1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive weird stuff happening

Discussion in 'Malware and Virus Removal' started by dodopie, 2017/09/02.

  1. 2017/09/02
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    Trophy Points:
    233
    Computer Experience:
    beginner
    hey guys. this computer is doing stuff like when i'm watching a video stream it just goes blank for about 2 days now. I tried running tfc, adware and junk ware removal and malware bytes. nothing was found so I tried using system restore but it just gave me errors and none of the restore points would work.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
    Ran by DELLCore2DuoAIOPC (administrator) on DELLCORE2DUOAIO (02-09-2017 17:09:54)
    Running from C:\Users\DELLCore2DuoAIOPC\Desktop
    Loaded Profiles: DELLCore2DuoAIOPC (Available Profiles: DELLCore2DuoAIOPC & DefaultAppPool)
    Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
    (Atheros Communications, Inc.) C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
    () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
    (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-08-24] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263232 2017-07-26] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-08-24] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3636157464-2752193694-1356837881-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
    HKU\S-1-5-21-3636157464-2752193694-1356837881-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [152064 2016-07-16] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-08-31]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2017-08-18]
    ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
    GroupPolicy: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{578b3db0-cf78-475e-8cbe-0884242a8068}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{b70f3494-0a68-4b5d-863f-6285112a3273}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3636157464-2752193694-1356837881-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
    SearchScopes: HKU\S-1-5-21-3636157464-2752193694-1356837881-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3636157464-2752193694-1356837881-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-04] (Oracle Corporation)
    BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-04] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-04] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-04] (Oracle Corporation)

    FireFox:
    ========
    FF DefaultProfile: edmkkt6s.default
    FF ProfilePath: C:\Users\DELLCore2DuoAIOPC\AppData\Roaming\Mozilla\Firefox\Profiles\edmkkt6s.default [2017-09-02]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\edmkkt6s.default -> Bing®
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\edmkkt6s.default -> Bing®
    FF Homepage: Mozilla\Firefox\Profiles\edmkkt6s.default -> about:home
    FF Extension: (Parental Control: **** Blocker) - C:\Users\DELLCore2DuoAIOPC\AppData\Roaming\Mozilla\Firefox\Profiles\edmkkt6s.default\Extensions\@parental-control-****-blocker.xpi [2017-07-27]
    FF Extension: (**** Blocker) - C:\Users\DELLCore2DuoAIOPC\AppData\Roaming\Mozilla\Firefox\Profiles\edmkkt6s.default\Extensions\@****-blocker.xpi [2017-07-27]
    FF Extension: (Pop-up Controller) - C:\Users\DELLCore2DuoAIOPC\AppData\Roaming\Mozilla\Firefox\Profiles\edmkkt6s.default\Extensions\jid1-MIAJd5BiK7V4Pw@jetpack.xpi [2017-07-27]
    FF Extension: (AdBlocker for YouTube™) - C:\Users\DELLCore2DuoAIOPC\AppData\Roaming\Mozilla\Firefox\Profiles\edmkkt6s.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2017-08-10]
    FF Extension: (uBlock Origin) - C:\Users\DELLCore2DuoAIOPC\AppData\Roaming\Mozilla\Firefox\Profiles\edmkkt6s.default\Extensions\uBlock0@raymondhill.net.xpi [2017-09-02]
    FF Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\DELLCore2DuoAIOPC\AppData\Roaming\Mozilla\Firefox\Profiles\edmkkt6s.default\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2017-06-14]
    FF Extension: (Adblock Plus) - C:\Users\DELLCore2DuoAIOPC\AppData\Roaming\Mozilla\Firefox\Profiles\edmkkt6s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
    FF Extension: (Firefox Screenshots) - C:\Users\DELLCore2DuoAIOPC\AppData\Roaming\Mozilla\Firefox\Profiles\edmkkt6s.default\features\{04b820d2-a0a2-4dbe-8cd6-3ece91ef6efc}\screenshots@mozilla.org.xpi [2017-08-27]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
    FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-04] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-04] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-04] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-04] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\DELLCore2DuoAIOPC\AppData\Local\Google\Chrome\User Data\Default [2017-09-02]
    CHR Extension: (Google Slides) - C:\Users\DELLCore2DuoAIOPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-08]
    CHR Extension: (Google Docs) - C:\Users\DELLCore2DuoAIOPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-08]
    CHR Extension: (Google Drive) - C:\Users\DELLCore2DuoAIOPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-08]
    CHR Extension: (YouTube) - C:\Users\DELLCore2DuoAIOPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-08]
    CHR Extension: (Google Sheets) - C:\Users\DELLCore2DuoAIOPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-08]
    CHR Extension: (Google Docs Offline) - C:\Users\DELLCore2DuoAIOPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-08]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\DELLCore2DuoAIOPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-29]
    CHR Extension: (Gmail) - C:\Users\DELLCore2DuoAIOPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-08]
    CHR Extension: (Chrome Media Router) - C:\Users\DELLCore2DuoAIOPC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-06]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [264432 2017-07-26] (AVG Technologies CZ, s.r.o.)
    R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7481648 2017-07-26] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-08-24] (AVG Technologies CZ, s.r.o.)
    R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
    R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [52656 2017-08-17] (AnchorFree Inc.)
    R2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [241664 2012-03-26] (Atheros Communications, Inc.) [File not signed]
    S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [1102848 2012-03-26] (Atheros Communications, Inc.) [File not signed]
    R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7184144 2016-07-06] (TeamViewer GmbH)
    R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-02-21] (AVG Technologies CZ, s.r.o.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
    R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
    R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [307928 2013-11-11] ()
    S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AFTrafMgr1.3; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_3_64.sys [64912 2017-08-14] (AnchorFree Inc.)
    R3 athur; C:\WINDOWS\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Qualcomm Atheros Communications, Inc.)
    R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166624 2017-07-26] (AVG Technologies CZ, s.r.o.)
    R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [313616 2017-07-26] (AVG Technologies CZ, s.r.o.)
    R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192584 2017-07-26] (AVG Technologies CZ, s.r.o.)
    R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336896 2017-07-26] (AVG Technologies CZ, s.r.o.)
    R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [51336 2017-07-26] (AVG Technologies CZ, s.r.o.)
    S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39424 2017-07-26] (AVG Technologies CZ, s.r.o.)
    R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [139112 2017-08-09] (AVG Technologies CZ, s.r.o.)
    R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [102792 2017-07-26] (AVG Technologies CZ, s.r.o.)
    R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76832 2017-07-26] (AVG Technologies CZ, s.r.o.)
    R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [1008288 2017-08-09] (AVG Technologies CZ, s.r.o.)
    R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [578048 2017-07-26] (AVG Technologies CZ, s.r.o.)
    R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [191208 2017-07-26] (AVG Technologies CZ, s.r.o.)
    R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [353744 2017-07-26] (AVG Technologies CZ, s.r.o.)
    R3 BCM43XX; C:\WINDOWS\System32\drivers\bcmwl63al.sys [5170176 2016-07-16] (Broadcom Corporation)
    R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
    R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
    U5 LVRS64; C:\Windows\System32\Drivers\LVRS64.sys [327704 2009-10-07] (Logitech Inc.)
    S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-06-20] (Realtek )
    R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-06-22] (Anchorfree Inc.)
    R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-02-21] (AVG Netherlands B.V.)
    R3 VIACRX64; C:\WINDOWS\System32\drivers\viacr64.sys [100864 2009-07-14] (VIA Technologies, Inc. )
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-09-02 17:09 - 2017-09-02 17:10 - 000018167 _____ C:\Users\DELLCore2DuoAIOPC\Desktop\FRST.txt
    2017-09-02 17:09 - 2017-09-02 17:09 - 002395648 _____ (Farbar) C:\Users\DELLCore2DuoAIOPC\Desktop\FRST64.exe
    2017-09-02 17:09 - 2017-09-02 17:09 - 000000000 ____D C:\FRST
    2017-09-02 10:01 - 2017-09-02 10:01 - 008182736 _____ (Malwarebytes) C:\Users\DELLCore2DuoAIOPC\Downloads\adwcleaner_7.0.2.1.exe
    2017-08-31 17:49 - 2017-08-31 17:49 - 000000000 ____D C:\Users\DELLCore2DuoAIOPC\AppData\Roaming\HP
    2017-08-31 17:49 - 2017-08-31 17:49 - 000000000 ____D C:\ProgramData\WEBREG
    2017-08-31 17:47 - 2017-08-31 17:47 - 000000000 ____D C:\ProgramData\Hewlett-Packard
    2017-08-31 17:46 - 2017-08-31 17:46 - 000001234 _____ C:\Users\Public\Desktop\Shop for HP Supplies.lnk
    2017-08-31 17:46 - 2017-08-31 17:46 - 000001170 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
    2017-08-31 17:46 - 2017-08-31 17:46 - 000001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    2017-08-31 17:46 - 2017-08-31 17:46 - 000000000 ____D C:\Users\DELLCore2DuoAIOPC\AppData\Roaming\HpUpdate
    2017-08-31 17:46 - 2017-08-31 17:46 - 000000000 ____D C:\ProgramData\HP Photo Creations
    2017-08-31 17:46 - 2017-08-31 17:46 - 000000000 ____D C:\Program Files (x86)\HP Photo Creations
    2017-08-31 17:45 - 2017-08-31 17:45 - 000001398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
    2017-08-31 17:45 - 2017-08-31 17:45 - 000001392 _____ C:\Users\Public\Desktop\HP Solution Center.lnk
    2017-08-31 17:45 - 2017-08-31 17:45 - 000000000 ____D C:\ProgramData\HP Product Assistant
    2017-08-31 17:43 - 2017-08-31 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2017-08-31 17:40 - 2017-08-31 17:48 - 000187320 _____ C:\WINDOWS\hpoins29.dat
    2017-08-31 17:40 - 2017-08-31 17:48 - 000000000 ____D C:\ProgramData\HP
    2017-08-31 17:40 - 2012-09-29 17:55 - 000000608 ____N C:\WINDOWS\hpomdl29.dat
    2017-08-31 17:40 - 2012-09-25 03:52 - 003867040 _____ C:\WINDOWS\system32\PortChanger.exe
    2017-08-31 17:40 - 2012-09-25 03:52 - 000151968 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Dot4.sys
    2017-08-31 17:40 - 2012-09-25 03:52 - 000049056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dot4usb.sys
    2017-08-31 17:40 - 2012-09-25 03:52 - 000027040 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\Dot4Prt.sys
    2017-08-31 17:40 - 2009-07-13 21:41 - 000046080 _____ (Hewlett-Packard Corporation) C:\WINDOWS\system32\hpz3lw71.dll
    2017-08-31 17:40 - 2009-07-08 06:51 - 001406464 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotiop6.dll
    2017-08-31 17:40 - 2009-07-08 06:51 - 000938496 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpowiax8.dll
    2017-08-31 17:40 - 2009-07-08 06:51 - 000551424 _____ (Hewlett-Packard) C:\WINDOWS\system32\hppldcoi.dll
    2017-08-31 17:40 - 2009-07-08 06:51 - 000505344 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst14.dll
    2017-08-31 17:31 - 2017-08-31 17:39 - 187175312 _____ C:\Users\DELLCore2DuoAIOPC\Downloads\PS_AIO_03_C4400_NonNet_Full_Win_WW_140_404-4.exe
    2017-08-31 17:28 - 2017-08-31 17:29 - 000656608 _____ (PC Drivers HeadQuarters LP) C:\Users\DELLCore2DuoAIOPC\Downloads\DriverSupport(1).exe
    2017-08-31 17:19 - 2017-08-31 17:46 - 000000000 ____D C:\Program Files (x86)\HP
    2017-08-31 17:17 - 2017-08-31 17:18 - 025882656 _____ C:\Users\DELLCore2DuoAIOPC\Downloads\C4400_NonWHQL_Thaiglyph_110_015.exe
    2017-08-31 09:16 - 2017-08-31 09:16 - 000302863 _____ C:\Users\DELLCore2DuoAIOPC\Desktop\Form1095a_2016.pdf
    2017-08-27 11:01 - 2017-09-02 10:00 - 000001648 _____ C:\Users\DELLCore2DuoAIOPC\Desktop\adwcleaner_7.0.1.0 - Shortcut.lnk
    2017-08-18 18:59 - 2017-08-18 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
    2017-08-18 14:05 - 2017-08-18 14:05 - 000000910 _____ C:\Users\Public\Desktop\NETGEAR WNA1100 Genie.lnk
    2017-08-18 14:05 - 2017-08-18 14:05 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2017-08-18 14:05 - 2017-08-18 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA1100 Genie
    2017-08-18 14:05 - 2017-08-18 14:05 - 000000000 ____D C:\Program Files (x86)\NETGEAR
    2017-08-18 14:05 - 2013-11-20 11:43 - 002702336 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athuwbx.sys
    2017-08-18 14:05 - 2008-05-15 02:28 - 000026624 _____ (Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\jswpslwfx.sys
    2017-08-18 14:04 - 2017-08-18 14:06 - 000000000 ____D C:\temp
    2017-08-18 14:03 - 2017-08-18 14:03 - 000000000 ____D C:\Users\DELLCore2DuoAIOPC\Downloads\WNA1100_Setup-V2.2.0.1-1_signed
    2017-08-18 14:02 - 2017-08-18 14:03 - 084403991 _____ C:\Users\DELLCore2DuoAIOPC\Downloads\WNA1100_Setup-V2.2.0.1-1_signed.zip
    2017-08-18 13:57 - 2017-08-18 13:57 - 000000017 _____ C:\Users\DELLCore2DuoAIOPC\AppData\Local\resmon.resmoncfg
    2017-08-12 19:02 - 2017-08-12 19:02 - 000019726 _____ C:\Users\DELLCore2DuoAIOPC\Desktop\Untitled 1.odt
    2017-08-04 11:05 - 2017-09-02 10:07 - 000000858 _____ C:\Users\DELLCore2DuoAIOPC\Desktop\JRT.txt
    2017-08-04 10:58 - 2017-08-04 10:59 - 008185288 _____ (Malwarebytes) C:\Users\DELLCore2DuoAIOPC\Downloads\adwcleaner_7.0.1.0.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-09-02 17:07 - 2016-09-24 14:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-09-02 15:51 - 2016-07-25 10:44 - 000001618 _____ C:\Users\DELLCore2DuoAIOPC\Desktop\Mozilla Firefox.lnk
    2017-09-02 15:48 - 2017-06-05 18:10 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
    2017-09-02 15:47 - 2016-09-24 14:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-09-02 15:46 - 2016-07-16 02:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2017-09-02 15:40 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\registration
    2017-09-02 10:03 - 2017-06-04 14:56 - 000000000 ____D C:\AdwCleaner
    2017-09-02 09:53 - 2016-10-30 00:04 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-09-02 09:20 - 2016-10-30 19:24 - 000001507 _____ C:\Users\DELLCore2DuoAIOPC\Desktop\TFC - Shortcut.lnk
    2017-09-02 09:12 - 2016-09-24 14:24 - 000259160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-09-02 09:12 - 2016-07-08 14:20 - 000000000 ____D C:\ProgramData\Foxit Software
    2017-09-02 09:10 - 2016-09-24 14:29 - 000000000 ____D C:\Users\DELLCore2DuoAIOPC
    2017-08-31 17:48 - 2009-07-13 22:34 - 000000438 _____ C:\WINDOWS\win.ini
    2017-08-31 17:47 - 2016-07-16 07:45 - 000000000 ____D C:\WINDOWS\INF
    2017-08-31 17:14 - 2016-07-08 14:35 - 000000000 ____D C:\Users\DELLCore2DuoAIOPC\AppData\Local\ElevatedDiagnostics
    2017-08-28 18:02 - 2016-07-08 14:15 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-08-28 18:02 - 2016-07-08 14:15 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-08-27 18:43 - 2017-06-05 18:14 - 000004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
    2017-08-27 11:18 - 2016-07-08 14:14 - 000000000 ____D C:\Program Files (x86)\Opera
    2017-08-27 11:17 - 2016-09-24 14:42 - 000003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1468001672
    2017-08-26 23:11 - 2016-11-15 20:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-08-26 23:11 - 2016-07-08 14:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-08-18 18:59 - 2017-07-11 19:24 - 000000000 ____D C:\Program Files (x86)\Hotspot Shield
    2017-08-18 18:59 - 2017-07-11 19:23 - 000000000 ____D C:\ProgramData\Package Cache
    2017-08-18 18:59 - 2017-07-11 19:23 - 000000000 ____D C:\ProgramData\Hotspot Shield
    2017-08-18 14:20 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\NDF
    2017-08-09 18:43 - 2017-06-05 18:14 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgsnx.sys
    2017-08-09 18:43 - 2017-06-05 18:14 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmonflt.sys
    2017-08-08 08:34 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-08-08 08:34 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2017-08-07 19:44 - 2016-11-16 09:24 - 000000000 ____D C:\Users\DELLCore2DuoAIOPC\AppData\LocalLow\Mozilla

    ==================== Files in the root of some directories =======

    2017-08-18 13:57 - 2017-08-18 13:57 - 000000017 _____ () C:\Users\DELLCore2DuoAIOPC\AppData\Local\resmon.resmoncfg
    2017-08-31 17:40 - 2017-08-31 17:48 - 000000847 _____ () C:\ProgramData\hpzinstall.log

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-08-28 15:22

    ==================== End of FRST.txt ============================
     
  2. 2017/09/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    I still need second log.
     

  3. to hide this advert.

  4. 2017/09/03
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    Trophy Points:
    233
    Computer Experience:
    beginner
    sorry i thought it posted
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
    Ran by DELLCore2DuoAIOPC (02-09-2017 17:10:53)
    Running from C:\Users\DELLCore2DuoAIOPC\Desktop
    Windows 10 Pro Version 1607 (X64) (2016-09-24 18:45:20)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3636157464-2752193694-1356837881-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3636157464-2752193694-1356837881-503 - Limited - Disabled)
    DELLCore2DuoAIOPC (S-1-5-21-3636157464-2752193694-1356837881-1000 - Administrator - Enabled) => C:\Users\DELLCore2DuoAIOPC
    Guest (S-1-5-21-3636157464-2752193694-1356837881-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
    Active@ ISO Burner 4 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 4 - LSoft Technologies Inc)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
    Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
    AVG (HKLM\...\{434FBA38-0562-4F98-9436-4B45C0C0EF0B}) (Version: 1.201.2 - AVG Technologies) Hidden
    AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.5.3022 - AVG Technologies)
    AVG PC TuneUp (HKLM-x32\...\{149D912F-03DB-4895-913E-820CB11965C0}) (Version: 16.74.1 - AVG Technologies) Hidden
    AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.74.2.60831 - AVG Technologies)
    BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
    C4400 (HKLM-x32\...\{A3D8EE40-B8CA-43CC-8605-D03855F0A3A4}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
    Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
    Click Click Money (HKLM-x32\...\Click Click Money) (Version: - )
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.70.0 - Conexant)
    Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
    Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
    DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
    FMW 1 (HKLM\...\{F64508FE-73C8-4C27-9CCA-3799C428B70B}) (Version: 1.223.1 - AVG Technologies) Hidden
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
    GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
    Google Chrome (HKLM-x32\...\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 60.0.3112.113 - Google, Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Hotspot Shield 7.0.5 (HKLM-x32\...\{4d4cdb09-f259-44a9-9f01-cda582e2019c}) (Version: 7.0.5.10668 - AnchorFree Inc.)
    Hotspot Shield 7.0.5 (HKLM-x32\...\{AF599C42-A2E5-4251-B7EE-4925C127FCCF}) (Version: 7.0.5.10668 - AnchorFree Inc.) Hidden
    Hotspot Shield 7.0.5 (HKLM-x32\...\HotspotShield) (Version: 7.0.5 - AnchorFree Inc.) Hidden
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
    HP Photosmart C4400 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{886E586A-9121-4515-9C18-2C04202614B2}) (Version: 14.0 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
    HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    LibreOffice 5.1.4.2 (HKLM\...\{3D0938AC-CEED-48CF-9649-D433CE8A4AF7}) (Version: 5.1.4.2 - The Document Foundation)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Microsoft OneDrive (HKU\S-1-5-21-3636157464-2752193694-1356837881-1000\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
    NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 2.2.0.1 - NETGEAR)
    OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
    Opera Stable 47.0.2631.71 (HKLM-x32\...\Opera 47.0.2631.71) (Version: 47.0.2631.71 - Opera Software)
    PS_AIO_03_C4400_Software_Min (HKLM-x32\...\{EDF59314-4743-4B6C-9F40-3670CCDF961E}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
    Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
    Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.62308 - TeamViewer)
    Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
    TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-26] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-06-18] (Foxit Software Inc.)
    ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2017-02-21] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File
    ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-07-26] (AVG Technologies CZ, s.r.o.)
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {096BE14E-216B-42C4-BB17-9D16A26D5A0B} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-03-15] (Oracle Corporation)
    Task: {0B9142E3-6DC8-45A8-9CB1-F8A49E456F2F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {0E84D992-93A0-49E3-85D4-3FD97B422CAB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {0EE612F4-EDDD-4DF7-9804-15CBD159AA11} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-08] (Google Inc.)
    Task: {172091D5-4AA1-40E8-A8E0-E4A4181E5461} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
    Task: {20E10B0E-3310-4A0F-8680-B207BCBB9015} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\DELLCore2DuoAIOPC\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
    Task: {3AD03ECF-6E0D-4BB1-B4F6-B8BE501216C4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {3E8B515E-F588-47BC-A5CC-3D89E6D1FE40} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {42FD2138-3784-45E7-AEB8-B9C1E8B75449} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {464F509D-7F10-4AA9-92F5-646459DD8BD3} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {49A3DFB5-1DD1-4323-8B43-5933EE1E64D9} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
    Task: {597441AA-56B5-4616-8D0A-E63C3A9B0787} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {6B0BE5B8-190B-470B-A623-DF0D4053A80E} - System32\Tasks\Opera scheduled Autoupdate 1468001672 => C:\Program Files (x86)\Opera\launcher.exe [2017-08-25] (Opera Software)
    Task: {749DD915-07CA-4694-8B6E-9F1FE63791F4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {7513E148-A465-4B3D-9D87-02F5193209E8} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {8AEF3E73-1828-4C92-B69E-7B7812A98EA0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {8F3C0E82-5F0A-43A8-8BBE-96460816B147} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {90C53409-6583-477E-A667-0904A4BAB024} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {93E04A0F-3502-4CEA-9378-A7B5BDE674C1} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9631000F-6679-4FBE-BFF1-0C8E62C22505} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
    Task: {9851FF55-1054-46DD-A36A-1DA957C1CDAB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9EB905C5-26F9-4BD7-862D-4709AE9676F9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {A1C0EB9D-09C4-4A5B-A214-07B7251A9D81} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-07-26] (AVG Technologies CZ, s.r.o.)
    Task: {A30C9774-B515-4547-86DB-4AA73295EE66} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {A760AC55-CB06-415C-99FA-EB6DCBE2F81F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A9D5B9C5-0CA9-4071-A0D1-FCA94CC4BEB5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {AF68AEEC-ECA4-4202-8DB3-AA4AC64C87C9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {C07E0318-E1E0-4F42-B1B8-6E8599787D81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-08] (Google Inc.)
    Task: {C2E6B84A-CD8B-41DA-9E13-71AA8A201BE5} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {C73BFA2A-4EAA-4B45-82CB-7071F40838C3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
    Task: {E6499609-CAFC-40F1-B587-B895D1E6115C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-02-21] (AVG Technologies CZ, s.r.o.)
    Task: {F3884B38-4B69-479E-A0EA-EAC6C1DEAC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {FA5E8F35-093B-4E8F-BD37-01384BBF6664} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 07:42 - 2016-07-16 07:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2017-05-10 14:29 - 2017-04-27 20:49 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2017-08-18 14:05 - 2013-11-11 15:10 - 000307928 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    2016-09-24 18:19 - 2016-09-24 18:19 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2017-03-15 17:49 - 2017-03-04 02:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2017-03-15 17:47 - 2017-03-04 02:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-03-15 17:47 - 2017-03-04 02:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-03-15 17:47 - 2017-03-04 02:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2017-05-10 14:28 - 2017-04-27 19:36 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2017-05-10 14:29 - 2017-04-27 19:36 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2017-05-10 14:29 - 2017-04-27 19:37 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2017-08-18 14:05 - 2014-01-02 13:13 - 008266456 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    2017-08-17 19:13 - 2017-08-17 19:13 - 000161200 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
    2017-08-18 14:05 - 2013-10-15 09:29 - 000372736 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
    2017-06-05 18:10 - 2017-06-05 18:09 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
    2017-06-05 18:13 - 2017-06-05 18:13 - 000171344 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
    2017-07-26 06:42 - 2017-07-26 06:42 - 001067056 _____ () C:\Program Files (x86)\AVG\Antivirus\AvChrome.dll
    2017-07-06 12:11 - 2017-07-06 12:11 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
    2017-07-06 12:11 - 2017-07-06 12:11 - 000193784 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
    2017-07-06 12:11 - 2017-07-06 12:11 - 000225376 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
    2017-07-06 12:11 - 2017-07-06 12:11 - 000690392 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
    2017-08-18 14:05 - 2013-11-01 17:31 - 000278528 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-3636157464-2752193694-1356837881-1000\...\localhost -> localhost

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3636157464-2752193694-1356837881-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DELLCore2DuoAIOPC\Desktop\pictures\12345.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run32: => "vProt"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{70D8A1D3-E3F6-490E-A87F-BD10408D5460}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{B1B97340-A26A-4709-A50F-01BAAB60FD6C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{63BC9C46-36AE-43CD-B2EC-B03FEAFE5C99}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{F3A39919-338A-438F-ADF3-37845557355A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{0C1944B4-363B-4764-8A61-7FD129600211}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{97B08896-2249-4581-997A-BCC1C4908161}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [TCP Query User{C88E376E-D8FC-4CB9-8CC9-B8AE8A790D69}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{E0AC6CF6-7F5E-4F68-BDA9-4EBD4852A932}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{EAB254BA-EFC6-4C2D-8570-B2C7D8550C49}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.55\opera.exe
    FirewallRules: [{33DABEB8-708D-4D1E-BBAC-983E9A87FE7B}] => (Allow) C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe
    FirewallRules: [{342C3F84-4E1E-42F7-967C-382469FF5D76}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{8F45D027-D604-4D4A-9AEC-1151AC71B4C4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{A068E79A-D6CB-4AE5-9842-452DB5A328A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{EDD29056-2A7E-4327-93E6-2462B4895159}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{6CB4A6BE-1861-497B-8F89-158B55AA740C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{EE9FFEEB-327D-4527-80F5-A90A3685C16D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{3A986A58-193D-4871-825C-C49BD4539735}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{38DAD3A5-3CC0-44CE-8698-5517EDD03ECB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{7CF7B8CE-DF9F-4E47-8820-9431E6BFC601}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{FE2E8A5A-A650-4838-9B26-CCC1983B8A55}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{AE980FBC-9422-4098-952D-D351CCCE7252}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{E33D2E36-4FC2-40E1-A39A-BA51B9C2DCF5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{EDB2CF4C-433B-4952-9FF4-95E42C7D1AA5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe

    ==================== Restore Points =========================

    12-08-2017 16:08:32 Scheduled Checkpoint
    21-08-2017 15:01:37 Scheduled Checkpoint
    27-08-2017 11:04:47 JRT Pre-Junkware Removal
    02-09-2017 10:04:17 JRT Pre-Junkware Removal
    02-09-2017 15:06:07 Restore Operation

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/02/2017 03:47:46 PM) (Source: System Restore) (EventID: 8210) (User: )
    Description: An unspecified error occurred during System Restore: (JRT Pre-Junkware Removal). Additional information: 0x80070091.

    Error: (09/02/2017 03:33:18 PM) (Source: System Restore) (EventID: 8210) (User: )
    Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070091.

    Error: (09/02/2017 03:18:40 PM) (Source: System Restore) (EventID: 8210) (User: )
    Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070091.

    Error: (09/02/2017 03:06:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (09/02/2017 10:04:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (08/31/2017 05:57:22 PM) (Source: Application) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (08/31/2017 05:47:27 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (08/31/2017 05:47:21 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: PortChanger.exe, version: 0.0.0.0, time stamp: 0x50123cc9
    Faulting module name: PortChanger.exe, version: 0.0.0.0, time stamp: 0x50123cc9
    Exception code: 0xc0000005
    Fault offset: 0x0000000000004be7
    Faulting process id: 0x1de8
    Faulting application start time: 0x01d322a2aefa6415
    Faulting application path: C:\WINDOWS\system32\PortChanger.exe
    Faulting module path: C:\WINDOWS\system32\PortChanger.exe
    Report Id: 8ab53812-fa79-43d4-a4df-44e5a88bac38
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (08/27/2017 11:05:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (08/24/2017 01:59:37 PM) (Source: COM) (EventID: 10031) (User: )
    Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected


    System errors:
    =============
    Error: (09/02/2017 03:47:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (09/02/2017 03:47:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (09/02/2017 03:32:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (09/02/2017 03:32:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (09/02/2017 03:18:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (09/02/2017 03:17:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (09/02/2017 09:20:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

    Error: (09/02/2017 09:12:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (09/02/2017 09:12:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (08/29/2017 05:25:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    CodeIntegrity:
    ===================================
    Date: 2017-04-21 06:32:30.014
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-21 06:32:28.267
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-21 06:32:05.668
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-21 06:31:51.128
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-21 06:31:48.833
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-21 06:31:48.576
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-21 06:31:48.300
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-21 06:31:41.296
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-21 05:32:04.747
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2017-04-21 00:07:03.972
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
    Percentage of memory in use: 52%
    Total physical RAM: 3964.8 MB
    Available physical RAM: 1868.13 MB
    Total Virtual: 7932.8 MB
    Available Virtual: 5726.34 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.22 GB) (Free:427.52 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A42D04A3)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

    ==================== End of Addition.txt ============================
     
  5. 2017/09/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    I don't see anything malicious there.
    In fact, I highly doubt your symptoms would be caused by some infection.
    I suggest new topic in Windows forum.
    Good luck :)
     
  6. 2017/09/04
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    Trophy Points:
    233
    Computer Experience:
    beginner
    ok thanks
     
  7. 2017/09/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    :)...
     

Share This Page