• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Lots of different BSOD

Status
Not open for further replies.
P

Plughole

PCHF Member
Jan 15, 2023
22
1
37
#1
Hi,

My computer is quite old but still runs current games on highest settings, I've upgraded my graphics card and power supply a couple of times since purchasing the computer. I'm not really all that versed on the specs and such so please take it easy on me.
I've attached the mini dump files as the sticky suggested but it wouldn't let me attach the most recent dump into a zip but i'm sure the many other ones should suffice.
I often get lots of different BSOD messages, I've tried doing some of the things google has suggested but with no luck.
Sometimes I can go more than a week without a BSOD and then sometimes I will get multiple in one day.
Sometimes even my computer won't turn on but I'll hear a strange scratching sound every 3 seconds or so but a few turn off and ons fix this.
I have cleaned inside the computer thoroughly and made sure the fans are working since I thought that might of been the sounds but all are.

Thank you for your time and please be patient with me.
 

Attachments

  • Minidump.rar
    1.8 MB · Views: 1
#2
Besides the dump files can you also give this information so the helpers know what you have.

Can you Download and run and then post. https://www.ccleaner.com/speccy/download
To publish a Speccy profile to the Web:​

In Speccy, click File, and then click Publish Snapshot.​

In the Publish Snapshot dialog box, click Yes to enable Speccy to proceed.

Speccy publishes the profile and displays a second Publish Snapshot dialog box. You can open the URL in your default browser, copy it to the clipboard, or close the dialog box.

The last part of each URL is randomized, so only people you provide with the URL will be able to find your profile.

The information given in Speccy cannot be used by anyone to hack your system

Could you also include the power supply specs E.g Cooler Master 850W Gold V2 NOT E.g 850w
 
#4
Dump: 010123-5421-01.dmp (01.01.2023 05:32:54)
Code: 0x139 - KERNEL_SECURITY_CHECK_FAILURE
Process: FxSound.exe, probably caused by: dxgmms2.sys
Third-party modules in the stack: nvlddmkm.sys
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_dxgmms2!VidSchiProcessDpcVSyncCookie
Dump: 010123-6078-01.dmp (01.01.2023 04:05:29)
Code: 0x50 - PAGE_FAULT_IN_NONPAGED_AREA
Process: chrome.exe, probably caused by: ntkrnlmp.exe
FAILURE_BUCKET_ID: AV_R_INVALID_nt!KiSchedulerApc
Dump: 011323-6468-01.dmp (13.01.2023 01:19:59)
Code: 0x50 - PAGE_FAULT_IN_NONPAGED_AREA
Process: svchost.exe, probably caused by: aswVmm.sys
Third-party modules in the stack: aswVmm.sys
FAILURE_BUCKET_ID: AV_R_INVALID_aswVmm!unknown_function
Seems at least one of the BSOD was caused by AVAST. Can you remove it, then run the Avast removal Tool.
Please download MiniToolBox and save it to your desktop.


Run the program by right clicking on it and selecting Run as administrator.
When the program opens select the following boxes:


Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP Configuration
List Winsock Entries
List last 10 Event Viewer Errors
List Installed Programs
List Devices (Only Problems)
List Users, Partitions and Memory size


Please post the log in your next reply
 
#5
All done and here is the log, sorry wasn't sure if you wanted it as an attachment or not.




Code: 
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set subinterface interface=?í????u? subinterface=ethernet_32774 mtu=1404
set subinterface interface=?í????u? subinterface=iftype53_32768 mtu=1500
set subinterface interface=?í????u? subinterface=ethernet_32770 mtu=1500


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-OM3TTAK
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D8-50-E6-41-D6-19
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a420:a79b:1d1f:432d%9(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.106(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, 16 January 2023 2:47:50 PM
   Lease Expires . . . . . . . . . . : Tuesday, 17 January 2023 2:47:50 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 64508134
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-3C-33-00-D8-50-E6-41-D6-19
   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       0.0.0.0
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 00-1A-7D-DA-71-14
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  192-168-1-1.tpgi.com.au
Address:  192.168.1.1

Name:    google.com
Addresses:  2404:6800:4006:814::200e
      142.250.204.14


Pinging google.com [142.250.204.14] with 32 bytes of data:
Reply from 142.250.204.14: bytes=32 time=25ms TTL=116
Reply from 142.250.204.14: bytes=32 time=25ms TTL=116

Ping statistics for 142.250.204.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 25ms, Maximum = 25ms, Average = 25ms
Server:  192-168-1-1.tpgi.com.au
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:24:120d::1:1
      2001:4998:24:120d::1:0
      2001:4998:44:3507::8001
      2001:4998:124:1507::f000
      2001:4998:124:1507::f001
      2001:4998:44:3507::8000
      74.6.231.20
      74.6.143.26
      98.137.11.163
      98.137.11.164
      74.6.143.25
      74.6.231.21


Pinging yahoo.com [74.6.231.20] with 32 bytes of data:
Reply from 74.6.231.20: bytes=32 time=225ms TTL=46
Reply from 74.6.231.20: bytes=32 time=227ms TTL=46

Ping statistics for 74.6.231.20:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 225ms, Maximum = 227ms, Average = 226ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...d8 50 e6 41 d6 19 ......Realtek PCIe GBE Family Controller
 11...00 1a 7d da 71 14 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.106     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.106    281
    192.168.1.106  255.255.255.255         On-link     192.168.1.106    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.106    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.106    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.106    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  9    281 fe80::/64                On-link
  9    281 fe80::a420:a79b:1d1f:432d/128
                                    On-link
  1    331 ff00::/8                 On-link
  9    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\NLAapi.dll [71168] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\winrnr.dll [34304] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [324416] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [89088] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [89088] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\NLAapi.dll [97280] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [49152] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [418416] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/16/2023 02:54:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/16/2023 02:54:21 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/16/2023 02:42:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/16/2023 02:42:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/15/2023 07:44:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/15/2023 07:44:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/15/2023 07:18:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FxSound.exe, version: 1.1.16.0, time stamp: 0x6285267e
Faulting module name: FxSound.exe, version: 1.1.16.0, time stamp: 0x6285267e
Exception code: 0xc0000005
Fault offset: 0x00000000000c5f61
Faulting process id: 0x3ae0
Faulting application start time: 0x01d928c194114b32
Faulting application path: C:\Program Files\FxSound LLC\FxSound\FxSound.exe
Faulting module path: C:\Program Files\FxSound LLC\FxSound\FxSound.exe
Report Id: fd003b3d-4486-421f-ab2a-e02c5ef3360c
Faulting package full name:
Faulting package-relative application ID:

Error: (01/15/2023 07:05:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/15/2023 07:05:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/15/2023 06:59:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   23 1.0.0.127.in-addr.arpa. PTR DESKTOP-OM3TTAK.local.


System errors:
=============
Error: (01/16/2023 02:54:39 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/16/2023 02:47:51 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/16/2023 02:47:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ProductAgentService service failed to start due to the following error:
%%1392 = The file or directory is corrupted and unreadable.

Error: (01/16/2023 02:47:27 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/16/2023 02:46:34 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-OM3TTAK)
Description: Event-ID 10005

Error: (01/16/2023 02:46:31 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-OM3TTAK)
Description: Event-ID 10005

Error: (01/16/2023 02:46:30 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: DESKTOP-OM3TTAK)
Description: There was an error while attempting to read the local hosts file.

Error: (01/16/2023 02:46:27 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-OM3TTAK)
Description: Event-ID 10005

Error: (01/16/2023 02:44:57 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/16/2023 02:44:57 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-OM3TTAK)
Description: Event-ID 10005


CodeIntegrity Errors:
====================
Date: 2023-01-16 14:51:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


=========================== Installed Programs ============================

1I_6BR0W53I3 version 156.2 (HKLM-x32\...\1I_6BR0W53I3_is1) (Version: 156.2 - LLCLnl6 SOFTWARE)
Age of Empires II: Definitive Edition (HKLM\...\Steam App 813780) (Version:  - Forgotten Empires)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Skybox Labs)
Age of Empires: Definitive Edition (HKLM\...\Steam App 1017900) (Version:  - Forgotten Empires)
Among Us (HKLM\...\Steam App 945360) (Version:  - Innersloth)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 108.0.19667.125 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
College Kings (HKLM\...\Steam App 1463120) (Version:  - Undergrad Steve)
Danganronpa: Trigger Happy Havoc (HKLM\...\ZGFuZ2Fucm9ucGF0cmlnZ2VyaGFwcHloYXZvYw_is1) (Version: 1 - )
Dear Esther: Landmark Edition (HKLM\...\Steam App 520720) (Version:  - The Chinese Room)
Defender's Quest: Valley of the Forgotten (HKLM\...\Steam App 218410) (Version:  - Level Up Labs, LLC)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Disk Drill 4.4.606.0 (HKLM-x32\...\{32a76acd-bcd6-40ec-b4b0-95c9dbf21588}) (Version: 4.4.606.0 - CleverFiles)
Disk Drill 4.4.606.0 (x64) (HKLM\...\{6332D017-BEA9-499F-8554-19AAD5D62B90}) (Version: 4.4.606.0 - CleverFiles) Hidden
Dokan Library 1.4.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0104-0000-200601191219}) (Version: 1.4.0.1000 - Dokany Project) Hidden
Dokan Library 1.4.0.1000 Bundle (HKLM-x32\...\{97cfdb6c-2faa-43ba-afbc-469e01845e99}) (Version: 1.4.0.1000 - Dokany Project)
DRAGON QUEST XI S: Echoes of an Elusive Age - Definitive Edition DEMO (HKLM\...\Steam App 1295550) (Version:  - Square Enix)
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
FINAL FANTASY IX (HKLM\...\Steam App 377840) (Version:  - SQUARE ENIX)
FINAL FANTASY VII (HKLM\...\Steam App 39140) (Version:  - Square Enix)
FINAL FANTASY X/X-2 HD Remaster (HKLM\...\Steam App 359870) (Version:  - SQUARE ENIX)
FINAL FANTASY XV WINDOWS EDITION (HKLM\...\Steam App 637650) (Version:  - Square Enix)
Find Love or Die Trying (HKLM\...\Steam App 1714320) (Version:  - Auden Jin)
FxSound (HKLM\...\{44F94A7A-3F02-44F3-8B53-69E22FB43E36}) (Version: 1.1.16.0 - FxSound LLC) Hidden
FxSound (HKLM\...\FxSound 1.1.16.0) (Version: 1.1.16.0 - FxSound LLC)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Gauntlet™  (HKLM\...\Steam App 258970) (Version:  - Arrowhead Game Studios)
Google Chrome (HKLM-x32\...\{AE46AF84-7112-3905-B1A4-EFCBA8F5EC0E}) (Version: 109.0.5414.74 - Google, Inc.)
Grandia II Anniversary Edition (HKLM\...\Steam App 330390) (Version:  - GAME ARTS Co., Ltd.)
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Halo Infinite (HKLM\...\Steam App 1240440) (Version:  - 343 Industries)
Heroes of Might and Magic 2 GOLD (HKLM-x32\...\Heroes of Might and Magic 2 GOLD_is1) (Version:  - GOG.com)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\Heroes of Might and Magic 3 Complete_is1) (Version:  - GOG.com)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
K-Lite Codec Pack 16.0.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.0.5 - KLCP)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.47 - PandoraTV)
League of Legends (HKLM-x32\...\{861927A3-8B12-4BF8-9F2A-7A4ED4C40096}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Malwarebytes version 4.5.19.229 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.19.229 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.2336.1 - McAfee, LLC)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.5381.1000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 88.0 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0 (x64 en-US)) (Version: 88.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
MPC-HC 1.7.9 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.9 - MPC-HC Team)
Neo Cab (HKLM\...\Steam App 794540) (Version:  - Chance Agency)
NMM (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.84.3 - DuskDweller)
Npcap 0.995 (HKLM-x32\...\NpcapInst) (Version: 0.995 - Nmap Project)
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.154 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.154 - NVIDIA Corporation)
NVIDIA Graphics Driver 527.37 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 527.37 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.39.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.5381.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.5381.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.5381.1000 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Perseverance: Part 1 (HKLM\...\Steam App 854870) (Version:  - Titanite Novels)
Phantasy Star Online 2 (HKLM\...\Steam App 1056640) (Version:  - SEGA)
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 7.76 - NCH Software)
Pillars of Eternity (HKLM\...\Steam App 291650) (Version:  - Obsidian Entertainment)
POSTAL 2 (HKLM\...\Steam App 223470) (Version:  - Running With Scissors)
Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.24.41 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7841 - Realtek Semiconductor Corp.)
REDRAGON Gaming Mouse (HKLM-x32\...\{5F85281F-2C9B-4690-948A-011A8A979CD4}}_is1) (Version: 1.0.34 - REDRAGON ZONE)
Replay Media Catcher 7 (7.0.3.1) (HKLM-x32\...\Replay Media Catcher 7) (Version: 7.0.3.1 - Applian Technologies)
Sanctum 2 (HKLM\...\Steam App 210770) (Version:  - Coffee Stain Studios)
SEGA Mega Drive & Genesis Classics (HKLM\...\Steam App 34270) (Version:  - D3T Limited)
Silver (HKLM\...\Steam App 606680) (Version:  - Infogrames)
Skype version 8.34 (HKLM-x32\...\Skype_is1) (Version: 8.34 - Skype Technologies S.A.)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streets of Rage 4 (HKLM-x32\...\Streets of Rage 4_is1) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1260 - SUPERAntiSpyware.com)
Tales of Berseria (HKLM\...\Steam App 429660) (Version:  - BANDAI NAMCO Studios Inc.)
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal (HKLM\...\Steam App 31170) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay  (HKLM\...\Steam App 31180) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 3 - Lair of the Leviathan  (HKLM\...\Steam App 31190) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood  (HKLM\...\Steam App 31200) (Version:  - Telltale Games)
Tales of Symphonia (HKLM\...\Steam App 372360) (Version:  - BANDAI NAMCO Entertainment Inc.)
The Banner Saga (HKLM\...\Steam App 237990) (Version:  - Stoic)
The Banner Saga 2 (HKLM\...\Steam App 281640) (Version:  - Stoic)
The Banner Saga 3 (HKLM\...\Steam App 485460) (Version:  - Stoic)
The Dark Eye: Chains of Satinav (HKLM\...\Steam App 203830) (Version:  - Daedalic Entertainment)
The Elder Scrolls V Skyrim Legendary Edition version 1.9.32.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Legendary Edition_is1) (Version: 1.9.32.8 - Mr DJ)
The Legend of Heroes: Trails of Cold Steel III Demo (HKLM\...\Steam App 1229000) (Version:  - Nihon Falcom)
The Quarry (HKLM\...\Steam App 1577120) (Version:  - Supermassive Games)
The Witcher 3: Wild Hunt (HKLM\...\Steam App 292030) (Version:  - CD PROJEKT RED)
The Witcher: Enhanced Edition (HKLM\...\Steam App 20900) (Version:  - CD PROJEKT RED)
Tomb Raider (HKLM\...\Steam App 203160) (Version:  - Crystal Dynamics)
TomTom MyDrive Connect 4.2.13.4348 (HKLM-x32\...\MyDriveConnect) (Version: 4.2.13.4348 - TomTom)
Twin USB Gamepad (HKLM-x32\...\{0AD1F05D-15F6-476D-A3BE-E3D5E3E0E023}) (Version: 1.00.0000 - yanglx)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Viber (HKLM-x32\...\{10E3240C-E70A-4664-AA56-1F137C696B59}) (Version: 6.6.0.1008 - Viber Media Inc.) Hidden
Video Hunter 2.31.0 (HKLM\...\4f60cf71-77d9-586f-9497-c078307716d3) (Version: 2.31.0 - VideoHunter)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Warhammer 40,000: Dawn of War II - Retribution (HKLM\...\Steam App 56400) (Version:  - Relic Entertainment)
Warhammer: Vermintide 2 (HKLM\...\Steam App 552500) (Version:  - Fatshark)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Wing Commander III (HKLM-x32\...\1207658966_is1) (Version: 1.4 - GOG.com)
WinRAR 6.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
Zero Escape The Nonary Games (HKLM-x32\...\Zero Escape The Nonary Games_is1) (Version:  - )

Packages:
=========
@{Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Photos.MediaEngineDLC/Resources/PackageStoreName} -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2023-01-14] (Microsoft Corporation)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2023-01-14] (Fitbit)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_141.2.441.0_x64__v10z8vjag6ke6 [2023-01-14] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2023-01-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2023-01-14] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2023-01-14] (NVIDIA Corp.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2023-01-14] (Twitter Inc.)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 16322.7 MB
Available physical RAM: 12583.87 MB
Total Virtual: 17986.7 MB
Available Virtual: 12800.27 MB

========================= Partitions: =====================================

1 Drive c: (WINDOWS 10 SSD) (Fixed) (Total:110.43 GB) (Free:31.03 GB) NTFS
2 Drive d: (DATA HDD) (Fixed) (Total:1863.01 GB) (Free:547.91 GB) NTFS
4 Drive f: (IRM_CCSA_X64FRE_EN-GB_DV5) (CDROM) (Total:3.64 GB) (Free:0 GB) UDF
5 Drive g: (Elements) (Fixed) (Total:2794.52 GB) (Free:2458.69 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP-OM3TTAK

Administrator            DefaultAccount           Guest                   
Owner                    WDAGUtilityAccount      


**** End of log ****
 

Attachments

  • MTB.txt
    30.7 KB · Views: 5
Last edited by a moderator:
#7
where to start
First is you need to free up some space on C: drive. You do not have enough room to run windows properly.
Also can you uninstall java if not needed.
Uninstall hitman pro - can be reinstalled later
Uninstall Bonjour
  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to perform an advanced DISM scan and press Enter: DISM /Online /Cleanup-Image /ScanHealth
When finished
  1. Open Start.
  2. Search for Command Prompt, right-click the top result, and select the Run as administrator option.
  3. Type the following command to repair the installation and press Enter:SFC /scannow

www.windowscentral.com

How to use DISM command tool to repair Windows 10 image

If Windows 10 has missing or corrupted files, this guide will show you how to repair the setup using the DISM and SFC command tools.
www.windowscentral.com www.windowscentral.com
 
#8
It's hard to free up space on C because I do everything I can to not install things on there, even if certain programs want to be installed there. I was able to delete a large folder of movies an ex partner had on there that I wasn't aware of but afterwards C still only has 31.6GB spare.
I uninstalled those 2 programs but I couldn't locate Java anywhere on my computer.
I did those 2 command prompt directions and the first one said, "No component store corruption detected". But the second one said, "Windows Resource Protection found corrupt files but was unable to fix some of them."
I'm not sure if you want the log file that it listed but I'll attach it just in case.

Again thank you for your time.
 

Attachments

  • CBS.log
    1.9 MB · Views: 0
#9
The low space is going to cause you problems. You need to think about upgrading your C drive.
  • Press the Windows key and type cmd. Right-click "Command Prompt" and choose "Run as administrator".
  • Enter the following command: chkdsk C: /f /r
Try sfc/ scannow after chkdsk
 
#10
@Plughole

Did you install this?

1I_6BR0W53I3 version 156.2 (HKLM-x32\...\1I_6BR0W53I3_is1) (Version: 156.2 - LLCLnl6 SOFTWARE)

From my research this indeed may be malware/adware.

If you would like we can check your machine for malware/spyware. Simply Uninstalling may leave remnants behind...
 
#11

@PeterOz

I did what you asked and the same message popped up, "Windows Resource Protection found corrupt files but was unable to fix some of them."
It won't allow me to attach the log file as it's too large apparently, would you like me to copy and paste it?
One thing I will say is that I haven't had any BSOD yet since we started doing this.
In regards to upgrading my C drive, I'm presuming that I can't lower my HDD memory and put some of that memory on my SSD because they are different types of harddrive?
@Malnutrition
I don't know anything about that file or software.
I would appreciate the help with any malware or spyware I might have if you're happy to do so.
 
#12
Did chkdsk report any errors?
  • Increasing the C drive across two disks is not possible.
The only way is to put a new drive in. Transferring the data is easy to do.
However, I know not everyone can afford to just buy new drives because we recommend doing it.
In my opinion you should have a minimum of 500GB. If budget allows 1TB.
Windows is only going to get bigger with updates.
You then try and limit C drive to windows and games. A lot of programs can work from another drive, but with
1TB you should have enough room for windows, games and programs.
All movies, pics, documents you save to your other drive.
Plughole said:
One thing I will say is that I haven't had any BSOD yet since we started doing this.
Click to expand...
That is good.
Let @Malnutrition check for malware.
Malware could be stopping SFC from running.
 
#13
@Plughole
Uninstall Useless programs!
Hit the windows key and R at the same time.
Type appwiz.cpl hit ok.
Uninstall these programs below.


1I_6BR0W53I3 version 156.2
Avast Secure Browser
Avast Update Helper
Bonjour
McAfee Security Scan Plus

Uninstall with Geek Uninstaller if you have trouble removing one of these. If the program is not listed, then skip it and move to the next.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.
If you are unsure if your operating system is 32 or 64 Bit please go HERE.
Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu
If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.
  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select Scan
  4. Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



2016-08-12_152002.jpg




Please Attach the contents of these logs in your next post for review by our Security Team
 
Last edited:
#14

@PeterOz


Unfortunately I got another BSOD this morning when I went to use Chrome, the message was MEMORY_MISMATCH.
I do not know if the chkdsk came up with any errors, it told me I was unable to run it until I reset my computer which I did and I saw it scanning something during startup so I left and came back and didn't see anything to let me know, sorry!
When I get the chance I'll order a new SSD. I just need to find out what connection my current one uses.

@Malnutrition


All done but I had to use the Geek Uninstaller to force remove Mcaffee as neither windows or Geek Uninstaller would do anything when I clicked uninstall.
It's hard for me to know what the useless programs are as I generally don't know what they actually are or do. I would have no idea if windows need them to run.
Attached the two text files.

Again thank you both for your time and efforts.
 

Attachments

  • FRST.txt
    37.8 KB · Views: 3
  • Addition.txt
    63.6 KB · Views: 3
#15
@Plughole

Hit the windows key and R at the same time.
Type appwiz.cpl hit ok.
Uninstall these program below.

Bitdefender Agent
Download and run Startup lite.


Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code: 
Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy:
HKLM-x32\...\Run: [] => [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.2336\McCHSvc.exe" [X]
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
C:\WINDOWS\system32\drivers\amsdk.sys
C:\Program Files\McAfee Security Scan
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {70C7D61B-56ED-4603-BEF3-379E154D94F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
S3 cpuz149; C:\Users\Owner\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [44320 2023-01-15] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION
HKLM-x32\...\Run: [VirtualCloneDrive] => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s (No File)
Task: {026BEAEF-0461-4116-9E4B-720E1B2F4EEA} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe /update:avast-vpn /silent (No File)
Task: {11183B74-D89C-4CE6-91A9-7E9F3737AEDD} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe (No File)
Task: {70C7D61B-56ED-4603-BEF3-379E154D94F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {C16C6FCA-A078-4482-B55D-DDD7033AA685} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (No File)
Task: {C3B118BC-AA89-4B02-BBFD-A8031C5E1C6E} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent (No File)
Task: {CB464C8C-70A7-473D-8091-1048E1B6A51B} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe /update:avast-du /silent (No File)
Task: {E98AEA25-E2EF-4A3C-834B-DFE140296019} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1 (No File)
C:\Program Files\Common Files\Avast Software
C:\Program Files\AVAST Software
C:\ProgramData\Avast Software
Task: {394AEC87-2BF9-4E6A-A878-CF7E099A4FA5} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 52339fa6-d459-41d5-b3d8-e48496626d2a
Task: {A3CA7EF2-ECF0-4020-A357-6FA3EA85324B} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\Cleanup\log" --guid bfb8b566-8d5d-43c6-a94d-5a585fa0d2cc
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{2b723b6d-a727-4755-ad5e-489208c21d4f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2c0cba30-48b8-4c1b-8fa4-43d5e5a4b9a4}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{acbfd70e-0da8-4512-a045-cdc34019cf5a}: [DhcpNameServer] 192.168.1.1 0.0.0.0
C:\Windows\System32\drivers\etc\hosts
Hosts:
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7ahq4wbu.default\Extensions\sp@avast.com.xpi [2020-02-09]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2021-04-26] (AVAST Software s.r.o. -> The OpenVPN Project)
S3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [51112 2022-12-09] (Avast Software s.r.o. -> AVAST Software)
C:\WINDOWS\System32\drivers\aswTap.sys
C:\WINDOWS\System32\drivers\aswWintun.sys
C:\ProgramData\AVAST Software
C:\Users\Owner\AppData\Local\AVAST Software
C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
C:\WINDOWS\system32\Tasks\Avast Emergency Update
C:\Users\Owner\AppData\Roaming\530354923
C:\Users\Owner\AppData\Local\{3C751BC8-D380-42A6-910D-A8AAA123601E}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
Task: {A68728B3-886B-4D1E-A15D-3EEC8765DD21} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [465872 2018-05-16] () [File not signed]
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] () [File not signed]
C:\Program Files\Bitdefender Agent
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID\{88B20FC8-EBD6-4181-B5F6-50F45BFF722E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID\{997809F3-33FD-4FD6-A2ED-CEF50F3263B1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\1.3.169.31\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID\{BFBE0943-74C5-40E0-9E80-0B808109E95D}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\1.3.163.19\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID\{D1CE12B0-2529-4B24-BE8E-189735EA0DC1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\psuser_64.dll => No File
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll -> No File
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll -> No File
FirewallRules: [UDP Query User{8B652721-21BA-4109-ABBB-DEA91EFD13DD}D:\persona.4.golden-goldberg\day\p4g.exe] => (Allow) D:\persona.4.golden-goldberg\day\p4g.exe => No File
FirewallRules: [TCP Query User{1FEBCC38-859C-4954-B774-EC757C879803}D:\persona.4.golden-goldberg\day\p4g.exe] => (Allow) D:\persona.4.golden-goldberg\day\p4g.exe => No File
FirewallRules: [{6D8DE446-00D8-4436-A52C-258A1DD35DA9}] => (Block) D:\Games\Zero Escape The Nonary Games\ze1.exe => No File
FirewallRules: [{24081896-1C25-4251-BA0E-9D4BDE0D797A}] => (Block) D:\Games\Zero Escape The Nonary Games\Launcher.exe => No File
FirewallRules: [{2C1FAEE5-74C6-4078-82CA-5E758797B0C6}] => (Block) D:\Games\Zero Escape The Nonary Games\Launcher.exe => No File
FirewallRules: [{64C05F22-F86A-456A-809A-DB4099CB7169}] => (Block) D:\Games\Zero Escape The Nonary Games\ze1.exe => No File
FirewallRules: [UDP Query User{9DDDC0B9-E53C-4FAB-AEBE-82331BCC2A1F}D:\sc2\starcraft ii\versions\base77535\sc2_x64.exe] => (Allow) D:\sc2\starcraft ii\versions\base77535\sc2_x64.exe => No File
FirewallRules: [TCP Query User{F2ACE6B3-CEED-41C2-B724-7F0661D5DB42}D:\sc2\starcraft ii\versions\base77535\sc2_x64.exe] => (Allow) D:\sc2\starcraft ii\versions\base77535\sc2_x64.exe => No File
FirewallRules: [UDP Query User{B0A213B5-F0DC-4C08-A115-8ABD37EF94AB}D:\heroes of might and magic 3 complete\heroes3.exe] => (Allow) D:\heroes of might and magic 3 complete\heroes3.exe => No File
FirewallRules: [TCP Query User{B8468D9C-9E81-46F6-A65B-7AFCBD1DB42B}D:\heroes of might and magic 3 complete\heroes3.exe] => (Allow) D:\heroes of might and magic 3 complete\heroes3.exe => No File
FirewallRules: [TCP Query User{9350908F-B702-4CC4-82C5-69159B7027BB}D:\wc3\warcraft iii\war3.exe] => (Allow) D:\wc3\warcraft iii\war3.exe => No File
FirewallRules: [UDP Query User{44D192EC-F3F8-4509-90A6-E25CA36DB984}D:\wc3\warcraft iii\war3.exe] => (Allow) D:\wc3\warcraft iii\war3.exe => No File
FirewallRules: [{050505BE-F974-4547-8467-6F88356A774F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{AF99CA0D-3BF0-4BB3-AB1A-C6CE84B50F07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{0F9B06EF-0458-49E8-A732-9CC62B04A48D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{EBC8B7D9-E24F-4057-B887-79E00D691184}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
FirewallRules: [{65051290-0893-4091-B2B6-8D2A46531502}] => (Allow) LPort=57209
FirewallRules: [{41E00AED-65EA-4467-A4BD-F6FFF1F14FDE}] => (Allow) LPort=57210
FirewallRules: [{33E38B84-A714-420F-B61F-06479EFF6CE1}] => (Allow) LPort=57211
FirewallRules: [{556C40E7-451F-4322-A04A-E5A780675790}] => (Allow) LPort=57212
FirewallRules: [{EDD7DDF0-3BDD-4FAC-B335-F2101402A96D}] => (Allow) LPort=57213
FirewallRules: [{CE9E6C41-028B-428D-94F6-634B5663A0D5}] => (Allow) LPort=57214
FirewallRules: [{2B5A8E0E-E71B-41F3-8135-87EB259CA9A3}] => (Allow) LPort=57215
FirewallRules: [{5FAE1C4A-FD86-468F-A29D-479B75A98352}] => (Allow) LPort=57216
FirewallRules: [{8DFFEFD1-9A77-456B-8F6E-C43A36754EE8}] => (Allow) LPort=57217
FirewallRules: [{6772F684-0980-4699-B515-F4F356AE110B}] => (Allow) LPort=57218
FirewallRules: [{5971A661-4C8F-4ED3-96CA-3E309E2CEC72}] => (Allow) LPort=57209
FirewallRules: [{5B075BF0-2EE4-4519-AB2C-1737DF35BF57}] => (Allow) LPort=57210
FirewallRules: [{37798BAA-E237-4AAE-9A1A-BB64241F090F}] => (Allow) LPort=57211
FirewallRules: [{68284A71-3356-4756-84B5-9A883D94F439}] => (Allow) LPort=57212
FirewallRules: [{8B836019-A25B-4D4E-83F1-C4262832DA85}] => (Allow) LPort=57213
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: net stop bits
Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
cmd: net start bits
cmd:  bitsadmin /list /allusers
CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
CMD: "C:\Windows\SysWOW64\lodctr.exe /R"
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
CMD: ipconfig /flushdns
C:\ProgramData\Temp\*
C:\Program Files (x86)\Temp\*
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
C:\Windows\SystemTemp\*.tmp
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\LocalLow\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\AllUserName\AppData\LocalLow\Temp\*
C:\Users\AllUserName\Appdata\Local\Temp\*
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
emptytemp:
Reboot:
End::
Adware Cleaner
  • Download AdwCleaner and save it to your Desktop
  • Right-click on AdwCleaner.exeand select, Run as Administrator
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete
  • Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
  • Close all other open windows and allow it to restart
  • After the restart, Notepad will open with the AdwCleaner cleaning log
  • Please Attach the contents of that log into your next reply to me
 
#16
I had some problems doing the steps in the last post.
I uninstalled bitdefender but startup lite wouldn't open when I pressed on your link. A tab would try and open but it would just close straight away, I googled startup lite and downloaded from there and it said there was no unnecessary startups found.
When I try to press fix in FRST it tells me, " No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located.
So it's not creating one for me.
I downloaded Adware Cleaner but haven't installed or run anything yet as I thought perhaps completing the FRST step might need to be done first.
 
#17
@Plughole
No worries on startup lite. It is just a program to reduce startups on your machine, not really needed.

As far as FRST fix, you need to make sure and copy from start:: to end:: inside the code box, then right click frst run as admin then hit the fix button.

Run adware cleaner before or after FRST does not matter.
 
Last edited:
#18
To make it a little easier, copy all the text in red below. From Start:: to End::
Right Click FRST run as admin.
Click the Fix button.


Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy:
HKLM-x32\...\Run: [] => [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.2336\McCHSvc.exe" [X]
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
C:\WINDOWS\system32\drivers\amsdk.sys
C:\Program Files\McAfee Security Scan
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {70C7D61B-56ED-4603-BEF3-379E154D94F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
S3 cpuz149; C:\Users\Owner\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [44320 2023-01-15] (CPUID S.A.R.L.U. -> CPUID) <==== ATTENTION
HKLM-x32\...\Run: [VirtualCloneDrive] => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s (No File)
Task: {026BEAEF-0461-4116-9E4B-720E1B2F4EEA} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe /update:avast-vpn /silent (No File)
Task: {11183B74-D89C-4CE6-91A9-7E9F3737AEDD} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe (No File)
Task: {70C7D61B-56ED-4603-BEF3-379E154D94F9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {C16C6FCA-A078-4482-B55D-DDD7033AA685} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (No File)
Task: {C3B118BC-AA89-4B02-BBFD-A8031C5E1C6E} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent (No File)
Task: {CB464C8C-70A7-473D-8091-1048E1B6A51B} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe /update:avast-du /silent (No File)
Task: {E98AEA25-E2EF-4A3C-834B-DFE140296019} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1 (No File)
C:\Program Files\Common Files\Avast Software
C:\Program Files\AVAST Software
C:\ProgramData\Avast Software
Task: {394AEC87-2BF9-4E6A-A878-CF7E099A4FA5} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe -> --send "dumps|report" --silent --product 11 --programpath "C:\Program Files\Avast Software\SecureLine VPN" --configpath "C:\ProgramData\Avast Software\SecureLine VPN" --path "C:\ProgramData\Avast Software\SecureLine VPN\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\SecureLine VPN\log" --guid 52339fa6-d459-41d5-b3d8-e48496626d2a
Task: {A3CA7EF2-ECF0-4020-A357-6FA3EA85324B} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe -> --send "dumps|report" --silent --product 62 --programpath "C:\Program Files\Avast Software\Cleanup\Setup\.." --configpath "C:\Program Files\Avast Software\Cleanup\Setup" --path "C:\ProgramData\Avast Software\Cleanup\log" --path "C:\ProgramData\Avast Software\Icarus\Logs" --logpath "C:\ProgramData\Avast Software\Cleanup\log" --guid bfb8b566-8d5d-43c6-a94d-5a585fa0d2cc
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{2b723b6d-a727-4755-ad5e-489208c21d4f}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2c0cba30-48b8-4c1b-8fa4-43d5e5a4b9a4}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{acbfd70e-0da8-4512-a045-cdc34019cf5a}: [DhcpNameServer] 192.168.1.1 0.0.0.0
C:\Windows\System32\drivers\etc\hosts
Hosts:
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7ahq4wbu.default\Extensions\sp@avast.com.xpi [2020-02-09]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2021-04-26] (AVAST Software s.r.o. -> The OpenVPN Project)
S3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [51112 2022-12-09] (Avast Software s.r.o. -> AVAST Software)
C:\WINDOWS\System32\drivers\aswTap.sys
C:\WINDOWS\System32\drivers\aswWintun.sys
C:\ProgramData\AVAST Software
C:\Users\Owner\AppData\Local\AVAST Software
C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
C:\WINDOWS\system32\Tasks\Avast Emergency Update
C:\Users\Owner\AppData\Roaming\530354923
C:\Users\Owner\AppData\Local\{3C751BC8-D380-42A6-910D-A8AAA123601E}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
Task: {A68728B3-886B-4D1E-A15D-3EEC8765DD21} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [465872 2018-05-16] () [File not signed]
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] () [File not signed]
C:\Program Files\Bitdefender Agent
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID\{88B20FC8-EBD6-4181-B5F6-50F45BFF722E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID\{997809F3-33FD-4FD6-A2ED-CEF50F3263B1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\1.3.169.31\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID\{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID\{BFBE0943-74C5-40E0-9E80-0B808109E95D}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\1.3.163.19\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID\{D1CE12B0-2529-4B24-BE8E-189735EA0DC1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\1.3.165.21\psuser_64.dll => No File
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll -> No File
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll -> No File
FirewallRules: [UDP Query User{8B652721-21BA-4109-ABBB-DEA91EFD13DD}D:\persona.4.golden-goldberg\day\p4g.exe] => (Allow) D:\persona.4.golden-goldberg\day\p4g.exe => No File
FirewallRules: [TCP Query User{1FEBCC38-859C-4954-B774-EC757C879803}D:\persona.4.golden-goldberg\day\p4g.exe] => (Allow) D:\persona.4.golden-goldberg\day\p4g.exe => No File
FirewallRules: [{6D8DE446-00D8-4436-A52C-258A1DD35DA9}] => (Block) D:\Games\Zero Escape The Nonary Games\ze1.exe => No File
FirewallRules: [{24081896-1C25-4251-BA0E-9D4BDE0D797A}] => (Block) D:\Games\Zero Escape The Nonary Games\Launcher.exe => No File
FirewallRules: [{2C1FAEE5-74C6-4078-82CA-5E758797B0C6}] => (Block) D:\Games\Zero Escape The Nonary Games\Launcher.exe => No File
FirewallRules: [{64C05F22-F86A-456A-809A-DB4099CB7169}] => (Block) D:\Games\Zero Escape The Nonary Games\ze1.exe => No File
FirewallRules: [UDP Query User{9DDDC0B9-E53C-4FAB-AEBE-82331BCC2A1F}D:\sc2\starcraft ii\versions\base77535\sc2_x64.exe] => (Allow) D:\sc2\starcraft ii\versions\base77535\sc2_x64.exe => No File
FirewallRules: [TCP Query User{F2ACE6B3-CEED-41C2-B724-7F0661D5DB42}D:\sc2\starcraft ii\versions\base77535\sc2_x64.exe] => (Allow) D:\sc2\starcraft ii\versions\base77535\sc2_x64.exe => No File
FirewallRules: [UDP Query User{B0A213B5-F0DC-4C08-A115-8ABD37EF94AB}D:\heroes of might and magic 3 complete\heroes3.exe] => (Allow) D:\heroes of might and magic 3 complete\heroes3.exe => No File
FirewallRules: [TCP Query User{B8468D9C-9E81-46F6-A65B-7AFCBD1DB42B}D:\heroes of might and magic 3 complete\heroes3.exe] => (Allow) D:\heroes of might and magic 3 complete\heroes3.exe => No File
FirewallRules: [TCP Query User{9350908F-B702-4CC4-82C5-69159B7027BB}D:\wc3\warcraft iii\war3.exe] => (Allow) D:\wc3\warcraft iii\war3.exe => No File
FirewallRules: [UDP Query User{44D192EC-F3F8-4509-90A6-E25CA36DB984}D:\wc3\warcraft iii\war3.exe] => (Allow) D:\wc3\warcraft iii\war3.exe => No File
FirewallRules: [{050505BE-F974-4547-8467-6F88356A774F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{AF99CA0D-3BF0-4BB3-AB1A-C6CE84B50F07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{0F9B06EF-0458-49E8-A732-9CC62B04A48D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{EBC8B7D9-E24F-4057-B887-79E00D691184}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
FirewallRules: [{65051290-0893-4091-B2B6-8D2A46531502}] => (Allow) LPort=57209
FirewallRules: [{41E00AED-65EA-4467-A4BD-F6FFF1F14FDE}] => (Allow) LPort=57210
FirewallRules: [{33E38B84-A714-420F-B61F-06479EFF6CE1}] => (Allow) LPort=57211
FirewallRules: [{556C40E7-451F-4322-A04A-E5A780675790}] => (Allow) LPort=57212
FirewallRules: [{EDD7DDF0-3BDD-4FAC-B335-F2101402A96D}] => (Allow) LPort=57213
FirewallRules: [{CE9E6C41-028B-428D-94F6-634B5663A0D5}] => (Allow) LPort=57214
FirewallRules: [{2B5A8E0E-E71B-41F3-8135-87EB259CA9A3}] => (Allow) LPort=57215
FirewallRules: [{5FAE1C4A-FD86-468F-A29D-479B75A98352}] => (Allow) LPort=57216
FirewallRules: [{8DFFEFD1-9A77-456B-8F6E-C43A36754EE8}] => (Allow) LPort=57217
FirewallRules: [{6772F684-0980-4699-B515-F4F356AE110B}] => (Allow) LPort=57218
FirewallRules: [{5971A661-4C8F-4ED3-96CA-3E309E2CEC72}] => (Allow) LPort=57209
FirewallRules: [{5B075BF0-2EE4-4519-AB2C-1737DF35BF57}] => (Allow) LPort=57210
FirewallRules: [{37798BAA-E237-4AAE-9A1A-BB64241F090F}] => (Allow) LPort=57211
FirewallRules: [{68284A71-3356-4756-84B5-9A883D94F439}] => (Allow) LPort=57212
FirewallRules: [{8B836019-A25B-4D4E-83F1-C4262832DA85}] => (Allow) LPort=57213
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: net stop bits
Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db C:\ProgramData\Microsoft\Network\Downloader\qmgr*.db.old
cmd: net start bits
cmd: bitsadmin /list /allusers
CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
CMD: "C:\Windows\SysWOW64\lodctr.exe /R"
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
CMD: ipconfig /flushdns
C:\ProgramData\Temp\*
C:\Program Files (x86)\Temp\*
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
C:\Windows\SystemTemp\*.tmp
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\LocalLow\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
C:\Users\AllUserName\AppData\LocalLow\Temp\*
C:\Users\AllUserName\Appdata\Local\Temp\*
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
emptytemp:
Reboot:
End::
 
Last edited:
#19
Okay I'm really hoping that worked. The Adware Cleaner had things quite different to what you described but I'm sure I did what you wanted regardless.
 

Attachments

  • Fixlog.txt
    307.4 KB · Views: 2
  • AdwCleaner[C03].txt
    2.6 KB · Views: 8
#20
OK, let's dig a little deeper, we have removed a lot of trash and I want to make certain every bit of rubbish is cleaned.

Run this tool for me, it is similar to FRST but checks in different areas. I’ll check logs and provide another fix for you.

Download ZHP Suite to your desktop.
Right Click Run as admin.
Hit the scanner button.
Once it is complete a file name ZHPdiag.txt will be on your desktop.
Attach it.

How is the computer running, any more bsod?
 
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu