify that there are empty slots when I could add more RAM? And is that something that is easy to add? I only have plugged things into the back of the tower, not messed with anything inside of it. The link you gave me was for 4 2GB modules. Would I be replacing what is already in my machine? (This question probably tells you how clueless I am....) I watched a couple videos, but I didn't see anyone replace existing panels, just add them.
No need to replace the existing memory, unless you have 1GB in each slot.
Do the following to check how many slots are in use:
Open the
Task Manager and go to the
Performance tab. Select
Memory and under the memory graph, look for the Slots used field. It will tell you how many of the total slots are currently in use. We know that you have 4GB RAM now, so we can understand how these 4GB are distributed in the slots.
As to the following, if you don't use them, you can uninstall them. In any case you can search about each one (and about any other program) and decide if you want them. I can't decide for you. :)
OmniPage
PaperPort
PaperPort Image Printer
SUABnR
Something I noticed, there is a lot of Adobe and Logitech stuff installed, probably related to the Photoshop and Camera software. They are hidden and you can't see them in the Installed programs list in Control Panel, but you can see them in the Addition log.
No need to do anything about the Update.
In case you uninstall other programs, restart and post fresh FRST logs. Perhaps we will have to remove some remnants.
OK. I will probably remove the samsung and nuance programs since it seems safe to do so.
I use Photoshop regularly, and the Logitech programs run my camera and microphones, so I imagine all those related programs are needed.
Performance > Memory says:
Speed 667 MHz
Slots used: 4 of 4
Form Factor DIMM
Hardware Reserved: 139MB
Thank you for the detailed reply. Sounds like I should order the 4 2GB RAM sticks. The replacement process doesn't look too difficult.
QuoteSlots used: 4 of 4
The worst scenario.
Let me see fresh FRST logs, when you are ready.
See you tomorrow. :)
Of course I would have the worst case scenario. Lucky me!
Removed 4 programs, rebooted. Ran new FRST scan
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-07-2022
Ran by Helena (administrator) on HELENA-PC (Dell Inc. OptiPlex 755) (04-07-2022 15:37:08)
Running from C:\Users\Helena\Desktop
Loaded Profiles: Helena
Platform: Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) Language: English (United States)
Default browser: Brave
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler64.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\AMT\atchk.exe
(explorer.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe
(services.exe ->) (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\AMT\atchksrv.exe
(services.exe ->) (Intel) [File not signed] C:\Program Files (x86)\Intel\AMT\LMS.exe
(services.exe ->) (Intel) [File not signed] C:\Program Files (x86)\Intel\AMT\UNS.exe
(services.exe ->) (Lexmark International, Inc. -> ) C:\Windows\System32\lxbvcoms.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(services.exe ->) (Xerox Corporation.) [File not signed] C:\Windows\System32\spool\drivers\x64\3\XrxFaxServer64.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.41582.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [atchk] => C:\Program Files (x86)\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation) [File not signed]
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [cdloader] => C:\Users\Helena\AppData\Roaming\mjusbsp\cdloader2.exe [59048 2022-01-04] (magicJack, L.P. -> magicJack L.P.)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Run: [MicrosoftEdgeAutoLaunch_FEC2D14AA1F15DAD90F56E6F9A07DBED] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3601824 2022-06-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Lexmark 2200 Series Print Processor: lxbvpp6c.dll
HKLM\...\Windows x64\Print Processors\spe__PC: C:\Windows\System32\spool\prtprocs\x64\spe__pc.dll [41984 2012-12-06] (Windows (R) Codename Longhorn DDK provider) [File not signed]
HKLM\...\Windows x64\Print Processors\SUGO3PC: C:\Windows\System32\spool\prtprocs\x64\sugo3pc.dll [27648 2006-08-21] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Server 2003 DDK provider)
HKLM\...\Windows x64\Print Processors\sxa6mPC: C:\Windows\System32\spool\prtprocs\x64\sxa6mpc.dll [43520 2014-02-20] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\usp02PC: C:\Windows\System32\spool\prtprocs\x64\usp02pc.dll [43520 2014-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Windows x64\Print Processors\Xerox Network PC Fax Print Processor: C:\Windows\System32\spool\prtprocs\x64\XrxFaxProc64.dll [146944 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\...\Print\Monitors\2200 Series Port: C:\WINDOWS\system32\lxbvlmpm.dll [488448 2007-04-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\spe__ Langmon: C:\WINDOWS\system32\spe__l.dll [34304 2011-04-11] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\SUGO3 Langmon: C:\WINDOWS\system32\sugo3l6.dll [22016 2006-12-04] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\sxa6m Langmon: C:\WINDOWS\system32\sxa6mlm.dll [34304 2013-12-10] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\usp02 Langmon: C:\WINDOWS\system32\usp02l.dll [29184 2014-04-16] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Xerox MFP PC Fax Port: C:\WINDOWS\system32\XrxFaxPort64.dll [280064 2014-04-21] (Xerox Corporation.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\103.0.5060.66\Installer\chrmstp.exe [2022-06-29] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\103.1.40.109\Installer\chrmstp.exe [2022-06-28] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Xerox MFP PC Fax.lnk [2016-04-06]
ShortcutTarget: Xerox MFP PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\XrxFaxTray64.exe (Xerox Corporation.) [File not signed]
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08066272-E4CE-44F8-BAA8-8D9F63C44088} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1817527B-916E-4828-9064-8B9C7C88F4BD} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {26EA4B1A-5F1F-46D0-ADB9-64874994F0DB} - System32\Tasks\{26FF5CE4-1B64-467B-A8F9-E1AFBECA0043} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
Task: {2D14430F-8DB9-4A17-9A63-376EE205AC65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {4A68B9CC-69D1-400C-8369-85BB21D1881B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4ABC4334-7813-4F8E-A6CA-F73EF6DCF744} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7C8CB8C9-96A6-441F-8406-88CA84AE83D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {862F6BDE-AB5D-41B7-9C59-13842AE6F2F3} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {E5681874-1A34-4209-90C0-66CF30C5E85A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{fee10231-d6e0-42e1-a19b-a0f5a78c86cc}: [DhcpNameServer] 192.168.1.1
Edge:
=======
DownloadDir: C:\Users\Helena\Desktop
Edge Notifications: HKU\S-1-5-21-831887293-3776352801-720962199-1001 -> hxxps://web.skype.com
Edge Extension: (Ghostery – Privacy Ad Blocker) -> EdgeExtension_GhosteryGhostery_kzkqe0pn505dg => C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.6.0_neutral__kzkqe0pn505dg [2020-07-20]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-02]
Edge DownloadDir: Default -> C:\Users\Helena\Desktop
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Textarea Cache) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chpphekfimlabghbdankokcohcmnbmab [2020-10-21]
Edge Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-15]
Edge Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fclbdkbhjlgkbpfldjodgjncejkkjcme [2022-06-29]
Edge Extension: (Measure-it) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gbaokpnhddikgoalopfdjjhgahfcecge [2021-06-07]
Edge Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lhnbdlbhcokmgpjenkjolnhdnkphnkam [2022-06-29]
Edge Extension: (uBlock Origin) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2022-05-15]
Edge Extension: (Weather Forecast) - C:\Users\Helena\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\phklfmbdnakdekionmpfdiihnmijfpnl [2022-02-08]
FireFox:
========
FF DefaultProfile: n27s1rnq.default
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default [2022-07-04]
FF DownloadDir: C:\Users\Helena\Desktop
FF Session Restore: Mozilla\Firefox\Profiles\n27s1rnq.default -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\n27s1rnq.default -> hxxp://mail.google.com; hxxps://mail.google.com; hxxp://us-mg6.mail.yahoo.com; hxxps://us-mg6.mail.yahoo.com; hxxps://twitter.com; hxxps://us-mg4.mail.yahoo.com; hxxps://mg.mail.yahoo.com; hxxps://mail.yahoo.com
FF Extension: (Disconnect) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\2.0@disconnect.me.xpi [2020-05-16]
FF Extension: (Archive URL) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\@save-url-to-wayback-machine-firefox-addon.xpi [2020-05-16]
FF Extension: (Copy Link Text) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\copylinktext@brett(2).zamir [2014-05-11] [Legacy] [not signed]
FF Extension: (Edit) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\edit@eros.man.xpi [2020-05-16]
FF Extension: (eSnipe.com SnipeIt!) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\esnipesnipeit@esnipe.com.xpi [2018-02-10] [UpdateUrl:hxxps://www.esnipe.com/SnipeIt_FirefoxExtension/update.json]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firefox@ghostery.com.xpi [2020-07-31]
FF Extension: (Tampermonkey) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\firefox@tampermonkey.net.xpi [2020-05-16]
FF Extension: (pinterest-guest) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-SWdspnBEetWxoA@jetpack.xpi [2020-05-16]
FF Extension: (Copy Selected Links) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-vs5odTmtIydjMg@jetpack.xpi [2020-05-16]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2020-07-31]
FF Extension: (Open With) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\openwith@darktrojan(2).net [2014-05-11] [Legacy] [not signed]
FF Extension: (SuperStop) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\superstop@gavinsharp.com.xpi [2018-06-20]
FF Extension: (Textarea Cache) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\textarea-cache-lite@wildsky.cc.xpi [2020-05-16]
FF Extension: (uBlock Origin) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\uBlock0@raymondhill.net.xpi [2020-05-24]
FF Extension: (YesScript2) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\yesscript202@example.org.xpi [2020-06-08]
FF Extension: (YouTube to MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\youtube2mp3@mondayx(2).de [2014-05-11] [Legacy] [not signed]
FF Extension: (Imagus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{00000f2a-7cde-4f20-83ed-434fcb420d71}.xpi [2020-05-16] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Image Block X) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{0035bf10-3f36-4d60-b92d-08c1a8b060a6}.xpi [2020-05-16]
FF Extension: (Screengrab!) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2018-06-20]
FF Extension: (FireShot) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (LittleFox) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi [2020-05-16]
FF Extension: (Empty Cache Button) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2017-12-16]
FF Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{4d5b7a5e-5232-9e45-97f4-f8e1ca2626e5}.xpi [2020-06-21]
FF Extension: (Text Link) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi [2020-05-16]
FF Extension: (InFormEnter+) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi [2020-05-24]
FF Extension: (ColorZilla) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}.xpi [2017-12-12]
FF Extension: (Stylus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}.xpi [2020-05-16]
FF Extension: (bbCodeWebex) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{7e19f8dd-0cf6-498a-8072-bae5b2db65e5}.xpi [2020-05-27]
FF Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{853d1586-e2ab-4387-a7fd-1f7f894d2651}.xpi [2020-05-24]
FF Extension: (Clippings) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}.xpi [2020-05-19]
FF Extension: (YouTube Downloader Converter MP3) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2020-05-16]
FF Extension: (Weather) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a79a9c4c-9c3f-4bf4-9e58-6574cc0b7ecb}.xpi [2020-05-24]
FF Extension: (Simple stylish) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{a8e5fca1-24ae-4de6-b3c4-80d2d316f8f9}.xpi [2019-11-16]
FF Extension: (ruler) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{b1355a29-9265-4b5e-a3ad-e9d61265d5ac}.xpi [2020-05-16]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-05-25]
FF Extension: (Adblock Plus) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2014-05-11] [Legacy] [not signed]
FF Extension: (Top and Bottom scroll buttons) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{d8c7bd7f-3e7d-456a-be71-29973917ec72}.xpi [2020-05-16]
FF Extension: (IE View Lite) - C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\Extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}(2) [2014-05-11] [Legacy] [not signed]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\cnet.xml [2009-11-14]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\mozilla-add-ons.xml [2008-09-06]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\technorati.xml [2008-09-11]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\webster.xml [2008-09-18]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Mozilla\Firefox\Profiles\n27s1rnq.default\searchplugins\wordpresscom.xml [2016-03-16]
FF ProfilePath: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default [2022-06-14]
FF Homepage: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> hxxp://zionfirefriends.com
FF Session Restore: Moonchild Productions\Pale Moon\Profiles\owxwoiji.default -> is enabled.
FF Extension: (Lazarus: Form Recovery) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\lazarus@interclue.com.xpi [2018-06-16] [Legacy]
FF Extension: (Ad-Bye - For Facebook) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\s.alfa@idev.com.xpi [2018-10-02] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\uBlock0@raymondhill.net.xpi [2021-08-09] [Legacy] [not signed]
FF Extension: (YesScript) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\yesscript@userstyles.org.xpi [2018-10-02] [Legacy]
FF Extension: (FireShot) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2021-02-02] [Legacy] [not signed]
FF Extension: (Back to Top) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}.xpi [2018-09-28] [Legacy] [not signed]
FF Extension: (Forecast & Weather on the Button) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{4d60e663-9c10-48d9-895a-801285687ced}.xpi [2020-01-23] [Legacy] [not signed]
FF Extension: (Color Identifier) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{89850e1c-c80b-4179-81fe-79a9f313400d}.xpi [2018-09-09] [Legacy] [not signed]
FF Extension: (Open With Edge, IE, Chrome, and More) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{ab91ffec-fe2a-440e-99ca-5260e0ea0c06}.xpi [2019-12-25] [Legacy] [not signed]
FF Extension: (BBCodeXtra) - C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi [2018-09-09] [Legacy]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\searchplugins\amazoncom.xml [2022-06-14]
FF SearchPlugin: C:\Users\Helena\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\owxwoiji.default\searchplugins\pale-moon-add-ons.xml [2022-06-14]
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default [2022-07-02]
CHR DownloadDir: C:\Users\Helena\Desktop
CHR Notifications: Default -> hxxps://twitter.com
CHR StartupUrls: Default -> "hxxp://if.invisionfree.com/search/?c=5","hxxp://www.drudgereport.com/","hxxps://us-mg6.mail.yahoo.com/neo/launch?.rand=e2tudim4rqkvc","hxxp://www.landzdown.com/index.php","hxxp://www.accuweather.com/en/us/kansas-city-mo/64106/hourly-weather-forecast/329441","hxxp://if.invisionfree.com/pages/ircchat/","hxxp://www.official-drivers.com/installer/?seed=lexmark&gclid=COTq45Duor4CFQcSMwodZQEANA","hxxp://hcgdietinfo.com/hcgdietforums/search.php?searchid=4234517"
CHR Extension: (ColorZilla) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2019-01-20]
CHR Extension: (uBlock Origin) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-05-02]
CHR Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-02]
CHR Extension: (Google Search) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Tidy Sidebar) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2019-01-20]
CHR Extension: (bbCodeInsert) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhckbmeeagkjnabhfaindkhmofncedln [2019-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-05-02]
CHR Extension: (HTML5 Autoplay Blocker) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppkihnmgkncknjlfkkjgfgoifkcgii [2019-12-25]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-05-02]
CHR Extension: (Weather) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\iolcbmjhmpdheggkocibajddahbeiglb [2021-09-01]
CHR Extension: (Measure-it) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jocbgkoackihphodedlefohapackjmna [2019-01-20]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2022-05-02]
CHR Extension: (Capital One Shopping: Add to Chrome for Free) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2022-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-01]
CHR Extension: (Image Background Color) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjaolenabdfhmpndkmnbojmjefdpago [2019-02-27]
CHR Extension: (Image Size Info) - C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Default\Extensions\oihdhfbfoagfkpcncinlbhfdgpegcigf [2021-09-01]
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-07-02]
CHR Profile: C:\Users\Helena\AppData\Local\Google\Chrome\User Data\System Profile [2022-07-02]
Brave:
=======
BRA Profile: C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2022-07-04]
BRA DownloadDir: C:\Users\Helena\Desktop
BRA DefaultSearchURL: Default -> hxxps://search.brave.com/search?q={searchTerms}&source=desktop
BRA DefaultSearchKeyword: Default -> :br
BRA DefaultSuggestURL: Default -> hxxps://search.brave.com/api/suggest?q={searchTerms}
BRA Extension: (Textarea Cache) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\chpphekfimlabghbdankokcohcmnbmab [2022-02-14]
BRA Extension: (Eno® from Capital One®) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\clmkdohmabikagpnhjmgacbclihgmdje [2022-05-05]
BRA Extension: (Measure-it) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\jocbgkoackihphodedlefohapackjmna [2022-02-14]
BRA Extension: (Advanced Profanity Filter) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\piajkpdbaniagacofgklljacgjhefjeh [2022-06-20]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2022-07-04]
BRA Extension: (Brave NTP background images) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2022-03-10]
BRA Extension: (Wallet Data Files Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2022-06-23]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2022-07-04]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\gccbbckogglekeggclmmekihdgdpdgoe [2022-07-04]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2022-03-10]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Helena\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2022-06-29]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162400 2021-04-06] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [847886 2019-10-15] (Microsoft Windows -> )
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-05-11] (Macrovision Europe Ltd.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 lxbv_device; C:\WINDOWS\system32\lxbvcoms.exe [566704 2007-04-25] (Lexmark International, Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8677120 2022-06-23] (Malwarebytes Inc. -> Malwarebytes)
R2 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [118576 2014-11-26] (Samsung Electronics CO., LTD. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254368 2022-06-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Xerox MFP Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxServer64.exe [501760 2014-04-21] (Xerox Corporation.) [File not signed]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2022-06-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2022-07-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-05-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [192960 2022-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74704 2022-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-07-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181992 2022-07-04] (Malwarebytes Inc. -> Malwarebytes)
S3 MpKsl6b89b7b8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{508C0B10-B9E0-4184-9D8E-D183F89372BD}\MpKslDrv.sys [141568 2022-07-04] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-06-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [452856 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-22] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-04 15:37 - 2022-07-04 15:39 - 000031975 _____ C:\Users\Helena\Desktop\FRST.txt
2022-07-04 15:29 - 2022-07-04 15:29 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-07-04 15:29 - 2022-07-04 15:29 - 000181992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-07-04 15:29 - 2022-07-04 15:29 - 000074704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-07-03 22:10 - 2022-07-03 22:13 - 000370854 __RSH C:\ProgramData\ntuser.pol
2022-07-03 06:49 - 2022-07-03 13:49 - 000000000 ____D C:\AdwCleaner
2022-07-03 06:47 - 2022-07-03 06:47 - 008551608 _____ (Malwarebytes) C:\Users\Helena\Desktop\AdwCleaner.exe
2022-07-02 09:21 - 2022-07-02 09:21 - 000223176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2022-07-02 08:45 - 2022-07-02 08:46 - 000279560 _____ C:\Users\Helena\Desktop\CrucialScan.exe
2022-07-01 17:11 - 2022-07-02 09:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-07-01 16:23 - 2022-07-01 16:23 - 000239544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2022-07-01 15:38 - 2022-07-04 13:03 - 002369024 _____ (Farbar) C:\Users\Helena\Desktop\FRST64.exe
2022-06-28 23:44 - 2022-06-28 23:44 - 000479744 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2022-06-28 23:44 - 2022-06-28 23:44 - 000011787 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-06-28 23:43 - 2022-06-28 23:43 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-06-28 23:42 - 2022-06-28 23:42 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-06-28 23:42 - 2022-06-28 23:42 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-06-28 23:10 - 2022-06-28 23:10 - 000000000 ___HD C:\$WinREAgent
2022-06-09 22:22 - 2022-06-29 22:36 - 000000377 _____ C:\Users\Helena\Desktop\CourseNotes.txt
2022-06-09 12:03 - 2022-06-09 12:03 - 000112264 _____ C:\Users\Helena\Desktop\Carbs are Critical One Week Menu.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-07-04 15:39 - 2017-10-02 10:53 - 000000000 ____D C:\FRST
2022-07-04 15:31 - 2014-05-10 19:29 - 000000000 ____D C:\Program Files (x86)\Google
2022-07-04 15:29 - 2021-12-04 16:54 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\IGDump
2022-07-04 15:28 - 2020-08-27 00:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-07-04 15:28 - 2020-08-26 23:47 - 002343688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-07-04 15:28 - 2020-08-26 23:47 - 000008192 ___SH C:\DumpStack.log.tmp
2022-07-04 15:28 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-07-04 15:27 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-07-04 15:24 - 2016-01-03 20:56 - 000000000 ____D C:\Program Files (x86)\Samsung
2022-07-04 15:24 - 2012-08-15 10:44 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-07-04 15:16 - 2016-04-06 17:08 - 000000000 ____D C:\ProgramData\ScanSoft
2022-07-04 15:15 - 2015-04-01 12:39 - 000000000 ____D C:\Users\Helena\AppData\Local\CrashDumps
2022-07-04 14:47 - 2020-08-27 00:17 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2022-07-04 14:27 - 2020-08-26 23:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-07-03 22:13 - 2014-05-14 17:57 - 000000000 ____D C:\ProgramData\TEMP
2022-07-03 22:11 - 2014-05-14 17:57 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2022-07-03 22:10 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2022-07-03 22:10 - 2009-07-13 22:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-07-03 14:37 - 2016-04-06 17:08 - 000000000 ____D C:\ProgramData\Nuance
2022-07-03 14:30 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2022-07-03 14:25 - 2016-04-20 17:54 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2022-07-03 13:49 - 2018-06-06 14:52 - 000000000 ____D C:\Users\Helena\AppData\Roaming\Samsung
2022-07-02 18:19 - 2020-08-21 13:20 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-07-02 18:19 - 2020-08-21 13:20 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-07-02 18:19 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-07-02 18:19 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-07-02 12:05 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-07-02 12:03 - 2016-11-14 20:27 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\Temp
2022-07-02 11:14 - 2015-08-07 23:01 - 000001086 _____ C:\Users\Helena\Desktop\magicJack.lnk
2022-07-02 11:14 - 2015-08-07 23:01 - 000001072 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2022-07-02 11:14 - 2015-08-07 23:01 - 000000000 ____D C:\Users\Helena\AppData\Roaming\mjusbsp
2022-07-02 11:11 - 2015-08-07 23:01 - 000000000 ____D C:\Users\Helena\AppData\Local\magicJack
2022-07-02 10:07 - 2014-05-11 17:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-07-02 10:07 - 2014-05-11 10:35 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2022-07-02 09:03 - 2021-10-05 16:28 - 000000000 ____D C:\Users\Helena\AppData\Roaming\discord
2022-07-02 08:48 - 2021-10-05 16:27 - 000000000 ____D C:\Users\Helena\AppData\Local\Discord
2022-07-02 08:40 - 2014-05-10 17:01 - 000000000 ____D C:\ProgramData\InstallMate
2022-07-01 17:12 - 2022-03-31 10:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-07-01 17:12 - 2016-11-17 23:38 - 000000000 ____D C:\Users\Helena\AppData\LocalLow\Mozilla
2022-07-01 17:11 - 2014-05-11 17:31 - 000001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-07-01 10:32 - 2021-12-12 23:47 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-831887293-3776352801-720962199-1001
2022-07-01 10:32 - 2020-08-27 00:17 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-831887293-3776352801-720962199-1001
2022-07-01 10:32 - 2020-08-26 05:29 - 000002429 _____ C:\Users\Helena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-06-29 19:35 - 2015-08-08 22:50 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-06-29 19:35 - 2014-05-10 19:30 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-06-29 08:10 - 2020-08-27 00:07 - 000971878 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-06-29 08:00 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-06-29 07:59 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-06-29 07:59 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-06-29 07:59 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2022-06-28 23:42 - 2020-08-26 23:51 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-06-28 22:24 - 2014-05-10 15:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-06-28 22:11 - 2014-05-10 15:21 - 145918784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-06-28 18:14 - 2021-04-06 11:46 - 000002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2022-06-28 18:14 - 2021-04-06 11:46 - 000002330 _____ C:\Users\Public\Desktop\Brave.lnk
2022-06-28 14:56 - 2020-12-01 09:01 - 000000682 _____ C:\Users\Helena\Desktop\ShoppingList.txt
2022-06-27 17:04 - 2015-01-02 20:59 - 000000000 ____D C:\Users\Helena\Documents\Dance
2022-06-25 11:19 - 2018-06-19 20:06 - 000000000 ____D C:\ProgramData\Packages
2022-06-24 15:39 - 2020-04-22 18:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-06-23 21:32 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-06-23 08:17 - 2019-07-22 10:30 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2022-06-22 20:09 - 2018-02-18 19:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-06-16 01:11 - 2020-08-27 00:17 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-06-16 01:11 - 2020-08-27 00:17 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-06-11 17:07 - 2021-10-05 16:28 - 000002279 _____ C:\Users\Helena\Desktop\Discord.lnk
==================== Files in the root of some directories ========
2019-06-01 15:36 - 2019-06-01 15:36 - 000003584 _____ () C:\Users\Helena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-26 12:28 - 2019-03-16 08:22 - 000000600 _____ () C:\Users\Helena\AppData\Local\PUTTY.RND
2018-10-20 22:40 - 2018-10-20 22:40 - 000002938 _____ () C:\Users\Helena\AppData\Local\recently-used.xbel
2014-05-25 18:06 - 2018-06-05 21:44 - 000007597 _____ () C:\Users\Helena\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2022
Ran by Helena (04-07-2022 15:42:43)
Running from C:\Users\Helena\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.1766 (X64) (2020-08-27 05:19:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-831887293-3776352801-720962199-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-831887293-3776352801-720962199-503 - Limited - Disabled)
Guest (S-1-5-21-831887293-3776352801-720962199-501 - Limited - Disabled)
Helena (S-1-5-21-831887293-3776352801-720962199-1001 - Administrator - Enabled) => C:\Users\Helena
HomeGroupUser$ (S-1-5-21-831887293-3776352801-720962199-1009 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-831887293-3776352801-720962199-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Anchor Service CS3 (HKLM-x32\...\{90176341-0A8B-4CCC-A78D-F862228A6B95}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (HKLM-x32\...\{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (HKLM-x32\...\{9C9824D9-9000-4373-A6A5-D0E5D4831394}) (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (HKLM-x32\...\{08B32819-6EEF-4057-AEDA-5AB681A36A23}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (HKLM-x32\...\{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}) (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (HKLM-x32\...\{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (HKLM-x32\...\{A2D81E70-2A98-4A08-A628-94388B063C5E}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (HKLM-x32\...\{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (HKLM-x32\...\{51846830-E7B2-4218-8968-B77F0FF475B8}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (HKLM-x32\...\{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (HKLM-x32\...\{95655ED4-7CA5-46DF-907F-7144877A32E5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (HKLM-x32\...\{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (HKLM-x32\...\{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}) (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (HKLM-x32\...\{6ABE0BEE-D572-4FE8-B434-9E72A289431B}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (HKLM-x32\...\{04AF207D-9A77-465A-8B76-991F6AB66245}) (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (HKLM-x32\...\{54793AA1-5001-42F4-ABB6-C364617C6078}) (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (HKLM-x32\...\{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}) (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}) (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Setup (HKLM-x32\...\{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (HKLM-x32\...\{29E5EA97-5F74-4A57-B8B2-D4F169117183}) (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (HKLM-x32\...\{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (HKLM-x32\...\{E69AE897-9E0B-485C-8552-7841F48D42D8}) (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (HKLM-x32\...\{D0DFF92A-492E-4C40-B862-A74A173C25C5}) (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (HKLM-x32\...\{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (HKLM-x32\...\{802771A9-A856-4A41-ACF7-1450E523C923}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Audacity 2.4.1 (HKLM-x32\...\Audacity_is1) (Version: 2.4.1 - Audacity Team)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9045 - )
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 103.1.40.109 - Brave Software Inc)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.50.854.0 - Logitech) Hidden
Common Desktop Agent (HKLM\...\{A38002C3-BA08-466A-A813-7F9D578B13A1}) (Version: 1.62.0 - OEM) Hidden
Discord (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.66 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LibreOffice 5.1.5.2 (HKLM\...\{DDDB2EB8-D3A0-484A-BB24-9611754D29C4}) (Version: 5.1.5.2 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (HKLM-x32\...\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (HKLM-x32\...\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}) (Version: 13.50.854.0 - Logitech) Hidden
LWS Help_main (HKLM-x32\...\{1651216E-E7AD-4250-92A1-FB8ED61391C9}) (Version: 13.50.862.0 - Logitech) Hidden
LWS Launcher (HKLM-x32\...\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}) (Version: 13.50.859.0 - Logitech) Hidden
LWS Motion Detection (HKLM-x32\...\{71E66D3F-A009-44AB-8784-75E2819BA4BA}) (Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (HKLM-x32\...\{08610298-29AE-445B-B37D-EFBE05802967}) (Version: 13.50.861.0 - Logitech) Hidden
LWS Twitter (HKLM-x32\...\{174A3B31-4C43-43DD-866F-73C9DB887B48}) (Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (HKLM-x32\...\{EED027B7-0DB6-404B-8F45-6DFEE34A0441}) (Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (HKLM-x32\...\{8937D274-C281-42E4-8CDB-A0B2DF979189}) (Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (HKLM-x32\...\{9DAEA76B-E50F-4272-A595-0124E826553D}) (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (HKLM-x32\...\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}) (Version: 13.31.1038.0 - Logitech) Hidden
magicJack (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\magicJack) (Version: 4.18.11491.8038 - magicJack L.P.)
Malwarebytes version 4.5.10.200 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.10.200 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{26784146-6E05-3FF9-9335-786C7C0FB5BE}) (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) (HKLM\...\{25E80DAA-FD87-DCE5-202C-CC02F6673002}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.44 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\OneDriveSetup.exe) (Version: 22.121.0605.0002 - Microsoft Corporation)
Microsoft Security Client (HKLM\...\{D9FCBAAE-DB72-488B-96D0-0AA3C892C0D6}) (Version: 4.8.0204.0 - Microsoft Corporation) Hidden
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 102.0 (x64 en-US)) (Version: 102.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 102.0.0.8209 - Mozilla)
Pale Moon 29.4.6 (x86 en-US) (HKLM-x32\...\Pale Moon 29.4.6 (x86 en-US)) (Version: 29.4.6 - Moonchild Productions)
PDF Settings (HKLM-x32\...\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}) (Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.06.00 - Samsung Electronics Co., Ltd.)
Skype version 8.85 (HKLM-x32\...\Skype_is1) (Version: 8.85 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{1423B8CC-EE7F-4B57-A67C-35BAE3F177F0}) (Version: 1.0.0 - Xerox Corporartion)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.5491 - Analog Devices)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Xerox Easy Document Creator (HKLM-x32\...\Xerox Easy Document Creator) (Version: 1.05.93 (4/11/2014) - Xerox Corporation)
Xerox Easy Printer Manager (HKLM-x32\...\Xerox Easy Printer Manager) (Version: 1.03.97.00(4/21/2014) - Xerox Corporation.)
Xerox Easy Wireless Setup (HKLM-x32\...\Xerox Easy Wireless Setup) (Version: 3.70.18.0 - Xerox Corporation)
Xerox MFP PC Fax (HKLM-x32\...\Xerox MFP PC Fax) (Version: 1.10.22 (4/21/2014) - Xerox Corporation)
Xerox Scan Process Machine (HKLM-x32\...\Xerox Scan Process Machine) (Version: 1.01.13.02 - Xerox Corporation) Hidden
Xerox WorkCentre 3215 (HKLM-x32\...\Xerox WorkCentre 3215) (Version: 1.01 (5/20/2014) - Xerox Corporation)
Zoom (HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\ZoomUMX) (Version: 5.10.6 (5889) - Zoom Video Communications, Inc.)
Packages:
=========
Ghostery – Privacy Ad Blocker -> C:\Program Files\WindowsApps\Ghostery.Ghostery_8.4.6.0_neutral__kzkqe0pn505dg [2020-07-20] (Ghostery)
HexChat -> C:\Program Files\WindowsApps\39215TingPing.HexChat_2.16.0.0_x86__fqe8h3fzrj50c [2021-12-04] (TingPing)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-04-28] (HP Inc.)
Logitech Camera Controller -> C:\Program Files\WindowsApps\E97CB0A1.LogitechCameraController_1.0.0.135_x86__wd885nsp30hay [2015-08-09] (LOGITECH Europe S.A.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.5310.0_x64__8wekyb3d8bbwe [2022-06-06] (Microsoft Studios) [MS Ad]
Newsmax TV -> C:\Program Files\WindowsApps\NewsmaxMediaInc.NewsmaxTV_2.0.0.0_neutral__wzre3exa0cyap [2020-11-29] (Newsmax Media Inc)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-17] (Microsoft Corporation)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2015-11-12] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll () [File not signed]
CustomCLSID: HKU\S-1-5-21-831887293-3776352801-720962199-1001_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll () [File not signed]
ContextMenuHandlers1: [!XrxFax0] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax1] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax2] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax3] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax4] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax5] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax6] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers1: [!XrxFax7] -> {AEFAE55E-E59D-4A0C-9829-4713236130AF} => C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll [2014-04-21] (Xerox Corporation.) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-05] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2014-05-14 16:59 - 2012-12-06 01:46 - 000041984 _____ (Windows (R) Codename Longhorn DDK provider) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\spe__pc.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 001580032 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxEngine64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000192000 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxShell64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000288768 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\drivers\x64\3\XrxFaxUser64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000146944 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\system32\spool\PRTPROCS\x64\XrxFaxProc64.dll
2016-04-06 18:02 - 2014-04-21 10:25 - 000280064 _____ (Xerox Corporation.) [File not signed] C:\WINDOWS\System32\XrxFaxPort64.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
DownloadDir: C:\Users\Helena\Desktop
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-831887293-3776352801-720962199-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_FEC2D14AA1F15DAD90F56E6F9A07DBED"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9F61700E-171F-4C5B-9ED1-CB0972EE99F5}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{78F2C9A1-BBBA-4CC6-B16C-78FB2130F628}] => (Allow) C:\Program Files (x86)\Pale Moon\palemoon.exe (Mark Straver -> Moonchild Productions)
FirewallRules: [{04F201AE-4DF3-409D-9ABB-57C2AE92B6BB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{58E8E43C-3E07-4AA5-8463-B6DC3EC1251F}] => (Allow) C:\Program Files (x86)\Xerox\Easy Document Creator\EDC.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{AF3FD539-0C98-407C-8E64-4D2470D3C642}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{63FF7ED6-45DF-4FE2-92E9-FE88DA8C4D85}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{325F527D-106B-45B9-94BF-B2BEDE48E772}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{FC6ED370-2564-4DA1-969A-62828079D9F8}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\CDAS2PC\Xerox.CDAS2PC.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{062919F5-8F2C-496A-89B5-11DDD1147074}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{33DD97EF-6A44-4205-99A3-371D0665ACFC}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\uninstall.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{344089DB-4519-432A-9CDB-FC6C5473BE44}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{9D92BF02-4743-4266-80A1-9428548084FB}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Alert.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{D3023B7A-56DD-46F9-B919-EDADA94759A0}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{86FF4CF8-51A0-4803-8853-751A89DF3B23}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.OrderSupplies.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{36E93662-45C6-4463-979B-627008168B24}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{97781A04-8AC0-48C4-87A4-05B66E37453B}] => (Allow) C:\Program Files (x86)\Xerox\Easy Printer Manager\Xerox.Application.exe (Xerox Corporation.) [File not signed]
FirewallRules: [{C982AB76-982C-4F99-83E2-B5402F8296B4}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{CC31AB0D-BFD9-4242-B9ED-6F56C324851D}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{BCDE1B16-8B65-48D7-99AE-27DC5D4F2226}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{C6440625-AF29-4CAC-9A7B-120BA1331F83}] => (Allow) C:\Windows\twain_32\Xerox\WC3215\ScanCDLM\ScanCDLM.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [UDP Query User{79274DEA-4344-49BA-8447-DB3B44C2F54B}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{35B14486-AA8A-4F27-8D68-1C86ABCD48A8}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{6512DF6B-F01F-4965-966F-5C4C5DEB93EC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{C1E18C13-5610-4FA2-89ED-612D6B2751ED}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{9DDE1097-BE1F-46D8-8E56-B60B562F6543}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [UDP Query User{EB7C78DD-60AE-43FB-93BE-9D3E3D020F77}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [TCP Query User{20DC34DB-A30B-4DBF-831B-A54379AAE580}C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\helena\appdata\roaming\mjusbsp\magicjack.exe (magicJack, L.P. -> magicJack L.P.)
FirewallRules: [{20F4B574-F3CA-4515-89E5-A825B42C24BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BEEB081D-8416-421B-9299-152874C3DE33}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{774F924B-F8EE-42C4-99DE-DE4467682134}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe (Lexmark International, Inc. -> Lexmark International Inc.)
FirewallRules: [{9F9CEA1B-2A67-4102-8221-8A71F04EC115}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxbvpswx.exe (Lexmark International, Inc. -> Lexmark International Inc.)
FirewallRules: [{20D52E51-1A40-48EF-A190-605002395C88}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{C960470E-1338-4F34-B0C5-51DF60DFCC0B}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [UDP Query User{F5976D48-B0AD-4171-8854-3F83EAFCF912}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9A151D56-8271-4E2A-828C-193DE19CAEE4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{DF1720A9-63DB-4188-BD7D-1B35A9CC68FB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C13A1328-23FF-47A6-9A2A-C5B9CFF77D87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D5AB136F-A188-4D45-B211-E8699A1257E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7DBA3833-7704-41D7-BF87-0B1555D2427D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D3B03BF7-A420-4045-96A8-F9E72281B4A9}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{620EA53E-5F9B-46A0-AE0C-B833A7B6B783}] => (Allow) C:\Windows\System32\lxbvcoms.exe (Lexmark International, Inc. -> )
FirewallRules: [{29A29FD9-59D8-4661-9714-2DEBAC833454}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5B6088DD-8771-4EB9-88DC-F8240349E8C8}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{042B0F6B-198F-414B-B71F-35B17E6F2441}] => (Allow) C:\Users\Helena\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7E4F0B1E-A1F7-41B7-85FA-62F2CED9FE98}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B35A3149-605F-42B0-8C8E-509208A3AADE}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{38637F5F-9703-4FD1-9A86-21E840D30DA4}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{B6D7D8A6-DD1E-46EB-955B-143CBF0EAE3F}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{48B55577-0BCD-4590-95ED-706A5F6B8C87}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C0A27E00-C044-45BA-ADF0-B0CC320E704E}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BFA0627E-C944-475A-A9D2-A8D615ECA5AF}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{D3E159AD-09F1-475A-B961-38F4F890F6B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
13-06-2022 20:02:49 b4 telegram install
23-06-2022 11:55:46 b4 MB restart
28-06-2022 22:45:08 Windows Modules Installer
28-06-2022 23:03:00 Windows Modules Installer
28-06-2022 23:11:10 Windows Modules Installer
02-07-2022 08:38:11 b4LandzdownFix
03-07-2022 13:48:56 AdwCleaner_BeforeCleaning_03/07/2022_13:48:48
03-07-2022 14:24:18 Removed Windows PC Health Check
03-07-2022 14:36:44 Removed PDF Viewer.
03-07-2022 14:38:19 Removed Image Retriever.
03-07-2022 14:40:35 Removed PaperPort.
04-07-2022 15:09:36 Removed PaperPort.
04-07-2022 15:13:24 Removed PaperPort Image Printer.
04-07-2022 15:14:37 Removed OmniPage.
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (07/04/2022 03:15:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.19041.1, time stamp: 0x25d5450e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1766, time stamp: 0x270baf18
Exception code: 0xe06d7363
Fault offset: 0x0012c3a2
Faulting process id: 0x15dc
Faulting application start time: 0x01d88fe2c4610784
Faulting application path: C:\Windows\syswow64\MsiExec.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 3d61f98f-dd3a-4636-b7f4-507b3a77b3d0
Faulting package full name:
Faulting package-relative application ID:
Error: (07/04/2022 03:12:41 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Helena-PC)
Description: Application or service 'PDFProFiltSrvPP' could not be restarted.
Error: (07/04/2022 03:11:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.19041.1, time stamp: 0x25d5450e
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1766, time stamp: 0x270baf18
Exception code: 0xe06d7363
Fault offset: 0x0012c3a2
Faulting process id: 0x26cc
Faulting application start time: 0x01d88fe2257cebfc
Faulting application path: C:\Windows\syswow64\MsiExec.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: c2a7adc5-b69b-4f7a-9c46-3966e775f53c
Faulting package full name:
Faulting package-relative application ID:
Error: (07/04/2022 03:00:37 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
Error: (07/04/2022 01:05:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.
Operation:
Executing Asynchronous Operation
Context:
Current State: DoSnapshotSet
Error: (07/04/2022 01:03:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c987c0f2-30a8-4c6a-9053-f740963b0dc0}
Error: (07/03/2022 02:53:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GameBar.exe, version: 5.722.5052.0, time stamp: 0x6274ca9c
Faulting module name: KERNELBASE.dll, version: 10.0.19041.1741, time stamp: 0xe9b4a91b
Exception code: 0xc0000409
Fault offset: 0x000000000010fa32
Faulting process id: 0x2034
Faulting application start time: 0x01d88f1666c1d596
Faulting application path: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.722.5052.0_x64__8wekyb3d8bbwe\GameBar.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 7d87fcba-dfda-4114-9d73-879504ab94d1
Faulting package full name: Microsoft.XboxGamingOverlay_5.722.5052.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
Error: (07/02/2022 12:06:04 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
System errors:
=============
Error: (07/04/2022 03:43:52 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/04/2022 03:38:52 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/04/2022 03:33:52 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/04/2022 03:28:55 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.
Error: (07/04/2022 03:28:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The W3SVC service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (07/04/2022 03:28:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (07/04/2022 03:28:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetPipeActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Error: (07/04/2022 03:28:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetMsmqActivator service depends on the WAS service which failed to start because of the following error:
The system cannot find the drive specified.
Windows Defender:
================
Date: 2022-07-03 22:36:23
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-03 20:53:26
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-02 00:04:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-07-01 11:23:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-06-28 20:51:04
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
CodeIntegrity:
===============
Date: 2022-01-13 17:51:27
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2022-01-02 21:53:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A09 03/11/2008
Motherboard: Dell Inc. 0GM819
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 66%
Total physical RAM: 3956.61 MB
Available physical RAM: 1341.87 MB
Total Virtual: 7924.61 MB
Available Virtual: 4927.87 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:926.93 GB) (Free:828.71 GB) (Model: Hitachi HDS721010KLA330 ATA Device) NTFS
\\?\Volume{6462e9a1-d38d-11e3-9305-806e6f6e6963}\ (System) (Fixed) (Total:3.76 GB) (Free:0.56 GB) NTFS
\\?\Volume{c07cf236-0000-0000-0000-00ace8000000}\ () (Fixed) (Total:0.82 GB) (Free:0.41 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: C07CF236)
Partition 1: (Active) - (Size=3.8 GB) - (Type=27)
Partition 2: (Not Active) - (Size=926.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=844 MB) - (Type=27)
==================== End of Addition.txt =======================
Hi, PWG.
Logs are good.
Something I would like to investigate:
Please do the following to run a FRST fix.
NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
- Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CloseProcesses:
type C:\ProgramData\NTUSER.pol
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge
GroupPolicy: Restriction - Chrome <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [274]
End::
- Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your Desktop.
- Post the log in your next reply.
Hi, PWG.
This is a test for a reply to the topic.
Since I can't post the FIX log in the topic, I'm going to try adding it as an attachment.
OK, thank you.
All is good.
Is there any remaining question/issue/concern?
Thank you so much for your help. My computer is running at normal speeds again and reboot is much faster now. Whatever corruption was fixed appears to have made a big difference. I haven't noticed any problems from removing the printer related programs. Printer is still hearing commands and printing.
I am planning to order the 4 2GB RAM memory sticks from the Amazon link you posted. I didn't realize it possible or that it was so inexpensive to double my RAM. Such good news! In the reviews, people reported the sticks can be different manufacturers. Is it still ok to order if they are not Dell products?
I'm a little apprehensive about opening up my computer to change out the memory sticks. Especially with replacing all instead of just adding. Seems like a lot could go wrong. But I guess I can post again if I have a problem with it.
Oh..... the programs I downloaded :
FRST64.exe
CrucialScan
AdwCleaner
Should I keep any of those? If not, can they just go in the recycle bin, or is there a special way to uninstall?
Hi, PWG.
Seeing more carefully your attached fixlog.txt, I realized that there was a missing directive (I forgot the CMD: at the beginning of the line) which led to this:
type C:\ProgramData\NTUSER.pol => Error: No automatic fix found for this entry.
However, after reading a discussion about this elsewhere, it seems that even if I wrote the command correctly, the output would be unreadable. It is something that is already reported to the FRST creator and it will be fixed soon.
In any case, the policies set in your computer comes from SpywareBlaster, so I won't ask you to do anything more about them right now.
=======================
Regarding your questions:
QuoteI am planning to order the 4 2GB RAM memory sticks from the Amazon link you posted. I didn't realize it possible or that it was so inexpensive to double my RAM. Such good news! In the reviews, people reported the sticks can be different manufacturers. Is it still ok to order if they are not Dell products?
The price goes up depending on how much RAM you buy. Sticks of 2GB are the cheaper. Yes, it's OK to buy RAM from manufacturers other than DELL.
QuoteI'm a little apprehensive about opening up my computer to change out the memory sticks. Especially with replacing all instead of just adding. Seems like a lot could go wrong. But I guess I can post again if I have a problem with it.
Of course!
QuoteShould I keep any of those? If not, can they just go in the recycle bin, or is there a special way to uninstall?
The following tool will remove the tools we used as well as reset system restore points:Download
KpRm (http://'https://toolslib.net/downloads/finish/951-kprm/') by kernel-panik and save it to your desktop.
- Right-click kprm_(version).exe and select Run as Administrator.
- Read and accept the disclaimer.
- When the tool opens, ensure all boxes under Actions are checked.
- Under Delete Quarantines select Delete Now, then click Run.
- Once complete, click OK.
- A log will open in Notepad titled kprm-(date).txt.
- Please copy and paste its contents in your next reply.
RAM is ordered. I'm excited that my computer can get faster, even as an old workhorse. ^_^
kprm tool has been run
Question: I previously sent the folders with the 2 older versions of FRST to the recycle bin. They are still there after running the kprm tool. Can I delete them from there?
=========================
# Run at 7/6/2022 1:34:42 PM
# KpRm (Kernel-panik) version 2.9.3
# Website https://kernel-panik.me/tool/kprm/
# Run by Helena from C:\Users\Helena\Desktop
# Computer Name: HELENA-PC
# OS: Windows 10 X64 (19044)
# Number of passes: 1
- Checked options -
~ Registry Backup
~ Delete Tools
~ Restore System Settings
~ UAC Restore
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines
- Create Registry Backup -
~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
~ [OK] Hive C:\Users\Helena\NTUSER.dat backed up
[OK] Registry Backup: C:\KPRM\backup\2022-07-06-13-34-41
- Delete Tools -
## AdwCleaner
[OK] C:\Users\Helena\Desktop\AdwCleaner.exe deleted
[OK] C:\AdwCleaner deleted
## FRST
[OK] C:\Users\Helena\Desktop\FRST64.exe deleted
[OK] C:\FRST deleted
- Restore System Settings -
[OK] Reset WinSock
[OK] FLUSHDNS
[OK] Hide Hidden file.
[OK] Show Extensions for known file types
[OK] Hide protected operating system files
- Restore UAC -
[OK] Set EnableLUA with default (1) value
[OK] Set ConsentPromptBehaviorAdmin with default (5) value
[OK] Set ConsentPromptBehaviorUser with default (3) value
[OK] Set EnableInstallerDetection with default (0) value
[OK] Set EnableSecureUIAPaths with default (1) value
[OK] Set EnableUIADesktopToggle with default (0) value
[OK] Set EnableVirtualization with default (1) value
[OK] Set FilterAdministratorToken with default (0) value
[OK] Set PromptOnSecureDesktop with default (1) value
[OK] Set ValidateAdminCodeSignatures with default (0) value
- Clear Restore Points -
~ [OK] RP named b4 telegram install created at 06/14/2022 01:02:49 deleted
~ [OK] RP named b4 MB restart created at 06/23/2022 16:55:46 deleted
~ [OK] RP named Windows Modules Installer created at 06/29/2022 03:45:08 deleted
~ [OK] RP named Windows Modules Installer created at 06/29/2022 04:03:00 deleted
~ [OK] RP named Windows Modules Installer created at 06/29/2022 04:11:10 deleted
~ [OK] RP named b4LandzdownFix created at 07/02/2022 13:38:11 deleted
~ [OK] RP named AdwCleaner_BeforeCleaning_03/07/2022_13:48:48 created at 07/03/2022 18:48:56 deleted
~ [OK] RP named Removed Windows PC Health Check created at 07/03/2022 19:24:18 deleted
~ [OK] RP named Removed PDF Viewer. created at 07/03/2022 19:36:44 deleted
~ [OK] RP named Removed Image Retriever. created at 07/03/2022 19:38:19 deleted
~ [OK] RP named Removed PaperPort. created at 07/03/2022 19:40:35 deleted
~ [OK] RP named Removed PaperPort. created at 07/04/2022 20:09:36 deleted
~ [OK] RP named Removed PaperPort Image Printer. created at 07/04/2022 20:13:24 deleted
~ [OK] RP named Removed OmniPage. created at 07/04/2022 20:14:37 deleted
[OK] All system restore points have been successfully deleted
- Create Restore Point -
[OK] System Restore Point created
- Display System Restore Point -
~ RP named KpRm created at 07/06/2022 18:37:13
-- KPRM finished in 208.32s --
Hi. :)
Yes, you can empty the Recycle bin now.
As to the RAM, perhaps faster is not the actual word. But for sure, the computer will "breathe", since you will gain sufficient resources to run your programs.
I've removed a few more programs and have a couple more questions about that.
I removed several X-Box related apps from the start menu list. But it the uninstall button is grayed out for XBox Gamer Bar, so I can't uninstall. How would I go about that? Or does it not matter? After I tried to uninstall it, I got a pop up screen from the right side from it that I've never seen before, but it closed too quickly for me to tell what it was other than I saw Xbox on it.
Also HP Smart App is in that list too but not on the appwiz list where I uninstalled the other programs. Is that because this and Xbox apps are windows apps? And I want to make sure HP Smart has nothing to do with running my Xerox printer before I uninstall it. I checked it out online, but I am still unsure. I might have had an HP inkjet printer eons ago, but I can't verify that.
Thanks for any guidance!
Hi, PWG.
Programs/apps with no uninstallers are listed only in the Start menu.
I don't see a connection between HP Smart App and Xerox printer, so I believe you can uninstall it.
As to the XBox Gamer Bar, try this:
- In the Search area type Powershell.
- When the item appears, choose to run it as administrator.
- Copy and paste the following command in the blue window:
Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage
- Wait until the process is finished.
- Exit.
Thanks.
HP Smart uninstalled without event.
However After I pasted the code in the powershell box and clicked "enter", the last line immediately appeared with the flashing dot that shows where to add the command . I assume that means it is done with whatever it was going to do but I've not exited yet. However, the Xbox Gamer Bar is still in the start menu program list.
Most possibly the Powershell command I gave you above did nothing at all. It seems that there isn't any official way to uninstall it.
There are some ways online, but I wouldn't use them.
https://www.majorgeeks.com/content/page/how_to_uninstall_the_game_bar_in_windows_10.html
https://gist.github.com/joshschmelzle/04c57d957c5bb92e85ae9180021b26dc#:~:text=and%20looking%20there.-,Press%20Windows%20Key%20or%20click%20on%20the%20Start%20menu.,the%20Xbox%20Game%20Bar%20app.&text=Scroll%20down%20and%20click%20Uninstall,for%20the%20process%20to%20finish.
I didn't try Revo Uninstaller so I can't recommend it to you.
In any case, I wouldn't bother and would just let it be. :)
Perhaps someone else who is reading us would like to say something on that.
Beginning with Build 10.0.18362 (19H1), the uninstall button for the Xbox Game Bar is greyed out in the Settings app. I guess Microsoft doesn't want it officially uninstalled, as evidenced by how difficult they've made it to uninstall built-in apps.
I'm not sure you gain anything by trying to uninstall it via all the online tips/tricks, registry edits, etc (PowerShell commands cannot be undone). It may be a self-healing service in Windows and get "repaired" without intervention, it may also install itself automatically on Windows upgrades. If so, you'll be fighting this battle continuously.
Best I can suggest ... turn it off:
Open the Start menu
Click the small "gear" icon to open Settings
Click Gaming
Under Xbox Game Bar settings, turn off the switch "Enable Xbox Game Bar for things like ...". Also uncheck the "Open Game bar using this button on a controller" option. That will at least disable the Xbox Game Bar
Thanks. I've turned off all the functions in the settings for Xbox Game Bar as suggested. That should be fine.
I intended to attach this screen shot to my last response so you could see how the powershell box looked.
After what Winchester said, I think I'm glad the command did nothing.
I have tried the command and it removed the other XBox app installed, which you already uninstalled. The command didn't do anything regarding the Game Bar.
As to the Turn Off option, I'm not sure what it does.
Anyway, as mentioned above,
QuoteI'm not sure you gain anything by trying to uninstall it via all the online tips/tricks, registry edits, etc (PowerShell commands cannot be undone). It may be a self-healing service in Windows and get "repaired" without intervention, it may also install itself automatically on Windows upgrades. If so, you'll be fighting this battle continuously.
I happy to leave it there with functions turned off. Its all good. So happy with the performance improvements. :)
Task Manager says I'm running at about 65% memory usage and CPU, Disk and Network are idling at 0-3%. The performance tab says I have 1.2GB available RAM. I should get my new memory sticks on Monday.
Excellent!
I'm glad we could help.
If you need anything else, you know we are here. :)
My memory sticks came early!
So before I start the installation I want to make sure I'm installing the right sticks. I'm posting up screenshots of the sticks and of the Specy scan of my memory. I know several things have to match, but I don't know what any of them mean, so just want a confirmation these are the sticks compatible with my machine.
The memory sticks
One thing I see is the sticks are labeled667MHz
In the Specy scan it says 332.5 MHz
Is that a problem?
No, that won't be a problem.
Good news. The RAM replacement went smoothly. Didn't have to removed the CD drive to get to the slots, so just a matter of opening the case, removing the old sticks and replacing the new. The only tricky part was figuring out that they had to be pressed into their slots hard enough to get the locks to click closed. Everything fired up normally except there was a notice during the boot that RAM was different. The screen shot shows what is reported in Task Manager/Processes.. I'm super happy that doubling my RAM was possible when thought it was not. And, it wouldn't have happened without Dr. M's suggestion that I could while trouble shooting my other problem. Landzdown rocks!
Congratulations, PWG!
Glad to see that everything works fine!
The computer recognized the new RAM and accepted it! For sure, you gave it the opportunity to breath better and run your programs smoothly.
And you rock too, as you replaced the RAM your own! Well done! :D
Thanks! I am feeling a bit more powerful than usual today. ^_^
And I am looking forward to my next Zoom meeting without the usual buffering lags.
I have updated my Computer Specs link in my signature. It was fun to type "8GB of RAM".
I did a check with Specy to see if my core temperatures were still good, and its reporting 39C degrees, so I think my hard drive is good for a while and can take my time looking for a new computer. But I know I need to think about replacing it since it can't update to Windows 11. I'm going to start a topic to get some advice on what to look for.
You can continue running with Windows 10 until 2025, when Microsoft will stop supporting this operating system with security updates.
So you have enough time to think about your new computer. :)