Solved Laptop cannot find any network connections

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

akotski1338

PCHF Member
PCHF Member
May 3, 2019
30
7
20
I have a Asus laptop that is about 5 years old. One day I turn it on and it wasn’t connected to the internet even though it was the day before. It simply says “No connections are available” even though there are. I try restarting the computer and even a system restore point but that didn’t fix the problem. Everything seems to be in order in the drivers. I couldn’t really find any solutions on the internet.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
Please run these programs with the ethernet cord attached.

Step 1:

Security Check Scan.





  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Right Click on adwcleaner.exe and run as admin to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
HijackThis.



1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.




Then, can you run the following program with and without the ethernet cable attached please.

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.
 
  • Like
Reactions: gus

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
Also, provide a screenshot of your device manager.

How to use the Snipping Tool Click Here

Use Windows+R hotkeys to open Run dialog box, type the command of devmgmt.msc and click OK.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
If you have any questions about the process please let me know. I will be glad to walk you through anything you have an issue with . :)
 

akotski1338

PCHF Member
PCHF Member
May 3, 2019
30
7
20
MiniToolBox by Farbar Version: 17-06-2016
Ran by Pavel (administrator) on 14-06-2019 at 23:06:44
Running from "C:\Users\Pavel\Desktop"
Microsoft Windows 8.1 Pro (X64)
Model: G46VW Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ASUSGAMING
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Physical Address. . . . . . . . . : 08-60-6E-1E-E5-06
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 60-36-DD-8F-DC-15
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
20...08 60 6e 1e e5 06 ......Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
17...60 36 dd 8f dc 15 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/14/2019 10:56:54 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (06/14/2019 10:56:38 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/14/2019 10:44:41 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/14/2019 06:45:16 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/14/2019 06:20:17 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/14/2019 06:18:24 PM) (Source: Perflib) (User: )
Description: rdyboost4

Error: (06/14/2019 06:18:00 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (06/13/2019 09:20:42 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent

Error: (06/12/2019 10:00:00 PM) (Source: ESENT) (User: )
Description: svchost (1872) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU0399F.log.

Error: (06/12/2019 09:20:43 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


System errors:
=============
Error: (06/14/2019 10:56:09 PM) (Source: Service Control Manager) (User: )
Description: The Update Mgr HooplaSearch service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (06/14/2019 10:56:09 PM) (Source: Service Control Manager) (User: )
Description: The Service Mgr HooplaSearch service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (06/14/2019 10:55:35 PM) (Source: BTHUSB) (User: )
Description: The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.

Error: (06/14/2019 10:54:26 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/14/2019 10:54:26 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (06/14/2019 10:54:08 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (06/14/2019 10:54:08 PM) (Source: Service Control Manager) (User: )
Description: The QMEmulatorService service terminated unexpectedly. It has done this 1 time(s).

Error: (06/14/2019 10:54:07 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (06/14/2019 10:54:07 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (06/14/2019 10:54:07 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (06/14/2019 10:56:54 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (06/14/2019 10:56:38 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/14/2019 10:44:41 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/14/2019 06:45:16 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/14/2019 06:20:17 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (06/14/2019 06:18:24 PM) (Source: Perflib)(User: )
Description: rdyboost4

Error: (06/14/2019 06:18:00 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (06/13/2019 09:20:42 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent

Error: (06/12/2019 10:00:00 PM) (Source: ESENT)(User: )
Description: svchost1872SRUJet: C:\Windows\system32\SRU\SRU0399F.log-1811 (0xfffff8ed)

Error: (06/12/2019 09:20:43 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1


CodeIntegrity Errors:
===================================
Date: 2018-02-24 14:52:25.824
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-02-24 14:52:24.513
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-01-23 17:58:27.639
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2018-01-23 17:58:26.482
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-07-22 18:56:50.710
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-07-22 18:56:50.448
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-07-22 18:54:04.546
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-07-22 18:54:04.313
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-07-12 20:34:47.150
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-07-12 20:34:46.876
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
AmazonBasics gaming software version 1.0.1.7 (HKLM-x32\...\AmazonBasics gaming software_is1) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B202C7F5-7DE3-4FBF-B259-E70E625F56FC}) (Version: 7.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 74.0.1376.132 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform)
Chromium (HKCU\...\Chromium) (Version: 51.0.2684.0 - Chromium)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Discord (HKCU\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden
Driver - San Francisco (HKLM-x32\...\Driver - San Francisco_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Dropbox (HKLM-x32\...\Dropbox) (Version: 74.4.115 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fallout 4 (HKLM\...\Steam App 377160) (Version: - Bethesda Game Studios)
Fallout: New Vegas (HKLM\...\Steam App 22380) (Version: - Obsidian Entertainment)
Far Cry 4 (HKLM\...\Steam App 298110) (Version: - Ubisoft Montreal, Red Storm, Shanghai, Toronto, Kiev)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North)
Grand Theft Auto: San Andreas (HKLM\...\Steam App 12120) (Version: - Rockstar Games)
Grand Theft Auto: Vice City (HKLM\...\Steam App 12110) (Version: - Rockstar Games)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5059 - Intel Corporation)
iTunes (HKLM\...\{A8AF3EF8-5010-4A92-BCCA-90F62A7D62B8}) (Version: 12.9.5.7 - Apple Inc.)
Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
K-Lite Codec Pack 11.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Steam Edition (HKLM\...\Steam App 314160) (Version: - Microsoft Game Studios)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version: - )
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Need for Speed: Hot Pursuit (HKLM\...\Steam App 47870) (Version: - Criterion Games)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Driver 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 425.31 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.1.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.1.48 - NVIDIA Corporation)
NVIDIA Graphics Driver 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 425.31 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.0.0 - OBS Project)
Oracle VM VirtualBox 6.0.8 (HKLM\...\{C549898A-9AA8-4CF6-8290-EF5DB8ECA766}) (Version: 6.0.8 - Oracle Corporation)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Project CARS (HKLM\...\Steam App 234630) (Version: - Slightly Mad Studios)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
Redragon Kumara Gaming Mechanical keyboard driver (HKLM-x32\...\{12F382E1-63D4-4B94-BD32-5F845E74FC79}) (Version: 2017.07.04 - Eastern Times Technology Co., Ltd )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
Search the Web (Yahoo) (HKLM-x32\...\a92e2408) (Version: - )
Sonic Foundry ACID 4.0 (HKLM-x32\...\{2A38B5AA-EA84-4F87-9937-2FB23982243A}) (Version: 4.0.215 - Sonic Foundry)
Sony Vegas 5.0b (HKLM-x32\...\{A7401380-F015-475B-A5AA-7AE1F23B3DB3}) (Version: 5.0.160 - Sony)
Spintires: The Original Game (HKLM\...\Steam App 263280) (Version: - Oovee® Game Studios)
Spotify (HKCU\...\Spotify) (Version: 1.1.8.439.g8502297d - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tencent Gaming Buddy (HKLM-x32\...\MobileGamePC) (Version: 1.0.0.1 - Tencent Technology Company)
Unturned (HKLM\...\Steam App 304930) (Version: - Smartly Dressed Games)
Uplay (HKLM-x32\...\Uplay) (Version: 65.0 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
Windows Movie Maker 2019 (HKLM\...\{9CC29C6A-B5FE-497B-8F23-52A2557A92C0}}_is1) (Version: - VideoWin)
Wondershare Filmora9(Build 9.1.2) (HKLM\...\Wondershare Filmora9_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare)

========================= Devices: ================================

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Device ID: ROOT\MEDIA\0000
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Device ID: ROOT\MEDIA\0001
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Device ID: ROOT\MEDIA\0003
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 8077.55 MB
Available physical RAM: 5593.14 MB
Total Virtual: 12045.55 MB
Available Virtual: 8398.67 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.42 GB) (Free:93.95 GB) NTFS

========================= Users: ========================================

User accounts for \\ASUSGAMING

Administrator ASPNET Guest
Pavel


**** End of log ****





# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-05-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-14-2019
# Duration: 00:00:09
# OS: Windows 8.1 Pro
# Cleaned: 60
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\SafeSavings
Deleted C:\ProgramData\53AB40F9-42A1-0
Deleted C:\ProgramData\53AB40F9-7255-1
Deleted C:\ProgramData\BSD\DriverHive
Deleted C:\ProgramData\BSD\DriverHiveEngine
Deleted C:\ProgramData\SafeSavings
Deleted C:\ProgramData\Tencent
Deleted C:\Users\Pavel\AppData\Local\slimware utilities inc
Deleted C:\Users\Pavel\AppData\Roaming\DRPSu
Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Not Deleted C:\Users\Pavel\AppData\Roaming\Tencent

***** [ Files ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\ACPTab
Deleted HKCU\Software\BSD
Deleted HKCU\Software\InSTab
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|PCAcceleratePro.exe
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{53e2f62a-3083-46e6-8527-cf89e4acb4ae}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AE5E8B88-E8FC-45E6-8A5B-20D1DC910AE9}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Itibiti.exe
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\drp.su
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Itibiti.exe
Deleted HKCU\Software\MySafeSavings
Deleted HKCU\Software\Norassie
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G
Deleted HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
Deleted HKCU\Software\System Healer
Deleted HKCU\Software\csastats
Deleted HKCU\Software\drpsu
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0B0A4E06-CAA9-4B24-8008-887D71444E0D}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{13E320A2-0F14-4390-9D44-D2F892F419BE}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4C8445FD-B9E2-4E0A-B27C-F36225E8FBCE}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AEE94BA1-E1D6-411E-8202-260422E14465}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C262D0B8-521C-4BEE-9C64-C87C465611A3}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C6273DF3-B070-469A-91A1-FACA4C33E1F7}
Deleted HKLM\Software\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Deleted HKLM\Software\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Deleted HKLM\Software\Classes\METNSD
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Deleted HKLM\Software\Wow6432Node\BSD
Deleted HKLM\Software\Wow6432Node\CompeteInc
Deleted HKLM\Software\Wow6432Node\MySafeSavings
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\MySafeSavings
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
Deleted HKLM\Software\Wow6432Node\drpsu
Deleted HKU\.DEFAULT\Software\AppDataLow\Software\Compete
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Deleted HKU\S-1-5-18\Software\AppDataLow\Software\Compete
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}

***** [ Chromium (and derivatives) ] *****

Deleted Search Manager
Deleted Search Manager

***** [ Chromium URLs ] *****

Deleted Default
Deleted Default

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [6930 octets] - [14/06/2019 22:53:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.19

Platform: x64 Windows 8.1 (Pro), 6.3.9600.19206, Service Pack: 0
Time: 14.06.2019 - 23:02 (UTC-07:00)
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: Pavel (group: Administrator) on ASUSGAMING, FirstRun: yes

Chrome: 74.0.3729.169
Internet Explorer: 11.0.9600.19204
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Fraps\fraps.exe
1 C:\Fraps\fraps64.dat
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
1 C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
1 C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
1 C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
1 C:\Program Files (x86)\AmazonBasics gaming software\AmazonBasics gaming software.exe
1 C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
1 C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
11 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
2 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
1 C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe
1 C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe
1 C:\Program Files\TxGameAssistant\AppMarket\QQExternal.exe
1 C:\Program Files\iPod\bin\iPodService.exe
1 C:\Program Files\iTunes\iTunesHelper.exe
4 C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\SwReporter\41.204.201.3\software_reporter_tool.exe
1 C:\Users\Pavel\Desktop\HiJackThis\HiJackThis.exe
1 C:\Users\Pavel\Desktop\adwcleaner_7.3.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\DbxSvc.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxEM.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\igfxTray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
12 C:\Windows\System32\svchost.exe
3 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhostex.exe
1 C:\Windows\System32\wbem\WMIADAP.exe
1 C:\Windows\System32\wbem\WmiApSrv.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_18_05_ssg01&param1=1&param2=f=1&b=IE&cc=us&pa=wincy&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StBtBtByEtN1L2XzuyEtFtBtCtFtDtFzzyBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0C0BzzyBzz0CtDtGtDtAzyzztG0DzyyDzytGyEtBtAyBtG0DtA0CyEyD0EyByE0Fzz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyDzytDyBtN1Q2Z1B1P1RzutCyDtCyByCtAtCzzyEtB&cr=1176942977&a=wbf_nrssi_18_05_ssg01&os_ver=6.3&os=Windows+8.1+Pro
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_18_05_ssg01&param1=1&param2=f=1&b=IE&cc=us&pa=wincy&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StBtBtByEtN1L2XzuyEtFtBtCtFtDtFzzyBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0C0BzzyBzz0CtDtGtDtAzyzztG0DzyyDzytGyEtBtAyBtG0DtA0CyEyD0EyByE0Fzz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyDzytDyBtN1Q2Z1B1P1RzutCyDtCyByCtAtCzzyEtB&cr=1176942977&a=wbf_nrssi_18_05_ssg01&os_ver=6.3&os=Windows+8.1+Pro
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_18_05_ssg01&param1=1&param2=f=1&b=IE&cc=us&pa=wincy&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StBtBtByEtN1L2XzuyEtFtBtCtFtDtFzzyBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0C0BzzyBzz0CtDtGtDtAzyzztG0DzyyDzytGyEtBtAyBtG0DtA0CyEyD0EyByE0Fzz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyDzytDyBtN1Q2Z1B1P1RzutCyDtCyByCtAtCzzyEtB&cr=1176942977&a=wbf_nrssi_18_05_ssg01&os_ver=6.3&os=Windows+8.1+Pro
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: [URL,TopResultURLFallback] = http://www.exlee.com/results.php?f=4&a=xle_installertech_16_20&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StCyCtDtCtN1L2XzutAtFtBtCtFtDtFtDtN1L1Czu2V1I1P1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyBtBtCyCtAzy0DyDtGtD0DyC0CtGtDzyyEyBtGyDzz0FyEtGyD0E0D0AtCtDzz0BtDzzyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyE&cr=1239128798&q={searchTerms} - Exlee
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: = https://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_xle_installertech_16_20&param1=1&param2=f=4&b=IE&cc=us&pa=Hodor&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StCyCzyyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyB0B0DtBtA0F0A0EtGtD0FyBtCtGzz0AtC0FtGyCtAzyyCtG0EyE0BtAtDyDyB0FyEyBzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyE&cr=1036816672&a=hdr_s_16_34_xle_installertech_16_20&os_ver=6.3&os=Windows+8.1+Pro&p={searchTerms} - YHS R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: [TopResultURLFallback] = http://www.exlee.com/results.php?f=4&a=xle_installertech_16_20&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StCyCtDtCtN1L2XzutAtFtBtCtFtDtFtDtN1L1Czu2V1I1P1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyBtBtCyCtAzy0DyDtGtD0DyC0CtGtDzyyEyBtGyDzz0FyEtGyD0E0D0AtCtDzz0BtDzzyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyE&cr=1239128798&q={searchTerms} - YHS R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: = https://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_xle_installertech_16_20&param1=1&param2=f=4&b=IE&cc=us&pa=Hodor&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StCyCzyyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyB0B0DtBtA0F0A0EtGtD0FyBtCtGzz0AtC0FtGyCtAzyyCtG0EyE0BtAtDyDyB0FyEyBzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyE&cr=1036816672&a=hdr_s_16_34_xle_installertech_16_20&os_ver=6.3&os=Windows+8.1+Pro&p={searchTerms} - YHS O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2019/02/19) O4 - HKCU\..\StartupApproved\Run: [Chromium] = c:\users\pavel\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory="Default" --restore-last-session --restore-last-session (2019/02/19) O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\Pavel\AppData\Local\Discord\app-0.0.305\Discord.exe (2019/02/19) O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent (file missing) (2019/03/20) O4 - HKCU\..\StartupApproved\Run: [McAfeeSafeConnect] = C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe (file missing) (2019/02/19) O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\Pavel\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2019/02/19) O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2019/02/19) O4 - HKCU\..\StartupApproved\Run: [World of Tanks] = C:\Games\World_of_Tanks\WargamingGameUpdater.exe (file missing) (2019/02/19) O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) O4 - HKLM\..\Run: [iTunesHelper] = C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\StartupApproved\Run32: [AirBackupHelper] = C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe (2019/03/20) O4 - HKLM\..\StartupApproved\Run32: [Dropbox] = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup (2019/02/19) O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2019/02/19) O4-32 - HKLM\..\Run: [AmazonBasics gaming software] = C:\Program Files (x86)\AmazonBasics gaming software\AmazonBasics gaming software.exe "Hide" O4-32 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll O17 - DHCP DNS 1: 192.168.1.1 O20 - HKLM\..\Windows: [AppInit_DLLs] = C:\Windows\system32\nvinitx.dll O20-32 - HKLM\..\Windows: [AppInit_DLLs] = C:\Windows\SysWOW64\nvinit.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt01: DropboxExt1 Class - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt02: DropboxExt7 Class - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt03: DropboxExt9 Class - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt04: DropboxExt3 Class - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt05: DropboxExt2 Class - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt06: DropboxExt4 Class - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt07: DropboxExt5 Class - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt08: DropboxExt8 Class - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt09: DropboxExt10 Class - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt10: DropboxExt6 Class - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt01: DropboxExt1 Class - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt02: DropboxExt7 Class - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt03: DropboxExt9 Class - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt04: DropboxExt3 Class - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt05: DropboxExt2 Class - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt06: DropboxExt4 Class - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt07: DropboxExt5 Class - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt08: DropboxExt8 Class - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt09: DropboxExt10 Class - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt10: DropboxExt6 Class - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O22 - Task (.job): (Not scheduled) DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler O22 - Task (.job): (Running) DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c O22 - Task: \Microsoft\Windows\ApplicationData\CleanupTemporaryState - C:\Windows\system32 (file missing) O23 - Service R2: ASLDR Service - (ASLDRService) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe O23 - Service R2: ATKGFNEX Service - (ATKGFNEXSrv) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service R2: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service R2: DbxSvc - C:\Windows\system32\DbxSvc.exe O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\Windows\system32\igfxCUIService.exe O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r O23 - Service R2: QMEmulatorService - C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe O23 - Service R3: iPod Service - C:\Program Files\iPod\bin\iPodService.exe O23 - Service S2: %1!s! Update Service (avast) - (avast) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /svc O23 - Service S2: Dropbox Update Service (dbupdate) - (dbupdate) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /svc O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc O23 - Service S2: Service Mgr HooplaSearch - C:\ProgramData\fb4c7509-7895-4257-8cc3-e92949418b04\plugincontainer.exe (file missing) O23 - Service S2: Update Mgr HooplaSearch - C:\Program Files (x86)\Common Files\fb4c7509-7895-4257-8cc3-e92949418b04\updater.exe (file missing) O23 - Service S3: %1!s! Update Service (avastm) - (avastm) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /medsvc O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service S3: Avast Secure Browser Elevation Service - (AvastSecureBrowserElevationService) - C:\Program Files (x86)\AVAST Software\Browser\Application\74.0.1376.132\elevation_service.exe O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service S3: Dropbox Update Service (dbupdatem) - (dbupdatem) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /medsvc O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService O23 - Service S3: VirtualBox system service - (VBoxSDS) - C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe O23 - Service S3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe Debug information: - 14.06.2019 23:02:22 - CryptCATAdminCalcHashFromFileHandle - #0 LastDllError = 193 (%1 is not a valid Win32 application.) TRUST_E_NOSIGNATURE: Not signed File: C:\Windows\system32 -- End of file - Time spent: 31.1 sec. - 41794 bytes, CRC32: FFFFFFFF. Sign: ?? I've done all the scans and here they are:
 

Attachments

Last edited by a moderator:

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
I'd rather you copy and paste the logs. I will edit your post for that, and the shot you provided is not of your device manager.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
Seems like we are dealing with a bit of malware that needs to be treated.

Adware Removal Tool Scan.



Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.











Hit Ok.









Hit next make sure to leave all items checked, for removal.











The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.



ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.






2. Once you have started the program, you will need to click the scanner button.





The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.
 

akotski1338

PCHF Member
PCHF Member
May 3, 2019
30
7
20
I'd rather you copy and paste the logs. I will edit your post for that, and the shot you provided is not of your device manager.
I'm sorry they had similar names and I wasn't paying attention smh
adwcleaner:
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-05-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-14-2019
# Duration: 00:00:09
# OS: Windows 8.1 Pro
# Cleaned: 60
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\SafeSavings
Deleted C:\ProgramData\53AB40F9-42A1-0
Deleted C:\ProgramData\53AB40F9-7255-1
Deleted C:\ProgramData\BSD\DriverHive
Deleted C:\ProgramData\BSD\DriverHiveEngine
Deleted C:\ProgramData\SafeSavings
Deleted C:\ProgramData\Tencent
Deleted C:\Users\Pavel\AppData\Local\slimware utilities inc
Deleted C:\Users\Pavel\AppData\Roaming\DRPSu
Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Not Deleted C:\Users\Pavel\AppData\Roaming\Tencent

***** [ Files ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\ACPTab
Deleted HKCU\Software\BSD
Deleted HKCU\Software\InSTab
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|PCAcceleratePro.exe
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{53e2f62a-3083-46e6-8527-cf89e4acb4ae}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AE5E8B88-E8FC-45E6-8A5B-20D1DC910AE9}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Itibiti.exe
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\drp.su
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Itibiti.exe
Deleted HKCU\Software\MySafeSavings
Deleted HKCU\Software\Norassie
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\ProductSetup\Uninstall\0B2U2Z1P0F1P1G1R1P1V0A1Q1Q0O1G
Deleted HKCU\Software\ProductSetup\Uninstall\0S1P1T1C1R1MtT0P1C1F2X1L1Q1P1QtT1S2UtT0Y1T1M1F1F
Deleted HKCU\Software\System Healer
Deleted HKCU\Software\csastats
Deleted HKCU\Software\drpsu
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0B0A4E06-CAA9-4B24-8008-887D71444E0D}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{13E320A2-0F14-4390-9D44-D2F892F419BE}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4C8445FD-B9E2-4E0A-B27C-F36225E8FBCE}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AEE94BA1-E1D6-411E-8202-260422E14465}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C262D0B8-521C-4BEE-9C64-C87C465611A3}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C6273DF3-B070-469A-91A1-FACA4C33E1F7}
Deleted HKLM\Software\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Deleted HKLM\Software\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Deleted HKLM\Software\Classes\METNSD
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Deleted HKLM\Software\Wow6432Node\BSD
Deleted HKLM\Software\Wow6432Node\CompeteInc
Deleted HKLM\Software\Wow6432Node\MySafeSavings
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\MySafeSavings
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
Deleted HKLM\Software\Wow6432Node\drpsu
Deleted HKU\.DEFAULT\Software\AppDataLow\Software\Compete
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Deleted HKU\S-1-5-18\Software\AppDataLow\Software\Compete
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}

***** [ Chromium (and derivatives) ] *****

Deleted Search Manager
Deleted Search Manager

***** [ Chromium URLs ] *****

Deleted Default
Deleted Default

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [6930 octets] - [14/06/2019 22:53:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


hijack:
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.19

Platform: x64 Windows 8.1 (Pro), 6.3.9600.19206, Service Pack: 0
Time: 14.06.2019 - 23:02 (UTC-07:00)
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: Pavel (group: Administrator) on ASUSGAMING, FirstRun: yes

Chrome: 74.0.3729.169
Internet Explorer: 11.0.9600.19204
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Fraps\fraps.exe
1 C:\Fraps\fraps64.dat
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
1 C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
1 C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
1 C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
1 C:\Program Files (x86)\AmazonBasics gaming software\AmazonBasics gaming software.exe
1 C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
1 C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
11 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
2 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
1 C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe
1 C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe
1 C:\Program Files\TxGameAssistant\AppMarket\QQExternal.exe
1 C:\Program Files\iPod\bin\iPodService.exe
1 C:\Program Files\iTunes\iTunesHelper.exe
4 C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\SwReporter\41.204.201.3\software_reporter_tool.exe
1 C:\Users\Pavel\Desktop\HiJackThis\HiJackThis.exe
1 C:\Users\Pavel\Desktop\adwcleaner_7.3.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\DbxSvc.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxEM.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\igfxTray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
12 C:\Windows\System32\svchost.exe
3 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhostex.exe
1 C:\Windows\System32\wbem\WMIADAP.exe
1 C:\Windows\System32\wbem\WmiApSrv.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_18_05_ssg01&param1=1&param2=f=1&b=IE&cc=us&pa=wincy&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StBtBtByEtN1L2XzuyEtFtBtCtFtDtFzzyBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0C0BzzyBzz0CtDtGtDtAzyzztG0DzyyDzytGyEtBtAyBtG0DtA0CyEyD0EyByE0Fzz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyDzytDyBtN1Q2Z1B1P1RzutCyDtCyByCtAtCzzyEtB&cr=1176942977&a=wbf_nrssi_18_05_ssg01&os_ver=6.3&os=Windows+8.1+Pro
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_18_05_ssg01&param1=1&param2=f=1&b=IE&cc=us&pa=wincy&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StBtBtByEtN1L2XzuyEtFtBtCtFtDtFzzyBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0C0BzzyBzz0CtDtGtDtAzyzztG0DzyyDzytGyEtBtAyBtG0DtA0CyEyD0EyByE0Fzz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyDzytDyBtN1Q2Z1B1P1RzutCyDtCyByCtAtCzzyEtB&cr=1176942977&a=wbf_nrssi_18_05_ssg01&os_ver=6.3&os=Windows+8.1+Pro
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nrssi_18_05_ssg01&param1=1&param2=f=1&b=IE&cc=us&pa=wincy&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StBtBtByEtN1L2XzuyEtFtBtCtFtDtFzzyBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0C0BzzyBzz0CtDtGtDtAzyzztG0DzyyDzytGyEtBtAyBtG0DtA0CyEyD0EyByE0Fzz0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyDzytDyBtN1Q2Z1B1P1RzutCyDtCyByCtAtCzzyEtB&cr=1176942977&a=wbf_nrssi_18_05_ssg01&os_ver=6.3&os=Windows+8.1+Pro
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: [URL,TopResultURLFallback] = http://www.exlee.com/results.php?f=4&a=xle_installertech_16_20&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StCyCtDtCtN1L2XzutAtFtBtCtFtDtFtDtN1L1Czu2V1I1P1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyBtBtCyCtAzy0DyDtGtD0DyC0CtGtDzyyEyBtGyDzz0FyEtGyD0E0D0AtCtDzz0BtDzzyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyE&cr=1239128798&q={searchTerms} - Exlee
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: = https://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_xle_installertech_16_20&param1=1&param2=f=4&b=IE&cc=us&pa=Hodor&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StCyCzyyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyB0B0DtBtA0F0A0EtGtD0FyBtCtGzz0AtC0FtGyCtAzyyCtG0EyE0BtAtDyDyB0FyEyBzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyE&cr=1036816672&a=hdr_s_16_34_xle_installertech_16_20&os_ver=6.3&os=Windows+8.1+Pro&p={searchTerms} - YHS R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: [TopResultURLFallback] = http://www.exlee.com/results.php?f=4&a=xle_installertech_16_20&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StCyCtDtCtN1L2XzutAtFtBtCtFtDtFtDtN1L1Czu2V1I1P1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyBtBtCyCtAzy0DyDtGtD0DyC0CtGtDzyyEyBtGyDzz0FyEtGyD0E0D0AtCtDzz0BtDzzyEzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyE&cr=1239128798&q={searchTerms} - YHS R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: [URL] = https://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_xle_installertech_16_20&param1=1&param2=f=4&b=IE&cc=us&pa=Hodor&cd=2XzuyEtN2Y1L1QzuyCtDtAyC0D0Dzz0F0D0CtCyD0D0AtDtBtN0D0Tzu0StCyCzyyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyB0B0DtBtA0F0A0EtGtD0FyBtCtGzz0AtC0FtGyCtAzyyCtG0EyE0BtAtDyDyB0FyEyBzzyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0D0A0Azz0FyBtG0C0AyDtBtGyEtCzz0AtG0AtAtD0AtGtAtA0D0C0EyC0EtCtDyCyB0B2QtN0A0LzuyE&cr=1036816672&a=hdr_s_16_34_xle_installertech_16_20&os_ver=6.3&os=Windows+8.1+Pro&p={searchTerms} - YHS O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2019/02/19) O4 - HKCU\..\StartupApproved\Run: [Chromium] = c:\users\pavel\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory="Default" --restore-last-session --restore-last-session (2019/02/19) O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\Pavel\AppData\Local\Discord\app-0.0.305\Discord.exe (2019/02/19) O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent (file missing) (2019/03/20) O4 - HKCU\..\StartupApproved\Run: [McAfeeSafeConnect] = C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe (file missing) (2019/02/19) O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\Pavel\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2019/02/19) O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2019/02/19) O4 - HKCU\..\StartupApproved\Run: [World of Tanks] = C:\Games\World_of_Tanks\WargamingGameUpdater.exe (file missing) (2019/02/19) O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) O4 - HKLM\..\Run: [iTunesHelper] = C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\StartupApproved\Run32: [AirBackupHelper] = C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe (2019/03/20) O4 - HKLM\..\StartupApproved\Run32: [Dropbox] = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup (2019/02/19) O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2019/02/19) O4-32 - HKLM\..\Run: [AmazonBasics gaming software] = C:\Program Files (x86)\AmazonBasics gaming software\AmazonBasics gaming software.exe "Hide" O4-32 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll O17 - DHCP DNS 1: 192.168.1.1 O20 - HKLM\..\Windows: [AppInit_DLLs] = C:\Windows\system32\nvinitx.dll O20-32 - HKLM\..\Windows: [AppInit_DLLs] = C:\Windows\SysWOW64\nvinit.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt01: DropboxExt1 Class - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt02: DropboxExt7 Class - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt03: DropboxExt9 Class - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt04: DropboxExt3 Class - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt05: DropboxExt2 Class - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt06: DropboxExt4 Class - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt07: DropboxExt5 Class - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt08: DropboxExt8 Class - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt09: DropboxExt10 Class - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt10: DropboxExt6 Class - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt01: DropboxExt1 Class - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt02: DropboxExt7 Class - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt03: DropboxExt9 Class - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt04: DropboxExt3 Class - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt05: DropboxExt2 Class - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt06: DropboxExt4 Class - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt07: DropboxExt5 Class - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt08: DropboxExt8 Class - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt09: DropboxExt10 Class - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt10: DropboxExt6 Class - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll O22 - Task (.job): (Not scheduled) DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler O22 - Task (.job): (Running) DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c O22 - Task: \Microsoft\Windows\ApplicationData\CleanupTemporaryState - C:\Windows\system32 (file missing) O23 - Service R2: ASLDR Service - (ASLDRService) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe O23 - Service R2: ATKGFNEX Service - (ATKGFNEXSrv) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service R2: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service R2: DbxSvc - C:\Windows\system32\DbxSvc.exe O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\Windows\system32\igfxCUIService.exe O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r O23 - Service R2: QMEmulatorService - C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe O23 - Service R3: iPod Service - C:\Program Files\iPod\bin\iPodService.exe O23 - Service S2: %1!s! Update Service (avast) - (avast) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /svc O23 - Service S2: Dropbox Update Service (dbupdate) - (dbupdate) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /svc O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc O23 - Service S2: Service Mgr HooplaSearch - C:\ProgramData\fb4c7509-7895-4257-8cc3-e92949418b04\plugincontainer.exe (file missing) O23 - Service S2: Update Mgr HooplaSearch - C:\Program Files (x86)\Common Files\fb4c7509-7895-4257-8cc3-e92949418b04\updater.exe (file missing) O23 - Service S3: %1!s! Update Service (avastm) - (avastm) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /medsvc O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service S3: Avast Secure Browser Elevation Service - (AvastSecureBrowserElevationService) - C:\Program Files (x86)\AVAST Software\Browser\Application\74.0.1376.132\elevation_service.exe O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service S3: Dropbox Update Service (dbupdatem) - (dbupdatem) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /medsvc O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService O23 - Service S3: VirtualBox system service - (VBoxSDS) - C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe O23 - Service S3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe Debug information: - 14.06.2019 23:02:22 - CryptCATAdminCalcHashFromFileHandle - #0 LastDllError = 193 (%1 is not a valid Win32 application.) TRUST_E_NOSIGNATURE: Not signed File: C:\Windows\system32 -- End of file - Time spent: 31.1 sec. - 41794 bytes, CRC32: FFFFFFFF. Sign: ?? minitoolbox: MiniToolBox by Farbar Version: 17-06-2016 Ran by Pavel (administrator) on 14-06-2019 at 23:06:44 Running from "C:\Users\Pavel\Desktop" Microsoft Windows 8.1 Pro (X64) Model: G46VW Manufacturer: ASUSTeK COMPUTER INC. Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= ========================= IP Configuration: ================================ Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected) Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : ASUSGAMING Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Ethernet: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30) Physical Address. . . . . . . . . : 08-60-6E-1E-E5-06 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : 60-36-DD-8F-DC-15 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 127.0.0.1 Ping request could not find host google.com. Please check the name and try again. Server: UnKnown Address: 127.0.0.1 Ping request could not find host yahoo.com. Please check the name and try again. Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 20...08 60 6e 1e e5 06 ......Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30) 17...60 36 dd 8f dc 15 ......Bluetooth Device (Personal Area Network) 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 1 306 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.) Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.) x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (06/14/2019 10:56:54 PM) (Source: Software Protection Platform Service) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (06/14/2019 10:56:38 PM) (Source: Software Protection Platform Service) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/14/2019 10:44:41 PM) (Source: Software Protection Platform Service) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/14/2019 06:45:16 PM) (Source: Software Protection Platform Service) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/14/2019 06:20:17 PM) (Source: Software Protection Platform Service) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/14/2019 06:18:24 PM) (Source: Perflib) (User: ) Description: rdyboost4 Error: (06/14/2019 06:18:00 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (06/13/2019 09:20:42 PM) (Source: Software Protection Platform Service) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent Error: (06/12/2019 10:00:00 PM) (Source: ESENT) (User: ) Description: svchost (1872) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU0399F.log. Error: (06/12/2019 09:20:43 PM) (Source: Software Protection Platform Service) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 System errors: ============= Error: (06/14/2019 10:56:09 PM) (Source: Service Control Manager) (User: ) Description: The Update Mgr HooplaSearch service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (06/14/2019 10:56:09 PM) (Source: Service Control Manager) (User: ) Description: The Service Mgr HooplaSearch service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (06/14/2019 10:55:35 PM) (Source: BTHUSB) (User: ) Description: The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled. Error: (06/14/2019 10:54:26 PM) (Source: Service Control Manager) (User: ) Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (06/14/2019 10:54:26 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. Error: (06/14/2019 10:54:08 PM) (Source: Service Control Manager) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (06/14/2019 10:54:08 PM) (Source: Service Control Manager) (User: ) Description: The QMEmulatorService service terminated unexpectedly. It has done this 1 time(s). Error: (06/14/2019 10:54:07 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Display Container LS service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. Error: (06/14/2019 10:54:07 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Telemetry Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error: (06/14/2019 10:54:07 PM) (Source: Service Control Manager) (User: ) Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (06/14/2019 10:56:54 PM) (Source: Software Protection Platform Service)(User: ) Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (06/14/2019 10:56:38 PM) (Source: Software Protection Platform Service)(User: ) Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/14/2019 10:44:41 PM) (Source: Software Protection Platform Service)(User: ) Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/14/2019 06:45:16 PM) (Source: Software Protection Platform Service)(User: ) Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/14/2019 06:20:17 PM) (Source: Software Protection Platform Service)(User: ) Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/14/2019 06:18:24 PM) (Source: Perflib)(User: ) Description: rdyboost4 Error: (06/14/2019 06:18:00 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (06/13/2019 09:20:42 PM) (Source: Software Protection Platform Service)(User: ) Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent Error: (06/12/2019 10:00:00 PM) (Source: ESENT)(User: ) Description: svchost1872SRUJet: C:\Windows\system32\SRU\SRU0399F.log-1811 (0xfffff8ed) Error: (06/12/2019 09:20:43 PM) (Source: Software Protection Platform Service)(User: ) Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 CodeIntegrity Errors: =================================== Date: 2018-02-24 14:52:25.824 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-02-24 14:52:24.513 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-01-23 17:58:27.639 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2018-01-23 17:58:26.482 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-22 18:56:50.710 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-22 18:56:50.448 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-22 18:54:04.546 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-22 18:54:04.313 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-12 20:34:47.150 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-12 20:34:46.876 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. =========================== Installed Programs ============================ Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe) Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.) AmazonBasics gaming software version 1.0.1.7 (HKLM-x32\...\AmazonBasics gaming software_is1) (Version: - ) Apple Application Support (32-bit) (HKLM-x32\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B202C7F5-7DE3-4FBF-B259-E70E625F56FC}) (Version: 7.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software) Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 74.0.1376.132 - AVAST Software) Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.53 - Piriform) Chromium (HKCU\...\Chromium) (Version: 51.0.2684.0 - Chromium) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) Discord (HKCU\...\Discord) (Version: 0.0.305 - Discord Inc.) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 425.31 - NVIDIA Corporation) Hidden Driver - San Francisco (HKLM-x32\...\Driver - San Francisco_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter) Dropbox (HKLM-x32\...\Dropbox) (Version: 74.4.115 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Fallout 4 (HKLM\...\Steam App 377160) (Version: - Bethesda Game Studios) Fallout: New Vegas (HKLM\...\Steam App 22380) (Version: - Obsidian Entertainment) Far Cry 4 (HKLM\...\Steam App 298110) (Version: - Ubisoft Montreal, Red Storm, Shanghai, Toronto, Kiev) Fraps (HKLM-x32\...\Fraps) (Version: - ) Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Grand Theft Auto V (HKLM\...\Steam App 271590) (Version: - Rockstar North) Grand Theft Auto: San Andreas (HKLM\...\Steam App 12120) (Version: - Rockstar Games) Grand Theft Auto: Vice City (HKLM\...\Steam App 12110) (Version: - Rockstar Games) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5059 - Intel Corporation) iTunes (HKLM\...\{A8AF3EF8-5010-4A92-BCCA-90F62A7D62B8}) (Version: 12.9.5.7 - Apple Inc.) Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation) Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation) Java SE Development Kit 8 Update 60 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation) K-Lite Codec Pack 11.4.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.4.0 - ) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation) Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation) Microsoft Flight Simulator X: Steam Edition (HKLM\...\Steam App 314160) (Version: - Microsoft Game Studios) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation) Minecraft1.8 (HKLM-x32\...\Minecraft1.8) (Version: - ) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Need for Speed: Hot Pursuit (HKLM\...\Steam App 47870) (Version: - Criterion Games) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.15 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Driver 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 425.31 - NVIDIA Corporation) NVIDIA GeForce Experience 3.14.1.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.1.48 - NVIDIA Corporation) NVIDIA Graphics Driver 425.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 425.31 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 23.0.0 - OBS Project) Oracle VM VirtualBox 6.0.8 (HKLM\...\{C549898A-9AA8-4CF6-8290-EF5DB8ECA766}) (Version: 6.0.8 - Oracle Corporation) paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC) Project CARS (HKLM\...\Steam App 234630) (Version: - Slightly Mad Studios) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.) Redragon Kumara Gaming Mechanical keyboard driver (HKLM-x32\...\{12F382E1-63D4-4B94-BD32-5F845E74FC79}) (Version: 2017.07.04 - Eastern Times Technology Co., Ltd ) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.4.1 - Rockstar Games) RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - ) Search the Web (Yahoo) (HKLM-x32\...\a92e2408) (Version: - ) Sonic Foundry ACID 4.0 (HKLM-x32\...\{2A38B5AA-EA84-4F87-9937-2FB23982243A}) (Version: 4.0.215 - Sonic Foundry) Sony Vegas 5.0b (HKLM-x32\...\{A7401380-F015-475B-A5AA-7AE1F23B3DB3}) (Version: 5.0.160 - Sony) Spintires: The Original Game (HKLM\...\Steam App 263280) (Version: - Oovee® Game Studios) Spotify (HKCU\...\Spotify) (Version: 1.1.8.439.g8502297d - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Tencent Gaming Buddy (HKLM-x32\...\MobileGamePC) (Version: 1.0.0.1 - Tencent Technology Company) Unturned (HKLM\...\Steam App 304930) (Version: - Smartly Dressed Games) Uplay (HKLM-x32\...\Uplay) (Version: 65.0 - Ubisoft) VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN) Windows Movie Maker 2019 (HKLM\...\{9CC29C6A-B5FE-497B-8F23-52A2557A92C0}}_is1) (Version: - VideoWin) Wondershare Filmora9(Build 9.1.2) (HKLM\...\Wondershare Filmora9_is1) (Version: - Wondershare Software) Wondershare Helper Compact 2.6.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.6.0 - Wondershare) ========================= Devices: ================================ Name: Realtek High Definition Audio Description: Realtek High Definition Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: IntcAzAudAddService Device ID: ROOT\MEDIA\0000 Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Realtek High Definition Audio Description: Realtek High Definition Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: IntcAzAudAddService Device ID: ROOT\MEDIA\0001 Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Realtek High Definition Audio Description: Realtek High Definition Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: IntcAzAudAddService Device ID: ROOT\MEDIA\0003 Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ========================= Memory info: =================================== Percentage of memory in use: 30% Total physical RAM: 8077.55 MB Available physical RAM: 5593.14 MB Total Virtual: 12045.55 MB Available Virtual: 8398.67 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:465.42 GB) (Free:93.95 GB) NTFS ========================= Users: ======================================== User accounts for \\ASUSGAMING Administrator ASPNET Guest Pavel **** End of log **** security check: SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17] WebSite: www.safezone.cc DateLog: 14.06.2019 22:46:56 Path starting: C:\Users\Pavel\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Pavel VersionXML: 6.55is-14.06.2019 ___________________________________________________________________________ Windows 8.1(6.3.9600) (x64) Professional Lang: English(0409) Installation date OS: 29.09.2015 21:01:11 LicenseStatus: Windows(R), Professional edition Windows is in Notification mode Boot Mode: Normal Default Browser: C:\Windows\system32\OpenWith.exe SystemDrive: C: FS: [NTFS] Capacity: [465.4 Gb] Used: [371.5 Gb] Free: [93.9 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.0.9600.19204 [color=red][b]Warning! [url=https://www.catalog.update.microsoft.com/Search.aspx?q=KB4503276]Download Update[/b][/color]
User Account Control enabled (Level 3)
Notify before download
Date install updates: 2018-12-22 01:25:11
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Avast Antivirus (enabled and up to date)
Windows Defender (disabled and out of date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and out of date)
Avast Antivirus (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avast Free Antivirus v.19.5.2378
Avast Update Helper v.1.4.154.333
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player v.3.0.6 Warning! Download Update
NVIDIA GeForce Experience 3.14.1.48 v.3.14.1.48 Warning! Download Update
Oracle VM VirtualBox 6.0.8 v.6.0.8
paint.net v.4.0.6
K-Lite Codec Pack 11.4.0 Full v.11.4.0 Warning! Download Update
Steam v.2.10.91.91
Microsoft .NET Framework 1.1 v.1.1.4322 Warning! This software is no longer supported.
--------------------------------- [ IM ] ----------------------------------
Discord v.0.0.305
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 211 (64-bit) v.8.0.2110.12
Java 8 Update 211 v.8.0.2110.12
Java SE Development Kit 8 Update 60 v.8.0.600.27 Warning! Download Update
Uninstall old version and install new one (jdk-8u211-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.12.9.5.7
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.19.0.0.190 Warning! Download Update
Adobe Flash Player 32 PPAPI v.32.0.0.207
Adobe Shockwave Player 12.3 v.12.3.4.204 Warning! This software is no longer supported. Please uninstall it.
swMSM v.12.0.0.1 << Hidden Warning! This software is no longer supported. Please uninstall it.
------------------------------- [ Browser ] -------------------------------
Avast Secure Browser v.74.0.1376.132
Google Chrome v.74.0.3729.169 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
aswbIDSAgent (aswbIDSAgent) - The service has stopped
C:\Program Files\AVAST Software\Avast\AvastUI.exe v.19.4.4318.533
aswbIDSAgent (aswbIDSAgent) - The service has stopped
Avast Antivirus (avast! Antivirus) - The service is running
C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.19.4.4318.0
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
Search the Web (Yahoo) Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Tencent Gaming Buddy v.1.0.0.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
MySafeSavings v.1.0.1.7 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
Itibiti RTC v.0.0.1 << Hidden Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------
 

akotski1338

PCHF Member
PCHF Member
May 3, 2019
30
7
20
Seems like we are dealing with a bit of malware that needs to be treated.

Adware Removal Tool Scan.



Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.











Hit Ok.









Hit next make sure to leave all items checked, for removal.











The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.



ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.






2. Once you have started the program, you will need to click the scanner button.





The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.
i already have an anti virus; avast
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
In your next reply I need:

Adware Removal Tool log.
Zhp Cleaner Log.
Adware Cleaner log with new settings ticked.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
i already have an anti virus; avast

I understand that, we are removing some malware/adware you seem to have accumulated. These are stand alone tools to remove adware, not replace your antivirus. These items can attribute to your connection issues.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
The tools that we are using can be cleaned up easily at the end of this, I am not asking you to switch antivirus or anything. I am making sure there we cover all variables that may be causing your issues.
 

akotski1338

PCHF Member
PCHF Member
May 3, 2019
30
7
20
The tools that we are using can be cleaned up easily at the end of this, I am not asking you to switch antivirus or anything. I am making sure there we cover all variables that may be causing your issues.
The tools that we are using can be cleaned up easily at the end of this, I am not asking you to switch antivirus or anything. I am making sure there we cover all variables that may be causing your issues.
ok i am doing the scans
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,394
551
And from what I see there is no driver for your wireless connection.


Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

Please provide a screen shot of the device manager as requested. Here is a shot of mine.

4834
 
Status
Not open for further replies.