Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Blue Screen Of Death 3 Times Yesterday (6-8-20)

Started by Krishna , Jun 08 2020 10:46 PM

This topic is locked

30 replies to this topic

#1 Krishna

Member

Full Member
77 posts

Posted 08 June 2020 - 10:46 PM

I started getting the Blue Screen Of Death with a big

Smiley with a Frown, statting that something was

wrong with the computer and would have to be

rebooted. My usual way of dealing with this in the

past was to pull the battery, power source, and

disconnect. Then after I powered back up, but still

being disconnected from the Internet I would run

TFC.exe, Internet Options to clear Temporary Internet

Files and Cookies, CCleaner, Malwarebytes, and AVG.

If everyhting seemed to be working good there, then

I'd reconnect to the Internet and see what happened

up there.

Yesterday it was really acting up. I was trying to

watch an interview on YouTube and the video froze,

the volume turned into a buzz, and I lost control of

my mouse, so I had to pull power and then a cold

reboot. Then when I was looking at Junk Mail in

Hotmail, I was trying to have what I had Selected to

put in the Inbox, but the Menu wouldn't open,

couldn't close the Program, so I had to abort again.

I downloaded ESETonline Scanner first ran that. It

tokk over 3 hours to Scan the system, but it found a

Trojan and another Program in my Downloads folder. I

don't really want to do a Refresh as 8.1 is not on a

CD, but a Flashdrive. I'm usuing a HP Pavilion

Notebokk with Windows 8.1. AVG does not like RGSA,

so I temporarily shut it off. Here's the logs.

Thanks in advance, Krishna.

P.S. I'm running Malwarebytes Premium.

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 6/8/20

Scan Time: 11:22 PM

Log File: 7c032286-aa00-11ea-ba23-a01d48ddcedf.json

-Software Information-

Version: 4.1.0.56

Components Version: 1.0.931

Update Package Version: 1.0.25248

License: Premium

-System Information-

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Harris-PC\Steve

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 259080

Threats Detected: 0

Threats Quarantined: 0

Time Elapsed: 10 min, 40 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 0

(No malicious items detected)

Registry Value: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Data Stream: 0

(No malicious items detected)

Folder: 0

(No malicious items detected)

File: 0

(No malicious items detected)

Physical Sector: 0

(No malicious items detected)

WMI: 0

(No malicious items detected)

(end)

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020

Ran by Steve (administrator) on HARRIS-PC (Hewlett-Packard HP Pavilion 15 Notebook PC) (08-06-2020 23:45:46)

Running from C:\Users\Steve\Desktop

Loaded Profiles: Steve

Platform: Windows 8.1 (Update) (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe

() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe

() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswEngSrv.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe <2>

(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Power2Go12\CLMLSvc_P2G12.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>

(Hewlett-Packard -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe

(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Hewlett-Packard Company -> HP) C:\Windows\System32\hpservice.exe

(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe

(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe

(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe

(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe

(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe

(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe

(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe

(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9230312 2018-05-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Softex Incorporated -> Hewlett-Packard)

HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Softex Incorporated -> Hewlett-Packard)

HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Softex Incorporated -> Hewlett-Packard)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [156776 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard -> Hewlett-Packard Company)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [701984 2017-07-13] (HP Inc. -> HP Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [PowerDVD18Agent] => C:\Program Files (x86)\CyberLink\PowerDVD18\PowerDVD18Agent.exe [528840 2019-03-05] (CyberLink Corp. -> CyberLink Corp.)

HKLM-x32\...\Run: [CLMLServer_For_P2G12] => C:\Program Files (x86)\CyberLink\Power2Go12\CLMLSvc_P2G12.exe [154296 2018-11-07] (CyberLink Corp. -> CyberLink)

HKU\S-1-5-21-752196998-378064213-1701927948-1002\...\Run: [Power2GoExpress8] => NA

HKU\S-1-5-21-752196998-378064213-1701927948-1002\...\Run: [Power2GoExpress12] => NA

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

HKLM\...\Print\Monitors\HP a011 Status Monitor: C:\Windows\system32\hpinkstsa011LM.dll [331664 2012-06-12] (Hewlett Packard -> Hewlett-Packard Co.)

HKLM\...\Print\Monitors\HP C611 Status Monitor: C:\Windows\system32\hpinkstsC611LM.dll [333344 2013-05-06] (Hewlett Packard -> Hewlett-Packard Co.)

HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3050A J611 series): C:\Windows\system32\HPDiscoPMa011.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)

HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\Windows\system32\hpbprtmon.dll [404992 2013-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.97\Installer\chrmstp.exe [2020-06-03] (Google LLC -> Google LLC)

HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level

HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-10-14] (Softex Inc..) [File not signed]

HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2013-10-14] (Softex Inc..) [File not signed]

Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Copy 1).lnk [2020-03-08]

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1898B8D9-9FA5-42BB-825C-208C3F91CC1E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [134008 2020-03-25] (HP Inc. -> HP Inc.)

Task: {1A924A01-1460-4185-B137-252DF3972D68} - System32\Tasks\Driver Booster SkipUAC (Steve) => C:\Program Files (x86)\IObit\Driver Booster\5.4.0\DriverBooster.exe

Task: {1F2C01F0-E05C-484C-8093-F80D1375929C} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)

Task: {2CCCC7C4-A313-45E2-9499-5C483DF3A485} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Steve\Desktop\esetonlinescanner.exe [14665312 2020-06-08] (ESET, spol. s r.o. -> ESET spol. s r.o.)

Task: {35B673EB-EB8E-4726-88A5-EF65E17E6444} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-08] (Google Inc -> Google Inc.)

Task: {46064521-B4CF-4727-8A53-F798656E5A76} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Steve\Desktop\esetonlinescanner.exe [14665312 2020-06-08] (ESET, spol. s r.o. -> ESET spol. s r.o.)

Task: {57FFCCB0-B3CB-4F34-89A7-23E916A38A39} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)

Task: {60F6C3D9-8AB9-4E72-8573-66DBB8ECFD90} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation -> Microsoft Corporation)

Task: {6E3ED1D6-B5E0-45C8-87C8-8DB0652151F1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18732320 2019-10-01] (Piriform Software Ltd -> Piriform Ltd)

Task: {76D5726F-A4A1-4C78-836B-6053CE2E1266} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1117048 2020-03-26] (HP Inc. -> HP Inc.)

Task: {7AABD26B-2A98-485F-993B-3880BEA6D265} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe

Task: {7ABA0F7A-305C-469E-A049-C75237007AE3} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-752196998-378064213-1701927948-1002 => C:\Users\Steve\AppData\Local\Microsoft\OneDrive\OneDrive.exe

Task: {7E1F187B-44C8-401F-8579-18DD82F060A8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}

Task: {867825CF-6A8F-41DF-97DD-5AE4323F0472} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)

Task: {88610114-47BE-4F42-837E-BF65D2B73013} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-23] (HP Inc. -> )

Task: {944D5D4F-0288-41FE-BF1A-2E0063C69C92} - System32\Tasks\HPCeeScheduleForSteve => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: {97CDB05C-9069-4BF5-BF47-9C358DB16D99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-08] (Google Inc -> Google Inc.)

Task: {A8A597F4-12DE-4344-8E10-B7E66E9EE41D} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1692296 2020-02-27] (AVG Technologies USA, LLC -> AVG Technologies)

Task: {A9147A7E-2AA3-46F7-94F0-EA7831D8929D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [320856 2020-04-23] (HP Inc. -> HP Inc.)

Task: {B321C1AB-8FA0-45FA-A494-6E66E753CAB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1505624 2020-05-20] (HP Inc. -> HP Inc.)

Task: {B91A15B7-D445-4AF4-9CC6-416C653D3B34} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)

Task: {C9193CF8-4731-406E-BD2E-28C143451FB1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)

Task: {D6DBA4E2-EDDA-49C1-8F1D-5AF2946A8B10} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)

Task: {DAC7A505-7F02-4B43-A3C5-1F3DBED24FFD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1505624 2020-05-20] (HP Inc. -> HP Inc.)

Task: {DB6CAAEC-4591-42C4-BEFF-0BE85B461552} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [662872 2020-04-30] (HP Inc. -> HP Inc.)

Task: {DC2ACC65-0384-4FA6-B39E-F59D2E84A1A8} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4388440 2018-05-26] (Synaptics Incorporated -> Synaptics Incorporated)

Task: {E40E477C-18CD-4C50-ADA9-791ACCD969E0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-10-01] (Piriform Software Ltd -> Piriform Software Ltd)

Task: {E55BDDC3-F45E-485A-A636-9BF31F5AFF56} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1117048 2020-03-26] (HP Inc. -> HP Inc.)

Task: {E92CA9E1-5AEC-4118-A2DE-7B8C36D9BEF0} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [3387520 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

Task: {F44746C6-10D5-4E82-A1AE-60D82FBEEF7E} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForSteve.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)

Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.63 209.18.47.61

Tcpip\..\Interfaces\{67F30BE7-F1D9-4075-B26E-43D3F3480D79}: [DhcpNameServer] 209.18.47.63 209.18.47.61

Tcpip\..\Interfaces\{CF139D7E-D521-4337-A570-51EAAE9CEC88}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1

HKU\S-1-5-21-752196998-378064213-1701927948-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1

HKU\S-1-5-21-752196998-378064213-1701927948-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1

SearchScopes: HKLM -> {844A2F6A-2C69-485E-9750-4DB1795F5D0D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 -> {844A2F6A-2C69-485E-9750-4DB1795F5D0D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\S-1-5-21-752196998-378064213-1701927948-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CD2F4B07-66A3-4A7F-B5B5-38155F893335}&mid=faf257a8cbe747d2a1d471540e39272c-92930892bd410719a60f79d0b62c8f3b7d07b248&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616av&pr=fr&d=2016-06-08 17:52:23&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-752196998-378064213-1701927948-1002 -> {844A2F6A-2C69-485E-9750-4DB1795F5D0D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-752196998-378064213-1701927948-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CD2F4B07-66A3-4A7F-B5B5-38155F893335}&mid=faf257a8cbe747d2a1d471540e39272c-92930892bd410719a60f79d0b62c8f3b7d07b248&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616av&pr=fr&d=2016-06-08 17:52:23&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-752196998-378064213-1701927948-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-04-09] (Microsoft Corporation -> Microsoft Corporation)

BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-04-09] (Microsoft Corporation -> Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-04-09] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-04-09] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-04-09] (Microsoft Corporation -> Microsoft Corporation)

FireFox:

========

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-09] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] (WildTangent Inc -> )

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-03] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-752196998-378064213-1701927948-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\Steve\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2019-02-16] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:

=======

CHR DefaultProfile: Default

CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default [2020-06-08]

CHR Notifications: Default -> hxxps://articles.mercola.com; hxxps://awarenessact.com; hxxps://directorzone.cyberlink.com; hxxps://manualslibrary.org; hxxps://membership.cyberlink.com; hxxps://prayingmedic.com; hxxps://thechamomile.com; hxxps://upornia.com; hxxps://www.bradenton.com; hxxps://www.cyberlink.com; hxxps://www.facebook.com; hxxps://www.nascar.com; hxxps://www.youtube.com

CHR StartupUrls: Default -> "hxxps://google.com/","hxxp://https//google.com"

CHR Extension: (Slides) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]

CHR Extension: (Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]

CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Sheets) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]

CHR Extension: (Google Docs Offline) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-20]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]

CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]

CHR Extension: (Chrome Media Router) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-22]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-12-11] () [File not signed]

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [246784 2018-05-26] (Microsoft Windows Hardware Compatibility Publisher -> AMD)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed]

R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [349552 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [6397888 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]

R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc. -> Nuance Communications, Inc.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379224 2020-05-20] (HP Inc. -> HP Inc.)

R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-23] (HP Inc. -> HP Inc.)

R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-18] (Malwarebytes Inc -> Malwarebytes)

R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-09] (Microsoft Corporation -> Microsoft Corporation)

R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2018-05-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269912 2018-05-26] (Synaptics Incorporated -> Synaptics Incorporated)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [54080 2018-05-26] (Hewlett-Packard Company -> HP)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2018-05-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)

R3 amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [21634560 2018-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)

R3 amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [665600 2018-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)

R0 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [83656 2018-05-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

R0 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [23752 2018-05-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2018-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)

R0 avgArDisk; C:\Windows\System32\drivers\avgArDisk.sys [37208 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgArPot; C:\Windows\System32\drivers\avgArPot.sys [205952 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgbidsdriver; C:\Windows\System32\drivers\avgbidsdriver.sys [234632 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgbidsh; C:\Windows\System32\drivers\avgbidsh.sys [178832 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgbuniv; C:\Windows\System32\drivers\avgbuniv.sys [61072 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgKbd; C:\Windows\System32\drivers\avgKbd.sys [42856 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R2 avgMonFlt; C:\Windows\System32\drivers\avgMonFlt.sys [175776 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgRdr; C:\Windows\System32\drivers\avgRdr2.sys [109336 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgRvrt; C:\Windows\System32\drivers\avgRvrt.sys [84928 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgSnx; C:\Windows\System32\drivers\avgSnx.sys [851664 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R1 avgSP; C:\Windows\System32\drivers\avgSP.sys [461064 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R2 avgStm; C:\Windows\System32\drivers\avgStm.sys [235552 2020-05-21] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R0 avgVmm; C:\Windows\System32\drivers\avgVmm.sys [319200 2020-05-30] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)

R2 CLFCL5.18; C:\Windows\system32\DRIVERS\CLFCL5.18\000.fcl [46848 2019-02-20] (CyberLink Corp. -> CyberLink Corp.)

R3 CLVirtualBus01; C:\Windows\System32\drivers\CLVirtualBus01.sys [111840 2018-05-02] (CyberLink Corp. -> CyberLink)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-04-23] (Malwarebytes Corporation -> Malwarebytes)

R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [41280 2018-05-26] (Hewlett-Packard Company -> HP)

R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-05-26] (Martin Malik - REALiX -> REALiX™)

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-06-07] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [195432 2020-06-08] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73368 2020-06-08] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-06-07] (Malwarebytes Inc -> Malwarebytes)

R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [131736 2020-06-08] (Malwarebytes Inc -> Malwarebytes)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [329664 2018-05-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)

R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated -> Synaptics Incorporated)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)

S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31656 2018-05-26] (Hewlett-Packard Company -> HP)

R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2018-05-26] (Hewlett-Packard Company -> HP)

S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]

U3 McMPFSvc; no ImagePath

U3 McNaiAnn; no ImagePath

U3 mcpltsvc; no ImagePath

U3 McProxy; no ImagePath

U3 mfecore; no ImagePath

U3 MSK80Service; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-08 23:45 - 2020-06-08 23:47 - 000031734 _____ C:\Users\Steve\Desktop\FRST.txt

2020-06-08 23:44 - 2020-06-08 23:44 - 000899584 _____ C:\Users\Steve\Desktop\RGSA.exe

2020-06-08 23:43 - 2020-06-08 23:43 - 002289152 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe

2020-06-08 23:34 - 2020-06-08 23:34 - 000001209 _____ C:\Users\Steve\Desktop\MalwarebytesScan.txt

2020-06-08 23:30 - 2020-06-08 23:31 - 000000000 ____D C:\Users\Steve\AppData\LocalLow\IGDump

2020-06-08 23:21 - 2020-06-08 23:21 - 000003706 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn

2020-06-08 23:21 - 2020-06-08 23:21 - 000003266 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime

2020-06-08 23:19 - 2020-06-08 23:19 - 000001244 _____ C:\Users\Steve\Desktop\ESETScan.txt

2020-06-08 20:10 - 2020-06-08 20:10 - 014665312 _____ (ESET spol. s r.o.) C:\Users\Steve\Desktop\esetonlinescanner.exe

2020-06-08 20:10 - 2020-06-08 20:10 - 000000526 _____ C:\Users\Steve\Desktop\ESET Online Scanner.lnk

2020-06-08 19:57 - 2020-06-08 19:57 - 000262144 _____ C:\Windows\Minidump\060820-29671-01.dmp

2020-06-08 19:45 - 2020-06-08 19:59 - 000073368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2020-06-08 19:45 - 2020-06-08 19:45 - 000195432 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys

2020-06-08 19:45 - 2020-06-08 19:45 - 000131736 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys

2020-06-08 02:32 - 2020-06-08 02:32 - 000001112 _____ C:\Users\Steve\Documents\cc_20200608_023223.reg

2020-06-07 21:51 - 2020-06-07 21:51 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys

2020-06-07 21:51 - 2020-06-07 21:51 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys

2020-06-05 02:23 - 2020-06-05 02:23 - 000000000 ____D C:\Windows\pss

2020-06-05 02:10 - 2020-06-05 02:13 - 000001420 _____ C:\Users\Steve\Documents\SafeMode2.txt

2020-06-04 18:42 - 2020-06-04 20:38 - 000002479 _____ C:\Users\Steve\Documents\UninstallingGoogleChrome.txt

2020-06-03 04:43 - 2020-06-03 04:43 - 000000071 _____ C:\Users\Steve\Documents\BlueJeans.txt

2020-06-01 14:04 - 2020-06-01 16:25 - 000005192 _____ C:\Users\Steve\Documents\SystemRestoreFixes.txt

2020-05-24 05:01 - 2020-05-24 05:01 - 000002422 _____ C:\Users\Steve\Documents\cc_20200524_050112.reg

2020-05-24 04:14 - 2020-05-21 04:12 - 000338104 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe

2020-05-24 03:54 - 2020-05-24 03:54 - 000000099 _____ C:\Users\Steve\Documents\LukeCombs-WhenItRains.txt

2020-05-21 04:12 - 2020-05-21 04:12 - 000235552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStm.sys

2020-05-21 04:12 - 2020-05-21 04:12 - 000175776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys

2020-05-16 13:55 - 2020-05-16 13:55 - 001457029 _____ C:\Users\Steve\Downloads\to_a_few_of_my_friends.zip

2020-05-13 20:23 - 2020-04-29 23:49 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll

2020-05-13 20:23 - 2020-04-29 23:22 - 000881664 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe

2020-05-13 20:23 - 2020-04-29 22:55 - 001756672 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll

2020-05-13 20:23 - 2020-04-29 22:43 - 001495040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll

2020-05-13 20:23 - 2020-04-29 22:33 - 001096704 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2020-05-13 20:23 - 2020-04-16 02:04 - 022365896 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2020-05-13 20:23 - 2020-04-16 02:04 - 003118032 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe

2020-05-13 20:23 - 2020-04-16 02:04 - 001368592 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2020-05-13 20:23 - 2020-04-16 02:04 - 000722496 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll

2020-05-13 20:23 - 2020-04-16 02:04 - 000642488 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll

2020-05-13 20:23 - 2020-04-16 01:15 - 025755136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2020-05-13 20:23 - 2020-04-16 00:30 - 019795840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2020-05-13 20:23 - 2020-04-16 00:29 - 000561400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll

2020-05-13 20:23 - 2020-04-16 00:29 - 000493736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll

2020-05-13 20:23 - 2020-04-15 23:40 - 002911744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2020-05-13 20:23 - 2020-04-15 23:38 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2020-05-13 20:23 - 2020-04-15 23:31 - 020291072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2020-05-13 20:23 - 2020-04-15 23:31 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll

2020-05-13 20:23 - 2020-04-15 23:27 - 005498880 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2020-05-13 20:23 - 2020-04-15 23:27 - 000785408 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2020-05-13 20:23 - 2020-04-15 23:25 - 000546816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll

2020-05-13 20:23 - 2020-04-15 23:14 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2020-05-13 20:23 - 2020-04-15 23:11 - 002304000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2020-05-13 20:23 - 2020-04-15 23:07 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Credentials.UI.UserConsentVerifier.dll

2020-05-13 20:23 - 2020-04-15 23:04 - 000654336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2020-05-13 20:23 - 2020-04-15 23:03 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll

2020-05-13 20:23 - 2020-04-15 22:59 - 001994240 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2020-05-13 20:23 - 2020-04-15 22:54 - 015478272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2020-05-13 20:23 - 2020-04-15 22:53 - 003258368 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll

2020-05-13 20:23 - 2020-04-15 22:50 - 001384960 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2020-05-13 20:23 - 2020-04-15 22:49 - 002942464 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll

2020-05-13 20:23 - 2020-04-15 22:49 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2020-05-13 20:23 - 2020-04-15 22:41 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2020-05-13 20:23 - 2020-04-15 22:41 - 002471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll

2020-05-13 20:23 - 2020-04-15 22:40 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2020-05-13 20:23 - 2020-04-15 22:39 - 001560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2020-05-13 20:23 - 2020-04-15 22:37 - 004859392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2020-05-13 20:23 - 2020-04-15 22:35 - 013861376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2020-05-13 20:23 - 2020-04-15 22:32 - 000689152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll

2020-05-13 20:23 - 2020-04-15 22:30 - 014533632 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll

2020-05-13 20:23 - 2020-04-15 22:28 - 000902656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll

2020-05-13 20:23 - 2020-04-15 22:26 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

2020-05-13 20:23 - 2020-04-15 22:26 - 001566720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2020-05-13 20:23 - 2020-04-15 22:26 - 000466432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll

2020-05-13 20:23 - 2020-04-15 22:24 - 007799296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll

2020-05-13 20:23 - 2020-04-15 22:23 - 000626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll

2020-05-13 20:23 - 2020-04-15 22:19 - 001265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2020-05-13 20:23 - 2020-04-15 22:18 - 005271552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll

2020-05-13 20:23 - 2020-04-15 22:16 - 001341952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2020-05-13 20:23 - 2020-04-15 22:14 - 001727488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll

2020-05-13 20:23 - 2020-04-15 22:11 - 001546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll

2020-05-13 20:23 - 2020-04-14 03:33 - 000205824 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2020-05-13 20:23 - 2020-04-14 03:03 - 000168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2020-05-13 20:23 - 2020-04-11 14:42 - 007362296 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2020-05-13 20:23 - 2020-04-11 14:39 - 001542696 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

2020-05-13 20:23 - 2020-04-11 14:29 - 001737720 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2020-05-13 20:23 - 2020-04-11 13:31 - 001501096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2020-05-13 20:23 - 2020-04-11 13:04 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2020-05-13 20:23 - 2020-04-11 11:48 - 001377792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll

2020-05-13 20:23 - 2020-04-11 11:47 - 000260608 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll

2020-05-13 20:23 - 2020-04-11 11:23 - 001317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll

2020-05-13 20:23 - 2020-04-11 11:22 - 001103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll

2020-05-13 20:23 - 2020-04-10 20:12 - 002446576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2020-05-13 20:23 - 2020-04-09 09:36 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll

2020-05-13 20:23 - 2020-04-07 15:30 - 000988472 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll

2020-05-13 20:23 - 2020-04-07 15:28 - 000857320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll

2020-05-13 20:23 - 2020-04-07 09:55 - 003330048 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2020-05-13 20:23 - 2020-04-07 09:51 - 003636224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2020-05-13 20:23 - 2020-04-04 12:06 - 000879616 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll

2020-05-13 20:23 - 2020-04-04 12:01 - 001572864 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe

2020-05-13 20:22 - 2020-04-29 22:40 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll

2020-05-13 20:22 - 2020-04-29 22:37 - 000216576 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll

2020-05-13 20:22 - 2020-04-16 02:00 - 000374024 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2020-05-13 20:22 - 2020-04-16 00:25 - 000316368 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2020-05-13 20:22 - 2020-04-15 23:28 - 000186880 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll

2020-05-13 20:22 - 2020-04-15 23:06 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll

2020-05-13 20:22 - 2020-04-15 23:05 - 000147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll

2020-05-13 20:22 - 2020-04-15 22:59 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2020-05-13 20:22 - 2020-04-15 22:53 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2020-05-13 20:22 - 2020-04-15 22:51 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2020-05-13 20:22 - 2020-04-15 22:48 - 000310784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll

2020-05-13 20:22 - 2020-04-15 22:43 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2020-05-13 20:22 - 2020-04-15 22:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2020-05-13 20:22 - 2020-04-15 22:38 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2020-05-13 20:22 - 2020-04-15 22:38 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2020-05-13 20:22 - 2020-04-15 22:35 - 000254976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll

2020-05-13 20:22 - 2020-04-15 22:27 - 000173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll

2020-05-13 20:22 - 2020-04-15 22:22 - 000068096 _____ (Microsoft Corporation) C:\Windows\system32\ConfigureExpandedStorage.dll

2020-05-13 20:22 - 2020-04-15 22:20 - 004387328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2020-05-13 20:22 - 2020-04-15 22:20 - 000052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ConfigureExpandedStorage.dll

2020-05-13 20:22 - 2020-04-15 22:15 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2020-05-13 20:22 - 2020-04-15 22:15 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2020-05-13 20:22 - 2020-04-15 22:11 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll

2020-05-13 20:22 - 2020-04-15 22:11 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll

2020-05-13 20:22 - 2020-04-15 22:07 - 000156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll

2020-05-13 20:22 - 2020-04-15 22:05 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll

2020-05-13 20:22 - 2020-04-11 14:41 - 000376568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys

2020-05-13 20:22 - 2020-04-11 11:55 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2020-05-13 20:22 - 2020-04-11 11:53 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll

2020-05-13 20:22 - 2020-04-10 20:12 - 000428784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2020-05-13 20:22 - 2020-04-04 11:50 - 000795136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-06-08 23:46 - 2018-05-26 00:49 - 000000000 ____D C:\FRST

2020-06-08 23:03 - 2017-11-23 00:47 - 000000352 _____ C:\Windows\Tasks\HPCeeScheduleForSteve.job

2020-06-08 20:45 - 2014-04-07 18:01 - 000003930 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{5F3C0AA3-2C2D-4A09-B42C-56EA43D744A8}

2020-06-08 19:58 - 2014-04-07 23:36 - 000000000 ____D C:\Users\Steve

2020-06-08 19:57 - 2017-06-10 08:37 - 000000000 ____D C:\Windows\Minidump

2020-06-08 19:57 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2020-06-08 19:49 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf

2020-06-08 19:44 - 2015-10-26 21:35 - 000000000 ____D C:\ProgramData\Avg

2020-06-08 19:44 - 2013-11-27 14:25 - 000065536 _____ C:\Windows\system32\spu_storage.bin

2020-06-08 18:59 - 2020-03-08 04:21 - 000004128 _____ C:\Windows\system32\Tasks\CCleaner Update

2020-06-08 18:59 - 2020-03-08 04:21 - 000002810 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC

2020-06-08 18:59 - 2019-03-18 19:19 - 000003626 _____ C:\Windows\system32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series

2020-06-08 18:59 - 2018-09-04 21:17 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software

2020-06-08 18:59 - 2018-05-26 02:20 - 000002888 _____ C:\Windows\system32\Tasks\Driver Booster SkipUAC (Steve)

2020-06-08 18:59 - 2017-11-23 00:47 - 000003166 _____ C:\Windows\system32\Tasks\HPCeeScheduleForSteve

2020-06-08 18:59 - 2017-10-08 22:07 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA

2020-06-08 18:59 - 2017-10-08 22:07 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore

2020-06-08 18:59 - 2017-09-07 10:07 - 000003554 _____ C:\Windows\system32\Tasks\GarminUpdaterTask

2020-06-08 18:59 - 2017-06-01 20:08 - 000004174 _____ C:\Windows\system32\Tasks\Antivirus Emergency Update

2020-06-08 18:59 - 2015-11-25 18:40 - 000003930 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{64199833-6EB1-444D-98FB-CC40285436D5}

2020-06-08 18:59 - 2015-11-25 18:17 - 000003098 _____ C:\Windows\system32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-752196998-378064213-1701927948-1002

2020-06-08 18:59 - 2014-12-23 20:37 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task

2020-06-08 18:59 - 2014-04-10 10:51 - 000003118 _____ C:\Windows\system32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe

2020-06-08 18:59 - 2014-04-10 10:51 - 000003092 _____ C:\Windows\system32\Tasks\Microsoft_Hardware_Launch_ipoint_exe

2020-06-08 18:59 - 2014-04-10 10:51 - 000003090 _____ C:\Windows\system32\Tasks\Microsoft_Hardware_Launch_itype_exe

2020-06-08 18:59 - 2014-04-10 10:51 - 000003062 _____ C:\Windows\system32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe

2020-06-08 18:59 - 2014-04-10 10:51 - 000003060 _____ C:\Windows\system32\Tasks\Microsoft_MKC_Logon_Task_itype.exe

2020-06-08 18:59 - 2013-11-27 14:26 - 000002990 _____ C:\Windows\system32\Tasks\Synaptics TouchPad Enhancements

2020-06-08 02:31 - 2018-08-12 22:03 - 000000000 ____D C:\Users\Steve\AppData\Local\CrashDumps

2020-06-05 02:32 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI

2020-06-04 01:29 - 2014-04-07 15:42 - 000003596 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-752196998-378064213-1701927948-1002

2020-06-03 20:33 - 2017-10-08 22:08 - 000002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2020-06-03 20:33 - 2017-10-08 22:08 - 000002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2020-06-03 20:33 - 2017-10-08 22:08 - 000002210 _____ C:\ProgramData\Desktop\Google Chrome.lnk

2020-06-03 09:50 - 2017-01-12 04:53 - 000002086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2020-06-03 02:43 - 2020-02-19 00:57 - 000001173 _____ C:\Users\Steve\Documents\80sGlamRock.txt

2020-05-31 05:04 - 2016-12-01 02:36 - 000007341 _____ C:\Users\Steve\Documents\SpywareInfo.txt

2020-05-30 12:15 - 2017-06-01 20:08 - 000319200 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys

2020-05-24 04:54 - 2017-11-27 14:34 - 000001991 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk

2020-05-24 04:54 - 2017-11-27 14:34 - 000001991 _____ C:\ProgramData\Desktop\AVG AntiVirus FREE.lnk

2020-05-24 02:38 - 2019-07-28 23:50 - 000000201 _____ C:\Users\Steve\Documents\R & B 2020.txt

2020-05-24 01:39 - 2020-02-19 02:03 - 000000207 _____ C:\Users\Steve\Documents\NewIndieMusic.txt

2020-05-22 04:09 - 2020-02-14 00:00 - 000000509 _____ C:\Users\Steve\Documents\Throwback Hits Of The 1990s.txt

2020-05-22 03:08 - 2020-02-13 23:00 - 000000337 _____ C:\Users\Steve\Documents\TopHitsOf2000.txt

2020-05-22 02:05 - 2020-02-13 21:57 - 000001082 _____ C:\Users\Steve\Documents\Top100SongsOf2010.txt

2020-05-21 04:16 - 2019-10-21 17:38 - 000002042 _____ C:\Users\Steve\Documents\60s&70sClassicRock.txt

2020-05-21 04:12 - 2018-10-22 14:59 - 000042856 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgKbd.sys

2020-05-21 04:12 - 2017-06-01 20:08 - 000461064 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys

2020-05-21 04:12 - 2017-06-01 20:08 - 000109336 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr2.sys

2020-05-21 04:12 - 2017-06-01 20:08 - 000084928 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys

2020-05-21 04:11 - 2019-01-17 14:04 - 000234632 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriver.sys

2020-05-21 04:11 - 2019-01-17 01:07 - 000178832 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsh.sys

2020-05-21 04:11 - 2019-01-17 01:07 - 000061072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbuniv.sys

2020-05-21 04:11 - 2019-01-17 01:07 - 000037208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArDisk.sys

2020-05-21 04:11 - 2017-11-27 14:34 - 000205952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgArPot.sys

2020-05-21 04:11 - 2017-06-01 20:08 - 000851664 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys

2020-05-18 18:05 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache

2020-05-18 00:25 - 2019-04-22 02:35 - 000006841 _____ C:\Users\Steve\Documents\4Concerts.txt

2020-05-15 01:08 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp

2020-05-14 01:33 - 2013-08-22 10:44 - 000384352 _____ C:\Windows\system32\FNTCACHE.DAT

2020-05-14 01:26 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData

2020-05-14 01:26 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\inetsrv

2020-05-13 20:43 - 2014-04-09 16:10 - 000000000 ____D C:\Windows\system32\MRT

2020-05-13 20:37 - 2015-07-15 23:31 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2020-06-06 19:04

==================== End of FRST.txt ========================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020

Ran by Steve (08-06-2020 23:52:28)

Running from C:\Users\Steve\Desktop

Windows 8.1 (Update) (X64) (2014-04-08 03:35:52)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-752196998-378064213-1701927948-500 - Administrator - Disabled)

Guest (S-1-5-21-752196998-378064213-1701927948-501 - Limited - Disabled)

Steve (S-1-5-21-752196998-378064213-1701927948-1002 - Administrator - Enabled) => C:\Users\Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}

Back to top

#2 nasdaq

Forum Deity

Global Moderator
49,380 posts

Posted 10 June 2020 - 05:41 AM

Hello, Welcome to SpywareInfoForum.

I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

===

No malware was found in your logs.

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.

Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.

start::
 
CreateRestorePoint:
CloseProcesses:
 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-752196998-378064213-1701927948-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CD2F4B07-66A3-4A7F-B5B5-38155F893335}&mid=faf257a8cbe747d2a1d471540e39272c-92930892bd410719a60f79d0b62c8f3b7d07b248&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616av&pr=fr&d=2016-06-08 17:52:23&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-752196998-378064213-1701927948-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CD2F4B07-66A3-4A7F-B5B5-38155F893335}&mid=faf257a8cbe747d2a1d471540e39272c-92930892bd410719a60f79d0b62c8f3b7d07b248&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616av&pr=fr&d=2016-06-08 17:52:23&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
 
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
 
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R
 
cmd: sfc /scannow
cmd: DISM.exe /Online /Cleanup-image /Restorehealth
 
CMD: ECHO Y|CHKDSK C: /F
 
EmptyTemp:
 
End::

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.

The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

If the problem persists check for new drivers - version.

Manually update driver in Windows 8 and Windows 8.1

https://www.driverea...-windows-8-8-1/

Post the Fixlog and let me know if the problem persists.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#3 Krishna

Member

Full Member
77 posts

Posted 12 June 2020 - 01:24 AM

Nasdaq,

Sorry I'm Responding so late. I wasn't expecting to

get help this fast. I'm not awake, it seems. Wasn't

thinking right. Could've saved fixlist.txt to the

Desktop, but the Save tab in Notepad wasn 't working

with my Mouse, so I had to open the Save Field box

and type in C:\Users\Steve\Desktop\ to get it to

Save. I didn't remember and was trying to stick the

textfile in like in and older program called Combofix

when you ran the Fix part. How long is Fix suppose

to run to fix this Laptop? It's been over an hour

and it's still running. Maybe I should Download a

newer version of Farbar and then run fixlist.txt.

I looked at the program that manually updates

drivers. I don't know what Drivers need updated?

Nothing will ever be as good as PSI was. I suppose

I'll have to purchase Pro.

You said I didn't have any Malware kin my Log, but

the Log I posted for ESET Scanner said I had:

C:\Users\Steve\Downloads\499245ee-7422-4a56-a18e-

956562afe100.tmp HTML/FakeAlert.PT trojan and

C:\Users\Steve\Downloads\driver_booster_setup.exe

When I got the Blue Screen with the Frowning Smiley

Face, I thought I got them back again. I couldn't

find driver_booster_setup.exe in my Downloads Folder,

but in Safe Mode I found C:\Users\Steve\Downloads

\driver_booster_setup.exe in the Registry and Deleted

it there. I was not able to find .tmp file. I used

the Administrator's Command Prompt Changed Directory

to just C:>_ typed in the Command Find and the long

file name for the above .tmp file, but got a syntax

error so I gave up. Next time I got The Blue Screen

it was just Blank with no Smiley or Message, but

still had to pull Power.

When I looked at Windows Defender in Control Panel,

it said "This app has been turned off and isn't

monitoring your Computer."It said some other program

was doing this function. Mawarebytes and AVG Free

couldn't be doing this. If I knew what key in the

Registry was set to 0 for Windows Defender maybe I

could reset it's value to 1, but I don't know which

one it is?

I got a lot of popups ads on YouTube for programs

that would update my drivers, but read those programs

wor worthless.

Have you heard anything about Virtual Shield? It's a

VPN. See adverts all the time for it. Changes my IP

address from trackers.

On a previous laptop (XP Home) I would periodically

delete the files in Prefetch, is that advisable for

this 8.1 laptop?

Also how can I fix going back to a previous Restore

Point if I had to. Should I turn off System Restore

after you've totally fixed me and then turn it back

on so it willmsave good Restore Poin ts moving

forward?

Sorry I'm babbling here. Just more questions, that I

don't know the answers to.

Here's Fixlog.

Fix result of Farbar Recovery Scan Tool (x64)

Version: 06-06-2020

Ran by Steve (12-06-2020 02:34:49) Run:3

Running from C:\Users\Steve\Desktop

Loaded Profiles: Steve

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses:

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox:

Restriction <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <====

ATTENTION

SearchScopes: HKU\S-1-5-21-752196998-378064213-

1701927948-1002 -> DefaultScope {95B7759C-8C7F-4BF1-

B163-73684A933233} URL =

hxxps://mysearch.avg.com/search?cid={CD2F4B07-66A3-

4A7F-B5B5-38155F893335}

&mid=faf257a8cbe747d2a1d471540e39272c-

92930892bd410719a60f79d0b62c8f3b7d07b248&lang=en&ds=A

VG&coid=avgtbavg&cmpid=0616av&pr=fr&d=2016-06-08

17:52:23&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q=

{searchTerms}

SearchScopes: HKU\S-1-5-21-752196998-378064213-

1701927948-1002 -> {95B7759C-8C7F-4BF1-B163-

73684A933233} URL = hxxps://mysearch.avg.com/search?

cid={CD2F4B07-66A3-4A7F-B5B5-38155F893335}

&mid=faf257a8cbe747d2a1d471540e39272c-

92930892bd410719a60f79d0b62c8f3b7d07b248&lang=en&ds=A

VG&coid=avgtbavg&cmpid=0616av&pr=fr&d=2016-06-08

17:52:23&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q=

{searchTerms}

BHO: No Name -> {95B7759C-8C7F-4BF1-B163-

73684A933233} -> No File

S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]

U3 McMPFSvc; no ImagePath

U3 McNaiAnn; no ImagePath

U3 mcpltsvc; no ImagePath

U3 McProxy; no ImagePath

U3 mfecore; no ImagePath

U3 MSK80Service; no ImagePath

CMD: netsh int ip reset

CMD: ipconfig /flushDNS

CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R

CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R

CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R

CMD: "C:\Windows\SysWOW64\lodctr.exe" /R

cmd: sfc /scannow

cmd: DISM.exe /Online /Cleanup-image /Restorehealth

CMD: ECHO Y|CHKDSK C: /F

EmptyTemp:

*****************

Restore point was successfully created.

Processes closed successfully.

HKLM\SOFTWARE\Policies\Mozilla => not found

HKLM\SOFTWARE\Policies\Google => not found

"HKU\S-1-5-21-752196998-378064213-1701927948-

1002\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\\DefaultScope" => not found

HKU\S-1-5-21-752196998-378064213-1701927948-

1002\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

=> not found

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1

-B163-73684A933233} => not found

clwvd => service not found.

McMPFSvc => service not found.

McNaiAnn => service not found.

mcpltsvc => service not found.

McProxy => service not found.

mfecore => service not found.

MSK80Service => service not found.

========= netsh int ip reset =========

Resetting Interface, OK!

Resetting , failed.

Access is denied.

Resetting , OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /flushDNS =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========

Info: Successfully rebuilt performance counter

setting from system backup store

========= End of CMD: =========

========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========

Info: Successfully rebuilt performance counter

setting from system backup store

========= End of CMD: =========

========= "C:\Windows\SYSTEM32\lodctr.exe" /R

=========

Info: Successfully rebuilt performance counter

setting from system backup store

========= End of CMD: =========

========= "C:\Windows\SysWOW64\lodctr.exe" /R

=========

Info: Successfully rebuilt performance counter

setting from system backup store

========= End of CMD: =========

========= sfc /scannow =========

Back to top

#4 Krishna

Member

Full Member
77 posts

Posted 12 June 2020 - 04:55 AM

I ran fixlist.txt 4 times with the Farbor Recovery Tool. This last time I ran the program, disconnected from the Internet, AVG and Malwarebytes shutoff. I didn't want any interference while the program was running. If I am in error you can always give me a new fixlist.txt and I'll run it normally with everything turned on.

Here's the current log of Fixlog.txt.

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-06-2020

Ran by Steve (12-06-2020 04:35:01) Run:4

Running from C:\Users\Steve\Desktop

Loaded Profiles: Steve

Boot Mode: Normal

==============================================

fixlist content:

*****************

CreateRestorePoint:

CloseProcesses:

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

SearchScopes: HKU\S-1-5-21-752196998-378064213-1701927948-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CD2F4B07-66A3-4A7F-B5B5-38155F893335}&mid=faf257a8cbe747d2a1d471540e39272c-92930892bd410719a60f79d0b62c8f3b7d07b248&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616av&pr=fr&d=2016-06-08 17:52:23&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-752196998-378064213-1701927948-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CD2F4B07-66A3-4A7F-B5B5-38155F893335}&mid=faf257a8cbe747d2a1d471540e39272c-92930892bd410719a60f79d0b62c8f3b7d07b248&lang=en&ds=AVG&coid=avgtbavg&cmpid=0616av&pr=fr&d=2016-06-08 17:52:23&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}

BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File

S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]

U3 McMPFSvc; no ImagePath

U3 McNaiAnn; no ImagePath

U3 mcpltsvc; no ImagePath

U3 McProxy; no ImagePath

U3 mfecore; no ImagePath

U3 MSK80Service; no ImagePath

CMD: netsh int ip reset

CMD: ipconfig /flushDNS

CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R

CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R

CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R

CMD: "C:\Windows\SysWOW64\lodctr.exe" /R

cmd: sfc /scannow

cmd: DISM.exe /Online /Cleanup-image /Restorehealth

CMD: ECHO Y|CHKDSK C: /F

EmptyTemp:

*****************

Restore point was successfully created.

Processes closed successfully.

HKLM\SOFTWARE\Policies\Mozilla => removed successfully

HKLM\SOFTWARE\Policies\Google => removed successfully

"HKU\S-1-5-21-752196998-378064213-1701927948-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found

HKU\S-1-5-21-752196998-378064213-1701927948-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => not found

clwvd => service not found.

McMPFSvc => service not found.

McNaiAnn => service not found.

mcpltsvc => service not found.

McProxy => service not found.

mfecore => service not found.

MSK80Service => service not found.

========= netsh int ip reset =========

Resetting Global, OK!

Resetting Interface, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.

Restart the computer to complete this action.

========= End of CMD: =========

========= ipconfig /flushDNS =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========

Info: Successfully rebuilt performance counter setting from system backup store

========= End of CMD: =========

========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========

Info: Successfully rebuilt performance counter setting from system backup store

========= End of CMD: =========

========= "C:\Windows\SYSTEM32\lodctr.exe" /R =========

Info: Successfully rebuilt performance counter setting from system backup store

========= End of CMD: =========

========= "C:\Windows\SysWOW64\lodctr.exe" /R =========

Info: Successfully rebuilt performance counter setting from system backup store

========= End of CMD: =========

========= sfc /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.Verification 0% complete.Verification 0% complete.Verification 1% complete.Verification 1% complete.Verification 1% complete.Verification 2% complete.Verification 2% complete.Verification 2% complete.Verification 3% complete.Verification 3% complete.Verification 3% complete.Verification 4% complete.Verification 4% complete.Verification 4% complete.Verification 5% complete.Verification 5% complete.Verification 5% complete.Verification 6% complete.Verification 6% complete.Verification 6% complete.Verification 7% complete.Verification 7% complete.Verification 7% complete.Verification 8% complete.Verification 8% complete.Verification 8% complete.Verification 8% complete.Verification 9% complete.Verification 9% complete.Verification 9% complete.Verification 10% complete.Verification 10% complete.Verification 10% complete.Verification 11% complete.Verification 11% complete.Verification 11% complete.Verification 12% complete.Verification 12% complete.Verification 12% complete.Verification 13% complete.Verification 13% complete.Verification 13% complete.Verification 14% complete.Verification 14% complete.Verification 14% complete.Verification 15% complete.Verification 15% complete.Verification 15% complete.Verification 16% complete.Verification 16% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 18% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 20% complete.Verification 20% complete.Verification 21% complete.Verification 21% complete.Verification 21% complete.Verification 22% complete.Verification 22% complete.Verification 22% complete.Verification 23% complete.Verification 23% complete.Verification 23% complete.Verification 24% complete.Verification 24% complete.Verification 24% complete.Verification 25% complete.Verification 25% complete.Verification 25% complete.Verification 25% complete.Verification 26% complete.Verification 26% complete.Verification 26% complete.Verification 27% complete.Verification 27% complete.Verification 27% complete.Verification 28% complete.Verification 28% complete.Verification 28% complete.Verification 29% complete.Verification 29% complete.Verification 29% complete.Verification 30% complete.Verification 30% complete.Verification 30% complete.Verification 31% complete.Verification 31% complete.Verification 31% complete.Verification 32% complete.Verification 32% complete.Verification 32% complete.Verification 33% complete.Verification 33% complete.Verification 33% complete.Verification 34% complete.Verification 34% complete.Verification 34% complete.Verification 34% complete.Verification 35% complete.Verification 35% complete.Verification 35% complete.Verification 36% complete.Verification 36% complete.Verification 36% complete.Verification 37% complete.Verification 37% complete.Verification 37% complete.Verification 38% complete.Verification 38% complete.Verification 38% complete.Verification 39% complete.Verification 39% complete.Verification 39% complete.Verification 40% complete.Verification 40% complete.Verification 40% complete.Verification 41% complete.Verification 41% complete.Verification 41% complete.Verification 42% complete.Verification 42% complete.Verification 42% complete.Verification 42% complete.Verification 43% complete.Verification 43% complete.Verification 43% complete.Verification 44% complete.Verification 44% complete.Verification 44% complete.Verification 45% complete.Verification 45% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 47% complete.Verification 47% complete.Verification 48% complete.Verification 48% complete.Verification 48% complete.Verification 49% complete.Verification 49% complete.Verification 49% complete.Verification 50% complete.Verification 50% complete.Verification 50% complete.Verification 51% complete.Verification 51% complete.Verification 51% complete.Verification 51% complete.Verification 52% complete.Verification 52% complete.Verification 52% complete.Verification 53% complete.Verification 53% complete.Verification 53% complete.Verification 54% complete.Verification 54% complete.Verification 54% complete.Verification 55% complete.Verification 55% complete.Verification 55% complete.Verification 56% complete.Verification 56% complete.Verification 56% complete.Verification 57% complete.Verification 57% complete.Verification 57% complete.Verification 58% complete.Verification 58% complete.Verification 58% complete.Verification 59% complete.Verification 59% complete.Verification 59% complete.Verification 59% complete.Verification 60% complete.Verification 60% complete.Verification 60% complete.Verification 61% complete.Verification 61% complete.Verification 61% complete.Verification 62% complete.Verification 62% complete.Verification 62% complete.Verification 63% complete.Verification 63% complete.Verification 63% complete.Verification 64% complete.Verification 64% complete.Verification 64% complete.Verification 65% complete.Verification 65% complete.Verification 65% complete.Verification 66% complete.Verification 66% complete.Verification 66% complete.Verification 67% complete.Verification 67% complete.Verification 67% complete.Verification 68% complete.Verification 68% complete.Verification 68% complete.Verification 68% complete.Verification 69% complete.Verification 69% complete.Verification 69% complete.Verification 70% complete.Verification 70% complete.Verification 70% complete.Verification 71% complete.Verification 71% complete.Verification 71% complete.Verification 72% complete.Verification 72% complete.Verification 72% complete.Verification 73% complete.Verification 73% complete.Verification 73% complete.Verification 74% complete.Verification 74% complete.Verification 74% complete.Verification 75% complete.Verification 75% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 77% complete.Verification 77% complete.Verification 78% complete.Verification 78% complete.Verification 78% complete.Verification 79% complete.Verification 79% complete.Verification 79% complete.Verification 80% complete.Verification 80% complete.Verification 80% complete.Verification 81% complete.Verification 81% complete.Verification 81% complete.Verification 82% complete.Verification 82% complete.Verification 82% complete.Verification 83% complete.Verification 83% complete.Verification 83% complete.Verification 84% complete.Verification 84% complete.Verification 84% complete.Verification 85% complete.Verification 85% complete.Verification 85% complete.Verification 85% complete.Verification 86% complete.Verification 86% complete.Verification 86% complete.Verification 87% complete.Verification 87% complete.Verification 87% complete.Verification 88% complete.Verification 88% complete.Verification 88% complete.Verification 89% complete.Verification 89% complete.Verification 89% complete.Verification 90% complete.Verification 90% complete.Verification 90% complete.Verification 91% complete.Verification 91% complete.Verification 91% complete.Verification 92% complete.Verification 92% complete.Verification 92% complete.Verification 93% complete.Verification 93% complete.Verification 93% complete.Verification 93% complete.Verification 94% complete.Verification 94% complete.Verification 94% complete.Verification 95% complete.Verification 95% complete.Verification 95% complete.Verification 96% complete.Verification 96% complete.Verification 96% complete.Verification 97% complete.Verification 97% complete.Verification 97% complete.Verification 98% complete.Verification 98% complete.Verification 98% complete.Verification 99% complete.Verification 99% complete.Verification 99% complete.Verification 100% complete.

Windows Resource Protection found corrupt files but was unable to fix some

of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For

example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not

supported in offline servicing scenarios.

========= End of CMD: =========

========= DISM.exe /Online /Cleanup-image /Restorehealth =========

Deployment Image Servicing and Management tool

Version: 6.3.9600.19408

Image Version: 6.3.9600.19397

Error: 0x800f0906

The source files could not be downloaded.

Use the "source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft..../?LinkId=243077.

The DISM log file can be found at C:\Windows\Logs\DISM\dism.log

========= End of CMD: =========

========= ECHO Y|CHKDSK C: /F =========

The type of the file system is NTFS.

Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another

process. Would you like to schedule this volume to be

checked the next time the system restarts? (Y/N) Y

This volume will be checked the next time the system restarts.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 97932108 B

Java, Flash, Steam htmlcache => 291 B

Windows/system/drivers => 233437 B

Edge => 0 B

Chrome => 1819491 B

Firefox => 0 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 0 B

Users => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 21872 B

systemprofile32 => 22000 B

LocalService => 22000 B

NetworkService => 22000 B

Steve => 614266 B

RecycleBin => 0 B

EmptyTemp: => 104 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 05:50:54 ====

Back to top

#5 Krishna

Member

Full Member
77 posts

Posted 12 June 2020 - 05:04 AM

Sorry I'm such a pain. When I went to Sign Out, the Sign Out was unsuccessful, I got the Blue Screen of Death with the Smiley Face, Frown, and Message.

Back to top

#6 nasdaq

Forum Deity

Global Moderator
49,380 posts

Posted 12 June 2020 - 05:34 AM

Hi,

Your problem is caused by Hardware or driver issues.

Please attach the file in bolt in your next reply.

C:\Windows\Minidump\060820-29671-01.dmp

Reply to this topic and do the following.

How to:

Attach the file(s). A 2 Steps process.

Select the "Choose the file in bold" navigate to the location of the File.

Click the file you wish to Attach. <- Step 1.

Click Attach this file. <- Step 2.

Click the Add reply button.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#7 Krishna

Member

Full Member
77 posts

Posted 12 June 2020 - 08:11 PM

At C:\Windows\Minidump\

I only have:

061220-27468-01.dmp & 061220-30265-01.dmp

Back to top

#8 nasdaq

Forum Deity

Global Moderator
49,380 posts

Posted 13 June 2020 - 05:17 AM

Plesse attach it.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#9 Krishna

Member

Full Member
77 posts

Posted 13 June 2020 - 10:32 AM

Windows says I can't attach the files, because I don't have permission.

Now what?

Back to top

#10 Krishna

Member

Full Member
77 posts

Posted 13 June 2020 - 05:17 PM

I'm writing this on my sister's computer as I'm not sure how far I would get on the one you are fixing. I went to that website you had posted up above to replace Windows 8.1 drivers, that were outdated. They had a Pro version of the Software that you could purchase that would do it for you, because their manual version looked complicated. So I purchased the Pro version and ran it on my laptop. It only needed to update 7 items and then restart. It took 3 tries to get Google Chrome to run. After I was on chrome and tried to look at something the screen froze and I got the Blue Screen Of Death. I ran TFC.exe to clean out temp files. When the program is done running it's suppose to show me the Windows key and then you can select Restart to reboot. It didn't. I pushed the Windows key, but that didn't work. So I had to pull the power to reboot. I tried some other operations and when I did get to Start, I tried Shutdown and Restart, but they didn't work. Their advert said if I wasn't satisfied with the program during the 30 day period, they would refund my money no questions asked. There program wouldn't run from the Desktop. I had to right mouse click on their program and run Check For Compatibility Issues. When that Windows program was running then their program would run. I sent them a 5 Stars Down rating for their program, said I wanted my money back. Fort all I know they scanned everything on my laptop and now I'm in deep crap. I contacted Tech Support, listed my Grievances, told them I was uninstalling their program and Deleting what I could find in the Registry. It will be Tuesday EST in the USA before Support get's back to m,e. All that good work to fix my laptop and it is all gone in the toilet.

Back to top

#11 Rocket Grannie

SWI Australian Rebel

Administrators
7,991 posts

Posted 13 June 2020 - 09:19 PM

Hello Krishna

I have edited the forum permissions. Will you please try to upload the two files now.

Thank you

Rocket Grannie

My help is free however if you wish to make a donation please see Here

Back to top

#12 Krishna

Member

Full Member
77 posts

Posted 14 June 2020 - 01:27 AM

Sorry Rocket Grannie, my laptop says I don't have permission to attach the file. I don't know how to get permission from the Administrator even though some of programs you run to get the text files for you to read to diagnose the problem for this laptop, say I'm Administrator, but probably the Tech at Staples that put Windows 8.1 on this laptop is probably the "true" Administrator.

You and this Forum are not at fault.

Back to top

#13 nasdaq

Forum Deity

Global Moderator
49,380 posts

Posted 14 June 2020 - 05:24 AM

Hi,

Before you attach the log, rename one of the files.

To.

061220-27468-01.dmp.txt

or

061220-30265-01.dmp.txt

You will be asked if you want to change it, accept the change.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#14 Krishna

Member

Full Member
77 posts

Posted 14 June 2020 - 09:17 AM

That didn't work either.

Back to top

#15 Krishna

Member

Full Member
77 posts

Posted 14 June 2020 - 10:01 AM

Maybe I got it this time? No matter what I do, made myself Administrator, changed the attributes from an Archive to a Neutral File, changed the name of the file, Windows either says it can't find the file, or I don't have permission and I have to contact the owner of the file for permission. How do I do that? I don't have Internet Access in Safe Mode. I'm stumped. I need more instructions on how to access that file, or is there something else you can look at, that'll give you what you want?

What app or program do I need that will allow me to read that file, so I can post it here as text instead of as a File Attachment?

Back to top

#16 nasdaq

Forum Deity

Global Moderator
49,380 posts

Posted 15 June 2020 - 06:24 AM

Hi,

The fix I suggested created a restore point.

Look if you have other restore points available and restore your system to a date prior to the beginning of your difficulties with this computer.

Restore from a Restore Point in Windows 8

https://www.dummies....t-in-windows-8/

p.s.

I see these restore points in your Addition.txt logs

21-05-2020 19:43:35 Scheduled Checkpoint

30-05-2020 11:57:04 Scheduled Checkpoint

08-06-2020 16:04:46 Scheduled Checkpoint

TI suggest you restore the one dated:

21-05-2020 19:43:35 Scheduled Checkpoint

If successful please run the Farbar Program and post fresh Logs for my review.

Let me know of any issues.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

Back to top

#17 Krishna

Member

Full Member
77 posts

Posted 15 June 2020 - 05:25 PM

When I went to the link you provided "Restore For Dummies," my screen froze up, my mouse quit working, and I got the Blue Screen Of Death. Which I then had to pull the Power and pull the Battery.

When I got back to the Desktop, I had pulled the RS232 ? Plug so I wasn't connected to the Internet. I turned off AVG and turned off Malwarebytes. Since I was working my way to Safe Mode, I noticed with the options listed I could Restore a Point from Safe Mode. When I did what I did in Safe Mode, changed 06132-37578-01.dmp from C:\Windows\Minidump to 06132-37578-01.txt and pulled that file into my Documents folder. When I got back to the Desktop to see if I could attach this Text File, I couldn't find it. It totally disappeared.

To get back to where I could Restore a Restore Point in Safe Mode at the Run box I typed in my favorite command which this Forum won't let me post (maybe that's a good idea?) and I was able to Restore a Point, but I think my only choice in May was 5/30/20. I'm not able to get Google running so I'm here via Internet Explorer. I'll have to uninstall Chrome and go to their website and get the latest version to reinstall.

Something is not letting me post FRST and ADDITION, so I'll be back. Can't say it's Internet Explorer?

Back to top

#18 Krishna

Member

Full Member
77 posts

Posted 15 June 2020 - 07:46 PM

My 4th. Attempt

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2020

Ran by Steve (administrator) on HARRIS-PC (Hewlett-Packard HP Pavilion 15 Notebook PC) (15-06-2020 18:40:36)

Running from C:\Users\Steve\Downloads

Loaded Profiles: Steve

Platform: Windows 8.1 (Update) (X64) Language: English (United States)

Default browser: Chrome

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe

() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe

() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe