Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer acting strange & kicking me out of programs...

Started by arsteige , Jul 01 2020 12:15 PM

  • Please log in to reply

#1
arsteige
Posted 01 July 2020 - 12:15 PM

arsteige

    Member

  • Member
  • PipPip
  • 13 posts

My computer will kick me out of a program or will stop in the middle of something and not let me type anymore.  I'm not sure if my computer is dying or if I have a virus of some sort on it..

 

Any help would be appreciated!!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-06-2020
Ran by arste (administrator) on LAPTOP-650NTUR9 (HP HP Laptop 14-bw0xx) (01-07-2020 12:59:31)
Running from C:\Users\arste\Downloads
Loaded Profiles: arste
Platform: Windows 10 Home Version 1703 15063.413 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <9>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Google LLC -> Google) C:\Users\arste\AppData\Local\Google\Chrome\User Data\SwReporter\83.236.200\software_reporter_tool.exe <4>
(HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\2.9.175.0\McCSPServiceHost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_8\mcapexe.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\arste\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.1563_none_b931a2a26f82ac69\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Realistic Media Inc. -> ) C:\Users\arste\AppData\Roaming\Browser Assistant\BrowserAssistant.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9216000 2017-04-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 2017-04-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3349728 2017-05-08] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP Inc. -> HP)
HKU\S-1-5-21-3453576303-3252061644-3722286961-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3137808 2019-12-30] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-3453576303-3252061644-3722286961-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\HP\HP JumpStart Apps\Hpjumpstartapps.exe [1656392 2017-02-06] (HP Jump Start (HP Inc.) -> HP Inc.) [File not signed]
HKU\S-1-5-21-3453576303-3252061644-3722286961-1001\...\RunOnce: [Delete Cached Update Binary] => C:\windows\system32\cmd.exe /q /c del /q "C:\Users\arste\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-3453576303-3252061644-3722286961-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\windows\system32\cmd.exe /q /c del /q "C:\Users\arste\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-3453576303-3252061644-3722286961-1001\...\RunOnce: [Uninstall 20.064.0329.0008_1\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\arste\AppData\Local\Microsoft\OneDrive\20.064.0329.0008_1\amd64"
HKU\S-1-5-21-3453576303-3252061644-3722286961-1001\...\RunOnce: [Uninstall 20.064.0329.0008_1] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\arste\AppData\Local\Microsoft\OneDrive\20.064.0329.0008_1"
HKLM\...\Print\Monitors\IppMon: C:\windows\system32\IPPMon.dll [225792 2017-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.61\Installer\chrmstp.exe [2020-05-26] (Google LLC -> Google LLC)
Startup: C:\Users\arste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrowserAssistant.lnk [2019-12-25]
ShortcutTarget: BrowserAssistant.lnk -> C:\Users\arste\AppData\Roaming\Browser Assistant\BrowserAssistant.exe (Realistic Media Inc. -> )
Startup: C:\Users\arste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk [2019-12-25]
ShortcutAndArgument: updater.lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe => -noninteractive -ExecutionPolicy bypass -c "try{$w="$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.R()}catch{}"
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {108B88B1-871E-455C-BAE2-C73484106767} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {10BD508F-793F-4E1D-B347-235C1FBD50A5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-12-06] (HP Inc. -> HP Inc.)
Task: {1695C916-9BCE-44D3-BE73-1ED254ED2C44} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459264 2017-02-01] (HP Inc. -> )
Task: {1D7CC527-0CCD-4B30-B0B1-E54801017D01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-26] (Google LLC -> Google LLC)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {22FA4E21-B8BD-4013-B30F-EDA622AD7738} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1015416 2017-07-24] (McAfee, Inc. -> McAfee, Inc.)
Task: {45F7A6CF-D367-4EF7-A162-AF1BB74E53A8} - System32\Tasks\BA Scheduler => powershell.exe -WindowStyle Hidden -ExecutionPolicy bypass -c "$env:COMPLUS_version='v4.0.30319';&powershell{$w="$env:APPDATA"+'\Browser Assistant\';[Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes($w+'Updater.dll'));$i=new-object u.U;$i.ST()}" <==== ATTENTION
Task: {4E050A90-3DAF-404F-8FA3-FC3A45F6C8AC} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {4FA7F69B-F196-4DEF-8F18-A2200EB560FA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [464448 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {639D4EFE-BDE1-49DF-A126-811B142F494E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [106528 2016-12-07] (HP Inc. -> HP Inc.)
Task: {A2F3E2A3-DAF7-413C-91F1-8F46EFB19DE3} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.148\DADUpdater.exe [4185384 2020-05-15] (McAfee, LLC -> McAfee, LLC)
Task: {A36C091E-412E-4FF6-86AF-89AC0CCBB44A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1148448 2016-12-07] (HP Inc. -> HP Inc.)
Task: {A9084B9D-1450-412F-A5A5-3C3618CDEBA8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-26] (Google LLC -> Google LLC)
Task: {ADCDBFB2-9DE0-4305-A668-22B5A388BE41} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.)
Task: {B49D19D8-78AB-4492-9D89-B31E0FFC4D5A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [196968 2016-12-06] (HP Inc. -> HP Inc.)
Task: {BA7CB927-4E6B-4623-BE80-8CA4A54429D8} - System32\Tasks\Microsoft\Windows\rempl\LaunchLowDiskToast => C:\Program Files\rempl\disktoast.exe [92664 2020-06-03] (Microsoft Windows -> Microsoft Corporation)
Task: {BAB339E7-E79C-46F9-80B7-C8CA0B948E0E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [464448 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC0080B6-0760-47FE-92CE-0463347860A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1075744 2016-12-06] (HP Inc. -> HP Inc.)
Task: {BD737ADC-9131-4353-804F-B9EEB11B8DAD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1148448 2016-12-07] (HP Inc. -> HP Inc.)
Task: {BED0C2AF-D492-4A75-B01A-353A07C09819} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => C:\Program Files\CUAssistant\culauncher.exe
Task: {CA7152F7-FDE3-4177-B240-57DAB81C76DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1075744 2016-12-06] (HP Inc. -> HP Inc.)
Task: {CB5218AD-7E19-49AC-BA24-68C9D4B0620D} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1015416 2017-07-24] (McAfee, Inc. -> McAfee, Inc.)
Task: {DB552998-9933-4DC4-8057-9A1C3E06DEAA} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [52104 2017-03-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {F1A50E0A-6854-4159-B570-F22462F95EBF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [464448 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {FF7CDF16-425F-45D6-BC6F-73E07B300522} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MpCmdRun.exe [464448 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7f569b95-806a-4222-82d4-5fea560140ed}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3453576303-3252061644-3722286961-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {F703697D-942B-48F6-A48C-5CEB93AE1015} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {F703697D-942B-48F6-A48C-5CEB93AE1015} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3453576303-3252061644-3722286961-1001 -> {F703697D-942B-48F6-A48C-5CEB93AE1015} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc. -> HP Inc.)
 
FireFox:
========
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-22] (WildTangent Inc -> )
 
Chrome: 
=======
CHR Profile: C:\Users\arste\AppData\Local\Google\Chrome\User Data\Default [2020-07-01]
CHR Extension: (Slides) - C:\Users\arste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-26]
CHR Extension: (Docs) - C:\Users\arste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-26]
CHR Extension: (Google Drive) - C:\Users\arste\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-05-26]
CHR Extension: (YouTube) - C:\Users\arste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-26]
CHR Extension: (Sheets) - C:\Users\arste\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\arste\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\arste\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-26]
CHR Extension: (Gmail) - C:\Users\arste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\arste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-26]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2017-03-19] (Advanced Micro Devices, Inc. -> )
R2 AMD External Events Utility; C:\windows\system32\atiesrxx.exe [307624 2017-03-24] (Advanced Micro Devices, Inc. -> AMD)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144600 2017-05-08] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-22] (WildTangent Inc -> WildTangent)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3394072 2017-03-01] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-03] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_8\McApExe.exe [728808 2018-05-16] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-02-23] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-02-23] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\windows\system32\mfevtps.exe [473040 2018-02-23] (McAfee, Inc. -> McAfee, LLC)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2475312 2019-12-30] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3352376 2019-12-30] (Electronic Arts, Inc. -> Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 tbaseprovisioning; C:\windows\SysWOW64\tbaseprovisioning.exe [51224 2017-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-09-21] (Microsoft Corporation -> Microsoft Corporation)
S2 MobiGameResume; "C:\Users\arste\AppData\Local\Temp\MobiGame_resume\ResumeService.exe" [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\windows\System32\drivers\AmdAS4.sys [27376 2017-03-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\windows\system32\DRIVERS\amdkmcsp.sys [100752 2017-03-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\windows\System32\DriverStore\FileRepository\c0312549.inf_amd64_d0c053e57e0c1fd8\atikmdag.sys [28771240 2017-03-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\windows\System32\DriverStore\FileRepository\c0312549.inf_amd64_d0c053e57e0c1fd8\atikmpag.sys [539056 2017-03-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\windows\System32\DRIVERS\amdpsp.sys [254864 2017-03-30] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AmUStor; C:\windows\system32\drivers\AmUStor.SYS [90560 2017-04-26] (Alcorlink Corp. -> Alcorlink Corp.)
R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWT6.sys [101376 2017-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 cfwids; C:\windows\System32\drivers\cfwids.sys [77216 2018-02-28] (McAfee, Inc. -> McAfee, LLC)
R3 ETDSMBus; C:\windows\System32\drivers\ETDSMBus.sys [32848 2017-05-08] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [497568 2018-02-28] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [360352 2018-02-28] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\windows\System32\drivers\mfeelamk.sys [83952 2018-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [529312 2018-02-28] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [953248 2018-02-28] (McAfee, Inc. -> McAfee, LLC)
R3 mfeplk; C:\windows\System32\drivers\mfeplk.sys [115616 2018-02-28] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [252832 2018-02-28] (McAfee, Inc. -> McAfee, LLC)
S3 SDFRd; C:\windows\System32\drivers\SDFRd.sys [31128 2017-03-18] (Microsoft Windows -> )
S0 WdBoot; C:\windows\System32\drivers\wd\WdBoot.sys [46184 2018-09-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\windows\System32\drivers\wd\WdFilter.sys [352424 2018-09-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\drivers\wd\WdNisDrv.sys [60584 2018-09-21] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\windows\system32\DRIVERS\WirelessButtonDriver64.sys [30368 2017-06-21] (HP Inc. -> HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-07-01 12:59 - 2020-07-01 13:01 - 000024666 ____C C:\Users\arste\Downloads\FRST.txt
2020-07-01 12:58 - 2020-07-01 13:00 - 000000000 ____D C:\FRST
2020-07-01 12:58 - 2020-07-01 12:58 - 002291712 ____C (Farbar) C:\Users\arste\Downloads\FRST64.exe
2020-07-01 12:57 - 2020-07-01 12:57 - 002015744 ____C (Farbar) C:\Users\arste\Downloads\FRST.exe
2020-07-01 12:43 - 2020-07-01 12:43 - 000000000 ___HD C:\ProgramData\temp
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-07-01 13:00 - 2017-03-18 15:51 - 000000000 ____D C:\windows\CbsTemp
2020-07-01 12:58 - 2017-03-18 16:01 - 000000000 ____D C:\windows\INF
2020-07-01 12:50 - 2017-04-01 00:38 - 002056856 _____ C:\windows\system32\PerfStringBackup.INI
2020-07-01 12:47 - 2018-06-03 22:15 - 000003380 _____ C:\windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3453576303-3252061644-3722286961-1001
2020-07-01 12:47 - 2018-06-03 21:56 - 000002374 ____C C:\Users\arste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-07-01 12:47 - 2018-06-03 21:56 - 000000000 __RDC C:\Users\arste\OneDrive
2020-07-01 12:46 - 2019-05-28 07:50 - 000000000 ___DC C:\Users\arste\AppData\Roaming\Origin
2020-07-01 12:46 - 2019-05-28 07:50 - 000000000 ___DC C:\Users\arste\AppData\Local\Origin
2020-07-01 12:46 - 2019-05-28 07:50 - 000000000 ____D C:\ProgramData\Origin
2020-07-01 12:44 - 2019-07-26 17:58 - 000000000 ___DC C:\Users\arste\AppData\Roaming\Browser Assistant
2020-07-01 12:43 - 2017-03-17 22:52 - 000000006 ____H C:\windows\Tasks\SA.DAT
2020-07-01 12:33 - 2018-06-03 21:49 - 000000000 ___DC C:\Users\arste\AppData\Local\Packages
2020-07-01 12:31 - 2019-07-26 18:02 - 000004168 _____ C:\windows\system32\Tasks\User_Feed_Synchronization-{DE89E336-64BD-414B-929C-626E286BAB35}
2020-07-01 12:28 - 2017-03-17 22:52 - 000000000 ____D C:\windows\system32\SleepStudy
2020-06-30 18:54 - 2018-06-05 17:31 - 000000000 ____D C:\Program Files\rempl
2020-06-30 18:53 - 2019-03-25 08:07 - 000000000 ____D C:\Program Files\CUAssistant
2020-06-30 18:53 - 2017-03-18 16:03 - 000000000 ____D C:\windows\AppReadiness
2020-06-30 18:51 - 2017-12-25 03:44 - 000000000 ____D C:\windows\system32\Tasks\McAfee
2020-06-03 12:11 - 2017-03-18 16:03 - 000000000 ___HD C:\Program Files\WindowsApps
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2020
Ran by arste (01-07-2020 13:02:57)
Running from C:\Users\arste\Downloads
Windows 10 Home Version 1703 15063.413 (X64) (2018-06-04 02:39:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3453576303-3252061644-3722286961-500 - Administrator - Disabled)
arste (S-1-5-21-3453576303-3252061644-3722286961-1001 - Administrator - Enabled) => C:\Users\arste
DefaultAccount (S-1-5-21-3453576303-3252061644-3722286961-503 - Limited - Disabled)
Guest (S-1-5-21-3453576303-3252061644-3722286961-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Alcorlink USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.4.45.34706 - Alcorlink Corp.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Assistant (HKLM-x32\...\{DE75021F-1BA8-4234-ACAD-462745570B49}) (Version: 1.34.7241.22783 - Realistic Media Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{A1F7029B-189A-D46A-05D4-C7EBBB1F009F}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{2803AC43-60F9-9CD6-295F-589B2EE3FED8}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{4F572E63-3C9C-C309-BA75-C113278C152D}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{F7F3376A-35BD-22F5-E8FE-31F0124465F1}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{B71E0D12-088D-91B2-249F-1E2D27BF3F03}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{142FA9FE-83E3-1B87-320E-73D450083C4F}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{7C350240-B882-6665-F318-6BACDFCB39AD}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{51AB5F9E-A0D9-866F-BC7D-908B7B64C544}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{BD19E4B4-7D20-1A01-7A97-7B3398ED7216}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{92784795-5410-1BAE-2DE8-B08AA939EDAE}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{791052C7-675B-F84F-B654-716718FB3CFB}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B3909DD8-3560-DB7D-3FA2-59A407B18E69}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{230DFB28-7B17-F3DB-E0E9-CFAF5AF437D4}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{2817064F-C179-02E5-F752-DABB0A89A04E}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{DCBBB6E6-6732-BD8C-35B1-B0037C9C3CCF}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{272DB21B-7B02-66F4-B01E-8533A8133EAA}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EEAECCBD-772A-0533-1555-738F32309006}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{09D7E2A9-3FC2-60DF-52BB-59C174690395}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{CF22635E-0FB3-2ACC-9205-A341951E01FB}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{3F817498-6A80-AD5D-F843-909F992DC1C1}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8A1C1036-95EA-6FD4-1358-D22577B597C9}) (Version: 2017.0319.1455.26818 - Advanced Micro Devices, Inc.) Hidden
Direct Game UNI Installer (HKLM-x32\...\{C77717A7-09BF-49AF-92F2-9F3ED9AF5BFD}) (Version: 1.0.17 - GamesLOL)
ELAN Touchpad 18.2.8.1_X64_WHQL (HKLM\...\Elantech) (Version: 18.2.8.1 - ELAN Microelectronic Corp.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.61 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.21 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{23D5C1E8-0442-4D70-9280-927EF36657CB}) (Version: 1.1.0.378 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7}) (Version: 1.1.275.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{04ec2b32-255d-418f-b6ca-dec62b872f5d}) (Version: 1.3.60.240 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.3.50.9 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.9.18.3 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
Intel® Wireless Bluetooth® (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{05f918ac-9392-4f5d-8399-68c4c70550b0}) (Version: 19.60.1 - Intel Corporation)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version:  - )
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3453576303-3252061644-3722286961-1001\...\OneDriveSetup.exe) (Version: 20.084.0426.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Origin (HKLM-x32\...\Origin) (Version: 10.5.57.35162 - Electronic Arts, Inc.)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8110 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{6753CC12-A884-47B2-9270-F5CD31B6F256}) (Version: 2.67.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{B7E98A0C-EFE5-4DC2-9069-86B7C25C231E}) (Version: 2.55.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
 
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-19] (Amazon.com)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.378.0_x64__v10z8vjag6ke6 [2017-12-25] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-07-21] (HP Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20116.0_x64__8wekyb3d8bbwe [2019-06-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-03-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-03-05] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.12124.0_x64__8wekyb3d8bbwe [2019-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-07-06] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-21] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-13] (Netflix, Inc.)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2018-06-03] (Plex)
ROBLOX -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.430.11427.0_x86__55nm5eh3cm0pr [2020-05-07] (ROBLOX Corporation)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-06-01] (WinZip Computing)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-06-03] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-03-19] (Advanced Micro Devices, Inc.) [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=priceline&refclickid=square
 
==================== Loaded Modules (Whitelisted) =============
 
2018-11-13 19:02 - 2018-11-13 19:02 - 000096768 ____C () [File not signed] [File is in use] \\?\C:\Users\arste\AppData\Roaming\Browser Assistant\edge\x86\edge_nativeclr.node
2016-09-13 02:50 - 2016-09-13 02:50 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 02:50 - 2016-09-13 02:50 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000191488 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2018-11-13 19:02 - 2018-11-13 19:02 - 018731008 ____C (Node.js) [File not signed] C:\Users\arste\AppData\Roaming\Browser Assistant\edge\x86\node.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-09-13 02:51 - 2016-09-13 02:51 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-09-13 02:50 - 2016-09-13 02:50 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-09-13 02:50 - 2016-09-13 02:50 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-09-13 02:50 - 2016-09-13 02:50 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-09-13 02:50 - 2016-09-13 02:50 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-09-13 02:50 - 2016-09-13 02:50 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-09-13 02:50 - 2016-09-13 02:50 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-09-13 02:50 - 2016-09-13 02:50 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-09-13 02:50 - 2016-09-13 02:50 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-09-13 02:50 - 2016-09-13 02:50 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-09-13 02:50 - 2016-09-13 02:50 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 16:03 - 2017-03-18 16:01 - 000000824 _____ C:\windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3453576303-3252061644-3722286961-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\arste\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\peg pro logo.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{514105A4-363C-4C92-8198-487AF9D1F785}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{04D676E3-8BB8-4E98-8D83-5DEAE444CF14}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D2EE52CF-5379-4D10-B5F0-CDFAF23350E7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1641A936-59FC-4E9B-916B-ABE4C174C738}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{82CE22E4-97C2-44DC-B7C1-C56E90EB900E}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (HP Inc. -> HP Inc.)
FirewallRules: [{6585B977-F514-4448-89C3-44747D1B4D58}] => (Allow) LPort=13148
FirewallRules: [{91E73C9E-DBA6-4D40-8962-ABC4D961ACA9}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{B4DC85FE-8541-4E20-A4ED-3B4865796D16}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{60B3E663-BDD6-41C8-84F4-0360CD4B606A}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{87ABF802-5E1A-4430-AE86-E249A3057F4D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{D7EAC24F-E52C-4BDD-BF1C-F1C6D1154804}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{0881ACDE-2207-45D6-827F-486D775930BD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{66291B37-E810-47D7-8943-C063F43757C7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{49EDBCC1-AA69-4D47-9F2F-14BF30937C4B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled (Total:27.89 GB) (Free:0.3 GB) (1%)
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (07/01/2020 12:41:21 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Users\arste\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Explorer because of this error.
 
Program: Windows Explorer
File: C:\Users\arste\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C000007F
Disk type: 3
 
Error: (07/01/2020 12:41:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.15063.332, time stamp: 0x2bdd7016
Faulting module name: thumbcache.dll, version: 10.0.15063.0, time stamp: 0xb34aa666
Exception code: 0xc0000006
Fault offset: 0x000000000001041b
Faulting process id: 0x2858
Faulting application start time: 0x01d64fced49e9325
Faulting application path: C:\windows\explorer.exe
Faulting module path: C:\Windows\System32\thumbcache.dll
Report Id: 0528a35c-463a-4e6d-b8c2-40809bcac9f9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/01/2020 12:41:14 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Users\arste\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Explorer because of this error.
 
Program: Windows Explorer
File: C:\Users\arste\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C000007F
Disk type: 3
 
Error: (07/01/2020 12:41:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.15063.332, time stamp: 0x2bdd7016
Faulting module name: thumbcache.dll, version: 10.0.15063.0, time stamp: 0xb34aa666
Exception code: 0xc0000006
Fault offset: 0x000000000001041b
Faulting process id: 0x2958
Faulting application start time: 0x01d64fcecdafd549
Faulting application path: C:\windows\explorer.exe
Faulting module path: C:\Windows\System32\thumbcache.dll
Report Id: 62bd7427-2cd1-49f4-90fe-cc8f2cf1f610
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/01/2020 12:41:09 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Users\arste\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Task Manager because of this error.
 
Program: Task Manager
File: C:\Users\arste\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C000007F
Disk type: 3
 
Error: (07/01/2020 12:41:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 10.0.15063.0, time stamp: 0xc87d580f
Faulting module name: thumbcache.dll, version: 10.0.15063.0, time stamp: 0xb34aa666
Exception code: 0xc0000006
Fault offset: 0x000000000000fb26
Faulting process id: 0x1560
Faulting application start time: 0x01d64fceccb14305
Faulting application path: C:\windows\System32\Taskmgr.exe
Faulting module path: C:\Windows\System32\thumbcache.dll
Report Id: db839a41-6d05-4084-ba9f-fc495c11553a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/01/2020 12:41:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-650NTUR9)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (07/01/2020 12:41:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-650NTUR9)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (07/01/2020 12:59:07 PM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
 
Error: (07/01/2020 12:48:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/01/2020 12:46:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (07/01/2020 12:46:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
 
Error: (07/01/2020 12:44:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/01/2020 12:44:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/01/2020 12:43:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MobiGameResume service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/01/2020 12:43:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
 
Windows Defender:
===================================
Date: 2020-07-01 12:53:34.590
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.C!ml
ID: 2147749372
Severity: Severe
Category: Trojan
Path: file:_C:\Users\arste\Downloads\FRST.exe; webfile:_C:\Users\arste\Downloads\FRST.exe|http://www.geekstogo...380991316737028
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Signature Version: AV: 1.319.590.0, AS: 1.319.590.0, NIS: 1.319.590.0
Engine Version: AM: 1.1.17200.2, NIS: 1.1.17200.2
 
Date: 2020-06-01 12:38:35.886
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BE87D3AD-A733-4215-928A-294462ECD8FA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-05-31 12:52:53.033
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {699BA68F-8B49-45FE-BFD2-D19652B37235}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-05-31 12:06:56.725
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6B019EBF-EA73-42A9-BB5F-688C54B75206}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-05-31 11:38:50.168
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BE2F67B4-34F1-44FF-9FEC-3B87F96A4D18}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-06-30 18:55:33.052
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.317.628.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17200.2
Error code: 0x80070070
Error description: There is not enough space on the disk. 
 
Date: 2020-06-30 18:55:33.051
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.317.628.0
Update Source: User
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17200.2
Error code: 0x80070070
Error description: There is not enough space on the disk. 
 
Date: 2020-06-07 10:17:18.314
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2020-05-30 15:29:42.100
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2020-05-29 07:57:06.357
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.315.1482.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17100.2
Error code: 0x80004005
Error description: Unspecified error 
 
CodeIntegrity:
===================================
 
Date: 2020-07-01 12:53:34.171
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2020-07-01 12:53:34.164
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2020-07-01 12:44:07.270
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2020-07-01 12:44:07.066
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2020-07-01 12:30:16.177
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
 
Date: 2020-07-01 12:30:16.172
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
 
Date: 2020-07-01 12:28:43.744
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2020-07-01 12:28:43.737
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: AMI F.26 07/23/2018
Motherboard: HP 8324
Processor: AMD E2-9000e RADEON R2, 4 COMPUTE CORES 2C+2G 
Percentage of memory in use: 73%
Total physical RAM: 3974.2 MB
Available physical RAM: 1043.15 MB
Total Virtual: 4678.2 MB
Available Virtual: 1327.32 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:27.89 GB) (Free:0.3 GB) NTFS
 
\\?\Volume{652f864a-896e-4dc8-a818-b8278a9b8d0d}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.62 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 7A741174)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
 
 
 

 

 


  • 0

Advertisements

#2
RKinner
Posted 02 July 2020 - 07:18 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Multiple replies are OK.  Best to post a log as you get it.

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   9.33KB   224 downloads

Run FRST and press Fix (This will take about 30 minutes to complete.  Be patient.  The desktop will vanish as part of the fix.  It will return after the reboot)
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

I do not see McAfee listed as your antivirus but it appears to be running.  Are you paying for it?  If so it needs to be reinstalled (saving the license).


Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.



 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP