View Single Post
  #5  
Old December 31st, 2020, 10:51 PM
bot96 bot96 is offline
Member
 
Join Date: Jun 2012
O/S: Windows 7 64-bit
Posts: 232
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by Bill (31-12-2020 16:46:35)
Running from C:\Users\Bill\Downloads
Windows 7 Professional Service Pack 1 (X64) (2020-11-09 04:24:34)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-3498834930-2541690638-1204314038-500 - Administrator - Disabled)
Bill (S-1-5-21-3498834930-2541690638-1204314038-1000 - Administrator - Enabled) => C:\Users\Bill
Guest (S-1-5-21-3498834930-2541690638-1204314038-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3498834930-2541690638-1204314038-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{98616875-CF30-4BE5-AAED-36EF4AC6EE27}) (Version: 11.3.300.268 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 4.1 - Google LLC)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 2.0.0.27 - Qualcomm Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.10.2442 - Avast Software)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.20(T) - TOSHIBA CORPORATION)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
ETDWare PS/2-X64 11.8.20.3_WHQL (HKLM\...\Elantech) (Version: 11.8.20.3 - ELAN Microelectronic Corp.)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{7563302D-BD6B-4153-BA7D-3E3432E7C22D}) (Version: 7.5.6 - Intel Corporation)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 84.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0.1 (x64 en-US)) (Version: 84.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0.3 - Mozilla)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
QuickBooks (HKLM-x32\...\{2B0E1E07-2F3D-4E7D-AD0A-1C74A8881B9B}) (Version: 26.0.4017.2607 - Intuit Inc.) Hidden
QuickBooks Pro 2016 (HKLM-x32\...\{4338BDE2-0035-41BC-87BE-EE0AD5D48042}) (Version: 26.0.4017.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.29073 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.78.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.2.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.0 - VS Revo Group, Ltd.)
TOOL ALL IN ONE - 1 (HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\dc1f63000b2c54db) (Version: 1.0.6.1 - Mauronofrio)
TOOL ALL IN ONE (HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\...\067ec52159e66db0) (Version: 2.0.1.3 - Mauronofrio)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.13 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.13 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.4.5.64 - Toshiba Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.5.6401 - Toshiba Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.15 - TOSHIBA Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.3.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.9.52040013 - Toshiba Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.3.6401 - Toshiba Corporation)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.6 - TOSHIBA) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.52.6 - TOSHIBA) Hidden

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA) [File not signed]
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-16] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [tosBtShllExt] -> {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} => C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtShell.dll [2014-01-20] (TOSHIBA) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-10-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2020-12-16] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Fi lter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2020-12-30 17:07 - 2020-12-30 17:07 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123004\avast.local_vc142.crt \api-ms-win-core-synch-l1-2-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-core-file-l1-2-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-core-file-l2-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-core-localization-l1-2-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-core-processthreads-l1-1-1.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-core-synch-l1-2-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-core-timezone-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-convert-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-environment-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-filesystem-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-heap-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-locale-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-math-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-multibyte-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-runtime-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-stdio-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-string-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-time-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \api-ms-win-crt-utility-l1-1-0.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \MSVCP140.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \ucrtbase.DLL
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \VCRUNTIME140.dll
2020-12-31 16:30 - 2020-12-31 16:30 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Avast Software\Avast\defs\20123106\avast.local_vc142.crt \VCRUNTIME140_1.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3498834930-2541690638-1204314038-1000 -> DefaultScope {5E70D020-F197-4FCA-8253-BA1E9D292E21} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-11-24] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-11-24] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2019-02-22] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3498834930-2541690638-1204314038-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg
DNS Servers: 192.168.86.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F1922258-7B6B-401B-A1BA-094DF0346DDD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{676E95EE-6702-4071-85F3-AD6D77705158}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0AE4A349-92EA-4751-9F23-C75E0AA4E171}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{6799B122-017B-4535-9C89-2334C2870966}] => (Allow) LPort=5357
FirewallRules: [{E81FFF39-2555-4FDA-BF99-31ACD038CC48}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{B1DECBA3-6DF0-46CB-8A35-7CC4BB6FE682}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagn osticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{A54455B5-9160-4768-9295-7B0F861C5A2B}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagn osticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)

==================== Restore Points =========================

16-12-2020 16:40:51 Removed HP ENVY 4500 series Basic Device Software
16-12-2020 16:41:32 Removed HP ENVY 4500 series Basic Device Software
18-12-2020 20:02:40 JRT Pre-Junkware Removal
19-12-2020 20:36:35 JRT Pre-Junkware Removal
20-12-2020 16:50:57 JRT Pre-Junkware Removal
24-12-2020 18:28:16 JRT Pre-Junkware Removal
28-12-2020 19:03:15 JRT Pre-Junkware Removal
29-12-2020 19:13:19 JRT Pre-Junkware Removal
29-12-2020 19:35:21 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============

Name: Malwarebytes Anti-Exploit
Description: Malwarebytes Anti-Exploit
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ESProtectionDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (12/31/2020 04:39:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.12.2020.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1588

Start Time: 01d6dfbd2bfb937a

Termination Time: 16

Application Path: C:\Users\Bill\Downloads\FRST64.exe

Report Id:

Error: (12/31/2020 04:29:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/30/2020 07:41:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/30/2020 06:53:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LMS.exe, version: 9.5.10.1628, time stamp: 0x51cb6db4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02cc7584
Faulting process id: 0xeb4
Faulting application start time: 0x01d6df04ad18cbd5
Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
Faulting module path: unknown
Report Id: 2cc037b8-4afa-11eb-a80c-f8a963d84040

Error: (12/30/2020 06:53:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jhi_service.exe, version: 9.5.12.1682, time stamp: 0x51e60670
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02cc7584
Faulting process id: 0x930
Faulting application start time: 0x01d6df04acd886ad
Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
Faulting module path: unknown
Report Id: 2c8bd972-4afa-11eb-a80c-f8a963d84040

Error: (12/30/2020 06:53:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelMeFWService.exe, version: 9.5.10.1628, time stamp: 0x51cb6ca3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02cc7584
Faulting process id: 0xe5c
Faulting application start time: 0x01d6df04acab4c88
Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
Faulting module path: unknown
Report Id: 2c6100ad-4afa-11eb-a80c-f8a963d84040

Error: (12/30/2020 06:53:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ICCProxy.exe, version: 1.0.0.1, time stamp: 0x4f971121
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02cc7584
Faulting process id: 0xdbc
Faulting application start time: 0x01d6df04619bfe81
Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
Faulting module path: unknown
Report Id: 2c231ce6-4afa-11eb-a80c-f8a963d84040

Error: (12/30/2020 06:53:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: QBIDPService.exe, version: 1.26.21.4000, time stamp: 0x56e87cac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02cc7584
Faulting process id: 0xb5c
Faulting application start time: 0x01d6df045e8f3b27
Faulting application path: C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
Faulting module path: unknown
Report Id: 2927032e-4afa-11eb-a80c-f8a963d84040


System errors:
=============
Error: (12/31/2020 04:29:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NGC
ESProtectionDriver

Error: (12/31/2020 04:29:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/30/2020 07:41:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ccSet_NGC
ESProtectionDriver

Error: (12/30/2020 07:40:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMChameleon service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/30/2020 06:53:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2020 06:53:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2020 06:53:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2020 06:53:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================

Date: 2020-11-09 19:52:02.912
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\MRT.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: TOSHIBA 1.30 11/28/2014
Motherboard: TOSHIBA ZFWAA
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 53%
Total physical RAM: 6031.24 MB
Available physical RAM: 2833 MB
Total Virtual: 12060.62 MB
Available Virtual: 9018.09 MB

==================== Drives ================================

Drive c: (TI10695800D) (Fixed) (Total:687.55 GB) (Free:627.34 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7c6c4644-2254-11eb-ba9a-806e6f6e6963}\ (System) (Fixed) (Total:1.46 GB) (Free:1.25 GB) NTFS

==================== MBR & Partition Table ====================

================================================== ========
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: D34BCE7D)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=687.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.6 GB) - (Type=17)

==================== End of Addition.txt =======================
Reply With Quote