Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Tried to do a "FRESH START" but encountered problem......... [

Started by thefunkymunky , Nov 20 2020 07:18 AM

  • This topic is locked This topic is locked

#1
thefunkymunky
Posted 20 November 2020 - 07:18 AM

thefunkymunky

    Member

  • Member
  • PipPip
  • 54 posts
Hello!!!
 
I want to "thank you" in advance for all your time and attention in this matter. I really appreciate you!
 
Computer: ASUS Laptop - Model #F55SL
 
Operating System: Windows 10
 
Protections: Windows Defender Antivirus, Windows Defender Firewall, Malwarebytes, Ccleaner.
 
 
Here are the issues I'm having:
 
1.  Back when the stimulus payments were direct deposited into accounts, two days later I found that I was a victim of my banking/checking account being hacked and most all of my money gone. I also have a credit card with the bank but they werent successful in their attempt at getting into that. Throughout the next week all my other credit cards, paypal etc had attempts to the account and is monetary value but to no avail. I did have a couple of hundred dollars in a bitcoin wallet through Blockchain which they somehow managed to hack and to which I dont understand. I didnt have my wallet words stored on my computer. I also had a password manager with different passwords to all of my accounts and yet somehow all of my information had been compromised.
 
Now another thing that has me confused about this whole is that my computer gets scanned everyday for virus's, malware and such and not at any time did I receive any warnings that something was going on, I just dont understand it. Also, not sure if this means anything but I do a malwarebytes scan at least once a day maybe twice and almost every scan has the exact same number items listed in the quarantine? Okay, so at the same time I was hacked I started having pop ups like crazy and still am. I know that this isnt normal or right or good, but like I said all of my supposed protection software programs are telling me everything is just hunky dorey.
 
Okay, so here I am these past couple of days researching ways in which I can clean up my computer etc (Im not real knowledgeable about the techie end of computers) and I received this error message:0x80073712 update file is damaged or missing, this was yesterday. So then I try to do a "FRESH START" to the laptop only to receive the message that there is something wrong and that a "FRESH START" can not/will not be installed...end of message. Nothing more. Didnt say what was/is wrong or how I should proceed from there.
 
So, here I am humbly seeking help because I know not what to do!!!
 
I thank you for taking the time to read my plight and I hope it makes sense.
 
Peace to you and yours.....
 
Stay Well......
 
smiles4you
tazzigirl
  • 0

Advertisements

#2
JSntgRvr
Posted 20 November 2020 - 08:36 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Open a Command Prompt as Administrator.
 
Type the following command and press Enter:
 
DISM /Online /Cleanup-Image /ScanHealth
 
If a corruption is found, please type the following command and press Enter
 
DISM /Online /Cleanup-Image /RestoreHealth
 
In any case, also type the following command and press Enter:
 
SFC /ScanNow
 
If successful type the following and press Enter:
 
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%userprofile%"\Desktop\sfcdetails.txt
 
Type Exit and press Enter to leave the prompt.
 
This will create a file on your desktop, sfcdetails.txt. Please post its contents in a reply.
 
Let me know of any error you may experience with this.
  • 0

#3
thefunkymunky
Posted 23 November 2020 - 07:04 AM

thefunkymunky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Hello!!!

 

     This is what came back after the ScanHealth command was entered:

 

Error: 87

The online/cleanup-image/scanhealth option is unknown. For more information, refer to the help by running DISM.exe /?.

The DISM log can be found at C:\WINDOWS\Logs\DISM\dism.log

C:\WINDOWS\system32>DISM/Online/Cleanup-Image/RestoreHealth

Error: 87

The online/cleanup-image/restorehealth option is unknown. For more information, refer to the help by running DISM.exe /?.

The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log

C:\WINDOWS\system32>SFC/ScanNow

Beginning system scan.  This process will take some time.

Windows Resource Protection could not perform the requested operation.

The last command came back: The system cannot find the path specified.

 

I would have sent you a copy of the dism log but I dont know how to attach it.

 

tazzigirl


  • 0

#4
JSntgRvr
Posted 23 November 2020 - 12:19 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click on FRST or FRST(64) and select Run as administrator.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is ran. Please copy and paste its contents to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

  • 0

#5
thefunkymunky
Posted 23 November 2020 - 03:22 PM

thefunkymunky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-11-2020 01

Ran by 17026 (administrator) on DESKTOP-SP92S5H (ASUSTeK COMPUTER INC. X555LAB) (23-11-2020 13:14:51)
Running from C:\Users\17026\Desktop
Loaded Profiles: 17026
Platform: Windows 10 Home Version 1909 18363.657 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\17026\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\17026\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <30>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\17026\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(RealNetworks, Inc. -> ) C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealDownloader\realdownloader264.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [353064 2020-10-08] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [1272104 2020-03-04] (RealNetworks, Inc. -> )
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Run: [Dashlane] => C:\Users\17026\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-11-04] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Run: [DashlanePlugin] => C:\Users\17026\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-11-04] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32281272 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\...\Print\Monitors\HP a011 Status Monitor: C:\WINDOWS\system32\hpinkstsa011LM.dll [331664 2012-06-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3050A J611 series): C:\WINDOWS\system32\HPDiscoPMa011.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.66\Installer\chrmstp.exe [2020-11-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2020-10-08]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {26A328C8-CC1F-4247-AEDC-4B5D2169C5A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {37BFF36D-BA36-422B-B03D-BA112D5F3D5D} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {476A98B5-8DD6-4378-A529-AC2C9E7D22D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {57F48879-3541-4D03-99DA-87BE99E95C02} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [1272104 2020-03-04] (RealNetworks, Inc. -> )
Task: {70C1BF04-4074-4685-8B8B-FF0A39ECF6C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7262357A-E069-4457-8A44-00BBBD537EB7} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [26781880 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {79F6373D-CA19-4D54-80ED-287B18874869} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {83BEB29E-3918-46CE-B548-B77F47BC414C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4056018188-887826847-156463569-1001 => C:\Program Files (x86)\Real\RealDownloader\RealUpgrade.exe [135464 2020-03-04] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {94689567-01BE-4164-B14F-5710E760319C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26781880 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A1A8A548-3127-4C44-8FF8-F3EDE398D3FF} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4056018188-887826847-156463569-1001 => C:\Program Files (x86)\Real\RealDownloader\RealUpgrade.exe [135464 2020-03-04] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {A2C3BC46-A9E2-4F15-BE36-8720DBD89FEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-29] (Google LLC -> Google LLC)
Task: {B2937A79-803A-441F-8DBE-25790240A588} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B717044B-E874-466B-970E-42162FF5F37C} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411856 2015-11-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {BB244012-207E-4DFE-AFA8-D5AC7CEC3D59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-29] (Google LLC -> Google LLC)
Task: {E1DB297E-AA6E-4109-9862-E229B3301471} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174352 2015-11-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{77eb6f5f-c7c0-41dc-b206-fca31a539384}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Edge: 
======
DownloadDir: C:\Users\17026\Downloads
Edge Notifications: HKU\S-1-5-21-4056018188-887826847-156463569-1001 -> hxxps://www.cnet.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\17026\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-23]
Edge HomePage: Default -> hxxp://start.toshiba.com/g/
Edge DefaultSearchURL: Default -> hxxps://manageyoursearch.com/?q={searchTerms}
Edge DefaultSuggestURL: Default -> hxxps://manageyoursearch.com/suggest?q={searchTerms}
Edge Extension: (Search Manager) - C:\Users\17026\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh [2020-04-12]
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @real.com/nppl3260;version=18.1.20.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2020-10-08] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.20.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2020-10-08] (RealNetworks, Inc. -> RealPlayer)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default [2020-11-23]
CHR Notifications: Default -> hxxps://mail.yahoo.com; hxxps://offerup.com; hxxps://www.allrecipes.com; hxxps://www.bettymills.com; hxxps://www.cnet.com; hxxps://www.dmv.com; hxxps://www.facebook.com; hxxps://www.inspireuplift.com; hxxps://www.newchic.com; hxxps://www.offthegridnews.com; hxxps://www.reddit.com; hxxps://www.thermophore.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://start.toshiba.com/g/
CHR DefaultSearchKeyword: Default -> google.com___
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-29]
CHR Extension: (Docs) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-29]
CHR Extension: (Google Drive) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-08]
CHR Extension: (Honey) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-11-17]
CHR Extension: (YouTube Music) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2020-10-08]
CHR Extension: (Smarty) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\edjkecefjhobekadlkdkopkggdefpgfp [2020-11-17]
CHR Extension: (Reason Web Security) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkgkjcdnnfpnnmgfeopbmajnbhjmnpp [2020-05-30]
CHR Extension: (Dashlane - Password Manager) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-11-18]
CHR Extension: (Sheets) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-29]
CHR Extension: (Google Docs Offline) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Avast Online Security) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-07-30]
CHR Extension: (letgo-web) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbkfhekkfmipomaepmpocikpjpgffkop [2020-03-08]
CHR Extension: (Classifieds List App) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdneenbmjjjbjogomjjdahcoofmhpdme [2020-11-17]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-11-23]
CHR Extension: (Free Package Tracker Plus) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc [2020-11-17]
CHR Extension: (Capital One Shopping: Save in seconds) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2020-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-29]
CHR Extension: (Gmail) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-19]
CHR Extension: (Privacy Badger) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2020-10-11]
CHR Profile: C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-11-05]
CHR Extension: (Slides) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-08]
CHR Extension: (Docs) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-08]
CHR Extension: (Google Drive) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-05-08]
CHR Extension: (YouTube) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-08]
CHR Extension: (Sheets) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-08]
CHR Extension: (Google Docs Offline) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-08]
CHR Extension: (Gmail) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-05-08]
CHR Extension: (Chrome Media Router) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-08]
CHR Profile: C:\Users\17026\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-05]
CHR HKLM\...\Chrome\Extension: [egkgkjcdnnfpnnmgfeopbmajnbhjmnpp]
CHR HKLM-x32\...\Chrome\Extension: [egkgkjcdnnfpnnmgfeopbmajnbhjmnpp]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [38024 2020-03-04] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [990856 2020-10-08] (RealNetworks, Inc. -> RealNetworks, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\System32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [101872 2017-04-11] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [20232 2014-06-27] (ZTE CORPORATION -> HandSet Incorporated)
R1 rsKernelEngine; C:\WINDOWS\System32\DRIVERS\rsKernelEngine.sys [56832 2020-05-30] (Reason Software Company Inc. -> Windows ® Win 7 DDK provider)
S3 viahsets; C:\WINDOWS\System32\drivers\viahsets.sys [32136 2014-06-27] (ZTE CORPORATION -> Via Telecom, Inc.)
S3 viahsser; C:\WINDOWS\System32\drivers\viahsser.sys [62728 2014-06-27] (ZTE CORPORATION -> VIA Telecom)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-11-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429288 2020-11-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-18] (Microsoft Windows -> Microsoft Corporation)
S3 zghsser; C:\WINDOWS\System32\drivers\zghsser.sys [133960 2014-06-27] (ZTE CORPORATION -> ZTE Corporation)
S3 cpuz149; \??\C:\Users\17026\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-11-23 13:14 - 2020-11-23 13:16 - 000020789 _____ C:\Users\17026\Desktop\FRST.txt
2020-11-23 13:11 - 2020-11-23 13:11 - 002295808 _____ (Farbar) C:\Users\17026\Desktop\FRST64.exe
2020-11-23 12:27 - 2020-11-23 12:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-11-23 04:24 - 2020-11-23 04:24 - 000000000 _____ C:\Users\17026\Desktop\sfcdetails.txt
2020-11-21 00:55 - 2020-11-21 00:55 - 000002232 _____ C:\Users\17026\Desktop\Free Games.lnk
2020-11-21 00:55 - 2020-11-21 00:55 - 000002223 _____ C:\Users\17026\Desktop\New games.lnk
2020-11-21 00:55 - 2020-11-21 00:55 - 000001274 _____ C:\Users\17026\Desktop\Heroes Of Hellas.lnk
2020-11-21 00:55 - 2020-11-21 00:55 - 000000000 ____D C:\Users\17026\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atarata Games
2020-11-21 00:55 - 2020-11-21 00:55 - 000000000 ____D C:\Users\17026\AppData\Local\game
2020-11-21 00:55 - 2020-11-21 00:55 - 000000000 ____D C:\ProgramData\AlawarWrapper
2020-11-21 00:54 - 2020-11-21 00:54 - 000000000 ____D C:\Program Files (x86)\Atarata Games
2020-11-21 00:53 - 2020-11-21 00:54 - 037316064 _____ C:\Users\17026\Desktop\AtarataHeroesOfHellasFree_92.exe
2020-11-19 22:46 - 2020-11-19 22:46 - 000000000 ____D C:\Users\17026\AppData\Roaming\JaiboGames
2020-11-19 18:01 - 2020-11-19 18:02 - 000000000 ____D C:\Users\17026\Desktop\New folder
2020-11-19 08:37 - 2020-11-19 08:38 - 000000000 ____D C:\$Windows.~BT
2020-11-19 08:33 - 2020-11-19 08:38 - 000000000 ___HD C:\$SysReset
2020-11-18 03:42 - 2020-11-18 03:42 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2020-11-18 03:42 - 2020-11-18 03:42 - 000002201 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2020-11-18 03:42 - 2020-11-18 03:42 - 000002201 _____ C:\ProgramData\Desktop\Belarc Advisor.lnk
2020-11-18 03:42 - 2020-11-18 03:42 - 000000000 ____D C:\Program Files (x86)\Belarc
2020-11-18 03:41 - 2020-11-18 03:41 - 003857816 _____ C:\Users\17026\Desktop\advisorinstaller.exe
2020-11-18 03:27 - 2020-11-18 03:27 - 000001294 _____ C:\Users\17026\Desktop\Island Tribe 2.lnk
2020-11-18 03:27 - 2020-11-18 03:27 - 000001275 _____ C:\Users\17026\Desktop\Free Farm Games.lnk
2020-11-18 03:27 - 2020-11-18 03:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2020-11-18 03:27 - 2020-11-18 03:27 - 000000000 ____D C:\Program Files (x86)\GameTop.com
2020-11-18 03:26 - 2020-11-18 03:26 - 112540888 _____ (GameTop Pte. Ltd. ) C:\Users\17026\Desktop\Island-Tribe-2.exe
2020-11-17 14:02 - 2020-11-17 14:02 - 000001962 _____ C:\Users\17026\Desktop\Dashlane.lnk
2020-11-11 17:15 - 2020-11-11 17:15 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-10-30 18:22 - 2020-10-30 18:22 - 000000000 ____D C:\ProgramData\Awem
2020-10-30 18:18 - 2020-10-30 18:18 - 000000000 ____D C:\Users\17026\Documents\My Games
2020-10-30 18:17 - 2020-11-21 00:49 - 000000000 ____D C:\ProgramData\TEMP
2020-10-30 14:05 - 2020-10-30 14:05 - 000003802 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series
2020-10-30 14:05 - 2020-10-30 14:05 - 000002381 _____ C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
2020-10-30 14:05 - 2020-10-30 14:05 - 000002381 _____ C:\ProgramData\Desktop\HP Deskjet 3050A J611 series.lnk
2020-10-30 14:05 - 2020-10-30 14:05 - 000001926 _____ C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
2020-10-30 14:05 - 2020-10-30 14:05 - 000001926 _____ C:\ProgramData\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
2020-10-30 14:05 - 2012-10-17 03:31 - 000741480 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPMa011.dll
2020-10-30 14:00 - 2015-09-17 21:15 - 057375888 _____ C:\Users\17026\Desktop\DJ3050A_J611_1315-1.exe
2020-10-29 15:29 - 2020-10-29 15:29 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4056018188-887826847-156463569-1001
2020-10-29 15:29 - 2020-10-29 15:29 - 000002363 _____ C:\Users\17026\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-11-23 13:15 - 2020-05-31 06:38 - 000000000 ____D C:\FRST
2020-11-23 13:14 - 2020-03-08 17:05 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-23 13:08 - 2020-03-08 16:55 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-23 12:32 - 2020-03-08 17:03 - 000000000 ____D C:\WINDOWS\INF
2020-11-23 12:32 - 2020-03-08 16:45 - 000795988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-11-23 12:30 - 2020-06-29 20:32 - 000000000 ____D C:\Program Files\CCleaner
2020-11-23 12:28 - 2020-03-08 17:12 - 000000000 ___RD C:\Users\17026\OneDrive
2020-11-23 12:27 - 2020-03-08 17:07 - 000000000 __SHD C:\Users\17026\IntelGraphicsProfiles
2020-11-23 12:27 - 2020-03-08 16:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-11-23 12:26 - 2020-03-08 16:51 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-11-23 11:25 - 2020-03-08 16:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-11-23 09:15 - 2020-04-17 10:28 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3B2ECF9C-20E9-46EA-92FA-0E06AFA91793}
2020-11-23 06:44 - 2020-04-20 01:39 - 000000000 ____D C:\WINDOWS\Minidump
2020-11-23 02:39 - 2020-03-08 16:51 - 000000000 ____D C:\Users\17026
2020-11-23 00:01 - 2020-03-08 17:05 - 000000000 ___HD C:\Program Files\WindowsApps
2020-11-23 00:01 - 2020-03-08 17:05 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-11-20 14:56 - 2020-09-29 22:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-19 18:58 - 2020-03-19 09:07 - 000000000 ____D C:\Users\17026\Desktop\Personal
2020-11-18 22:30 - 2020-07-31 04:09 - 000000000 ____D C:\Users\17026\AppData\Local\CrashDumps
2020-11-18 22:30 - 2020-03-08 16:51 - 000000000 ____D C:\WINDOWS\Panther
2020-11-18 22:00 - 2020-07-31 17:36 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-18 22:00 - 2020-07-31 17:36 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-18 22:00 - 2020-07-31 17:36 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-18 05:55 - 2020-03-08 17:05 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-11-18 05:55 - 2020-03-08 16:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-11-18 03:57 - 2020-03-26 05:13 - 000000000 ____D C:\Users\17026\AppData\Local\ElevatedDiagnostics
2020-11-17 14:03 - 2020-04-18 21:08 - 000000000 ____D C:\Users\17026\AppData\Roaming\Dashlane
2020-11-12 11:00 - 2020-09-29 22:43 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-11-12 10:59 - 2020-09-29 22:43 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-11-11 02:32 - 2020-03-08 23:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-11 02:08 - 2020-03-08 23:27 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-10-30 19:14 - 2020-03-08 17:10 - 000000000 ____D C:\Users\17026\AppData\Local\PlaceholderTileLogoFolder
2020-10-30 18:24 - 2020-03-19 03:28 - 000000000 ____D C:\Users\17026\AppData\Local\D3DSCache
2020-10-30 14:05 - 2020-04-06 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2020-10-30 14:05 - 2020-03-19 09:04 - 000000000 ____D C:\ProgramData\HP
2020-10-30 08:39 - 2020-03-08 16:57 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2020 01
Ran by 17026 (23-11-2020 13:17:16)
Running from C:\Users\17026\Desktop
Windows 10 Home Version 1909 18363.657 (X64) (2020-03-09 00:42:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
17026 (S-1-5-21-4056018188-887826847-156463569-1001 - Administrator - Enabled) => C:\Users\17026
Administrator (S-1-5-21-4056018188-887826847-156463569-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4056018188-887826847-156463569-503 - Limited - Disabled)
Guest (S-1-5-21-4056018188-887826847-156463569-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4056018188-887826847-156463569-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Belarc Advisor 9.7 (HKLM-x32\...\Belarc Advisor) (Version: 9.7.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.74 - Piriform)
Dashlane (HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Dashlane) (Version: 6.2044.0.40862 - Dashlane, Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.66 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Heroes Of Hellas (HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Heroes Of Hellas) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.18.312 - SurfRight B.V.)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5107 - Intel Corporation)
Island Tribe 2 (HKLM-x32\...\Island Tribe 2_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Javelin (HKLM-x32\...\Javelin PDF reader 1.021_is1) (Version:  - )
Microsoft OneDrive (HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
RealDownloader (HKLM-x32\...\{F1FFBA3D-C08F-41E4-98B2-07144A4928A9}) (Version: 18.1.20.206 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.20 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.1.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.5 - VS Revo Group, Ltd.)
Show Me Excel 2007 and 2003 (HKLM-x32\...\{1372A74C-58C7-49BC-8AD2-649A30FA64CE}) (Version: 1.00 - GSPNA)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
 
Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.45.4.0_x86__kgqvnymyfvs32 [2020-10-24] (king.com)
Cool File Viewer -> C:\Program Files\WindowsApps\20815shootingapp.AirFileViewer_1.4.9.0_x86__xcg28tkrsnqww [2020-09-24] (Cool File Viewer)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.48.4.0_x86__kgqvnymyfvs32 [2020-11-05] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-05] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-22] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-10-30] (Microsoft Corporation)
Your Phone -> C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20101.99.0_x64__8wekyb3d8bbwe [2020-11-13] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4056018188-887826847-156463569-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-06-22] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpcontextmenu.dll [2020-10-08] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-06-22] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\17026\Desktop\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\17026\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
 
==================== Loaded Modules (Whitelisted) =============
 
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0A5BA9A0 [113]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2020-03-04] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2020-03-04] (RealNetworks, Inc. -> RealDownloader)
IE Session Restore: HKU\S-1-5-21-4056018188-887826847-156463569-1001 -> is enabled.
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2020-10-15] (Belarc, Inc. -> Belarc, Inc.)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2020-03-08 17:05 - 2020-03-08 17:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4056018188-887826847-156463569-1001\Control Panel\Desktop\\Wallpaper -> E:\ASUS\Pictures\bathseba rock.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{068BBBB8-64D3-4501-9CB9-016420382EDB}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [TCP Query User{CFD26A5E-4EED-4DBA-99C9-B264CB976EE8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{72BB79BC-753F-4B79-82D7-8DFC0B0758AB}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{046C8040-E392-435D-9FEB-C71DB7FEF749}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{FCCE743B-60F5-4123-A7B5-0719DC612F3F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{5A95778B-00D5-43C6-9CE9-E1179C3B1631}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C03772ED-FD9D-47F1-8EA7-C3C14ECD1888}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9EA52908-3E5F-4B31-A627-B16C45038C29}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E54B758-2EB0-4855-A8E8-20E687955D07}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{65CAC0B5-DC9F-4D58-B637-5526E2EB19BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{58539562-FAA8-4786-B01C-9124D19E2124}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3961371B-8C93-4340-BC5A-69BE67A21D40}] => (Allow) C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.exe (Alawar Entertainment Inc -> )
FirewallRules: [{4799E682-199E-4A68-9232-0DB769EBFE9D}] => (Allow) C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe () [File not signed]
FirewallRules: [{3F6571D8-4219-41A0-AECE-0402C93CAAA5}] => (Allow) C:\Program Files (x86)\Atarata Games\HeroesOfHellas\F2PHttpDaemon.exe => No File
 
==================== Restore Points =========================
 
20-11-2020 14:55:54 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/23/2020 01:06:59 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2391408 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:06:59 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2391407 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:06:59 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2391405 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:04:31 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2243212 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:04:31 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2243208 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:04:31 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2243202 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:04:10 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2222175 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:04:10 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2222170 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
 
System errors:
=============
Error: (11/23/2020 06:36:17 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xffffd503d499c028, 0x00000000be000000, 0x000000000100110b). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: c2cc75de-5043-40d5-b702-93b0494ab828.
 
Error: (11/23/2020 06:35:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:34:11 AM on ‎11/‎23/‎2020 was unexpected.
 
Error: (11/23/2020 05:23:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:21:23 AM on ‎11/‎23/‎2020 was unexpected.
 
Error: (11/23/2020 04:45:21 AM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
 
Error: (11/23/2020 02:39:23 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:12:19 AM on ‎11/‎23/‎2020 was unexpected.
 
Error: (11/21/2020 11:40:48 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly.  Please restart your computer to reset the TPM hardware.  For further assistance on this hardware issue, please contact the computer manufacturer for more information.
 
Error: (11/21/2020 03:23:46 AM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly.  Please restart your computer to reset the TPM hardware.  For further assistance on this hardware issue, please contact the computer manufacturer for more information.
 
Error: (11/20/2020 04:05:29 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly.  Please restart your computer to reset the TPM hardware.  For further assistance on this hardware issue, please contact the computer manufacturer for more information.
 
 
Windows Defender:
===================================
Date: 2020-11-23 05:31:25.623
Description: 
C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2020-11-23T13:31:25.623Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe
Security intelligence Version: 1.327.1401.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2010.7
 
Date: 2020-11-23 05:14:37.487
Description: 
C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2020-11-23T13:14:37.486Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe
Security intelligence Version: 1.327.1401.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2010.7
 
Date: 2020-11-22 23:33:49.508
Description: 
C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2020-11-23T07:33:49.508Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe
Security intelligence Version: 1.327.1388.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2010.7
 
Date: 2020-11-22 23:12:58.648
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F20C3697-B42D-48F1-AF09-FFE246690609}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-11-21 00:56:03.806
Description: 
C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2020-11-21T08:56:03.805Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe
Security intelligence Version: 1.327.1257.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2010.7
 
Date: 2020-11-22 20:48:39.879
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.327.1388.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17600.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
 
Date: 2020-11-22 20:48:39.855
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.327.1388.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17600.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
 
Date: 2020-11-22 20:48:39.070
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.327.1388.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17600.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
 
Date: 2020-11-22 20:43:53.906
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.327.1257.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17600.5
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2020-10-30 10:08:18.673
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.
 
CodeIntegrity:
===================================
 
Date: 2020-11-18 02:28:50.770
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-17 13:46:13.609
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-13 02:29:25.662
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-12 02:28:23.829
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-11 02:28:38.705
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-10 07:23:29.085
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-08 21:12:45.625
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-07 02:27:43.229
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. X555LAB.503 08/04/2015
Motherboard: ASUSTeK COMPUTER INC. X555LAB
Processor: Intel® Core™ i3-5010U CPU @ 2.10GHz
Percentage of memory in use: 82%
Total physical RAM: 3998.71 MB
Available physical RAM: 711.82 MB
Total Virtual: 5982.71 MB
Available Virtual: 1558.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:464.44 GB) (Free:424.03 GB) NTFS
 
\\?\Volume{31f7de28-42ea-4aae-bf3f-5de2b8703daa}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.03 GB) NTFS
\\?\Volume{996bbe23-17fe-48b0-916c-7a5162ce6751}\ () (Fixed) (Total:0.8 GB) (Free:0.31 GB) NTFS
\\?\Volume{a44abeaa-4b3a-4529-8ccf-9725d57ab459}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 35848839)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#6
JSntgRvr
Posted 23 November 2020 - 05:38 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Lets run those same commands, but throughout FRST64.

  • Highlight the entire content of the quote box below.

Start::
CMD: DISM /Online /Cleanup-Image /ScanHealth
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.


  • 0

#7
thefunkymunky
Posted 23 November 2020 - 08:35 PM

thefunkymunky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-11-2020 01

Ran by 17026 (administrator) on DESKTOP-SP92S5H (ASUSTeK COMPUTER INC. X555LAB) (23-11-2020 13:14:51)
Running from C:\Users\17026\Desktop
Loaded Profiles: 17026
Platform: Windows 10 Home Version 1909 18363.657 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\17026\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\17026\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <30>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\17026\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(RealNetworks, Inc. -> ) C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealDownloader\realdownloader264.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [353064 2020-10-08] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [1272104 2020-03-04] (RealNetworks, Inc. -> )
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Run: [Dashlane] => C:\Users\17026\AppData\Roaming\Dashlane\Dashlane.exe [321536 2020-11-04] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Run: [DashlanePlugin] => C:\Users\17026\AppData\Roaming\Dashlane\DashlanePlugin.exe [342528 2020-11-04] (Dashlane USA, Inc. -> Dashlane, Inc.)
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32281272 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\...\Print\Monitors\HP a011 Status Monitor: C:\WINDOWS\system32\hpinkstsa011LM.dll [331664 2012-06-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3050A J611 series): C:\WINDOWS\system32\HPDiscoPMa011.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.66\Installer\chrmstp.exe [2020-11-18] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2020-10-08]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {26A328C8-CC1F-4247-AEDC-4B5D2169C5A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {37BFF36D-BA36-422B-B03D-BA112D5F3D5D} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {476A98B5-8DD6-4378-A529-AC2C9E7D22D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {57F48879-3541-4D03-99DA-87BE99E95C02} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [1272104 2020-03-04] (RealNetworks, Inc. -> )
Task: {70C1BF04-4074-4685-8B8B-FF0A39ECF6C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7262357A-E069-4457-8A44-00BBBD537EB7} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [26781880 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {79F6373D-CA19-4D54-80ED-287B18874869} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {83BEB29E-3918-46CE-B548-B77F47BC414C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4056018188-887826847-156463569-1001 => C:\Program Files (x86)\Real\RealDownloader\RealUpgrade.exe [135464 2020-03-04] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {94689567-01BE-4164-B14F-5710E760319C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26781880 2020-11-10] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A1A8A548-3127-4C44-8FF8-F3EDE398D3FF} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4056018188-887826847-156463569-1001 => C:\Program Files (x86)\Real\RealDownloader\RealUpgrade.exe [135464 2020-03-04] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {A2C3BC46-A9E2-4F15-BE36-8720DBD89FEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-29] (Google LLC -> Google LLC)
Task: {B2937A79-803A-441F-8DBE-25790240A588} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MpCmdRun.exe [541576 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B717044B-E874-466B-970E-42162FF5F37C} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411856 2015-11-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {BB244012-207E-4DFE-AFA8-D5AC7CEC3D59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-29] (Google LLC -> Google LLC)
Task: {E1DB297E-AA6E-4109-9862-E229B3301471} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174352 2015-11-10] (Realtek Semiconductor Corp -> Realtek Semiconductor)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{77eb6f5f-c7c0-41dc-b206-fca31a539384}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Edge: 
======
DownloadDir: C:\Users\17026\Downloads
Edge Notifications: HKU\S-1-5-21-4056018188-887826847-156463569-1001 -> hxxps://www.cnet.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\17026\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-23]
Edge HomePage: Default -> hxxp://start.toshiba.com/g/
Edge DefaultSearchURL: Default -> hxxps://manageyoursearch.com/?q={searchTerms}
Edge DefaultSuggestURL: Default -> hxxps://manageyoursearch.com/suggest?q={searchTerms}
Edge Extension: (Search Manager) - C:\Users\17026\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh [2020-04-12]
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @real.com/nppl3260;version=18.1.20.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2020-10-08] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.20.206 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2020-10-08] (RealNetworks, Inc. -> RealPlayer)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default [2020-11-23]
CHR Notifications: Default -> hxxps://mail.yahoo.com; hxxps://offerup.com; hxxps://www.allrecipes.com; hxxps://www.bettymills.com; hxxps://www.cnet.com; hxxps://www.dmv.com; hxxps://www.facebook.com; hxxps://www.inspireuplift.com; hxxps://www.newchic.com; hxxps://www.offthegridnews.com; hxxps://www.reddit.com; hxxps://www.thermophore.com; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://start.toshiba.com/g/
CHR DefaultSearchKeyword: Default -> google.com___
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-29]
CHR Extension: (Docs) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-29]
CHR Extension: (Google Drive) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-21]
CHR Extension: (YouTube) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-08]
CHR Extension: (Honey) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2020-11-17]
CHR Extension: (YouTube Music) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2020-10-08]
CHR Extension: (Smarty) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\edjkecefjhobekadlkdkopkggdefpgfp [2020-11-17]
CHR Extension: (Reason Web Security) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\egkgkjcdnnfpnnmgfeopbmajnbhjmnpp [2020-05-30]
CHR Extension: (Dashlane - Password Manager) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2020-11-18]
CHR Extension: (Sheets) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-29]
CHR Extension: (Google Docs Offline) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Avast Online Security) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2020-07-30]
CHR Extension: (letgo-web) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbkfhekkfmipomaepmpocikpjpgffkop [2020-03-08]
CHR Extension: (Classifieds List App) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdneenbmjjjbjogomjjdahcoofmhpdme [2020-11-17]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-11-23]
CHR Extension: (Free Package Tracker Plus) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbconaaffabelmgeenpebcapbnnoigpc [2020-11-17]
CHR Extension: (Capital One Shopping: Save in seconds) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2020-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-29]
CHR Extension: (Gmail) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-19]
CHR Extension: (Privacy Badger) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2020-10-11]
CHR Profile: C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-11-05]
CHR Extension: (Slides) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-05-08]
CHR Extension: (Docs) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-05-08]
CHR Extension: (Google Drive) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-05-08]
CHR Extension: (YouTube) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-05-08]
CHR Extension: (Sheets) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-05-08]
CHR Extension: (Google Docs Offline) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-08]
CHR Extension: (Gmail) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-05-08]
CHR Extension: (Chrome Media Router) - C:\Users\17026\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-08]
CHR Profile: C:\Users\17026\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-05]
CHR HKLM\...\Chrome\Extension: [egkgkjcdnnfpnnmgfeopbmajnbhjmnpp]
CHR HKLM-x32\...\Chrome\Extension: [egkgkjcdnnfpnnmgfeopbmajnbhjmnpp]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [38024 2020-03-04] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [990856 2020-10-08] (RealNetworks, Inc. -> RealNetworks, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\System32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [101872 2017-04-11] (ASUSTeK Computer Inc. -> ASUS Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [20232 2014-06-27] (ZTE CORPORATION -> HandSet Incorporated)
R1 rsKernelEngine; C:\WINDOWS\System32\DRIVERS\rsKernelEngine.sys [56832 2020-05-30] (Reason Software Company Inc. -> Windows ® Win 7 DDK provider)
S3 viahsets; C:\WINDOWS\System32\drivers\viahsets.sys [32136 2014-06-27] (ZTE CORPORATION -> Via Telecom, Inc.)
S3 viahsser; C:\WINDOWS\System32\drivers\viahsser.sys [62728 2014-06-27] (ZTE CORPORATION -> VIA Telecom)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-11-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429288 2020-11-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-18] (Microsoft Windows -> Microsoft Corporation)
S3 zghsser; C:\WINDOWS\System32\drivers\zghsser.sys [133960 2014-06-27] (ZTE CORPORATION -> ZTE Corporation)
S3 cpuz149; \??\C:\Users\17026\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-11-23 13:14 - 2020-11-23 13:16 - 000020789 _____ C:\Users\17026\Desktop\FRST.txt
2020-11-23 13:11 - 2020-11-23 13:11 - 002295808 _____ (Farbar) C:\Users\17026\Desktop\FRST64.exe
2020-11-23 12:27 - 2020-11-23 12:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-11-23 04:24 - 2020-11-23 04:24 - 000000000 _____ C:\Users\17026\Desktop\sfcdetails.txt
2020-11-21 00:55 - 2020-11-21 00:55 - 000002232 _____ C:\Users\17026\Desktop\Free Games.lnk
2020-11-21 00:55 - 2020-11-21 00:55 - 000002223 _____ C:\Users\17026\Desktop\New games.lnk
2020-11-21 00:55 - 2020-11-21 00:55 - 000001274 _____ C:\Users\17026\Desktop\Heroes Of Hellas.lnk
2020-11-21 00:55 - 2020-11-21 00:55 - 000000000 ____D C:\Users\17026\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Atarata Games
2020-11-21 00:55 - 2020-11-21 00:55 - 000000000 ____D C:\Users\17026\AppData\Local\game
2020-11-21 00:55 - 2020-11-21 00:55 - 000000000 ____D C:\ProgramData\AlawarWrapper
2020-11-21 00:54 - 2020-11-21 00:54 - 000000000 ____D C:\Program Files (x86)\Atarata Games
2020-11-21 00:53 - 2020-11-21 00:54 - 037316064 _____ C:\Users\17026\Desktop\AtarataHeroesOfHellasFree_92.exe
2020-11-19 22:46 - 2020-11-19 22:46 - 000000000 ____D C:\Users\17026\AppData\Roaming\JaiboGames
2020-11-19 18:01 - 2020-11-19 18:02 - 000000000 ____D C:\Users\17026\Desktop\New folder
2020-11-19 08:37 - 2020-11-19 08:38 - 000000000 ____D C:\$Windows.~BT
2020-11-19 08:33 - 2020-11-19 08:38 - 000000000 ___HD C:\$SysReset
2020-11-18 03:42 - 2020-11-18 03:42 - 000002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2020-11-18 03:42 - 2020-11-18 03:42 - 000002201 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2020-11-18 03:42 - 2020-11-18 03:42 - 000002201 _____ C:\ProgramData\Desktop\Belarc Advisor.lnk
2020-11-18 03:42 - 2020-11-18 03:42 - 000000000 ____D C:\Program Files (x86)\Belarc
2020-11-18 03:41 - 2020-11-18 03:41 - 003857816 _____ C:\Users\17026\Desktop\advisorinstaller.exe
2020-11-18 03:27 - 2020-11-18 03:27 - 000001294 _____ C:\Users\17026\Desktop\Island Tribe 2.lnk
2020-11-18 03:27 - 2020-11-18 03:27 - 000001275 _____ C:\Users\17026\Desktop\Free Farm Games.lnk
2020-11-18 03:27 - 2020-11-18 03:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2020-11-18 03:27 - 2020-11-18 03:27 - 000000000 ____D C:\Program Files (x86)\GameTop.com
2020-11-18 03:26 - 2020-11-18 03:26 - 112540888 _____ (GameTop Pte. Ltd. ) C:\Users\17026\Desktop\Island-Tribe-2.exe
2020-11-17 14:02 - 2020-11-17 14:02 - 000001962 _____ C:\Users\17026\Desktop\Dashlane.lnk
2020-11-11 17:15 - 2020-11-11 17:15 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-10-30 18:22 - 2020-10-30 18:22 - 000000000 ____D C:\ProgramData\Awem
2020-10-30 18:18 - 2020-10-30 18:18 - 000000000 ____D C:\Users\17026\Documents\My Games
2020-10-30 18:17 - 2020-11-21 00:49 - 000000000 ____D C:\ProgramData\TEMP
2020-10-30 14:05 - 2020-10-30 14:05 - 000003802 _____ C:\WINDOWS\system32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series
2020-10-30 14:05 - 2020-10-30 14:05 - 000002381 _____ C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
2020-10-30 14:05 - 2020-10-30 14:05 - 000002381 _____ C:\ProgramData\Desktop\HP Deskjet 3050A J611 series.lnk
2020-10-30 14:05 - 2020-10-30 14:05 - 000001926 _____ C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
2020-10-30 14:05 - 2020-10-30 14:05 - 000001926 _____ C:\ProgramData\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
2020-10-30 14:05 - 2012-10-17 03:31 - 000741480 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPMa011.dll
2020-10-30 14:00 - 2015-09-17 21:15 - 057375888 _____ C:\Users\17026\Desktop\DJ3050A_J611_1315-1.exe
2020-10-29 15:29 - 2020-10-29 15:29 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4056018188-887826847-156463569-1001
2020-10-29 15:29 - 2020-10-29 15:29 - 000002363 _____ C:\Users\17026\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-11-23 13:15 - 2020-05-31 06:38 - 000000000 ____D C:\FRST
2020-11-23 13:14 - 2020-03-08 17:05 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-23 13:08 - 2020-03-08 16:55 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-23 12:32 - 2020-03-08 17:03 - 000000000 ____D C:\WINDOWS\INF
2020-11-23 12:32 - 2020-03-08 16:45 - 000795988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-11-23 12:30 - 2020-06-29 20:32 - 000000000 ____D C:\Program Files\CCleaner
2020-11-23 12:28 - 2020-03-08 17:12 - 000000000 ___RD C:\Users\17026\OneDrive
2020-11-23 12:27 - 2020-03-08 17:07 - 000000000 __SHD C:\Users\17026\IntelGraphicsProfiles
2020-11-23 12:27 - 2020-03-08 16:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-11-23 12:26 - 2020-03-08 16:51 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-11-23 11:25 - 2020-03-08 16:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-11-23 09:15 - 2020-04-17 10:28 - 000004164 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{3B2ECF9C-20E9-46EA-92FA-0E06AFA91793}
2020-11-23 06:44 - 2020-04-20 01:39 - 000000000 ____D C:\WINDOWS\Minidump
2020-11-23 02:39 - 2020-03-08 16:51 - 000000000 ____D C:\Users\17026
2020-11-23 00:01 - 2020-03-08 17:05 - 000000000 ___HD C:\Program Files\WindowsApps
2020-11-23 00:01 - 2020-03-08 17:05 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-11-20 14:56 - 2020-09-29 22:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-19 18:58 - 2020-03-19 09:07 - 000000000 ____D C:\Users\17026\Desktop\Personal
2020-11-18 22:30 - 2020-07-31 04:09 - 000000000 ____D C:\Users\17026\AppData\Local\CrashDumps
2020-11-18 22:30 - 2020-03-08 16:51 - 000000000 ____D C:\WINDOWS\Panther
2020-11-18 22:00 - 2020-07-31 17:36 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-18 22:00 - 2020-07-31 17:36 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-18 22:00 - 2020-07-31 17:36 - 000002262 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-18 05:55 - 2020-03-08 17:05 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-11-18 05:55 - 2020-03-08 16:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-11-18 03:57 - 2020-03-26 05:13 - 000000000 ____D C:\Users\17026\AppData\Local\ElevatedDiagnostics
2020-11-17 14:03 - 2020-04-18 21:08 - 000000000 ____D C:\Users\17026\AppData\Roaming\Dashlane
2020-11-12 11:00 - 2020-09-29 22:43 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-11-12 10:59 - 2020-09-29 22:43 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-11-11 02:32 - 2020-03-08 23:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-11 02:08 - 2020-03-08 23:27 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-10-30 19:14 - 2020-03-08 17:10 - 000000000 ____D C:\Users\17026\AppData\Local\PlaceholderTileLogoFolder
2020-10-30 18:24 - 2020-03-19 03:28 - 000000000 ____D C:\Users\17026\AppData\Local\D3DSCache
2020-10-30 14:05 - 2020-04-06 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2020-10-30 14:05 - 2020-03-19 09:04 - 000000000 ____D C:\ProgramData\HP
2020-10-30 08:39 - 2020-03-08 16:57 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2020 01
Ran by 17026 (23-11-2020 13:17:16)
Running from C:\Users\17026\Desktop
Windows 10 Home Version 1909 18363.657 (X64) (2020-03-09 00:42:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
17026 (S-1-5-21-4056018188-887826847-156463569-1001 - Administrator - Enabled) => C:\Users\17026
Administrator (S-1-5-21-4056018188-887826847-156463569-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4056018188-887826847-156463569-503 - Limited - Disabled)
Guest (S-1-5-21-4056018188-887826847-156463569-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-4056018188-887826847-156463569-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Belarc Advisor 9.7 (HKLM-x32\...\Belarc Advisor) (Version: 9.7.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.74 - Piriform)
Dashlane (HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Dashlane) (Version: 6.2044.0.40862 - Dashlane, Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.66 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Heroes Of Hellas (HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\Heroes Of Hellas) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.18.312 - SurfRight B.V.)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5107 - Intel Corporation)
Island Tribe 2 (HKLM-x32\...\Island Tribe 2_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Javelin (HKLM-x32\...\Javelin PDF reader 1.021_is1) (Version:  - )
Microsoft OneDrive (HKU\S-1-5-21-4056018188-887826847-156463569-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
RealDownloader (HKLM-x32\...\{F1FFBA3D-C08F-41E4-98B2-07144A4928A9}) (Version: 18.1.20.206 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.20 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.1.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.1.5 - VS Revo Group, Ltd.)
Show Me Excel 2007 and 2003 (HKLM-x32\...\{1372A74C-58C7-49BC-8AD2-649A30FA64CE}) (Version: 1.00 - GSPNA)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
 
Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.45.4.0_x86__kgqvnymyfvs32 [2020-10-24] (king.com)
Cool File Viewer -> C:\Program Files\WindowsApps\20815shootingapp.AirFileViewer_1.4.9.0_x86__xcg28tkrsnqww [2020-09-24] (Cool File Viewer)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.48.4.0_x86__kgqvnymyfvs32 [2020-11-05] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-05] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-22] (Microsoft Studios) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-10-30] (Microsoft Corporation)
Your Phone -> C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20101.99.0_x64__8wekyb3d8bbwe [2020-11-13] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4056018188-887826847-156463569-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-06-22] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpcontextmenu.dll [2020-10-08] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-06-22] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\17026\Desktop\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\17026\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
 
==================== Loaded Modules (Whitelisted) =============
 
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0A5BA9A0 [113]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2020-03-04] (RealNetworks, Inc. -> RealDownloader)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2020-03-04] (RealNetworks, Inc. -> RealDownloader)
IE Session Restore: HKU\S-1-5-21-4056018188-887826847-156463569-1001 -> is enabled.
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2020-10-15] (Belarc, Inc. -> Belarc, Inc.)
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2020-03-08 17:05 - 2020-03-08 17:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4056018188-887826847-156463569-1001\Control Panel\Desktop\\Wallpaper -> E:\ASUS\Pictures\bathseba rock.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{068BBBB8-64D3-4501-9CB9-016420382EDB}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
FirewallRules: [TCP Query User{CFD26A5E-4EED-4DBA-99C9-B264CB976EE8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{72BB79BC-753F-4B79-82D7-8DFC0B0758AB}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{046C8040-E392-435D-9FEB-C71DB7FEF749}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{FCCE743B-60F5-4123-A7B5-0719DC612F3F}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{5A95778B-00D5-43C6-9CE9-E1179C3B1631}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C03772ED-FD9D-47F1-8EA7-C3C14ECD1888}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9EA52908-3E5F-4B31-A627-B16C45038C29}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E54B758-2EB0-4855-A8E8-20E687955D07}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{65CAC0B5-DC9F-4D58-B637-5526E2EB19BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{58539562-FAA8-4786-B01C-9124D19E2124}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3961371B-8C93-4340-BC5A-69BE67A21D40}] => (Allow) C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.exe (Alawar Entertainment Inc -> )
FirewallRules: [{4799E682-199E-4A68-9232-0DB769EBFE9D}] => (Allow) C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe () [File not signed]
FirewallRules: [{3F6571D8-4219-41A0-AECE-0402C93CAAA5}] => (Allow) C:\Program Files (x86)\Atarata Games\HeroesOfHellas\F2PHttpDaemon.exe => No File
 
==================== Restore Points =========================
 
20-11-2020 14:55:54 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (11/23/2020 01:06:59 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2391408 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:06:59 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2391407 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:06:59 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2391405 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:04:31 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2243212 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:04:31 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2243208 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:04:31 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2243202 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:04:10 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2222175 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
Error: (11/23/2020 01:04:10 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: ESIF(8.7.10200.12510) TYPE: ERROR MODULE: DPTF TIME 2222170 ms
 
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\policies\configtdppolicy\configtdppolicy.cpp @ line 220
Executing Function:  ConfigTdpPolicy::onDomainPowerControlCapabilityChanged
Message:  
DPTF Build Version:  8.7.10200.12510
DPTF Build Date:  Nov  5 2019 18:36:19
Source File:  c:\jenkins\workspace\dptf\src\dptf\sources\manager\esifservices.cpp @ line 589
Executing Function:  EsifServices::primitiveExecuteSetAsTimeInMilliseconds
Message:  Error returned from ESIF services interface function call
Participant:  TCPU [0]
Domain:  PKG [0]
ESIF Primitive:  SET_RAPL_POWER_LIMIT_TIME_WINDOW [340]
ESIF Instance:  0
ESIF Return Code:  ESIF_E_PRIMITIVE_NOT_FOUND_IN_DSP [2404]
 
ParticipantIndex = 0; DomainIndex = 0
Policy:  ConfigTDP Policy [0]
 
 
System errors:
=============
Error: (11/23/2020 06:36:17 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000124 (0x0000000000000000, 0xffffd503d499c028, 0x00000000be000000, 0x000000000100110b). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: c2cc75de-5043-40d5-b702-93b0494ab828.
 
Error: (11/23/2020 06:35:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:34:11 AM on ‎11/‎23/‎2020 was unexpected.
 
Error: (11/23/2020 05:23:10 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:21:23 AM on ‎11/‎23/‎2020 was unexpected.
 
Error: (11/23/2020 04:45:21 AM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
 
Error: (11/23/2020 02:39:23 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:12:19 AM on ‎11/‎23/‎2020 was unexpected.
 
Error: (11/21/2020 11:40:48 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly.  Please restart your computer to reset the TPM hardware.  For further assistance on this hardware issue, please contact the computer manufacturer for more information.
 
Error: (11/21/2020 03:23:46 AM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly.  Please restart your computer to reset the TPM hardware.  For further assistance on this hardware issue, please contact the computer manufacturer for more information.
 
Error: (11/20/2020 04:05:29 PM) (Source: TPM) (EventID: 12) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly.  Please restart your computer to reset the TPM hardware.  For further assistance on this hardware issue, please contact the computer manufacturer for more information.
 
 
Windows Defender:
===================================
Date: 2020-11-23 05:31:25.623
Description: 
C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2020-11-23T13:31:25.623Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe
Security intelligence Version: 1.327.1401.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2010.7
 
Date: 2020-11-23 05:14:37.487
Description: 
C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2020-11-23T13:14:37.486Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe
Security intelligence Version: 1.327.1401.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2010.7
 
Date: 2020-11-22 23:33:49.508
Description: 
C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2020-11-23T07:33:49.508Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe
Security intelligence Version: 1.327.1388.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2010.7
 
Date: 2020-11-22 23:12:58.648
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F20C3697-B42D-48F1-AF09-FFE246690609}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-11-21 00:56:03.806
Description: 
C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe has been blocked from modifying %userprofile%\Documents by Controlled Folder Access.
Detection time: 2020-11-21T08:56:03.805Z
Path: %userprofile%\Documents
Process Name: C:\Program Files (x86)\Atarata Games\HeroesOfHellas\game.wrp.exe
Security intelligence Version: 1.327.1257.0
Engine Version: 1.1.17600.5
Product Version: 4.18.2010.7
 
Date: 2020-11-22 20:48:39.879
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.327.1388.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17600.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
 
Date: 2020-11-22 20:48:39.855
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.327.1388.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17600.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
 
Date: 2020-11-22 20:48:39.070
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.327.1388.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17600.5
Error code: 0x8050a003
Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. 
 
Date: 2020-11-22 20:43:53.906
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.327.1257.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17600.5
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2020-10-30 10:08:18.673
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.
 
CodeIntegrity:
===================================
 
Date: 2020-11-18 02:28:50.770
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-17 13:46:13.609
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-13 02:29:25.662
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-12 02:28:23.829
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-11 02:28:38.705
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-10 07:23:29.085
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-08 21:12:45.625
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
Date: 2020-11-07 02:27:43.229
Description: 
Windows blocked file \Device\HarddiskVolume4\Windows\System32\scrobj.dll which has been disallowed for protected processes.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. X555LAB.503 08/04/2015
Motherboard: ASUSTeK COMPUTER INC. X555LAB
Processor: Intel® Core™ i3-5010U CPU @ 2.10GHz
Percentage of memory in use: 82%
Total physical RAM: 3998.71 MB
Available physical RAM: 711.82 MB
Total Virtual: 5982.71 MB
Available Virtual: 1558.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:464.44 GB) (Free:424.03 GB) NTFS
 
\\?\Volume{31f7de28-42ea-4aae-bf3f-5de2b8703daa}\ (Recovery) (Fixed) (Total:0.29 GB) (Free:0.03 GB) NTFS
\\?\Volume{996bbe23-17fe-48b0-916c-7a5162ce6751}\ () (Fixed) (Total:0.8 GB) (Free:0.31 GB) NTFS
\\?\Volume{a44abeaa-4b3a-4529-8ccf-9725d57ab459}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 35848839)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#8
JSntgRvr
Posted 23 November 2020 - 10:08 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Read the instructions to process the fix. Press the Fix button, not the Scan button.
  • 0

#9
thefunkymunky
Posted 23 November 2020 - 11:37 PM

thefunkymunky

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-11-2020 01

Ran by 17026 (23-11-2020 21:36:00) Run:1
Running from C:\Users\17026\Desktop
Loaded Profiles: 17026
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: DISM /Online /Cleanup-Image /ScanHealth
 
*****************
 
 
========= DISM /Online /Cleanup-Image /ScanHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.18362.1
 
Image Version: 10.0.18363.657
 
 
[==                         5.0%                           ] 
 
Error: 14098
 
The component store has been corrupted.
 
The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
 
========= End of CMD: =========
 
 
==== End of Fixlog 21:36:37 ====

  • 0

#10
JSntgRvr
Posted 24 November 2020 - 11:06 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Lets try the second one, but throughout FRST64.

  • Highlight the entire content of the quote box below.

Start::
CMD: DISM /Online /Cleanup-Image /RestoreHealth

Zip: C:\WINDOWS\Logs\DISM\dism.log
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

A zipped file will also be created on your desktop, please have it attached to your reply. If too large, use filebin and provide me with the link.


  • 0

#11
JSntgRvr
Posted 28 November 2020 - 11:44 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#12
paws
Posted 07 December 2020 - 03:47 AM

paws

    WTT Tech Teacher

  • Tech Academy Moderator
  • 990 posts

The Op has returned from vacation and requests further assistance please. Topic unlocked.


  • 0

#13
JSntgRvr
Posted 07 December 2020 - 06:23 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Proceed with instructions on Post 10.


  • 0

#14
JSntgRvr
Posted 13 December 2020 - 11:54 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP