Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win 8.0 - slow performance and browser not connecting [Solved]

Started by whittakerjr , Jun 16 2020 11:52 PM
slow system browsers not connecting usb camera not seen by system

  • This topic is locked This topic is locked

#16
DR M
Posted 27 June 2020 - 01:18 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,127 posts

In my post above I referred to the Mail application in Windows 10. Actually, the Mail application is available in Windows 8.1 too. Since the computer is running on Windows 8.1, this is a clarification. :)


  • 0

Advertisements

#17
whittakerjr
Posted 27 June 2020 - 10:37 PM

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
My oversight.  I thought I had followed your directions to the letter.  I have gone back and verified the switch is not set.
Removed the noted items.  She uses Yahoo! E-mail services through a browser.
 
Attached Logitech camera 720.  The camera was the issue that she called me over to assist and while I was there, mess up the machine.  Ihe camera software connected and I could see video through the app.  When I went to the MS camera app, I received a warning the camera error.  This was the same error when I tried to switch camera's (Monitor mounted camera that came with the document, and the USB Logitech) in the beginning.  She does not want to use the Monitor camera.  After launching Pall Talk, I was not able to switch cameras.  I was able to last year.  So I disabled the Monitor camera and enabled the Logitech.  That is after verifying the Logitech was up to date with its driver.  I still have issue with the MS Camera app, it is slow, and an extremely long time to cycle, I had to restart the equipment with the power switch as the keyboard stopped and the mouse moved but the clicks did not respond.
 
Pal Talk had to restart (on its own) three or four times before it became stable to use.  I had trouble getting the video to run is rooms after the main lobby.  I think it is now working.  Correctly with the Monitor camera disabled.
 
It is nice to have stopped the ads from popping up on the right corner, and it appears to run okay.  
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-06-2020
Ran by HP Pavilion (administrator) on HPPAVILION (Hewlett-Packard 20-b010) (27-06-2020 16:56:14)
Running from C:\Users\HP Pavilion\Desktop
Loaded Profiles: HP Pavilion
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(A.V.M. SOFTWARE, INC. -> AVM Software) C:\Program Files (x86)\Paltalk\update\pt_update_service.exe
(Advanced Micro Devices, Inc.) [File not signed] [File is in use] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <6>
(Logitech -> Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Logitech Inc -> Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\System32\WirelessKB850NotificationService.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\Camera\Camera.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\WINDOWS\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\WINDOWS\System32\atiesrxx.exe
(Realtek Semiconductor Corp -> Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6844560 2013-11-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942232 2016-10-14] (Logitech -> Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Chromium] => "c:\users\hp pavilion\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\PALTALK.exe [27532728 2020-05-19] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKU\S-1-5-18\...\Run: [Paltalk] => C:\Program Files (x86)\Paltalk\Paltalk.exe [27532728 2020-05-19] (A.V.M. SOFTWARE, INC. -> AVM Software)
HKLM\...\Print\Monitors\HP 7112 Status Monitor: C:\WINDOWS\system32\hpinksts7112LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Universal Port Monitor: C:\WINDOWS\system32\hpbprtmon.dll [355840 2012-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\83.0.4103.116\Installer\chrmstp.exe [2020-06-25] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2019-03-21]
ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (No File)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DC0DAD2-F84F-429D-B085-411AE7CDE2D5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {145EF7F4-ECD0-4CD6-B44D-E92EFEB7BDDB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {287EB61E-849D-44F1-BF41-56B2A8081F95} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {426C84D3-5DF0-4CC8-9486-251CC5F877B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe
Task: {69A9BED9-2695-4FA6-ABEF-DB9C7F40DC6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {7604A2BD-B1C7-4591-A0BB-AFA960B6026A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {7B857988-3067-4E13-8891-998F430972F7} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {8447F5E5-2A40-44ED-869F-2FD08F7AF3E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {8CA68387-B3CC-41B5-88D5-240C7A3E7715} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN49ADX0R9_backup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {9768ABD2-EB67-498E-A669-15A536AF817A} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {9B50E759-DC50-4D5E-9238-094637C3F75D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\HP Pavilion\Desktop\esetonlinescanner.exe [14827616 2020-06-25] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {BD0AA599-1290-4C17-8F27-F39B7AED26EB} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\HP Pavilion\Desktop\esetonlinescanner.exe [14827616 2020-06-25] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {C2D92648-7FFA-4B4E-BE32-ABCB7F598804} - System32\Tasks\{A7827154-50C7-4867-ADFD-1E8E30D0C7A2} => "c:\program files\internet explorer\iexplore.exe" hxxps://ui.skype.com/ui/0/7.33.0.105/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {C415FE0E-DDCB-44E0-A459-B9164B72424B} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {CA019DD0-822D-49E1-A2FF-1991CECD8F38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {DCB2E700-2511-45D2-B218-AE8BA4967108} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP SoftPaq Installer => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Tasks.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{29B5CF79-3278-41A1-86F5-B3673D2C956F}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CBC4812E-DD0B-4C8B-9F7F-46C2962A294B}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com/?PC=UF01
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKU\S-1-5-21-176138252-3860332429-2761773572-1018 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
 
FireFox:
========
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc. -> Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
 
Chrome: 
=======
CHR Profile: C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default [2020-06-27]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Slides) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-19]
CHR Extension: (Docs) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-19]
CHR Extension: (Google Drive) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-27]
CHR Extension: (YouTube) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-27]
CHR Extension: (Google Search) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-27]
CHR Extension: (Sheets) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-19]
CHR Extension: (Google Docs Offline) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\HP Pavilion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-06-16]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [239616 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed] [File is in use]
S2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard Company -> Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2468496 2013-11-19] (Realtek Semiconductor Corp -> Realsil Microelectronics Inc.)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4477576 2018-06-18] (Logitech Inc -> Logitech)
R2 paltalk_update_service; C:\Program Files (x86)\Paltalk\update\pt_update_service.exe [1229688 2019-08-25] (A.V.M. SOFTWARE, INC. -> AVM Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176632 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [13209088 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [626688 2014-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink -> CyberLink)
R3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [196456 2020-06-27] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73368 2020-06-27] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-06-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [131728 2020-06-27] (Malwarebytes Inc -> Malwarebytes)
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2505904 2013-12-04] (Mediatek Inc. -> Ralink Technology, Corp.)
R3 usbfilter; C:\WINDOWS\System32\drivers\usbfilter.sys [56448 2012-03-30] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-27 16:56 - 2020-06-27 16:57 - 000015826 _____ C:\Users\HP Pavilion\Desktop\FRST.txt
2020-06-27 16:45 - 2020-06-27 16:45 - 000196456 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-06-27 16:45 - 2020-06-27 16:45 - 000131728 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-06-27 16:45 - 2020-06-27 16:45 - 000073368 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-06-25 16:49 - 2020-06-25 16:50 - 000003732 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-06-25 16:49 - 2020-06-25 16:50 - 000003292 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-06-25 16:49 - 2020-06-25 16:49 - 000006872 _____ C:\Users\HP Pavilion\Desktop\eset.txt
2020-06-25 11:53 - 2020-06-27 16:13 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\ESET
2020-06-25 11:53 - 2020-06-25 11:53 - 000000565 _____ C:\Users\HP Pavilion\Desktop\ESET Online Scanner.lnk
2020-06-25 11:51 - 2020-06-25 11:52 - 014827616 _____ (ESET spol. s r.o.) C:\Users\HP Pavilion\Desktop\esetonlinescanner.exe
2020-06-22 07:49 - 2020-06-25 11:42 - 000000000 ____D C:\AdwCleaner
2020-06-22 07:47 - 2020-06-22 07:48 - 008402608 _____ (Malwarebytes) C:\Users\HP Pavilion\Desktop\AdwCleaner.exe
2020-06-21 22:44 - 2020-06-21 23:01 - 000019112 _____ C:\Users\HP Pavilion\Desktop\Fixlog.txt
2020-06-20 11:33 - 2020-06-27 16:55 - 000000000 ____D C:\Users\HP Pavilion\Desktop\FRST-OlderVersion
2020-06-20 11:03 - 2020-06-20 11:04 - 012770472 _____ (Symantec Corporation) C:\Users\HP Pavilion\Desktop\NRnR.exe
2020-06-20 09:13 - 2020-06-20 09:13 - 000001093 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2020-06-20 09:13 - 2020-06-20 09:13 - 000001093 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\VS Revo Group
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\ProgramData\VS Revo Group
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2020-06-20 09:13 - 2020-06-20 09:13 - 000000000 ____D C:\Program Files\VS Revo Group
2020-06-20 09:13 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2020-06-20 09:11 - 2020-06-20 09:11 - 016926296 _____ (VS Revo Group ) C:\Users\HP Pavilion\Desktop\RevoUninProSetup.exe
2020-06-16 15:03 - 2020-06-27 16:57 - 000000000 ____D C:\FRST
2020-06-16 14:48 - 2020-06-27 16:55 - 002291200 _____ (Farbar) C:\Users\HP Pavilion\Desktop\FRST64.exe
2020-06-16 14:25 - 2020-06-16 14:26 - 000000000 ____D C:\Users\HP Pavilion\Downloads\priortoMalware
2020-06-16 12:55 - 2020-06-01 11:03 - 000835480 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-06-16 12:55 - 2020-06-01 11:03 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-06-16 09:43 - 2020-06-27 16:45 - 000000000 ____D C:\Users\HP Pavilion\AppData\LocalLow\IGDump
2020-06-16 09:42 - 2020-06-16 09:42 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\mbam
2020-06-16 09:41 - 2020-06-16 09:41 - 000214496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-06-16 09:41 - 2020-06-16 09:41 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-06-16 09:41 - 2020-06-16 09:41 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000001964 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-06-16 09:41 - 2020-06-16 09:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-06-16 09:40 - 2020-06-16 09:40 - 000000000 ____D C:\Program Files\Malwarebytes
2020-06-16 09:40 - 2020-06-16 09:40 - 000000000 ____D C:\Malwarebytes
2020-06-16 09:38 - 2020-06-16 09:38 - 000000000 ____D C:\Users\HP Pavilion\AppData\Roaming\Logitech
2020-06-16 09:38 - 2020-06-16 09:38 - 000000000 ____D C:\Users\HP Pavilion\AppData\Roaming\Logishrd
2020-06-16 09:06 - 2020-06-16 09:06 - 000000000 ____D C:\Program Files\KeyboardNotification
2020-06-10 18:09 - 2020-06-10 18:09 - 000001369 _____ C:\Users\HP Pavilion\Desktop\Logitech HD Webcam C270 - Shortcut.lnk
2020-06-10 10:34 - 2020-05-27 16:06 - 022364856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-06-10 10:34 - 2020-05-20 05:48 - 025755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-06-10 10:34 - 2020-05-20 04:00 - 020291584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-06-10 10:34 - 2020-05-09 20:17 - 014533120 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-06-10 10:33 - 2020-06-01 22:18 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\atl.dll
2020-06-10 10:33 - 2020-06-01 21:44 - 001489408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2020-06-10 10:33 - 2020-06-01 21:43 - 001464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2020-06-10 10:33 - 2020-06-01 21:35 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-06-10 10:33 - 2020-06-01 21:27 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2020-06-10 10:33 - 2020-06-01 21:25 - 001204736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2020-06-10 10:33 - 2020-06-01 20:59 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-06-10 10:33 - 2020-06-01 20:47 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-06-10 10:33 - 2020-05-29 19:54 - 004168192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-06-10 10:33 - 2020-05-29 19:30 - 000129024 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2020-06-10 10:33 - 2020-05-29 18:41 - 001368576 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2020-06-10 10:33 - 2020-05-27 16:06 - 019796328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-06-10 10:33 - 2020-05-20 08:25 - 001384648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 007362312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-06-10 10:33 - 2020-05-20 08:21 - 002170784 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 001662512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2020-06-10 10:33 - 2020-05-20 08:21 - 001062344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-06-10 10:33 - 2020-05-20 08:20 - 001135696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-06-10 10:33 - 2020-05-20 08:20 - 000806200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-06-10 10:33 - 2020-05-20 05:27 - 002911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-06-10 10:33 - 2020-05-20 05:25 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-06-10 10:33 - 2020-05-20 05:13 - 005499392 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-06-10 10:33 - 2020-05-20 05:13 - 000785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2020-06-10 10:33 - 2020-05-20 04:56 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2020-06-10 10:33 - 2020-05-20 04:52 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2020-06-10 10:33 - 2020-05-20 04:50 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2020-06-10 10:33 - 2020-05-20 04:44 - 001124800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 001560272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 001214720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2020-06-10 10:33 - 2020-05-20 04:40 - 000548440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-06-10 10:33 - 2020-05-20 04:39 - 000614056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2020-06-10 10:33 - 2020-05-20 04:37 - 015478784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-06-10 10:33 - 2020-05-20 04:37 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2020-06-10 10:33 - 2020-05-20 04:35 - 002132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2020-06-10 10:33 - 2020-05-20 04:34 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtutils.dll
2020-06-10 10:33 - 2020-05-20 04:26 - 001756672 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-06-10 10:33 - 2020-05-20 04:23 - 004859392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-06-10 10:33 - 2020-05-20 04:12 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-06-10 10:33 - 2020-05-20 04:01 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2020-06-10 10:33 - 2020-05-20 03:53 - 000861696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2020-06-10 10:33 - 2020-05-20 03:44 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2020-06-10 10:33 - 2020-05-20 03:40 - 002304000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-06-10 10:33 - 2020-05-20 03:34 - 000653824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2020-06-10 10:33 - 2020-05-20 03:21 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2020-06-10 10:33 - 2020-05-20 03:18 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2020-06-10 10:33 - 2020-05-20 03:16 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2020-06-10 10:33 - 2020-05-20 03:11 - 004111872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-06-10 10:33 - 2020-05-20 03:06 - 013861888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-06-10 10:33 - 2020-05-20 03:06 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtutils.dll
2020-06-10 10:33 - 2020-05-20 03:01 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-06-10 10:33 - 2020-05-20 02:47 - 001341952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-06-10 10:33 - 2020-05-20 02:46 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2020-06-10 10:33 - 2020-05-13 10:49 - 001368592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2020-06-10 10:33 - 2020-05-12 18:23 - 000414624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-06-10 10:33 - 2020-05-12 18:23 - 000373888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-06-10 10:33 - 2020-05-12 16:37 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2020-06-10 10:33 - 2020-05-12 02:47 - 000466840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-06-10 10:33 - 2020-05-12 02:46 - 000415240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-06-10 10:33 - 2020-05-11 23:42 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2020-06-10 10:33 - 2020-05-10 02:24 - 001311768 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2020-06-10 10:33 - 2020-05-09 21:36 - 000416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2020-06-10 10:33 - 2020-05-09 21:23 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2020-06-10 10:33 - 2020-05-09 21:15 - 003331584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-06-10 10:33 - 2020-05-09 21:03 - 001040384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2020-06-10 10:33 - 2020-05-09 20:56 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2020-06-10 10:33 - 2020-05-09 20:53 - 003640320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-06-10 10:33 - 2020-05-09 20:47 - 000936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-06-10 10:33 - 2020-05-09 20:25 - 001085952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2020-06-10 10:33 - 2020-05-09 20:23 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2020-06-10 10:33 - 2020-05-09 20:09 - 012880384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-06-10 10:33 - 2020-05-09 18:10 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2020-06-10 10:33 - 2020-05-09 18:10 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2020-06-10 10:33 - 2020-05-01 07:17 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-06-10 10:33 - 2020-05-01 07:15 - 000866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-06-10 10:32 - 2020-06-01 21:50 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atl.dll
2020-06-10 10:32 - 2020-05-29 18:23 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2020-06-10 10:32 - 2020-05-20 04:46 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2020-06-10 10:32 - 2020-05-20 04:39 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2020-06-10 10:32 - 2020-05-20 03:14 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2020-06-10 10:32 - 2020-05-20 03:09 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2020-06-10 10:32 - 2020-05-20 03:09 - 000333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2020-06-10 10:32 - 2020-05-20 03:08 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2020-06-10 10:32 - 2020-05-20 02:50 - 004387328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2020-06-10 10:32 - 2020-05-09 21:20 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2020-06-10 10:32 - 2020-05-09 20:53 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-06-27 16:53 - 2014-09-24 00:15 - 000006636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-06-27 16:50 - 2016-01-27 10:12 - 000003596 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-176138252-3860332429-2761773572-1018
2020-06-27 16:44 - 2013-08-22 07:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-06-27 16:44 - 2013-08-22 06:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2020-06-27 16:43 - 2016-01-25 16:06 - 000000000 ____D C:\Users\HP Pavilion
2020-06-27 16:16 - 2012-09-11 06:21 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2020-06-27 15:49 - 2017-04-06 19:56 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\CrashDumps
2020-06-27 14:59 - 2016-02-19 13:55 - 000003814 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{2B2239C5-296B-46AF-9192-8557E01C177E}
2020-06-25 11:43 - 2012-09-11 06:18 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2020-06-25 11:43 - 2012-08-16 20:14 - 000000000 _RSHD C:\hp
2020-06-25 11:42 - 2016-01-25 16:08 - 000000000 ____D C:\Users\HP Pavilion\AppData\Roaming\Hewlett-Packard
2020-06-25 11:42 - 2013-11-05 17:57 - 000000000 ____D C:\Users\Joanne Endevoets\AppData\Local\Hewlett-Packard
2020-06-25 11:42 - 2013-11-05 15:11 - 000000000 ____D C:\Users\Joanne Endevoets\AppData\Roaming\Hewlett-Packard
2020-06-25 11:42 - 2012-09-11 06:33 - 000000000 ____D C:\Program Files (x86)\CyberLink
2020-06-25 06:35 - 2013-11-24 22:54 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-06-25 06:35 - 2013-11-24 22:54 - 000002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-06-25 06:35 - 2013-11-24 22:54 - 000002163 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-06-21 22:46 - 2018-11-13 17:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2020-06-21 22:46 - 2017-04-13 16:40 - 000000000 ____D C:\Program Files\Common Files\AV
2020-06-21 22:39 - 2013-08-22 06:36 - 000000000 ____D C:\WINDOWS\Inf
2020-06-21 22:37 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-06-20 11:09 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-06-16 13:21 - 2012-07-26 01:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-06-16 12:40 - 2013-08-22 07:44 - 000346744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-06-16 12:22 - 2013-08-22 08:36 - 000000000 ___RD C:\WINDOWS\ToastData
2020-06-16 12:06 - 2012-07-26 00:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-06-16 11:18 - 2014-11-01 10:29 - 000000000 ____D C:\Users\Joanne Endevoets
2020-06-16 11:15 - 2016-01-26 11:34 - 000000000 ____D C:\ProgramData\iolo
2020-06-16 11:15 - 2016-01-26 11:31 - 000000000 ____D C:\Program Files (x86)\iolo
2020-06-16 09:41 - 2016-01-25 16:25 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-06-16 09:39 - 2020-02-12 18:23 - 000000000 ____D C:\Program Files\Logitech
2020-06-16 09:39 - 2014-11-01 10:19 - 000000000 ____D C:\Program Files\Common Files\logishrd
2020-06-16 09:39 - 2014-02-20 18:51 - 000000000 ____D C:\ProgramData\LogiShrd
2020-06-16 09:39 - 2014-02-20 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-06-10 18:31 - 2018-11-13 19:14 - 000000000 ____D C:\Users\HP Pavilion\AppData\Local\ElevatedDiagnostics
2020-06-10 14:48 - 2018-06-09 22:26 - 000000175 _____ C:\Users\HP Pavilion\AppData\Roaming\WB.CFG
2020-06-01 23:10 - 2014-09-24 00:06 - 002476032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-05-29 17:28 - 2019-04-25 19:44 - 000000000 ____D C:\ProgramData\Paltalk Update
2020-05-29 13:37 - 2018-07-16 19:16 - 000000000 ____D C:\Program Files (x86)\Paltalk
 
==================== Files in the root of some directories ========
 
2018-06-09 22:26 - 2020-06-10 14:48 - 000000175 _____ () C:\Users\HP Pavilion\AppData\Roaming\WB.CFG
2016-01-27 10:21 - 2016-01-27 10:21 - 000007601 _____ () C:\Users\HP Pavilion\AppData\Local\Resmon.ResmonCfg
2018-01-30 13:25 - 2019-04-16 12:51 - 000001376 _____ () C:\Users\HP Pavilion\AppData\Local\Temptoast_image.png
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
 
LastRegBack: 2016-05-28 12:50
==================== End of FRST.txt ========================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2020
Ran by HP Pavilion (27-06-2020 16:59:40)
Running from C:\Users\HP Pavilion\Desktop
Windows 8.1 (Update) (X64) (2014-11-01 18:42:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-176138252-3860332429-2761773572-500 - Administrator - Disabled)
Guest (S-1-5-21-176138252-3860332429-2761773572-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-176138252-3860332429-2761773572-1003 - Limited - Enabled)
HP Pavilion (S-1-5-21-176138252-3860332429-2761773572-1018 - Administrator - Enabled) => C:\Users\HP Pavilion
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Install Manager (HKLM\...\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 83.0.4103.116 - Google LLC)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1202 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
Logitech Camera Settings (HKLM-x32\...\LogiUCDPP) (Version: 2.5.17.0 - Logitech Europe S.A.)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Paltalk (HKLM-x32\...\Paltalk) (Version:  - )
Paltalk Messenger  11.8 (HKLM-x32\...\Paltalk Messenger) (Version: 11.8.673.18112 - AVM Software Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.31.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6777 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28137 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Revo Uninstaller Pro 4.3.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.3.3 - VS Revo Group, Ltd.)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
Packages:
=========
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2014-11-07] (eBay, Inc)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-09-24] (Microsoft Corporation) [MS Ad]
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-03-03] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2014-11-27] (Hewlett-Packard Company)
HP+ -> C:\Program Files\WindowsApps\AD2F1837.HP_1.2.0.93_neutral__v10z8vjag6ke6 [2014-11-02] (Hewlett-Packard Company)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_4.5.1.0_x64__a76a11dkgb644 [2016-04-15] (iHeartMedia.)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-06-27] (AMZN Mobile LLC)
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_2.10.1812.2002_x86__8wekyb3d8bbwe [2019-02-02] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.11.1807.1002_x86__8wekyb3d8bbwe [2018-07-30] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-13] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-25] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-03-14] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_2.22.0.39_x64__mcm4njqhnhss8 [2018-11-02] (Netflix, Inc.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-06-27] (Skype) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_5.5.0.8_x86__v10z8vjag6ke6 [2016-05-03] (HP Inc.)
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-07] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-07-04] (Advanced Micro Devices, Inc.) [File not signed] [File is in use]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-06-16] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.i420] => C:\WINDOWS\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk\Remove settings.lnk -> C:\Program Files (x86)\Paltalk\ng_clean_settings.bat (No File)
 
==================== Loaded Modules (Whitelisted) =============
 
2014-07-04 21:33 - 2014-07-04 21:33 - 000127488 _____ () [File not signed] [File is in use] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2020-06-21 22:46 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1       localhost
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\Program Files (x86)\AMD APP\bin\x86_64;c:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\Control Panel\Desktop\\Wallpaper -> C:\Users\HP Pavilion\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_803D2E04332962AFAC352F92C208E650"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Paltalk"
HKU\S-1-5-21-176138252-3860332429-2761773572-1018\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{E442E7B3-7B13-4BDA-B26D-0F28D846A538}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{EE175E9E-556D-4C29-8E52-992A95F9A6CE}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [{1DA563F9-8F28-4085-9D23-2E0A03D8EC26}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [UDP Query User{D48F9F75-6B2E-4094-9051-3EEF62A29FE1}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{C668418F-047A-4B32-84B0-E819D88A70E0}C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk messenger\paltalk.exe => No File
FirewallRules: [{14852894-E754-4D88-B410-E365CBD58788}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [{63569EEC-DC52-4EED-8DB2-E83112C70753}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. -> Yahoo! Inc.)
FirewallRules: [UDP Query User{0326EAFC-8940-43FE-9164-E4A21A402C98}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{5A430BC0-D3BD-4121-8016-8EA23C276F90}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [UDP Query User{29A929DE-9870-4957-A906-14B5642012FB}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{7DE345DD-8CFC-418A-B491-BB60FC69B658}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{87010DB7-297E-435E-AB81-7C0757767CAC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{B6D693E7-D84F-46D9-A816-DE973D437AF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{261379EE-DACD-4B61-9F8A-BF6F93F7DF35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{27F4866A-85A9-4CBE-B396-6FD538FC22F3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F0B061F-74AB-46A7-AA55-5DA60E86BD74}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C19F3984-3DF2-4505-B50E-E2623874F167}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe => No File
FirewallRules: [TCP Query User{AC84FE58-503E-4351-8C1D-1B3550F0000F}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [UDP Query User{A8FCFB61-3A9B-49D7-B998-60FB27AE20BB}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe => No File
FirewallRules: [TCP Query User{B0241114-BEDC-46F5-BBAF-324BF2D6F0B4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{40E28967-F448-403E-B197-C27ECC80F3A9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FBA5429D-8BA2-4085-BDD5-F7E2BDB1C1B2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4DCC8EA3-E53D-425B-B571-7F85CA7079B4}] => (Allow) LPort=53000
FirewallRules: [{379C625C-D6CE-4EFE-B73F-7D50D6787976}] => (Allow) LPort=52000
 
==================== Restore Points =========================
 
14-03-2020 14:22:36 Windows Update
17-04-2020 11:03:33 Windows Update
15-05-2020 11:36:32 Windows Update
16-06-2020 11:49:07 Windows Update
20-06-2020 08:46:08 Removed Java 7 Update 45
20-06-2020 09:21:59 Revo Uninstaller Pro's restore point - Sophos Anti-Virus
20-06-2020 09:24:02 Removed Sophos Anti-Virus
20-06-2020 10:02:29 Revo Uninstaller Pro's restore point - Sophos AutoUpdate
20-06-2020 10:16:28 Revo Uninstaller Pro's restore point - Sophos Network Threat Protection
20-06-2020 10:33:44 Revo Uninstaller Pro's restore point - Sophos AutoUpdate
20-06-2020 10:42:48 Revo Uninstaller Pro's restore point - Sophos Remote Management System
20-06-2020 10:46:21 Removed Sophos Remote Management System
20-06-2020 10:51:41 Revo Uninstaller Pro's restore point - Sophos System Protection
20-06-2020 10:52:19 Removed Sophos System Protection
21-06-2020 22:44:51 Restore Point Created by FRST
25-06-2020 11:41:37 AdwCleaner_BeforeCleaning_25/06/2020_11:41:29
27-06-2020 15:26:31 Windows Live Essentials
27-06-2020 15:27:34 WLSetup
 
==================== Faulty Device Manager Devices ============
 
Name: Wireless Device
Description: Wireless Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Surface
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: HP High Definition 1MP Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/27/2020 04:53:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/27/2020 04:53:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (06/27/2020 04:49:47 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (06/27/2020 04:23:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (06/27/2020 04:23:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (06/27/2020 03:48:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Camera.exe, version: 6.3.9600.17418, time stamp: 0x545821bf
Faulting module name: WindowsInternal.Inbox.Media.Viewer.dll, version: 6.3.9600.17418, time stamp: 0x54582177
Exception code: 0x80000003
Fault offset: 0x000000000008d81c
Faulting process id: 0x17ac
Faulting application start time: 0x01d64cd5207976cd
Faulting application path: C:\Windows\Camera\Camera.exe
Faulting module path: C:\Windows\MediaViewer\WindowsInternal.Inbox.Media.Viewer.dll
Report Id: 62acbb90-b8c8-11ea-bf98-4c72b9b3dc92
Faulting package full name: Microsoft.MoCamera_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: Microsoft.Camera
 
Error: (06/27/2020 03:47:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Camera.exe, version: 6.3.9600.17418, time stamp: 0x545821bf
Faulting module name: WindowsInternal.Inbox.Media.Viewer.dll, version: 6.3.9600.17418, time stamp: 0x54582177
Exception code: 0x80000003
Fault offset: 0x000000000008d81c
Faulting process id: 0x148
Faulting application start time: 0x01d64cd4ece1c7e4
Faulting application path: C:\Windows\Camera\Camera.exe
Faulting module path: C:\Windows\MediaViewer\WindowsInternal.Inbox.Media.Viewer.dll
Report Id: 31ab7869-b8c8-11ea-bf98-4c72b9b3dc92
Faulting package full name: Microsoft.MoCamera_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: Microsoft.Camera
 
Error: (06/27/2020 03:45:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
 
System errors:
=============
Error: (06/27/2020 04:50:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppX Deployment Service (AppXSVC) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/27/2020 04:50:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AppX Deployment Service (AppXSVC) service to connect.
 
Error: (06/27/2020 04:49:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppX Deployment Service (AppXSVC) service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/27/2020 04:49:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AppX Deployment Service (AppXSVC) service to connect.
 
Error: (06/27/2020 04:48:56 PM) (Source: DCOM) (EventID: 10010) (User: HPPavilion)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (06/27/2020 04:48:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/27/2020 04:48:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
 
Error: (06/27/2020 04:47:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Connected Remote Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
Windows Defender:
===================================
Date: 2014-02-04 17:15:55.337
Description: 
Windows Defender scan has been stopped before completion.
Scan ID: {9460D5A7-484E-4AD5-A8F8-E2957D93B006}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-01 12:46:46.126
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.267.643.0
Previous Signature Version: 1.261.1097.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-05-01 12:46:46.126
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 1.267.643.0
Previous Signature Version: 1.261.1097.0
Update Source: User
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-05-01 12:46:46.125
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 1.1.14800.3
Previous Engine Version: 1.1.14500.5
Error Code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2018-02-12 15:30:23.776
Description: 
Windows Defender has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version: 
Previous Engine Version: 2.1.14202.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install. 
 
Date: 2018-02-12 15:30:22.001
Description: 
Windows Defender has encountered an error trying to update the engine.
New Engine Version: 
Previous Engine Version: 2.1.14202.0
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
CodeIntegrity:
===================================
 
Date: 2018-08-24 20:29:22.725
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-24 20:15:47.586
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-24 20:15:13.418
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2018-08-24 20:14:23.690
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: AMI 8.06 09/07/2012
Motherboard: PEGATRON CORPORATION 2AF0
Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 51%
Total physical RAM: 3665.86 MB
Available physical RAM: 1774.06 MB
Total Virtual: 4065.86 MB
Available Virtual: 2237.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:443.06 GB) (Free:370.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.78 GB) (Free:2.47 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{d1de863d-cf84-4d64-8ee1-9cebae5d4872}\ () (Fixed) (Total:1 GB) (Free:0.66 GB) NTFS
\\?\Volume{02f74654-436d-45c5-a86d-fd54f1779603}\ (Windows RE tools) (Fixed) (Total:1 GB) (Free:0.65 GB) NTFS
\\?\Volume{6ec74e69-4ea4-4586-9114-4ec0583318ed}\ () (Fixed) (Total:0.44 GB) (Free:0.18 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4A1F8D9C)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#18
DR M
Posted 29 June 2020 - 07:49 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,127 posts
Hi, Joseph.
 
1. Uninstall Pal Talk
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
PaltalkPaltalk Messenger  11.8
  • Select the above programs, one by one and click Uninstall.
  • Restart the computer.
 
2. Check and fix corrupted system files

2.1. Run Deployment Image Servicing and Management (DISM)
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter;
DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time.
  • Please post here the result you got.
2.2. When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Windows Resource Protection did not find any integrity violationsWindows Resource Protection found corrupt files and successfully repaired themWindows Resource Protection found corrupt files but was unable to fix some of themWindows Resource Protection could not perform the requested operation
  • Please post the result you got.
 
3. Check Services
 
3.1. From Services Panel
  • In the Search area type Services and press Enter.
  • Find the following services and check if they are running. If not, right click and select Start.
AppX Deployment ServiceRemote Procedure Call (RPC)State Repository Service
 
3.2. Running FSS
  • Please download Farbar Service Scanner and save it on your Desktop.
  • Right click on the tool icon and run it as administrator.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.

  • 0

#19
DR M
Posted 29 June 2020 - 07:53 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,127 posts
Not sure why the code content 2.2 is pasted in this mess. Apologies. :)
This is the right output:

Windows Resource Protection did not find any integrity violations
Windows Resource Protection found corrupt files and successfully repaired them
Windows Resource Protection found corrupt files but was unable to fix some of them
Windows Resource Protection could not perform the requested operation
  • 0

#20
whittakerjr
Posted 30 June 2020 - 09:21 AM

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts
I was unable to find the AppX Deployment ServiceRemote Procedure Call (RPC)State Repository Service.
I did see AppX Deployment Service (AppXSVC): Provides infrastructure support for deploying Store applications. 
This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly.
Under the Dependencies tab, the Remote Procedure Call (RPC) is there. I started it before running FSS.
 
 
Microsoft Windows [Version 6.3.9600]
© 2013 Microsoft Corporation. All rights reserved.
 
C:\WINDOWS\system32>dism /online /cleanup-Image /RestoreHealth
 
Deployment Image Servicing and Management tool
Version: 6.3.9600.19408
 
Image Version: 6.3.9600.19397
 
[==========================100.0%==========================]
The restore operation completed successfully. The component store corruption was
 repaired.
The operation completed successfully.
 
 
 
 
C:\WINDOWS\system32>sfc /scannow
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
Verification 100% complete.
 
Windows Resource Protection found corrupt files and successfully repaired
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
supported in offline servicing scenarios.
 
C:\WINDOWS\system32>
 
 
 
 
Farbar Service Scanner Version: 14-12-2019
Ran by HP Pavilion (administrator) on 30-06-2020 at 08:06:47
Running from "C:\Users\HP Pavilion\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

  • 0

#21
DR M
Posted 30 June 2020 - 09:51 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,127 posts

Hi, Joseph.

 

Actually, it was my mistake. Posting from my ipod causes that mess inside the codes.

 

The services I want you to check and start are these three:

 

AppX Deployment Service

Remote Procedure Call (RPC)

State Repository Service

 

Part of the FSS log is missing. Please make sure to select the whole content and paste it here.


  • 0

#22
whittakerjr
Posted 30 June 2020 - 10:16 AM

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Morning, 

You must have been working while having breakfast.  

I am unable to locate the service: State Repository Service

 

Farbar Service Scanner Version: 14-12-2019
Ran by HP Pavilion (administrator) on 30-06-2020 at 09:11:41
Running from "C:\Users\HP Pavilion\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#23
DR M
Posted 30 June 2020 - 10:28 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,127 posts

Here is 19:26 now. What's the time there? :)

 

I'm looking into the services issues and I will be back.


  • 0

#24
whittakerjr
Posted 30 June 2020 - 02:33 PM

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

It was 9:AM. 67 degrees and rising, So Cal beach community.  Two cokes into the morning and looking forward to a root beer float.  Working from home has provided me a few more hours of helping other out.  We used to have Park concerts during past years, the Covid-19 has halted a lot of the park activities.


  • 0

#25
DR M
Posted 01 July 2020 - 10:42 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,127 posts

Hi, Joseph.
 
So I am 10 hours ahead you. :)

 

Let's see what we can do to fix some services.

1. Run a registry fix

  • Download WinDefend.reg and save it to your desktop.
  • Double-click on the file, allow the information to be merged (Yes) and restart the computer.

Repeat the same two steps above for:

wuauserv.reg

State Repository Service


2. Run FSS

  • Right click on the FSS icon you have already on your Desktop, and run it as administrator.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.

  • 0

Advertisements

#26
whittakerjr
Posted 01 July 2020 - 12:42 PM

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Ten hours different.  Hope you are not hearing your mobile phone ring at midnight.

 

I remembered to capture all of the report.

 

Farbar Service Scanner Version: 14-12-2019
Ran by HP Pavilion (administrator) on 01-07-2020 at 11:36:17
Running from "C:\Users\HP Pavilion\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#27
DR M
Posted 03 July 2020 - 11:47 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,127 posts

Hi, Joseph.

1. Please check if these services are running.

  • In the Search area type Services and press Enter.
  • Find the following services and check if they are running. If not, right click and select Start.
  • If they are running, right click and select Restart.
AppX Deployment Service
Remote Procedure Call (RPC)
State Repository Service
Windows Security Service

2. Enable Windows Defender

  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter;
sc start WinDefend

3. Run FSS again

  • Right click on the tool icon and run it as administrator, as you did before.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.

  • 0

#28
whittakerjr
Posted 03 July 2020 - 03:48 PM

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Afternoon, big holiday weekend here - staying home and holding the dog, she is a nut case from the explosion sounds.  Yes their are illegal here, But that doesn't stop people.

 

Now I am getting stumped with the instructions:

 

AppX Deployment Service - Was running, restarted

Remote Procedure Call (RPC) - Was running, options to restart not available.  Refreshed available

State Repository Service - In description line: <Failed to Read Description, Error Code 2>

Error note after Restart: Windows could not Start the StateReposity services on Local Computer.

Error 1053: The service did not respond to the start or control request in a timely fashion.

Windows Security Service - Not found in the list of services.

 

Microsoft Windows [Version 6.3.9600]

© 2013 Microsoft Corporation. All rights reserved.
 
C:\WINDOWS\system32>sc start windefend
[SC] StartService FAILED 577:
 
Windows cannot verify the digital signature for this file. A recent hardware or
software change might have installed a file that is signed incorrectly or damage
d, or that might be malicious software from an unknown source.
 
 
C:\WINDOWS\system32>
 
Farbar Service Scanner Version: 14-12-2019
Ran by HP Pavilion (administrator) on 03-07-2020 at 14:33:49
Running from "C:\Users\HP Pavilion\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#29
DR M
Posted 05 July 2020 - 08:47 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,127 posts
Hi, Joseph.

I hope you had a nice weekend. :)

It seems that there is a problem with security and update services. This might be due to several reasons, including corrupted system files, an outdated operating system and other.

Please do the following to export the problematic services, using FRST:

Export the services

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
Exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender
Exportkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
Exportkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StateRepository
Exportkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
Exportkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.

Edited by DR M, 05 July 2020 - 08:55 PM.

  • 0

#30
whittakerjr
Posted 06 July 2020 - 12:35 AM

whittakerjr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

The weekend was nice.  Lots of sun and heat.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-07-2020 01

Ran by HP Pavilion (05-07-2020 23:30:12) Run:2
Running from C:\Users\HP Pavilion\Desktop
Loaded Profiles: HP Pavilion
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Exportkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender
Exportkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
Exportkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StateRepository
Exportkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv
Exportkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend 
 
*****************
 
================== ExportKey: ===================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"ProductIcon"="@%ProgramFiles%\Windows Defender\EppManifest.dll,-100"
"RemediationExe"="%ProgramFiles%\Windows Defender\MSASCui.exe"
"ProductLocalizedName"="@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000"
"DisableAntiSpyware"="1"
"ProductType"="2"
"ProductStatus"="0"
"DisableAntiVirus"="1"
"InstallTime"="74e18cc1ccd9ce01"
"OneTimeSqmDataSent"="1"
"ProductAppDataPath"="C:\ProgramData\Microsoft\Windows Defender"
"InstallLocation"="C:\Program Files\Windows Defender\"
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Features]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Miscellaneous Configuration]
"DeltaUpdateFailure"="0"
"BddUpdateFailure"="0"
"NISDeltaUpdateFailure"="0"
[HKLM\SOFTWARE\Microsoft\Windows Defender\MpEngine]
[HKLM\SOFTWARE\Microsoft\Windows Defender\NIS]
[HKLM\SOFTWARE\Microsoft\Windows Defender\NIS\ActiveSignatures]
"Active"="12"
[HKLM\SOFTWARE\Microsoft\Windows Defender\NIS\Consumers]
[HKLM\SOFTWARE\Microsoft\Windows Defender\NIS\Consumers\IPS]
[HKLM\SOFTWARE\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\IP Ranges]
[HKLM\SOFTWARE\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Ports]
[HKLM\SOFTWARE\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Processes]
[HKLM\SOFTWARE\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Threat IDs]
[HKLM\SOFTWARE\Microsoft\Windows Defender\NIS\Consumers\IPS\SKU Differentiation]
[HKLM\SOFTWARE\Microsoft\Windows Defender\NIS\Registration]
[HKLM\SOFTWARE\Microsoft\Windows Defender\NIS\Registration\Interception Points]
[HKLM\SOFTWARE\Microsoft\Windows Defender\NIS\Registration\Interception Points\{AE632C46-4C8F-45CA-8AC5-B8CB38B2B9C7}]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Quarantine]
"PurgeItemsAfterDelay"="90"
[HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Remediation]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Reporting]
"LastRebootTime"="13f0a1076c58d101"
"LastHeartbeatReportTime"="33dbe3bf193cd401"
"MputNormalPriSampleRate"="10"
"MputHighPriSampleRate"="100"
"MputNormalPriSendInterval"="24"
"LastRtpAndScanConfigsCollectedInHeartbeatTime"="9a27df62183cd401"
"LastDefenderDisableHeartbeatReportTime"="53986e020e42d401"
"LastRtpHeartbeatReportTime"="498329da1c97d301"
"SigUpdateTimestampsSinceLastHB"=""
[HKLM\SOFTWARE\Microsoft\Windows Defender\Scan]
"SFCState"="128"
"CacheFile"="C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\51F30970-20C9-435A-8BBC-6780C058EFA0-0.bin"
"LastOfflineScan"="0000000000000000"
"MeasureBootEnabled"="1"
"LastScanType"="1"
"LastScanRun"="4fe3b7b51022cf01"
"LastQuickScanID"="{6076F33B-C03D-4238-908F-E9752C86548D}"
"LastQuickScanResourceCount"="b261060000000000"
"51F30970-20C9-435A-8BBC-6780C058EFA0"="C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\51F30970-20C9-435A-8BBC-6780C058EFA0-0.bin"
[HKLM\SOFTWARE\Microsoft\Windows Defender\Scan\Scan]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates]
"DisableDefaultSigs"="0"
"SignatureCategoryID"="8c3fcc84-7410-4a95-8b89-a166a0190486"
"DefaultEngineExpirationTime"="00f30cef6d13cf01"
"NISSignatureLocation"="C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7603B5A3-2F14-4666-9531-CB746C9AE707}"
"NISSignatureVersion"="119.0.0.0"
"NISEngineVersion"="2.1.14600.4"
"NISSignatureApplied"="39c336c41b3cd401"
"SignatureUpdateCount"="6"
"LastFallbackTime"="b642975b183cd401"
"SignaturesLastUpdated"="651b20ba1b3cd401"
"UpdatedWithinGracePeriod"="0"
"EngineVersion"="1.1.15200.1"
"AVSignatureVersion"="1.275.132.0"
"AVSignatureBaseVersion"="1.275.0.0"
"AVSignatureApplied"="80550acbf73bd401"
"ASSignatureVersion"="1.275.132.0"
"ASSignatureBaseVersion"="1.275.0.0"
"ASSignatureApplied"="80550acbf73bd401"
"SignatureLocation"="C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E872663-83F6-4BAD-818E-09AE540631C3}"
"NISSignaturesLastUpdated"="77f64dc41b3cd401"
[HKLM\SOFTWARE\Microsoft\Windows Defender\Spynet]
"SpyNetReporting"="1"
"SpyNetReportingLocation"="SOAP:https://wdcp.microso...dcp.svc/submitR(the data entry has 126 more characters)."
"SubmitSamplesConsent"="1"
"SSLOptions"="3"
"MAPSconcurrency"="1"
"MAPSconcurrencyDss"="10"
[HKLM\SOFTWARE\Microsoft\Windows Defender\Threats]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatTypeDefaultAction]
[HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration]
 
=== End of ExportKey ===
================== ExportKey: ===================
 
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" => not found
 
=== End of ExportKey ===
================== ExportKey: ===================
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
"ErrorControl"="1"
"ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted"
"Start"="2"
"Type"="32"
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
"DependOnService"="RpcSs*WinMgmt"
"ObjectName"="NT AUTHORITY\LocalService"
"ServiceSidType"="1"
"RequiredPrivileges"="SeChangeNotifyPrivilege*SeImpersonatePrivilege"
"DelayedAutoStart"="1"
"FailureActions"="805101000000000000000000030000001400000001000000c0d4010001000000e09304000000000000000000"
[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDllUnloadOnStop"="1"
"ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"="01001480c8000000d4000000140000003000000002001c000100000002801400ff010f00010100000000000100000000020098000600000000001400fd01020001010000000000051200000000001800ff010f0001020000000000052000000020020000 (the data entry has 248 more characters)."
 
=== End of ExportKey ===
================== ExportKey: ===================
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StateRepository]
"DisplayName"="@%SystemRoot%\system32\windows.staterepository.dll,-1"
"ErrorControl"="1"
"ImagePath"="%SystemRoot%\system32\svchost.exe -k appmodel"
"Start"="3"
"Type"="32"
"Description"="@%SystemRoot%\system32\windows.staterepository.dll,-2"
"DependOnService"="rpcss"
"ObjectName"="LocalSystem"
"ServiceSidType"="1"
"RequiredPrivileges"="SeTcbPrivilege*SeIncreaseBasePriorityPrivilege*SeCreatePermanentPrivilege*SeSecurityPrivilege*SeChangeNotifyPrivilege*SeImpersonatePrivilege*SeCreateGlobalPrivilege*SeAssignPrimaryTokenPrivilege*SeRes (the data entry has 56 more characters)."
"FailureActions"="840300000000000000000000030000001400000001000000c0d4010001000000e09304000000000000000000"
[HKLM\SYSTEM\CurrentControlSet\Services\StateRepository\parameters]
"ServiceDll"="%SystemRoot%\system32\windows.staterepository.dll"
"ServiceDllUnloadOnStop"="0"
[HKLM\SYSTEM\CurrentControlSet\Services\StateRepository\Security]
"Security"="01001480cc000000ec000000140000003000000002001c000100000002801400ff010f0001010000000000010000000002009c00060000000000180014000000010200000000000f020000000100000000002800ff010f00010600000000000550000000 (the data entry has 336 more characters)."
 
=== End of ExportKey ===
================== ExportKey: ===================
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"DependOnService"="rpcss"
"Description"="@%systemroot%\system32\wuaueng.dll,-106"
"DisplayName"="@%systemroot%\system32\wuaueng.dll,-105"
"ErrorControl"="1"
"FailureActions"="80510100000000000000000003000000140000000100000060ea000000000000000000000000000000000000"
"ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs -p"
"ObjectName"="LocalSystem"
"RequiredPrivileges"="SeAuditPrivilege*SeCreateGlobalPrivilege*SeCreatePageFilePrivilege*SeTcbPrivilege*SeAssignPrimaryTokenPrivilege*SeImpersonatePrivilege*SeIncreaseQuotaPrivilege*SeShutdownPrivilege*SeDebugPrivilege*SeB (the data entry has 215 more characters)."
"ServiceSidType"="1"
"Start"="3"
"SvcMemHardLimitInMB"="246"
"SvcMemMidLimitInMB"="167"
"SvcMemSoftLimitInMB"="88"
"Type"="32"
[HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
"ServiceDllUnloadOnStop"="1"
"ServiceMain"="WUServiceMain"
[HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Security]
"Security"="010014807800000084000000140000003000000002001c000100000002801400ff000f000101000000000001000000000200480003000000000014009d00020001010000000000050b00000000001800ff010f0001020000000000052000000020020000 (the data entry has 88 more characters)."
[HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo]
[HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo\0]
"Type"="5"
"Action"="1"
"Guid"="e6ca9f65db5ba94db1ffca2a178d46e0"
[HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\TriggerInfo\1]
"Type"="5"
"Action"="1"
"Guid"="c846fb5489f04c46b1fd59d1b62c3b50"
 
=== End of ExportKey ===
================== ExportKey: ===================
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"DisplayName"="@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310"
"ErrorControl"="1"
"ImagePath"=""%ProgramFiles%\Windows Defender\MsMpEng.exe""
"Start"="2"
"Type"="16"
"Description"="@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-240"
"DependOnService"="RpcSs"
"ObjectName"="LocalSystem"
"ServiceSidType"="1"
"RequiredPrivileges"="SeLoadDriverPrivilege*SeImpersonatePrivilege*SeBackupPrivilege*SeRestorePrivilege*SeDebugPrivilege*SeChangeNotifyPrivilege*SeSecurityPrivilege*SeShutdownPrivilege*SeIncreaseQuotaPrivilege*SeAssignPrim (the data entry has 61 more characters)."
"FailureActions"="80510100000000000000000003000000140000000100000060ea00000100000060ea00000000000000000000"
"LaunchProtected"="3"
[HKLM\SYSTEM\CurrentControlSet\Services\WinDefend\Security]
"Security"="01001480f400000000010000140000003000000002001c000100000002801400ff010f000101000000000001000000000200c40007000000000018009d01020001020000000000052000000021020000000014009d010200010100000000000512000000 (the data entry has 336 more characters)."
 
=== End of ExportKey ===
 

==== End of Fixlog 23:30:13 ====


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: slow system, browsers not connecting, usb camera not seen by system

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP