Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC running slow for some reason.


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,708 posts
  • MVP

I don't like to disable the updates from Adobe and Google.  The Mozilla one takes care of updates for Firefox so should be on if you use Firefox.

 

Also you probably have a bunch of stuff turned off in Startup. 

 

Is it running normally now?  Is Latency Monitor happy with your system?


  • 0

Advertisements


#17
Izzy1665

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

I turned Adobe, Google, and Firefox back on.

 

With my not knowing anything about Process Explorer, I wouldn't really know how to tell if it was happy with what it sees or not. I do still see a little "lag" but only in the Firefox browser. I have refreshed it a couple times and noticed a difference right away. I do occasionally use Chrome when I get a little tired of FF acting sluggish but I seem to always find my way back to FF.

 

My startup list isn't huge and not much is turned off either.

2qsmk3d.png


  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,708 posts
  • MVP

The major thing we worry about in Process Explorer is Interrupts.  If it stays low then that's good. 

 

Latency Mon was saying:
 

Your system appears to be having trouble handling real-time audio and other tasks. You are likely to experience buffer underruns appearing as drop outs, clicks or pops. One or more DPC routines that belong to a driver running in your system appear to be executing for too long.

 

 

If the problem is gone it will say:

 

CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts.
LatencyMon has been analyzing your system for  0:00:06  (h:mm:ss) on all processors.

 

 

Not a good idea to disable the Java Update Scheduler if you have Java.  Actually best to uninstall Java unless you have some real reason for it.

 

 

For Firefox try running it in its safe mode:

 

https://www.wikihow....ox-in-Safe-Mode

 

If it runs quickly then the problem is an extension.  Try disabling about 1/2 of them (restart Firefox) and see if that makes a difference.  If it does then 1 of the extensions you disabled is at fault.  If not try the other half.  Then enable 1/2 of the 1/2 you disabled.  Try to isolate the problem to a single extension.

 

Most obvious suspect extension would be

 

FF Extension: (Honey) - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\iewfce5i.default-1526099188072\Extensions\[email protected] [2018-05-14]

 

Speedyfox can also help with slow Firefox:

 

http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..


 


  • 0

#19
Izzy1665

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

I believe I have JAVA because FB Gameroom needed it so I could play some games with my son...I THINK that is. I turned that back on in startup though.

I've only had HONEY extension for a short time, much less time than the issues I've been having so I really don't think thats the cause of my problem but I did disable it for now. I can always enable it whenever I do some shopping online, it really has saved me some money.

 

Honey is my only add-on/Extension.

2aad63l.png


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,708 posts
  • MVP

Also check your plugins.  I have 2, OpenH264 & Widevine.

 

The extension: Ublock Origin is one I highly recommend.  It will speed up surfing by blocking the ads.  You can get it for most popular browsers except IE.  If you use Facebook then you need F.B. Purity.  It blocks the many ads and suggested posts that slow Facebook down.


  • 0

#21
Izzy1665

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

I have the same 2 plug-ins as you do as well as the "Shockwave Flash". 

I went ahead and added the F.B.Purity and uBlock Origin based on your recommendation. I appreciate the heads-up on those,

 

2a6o410.png


  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,708 posts
  • MVP

How is Firefox running now?  Is the PC still running OK?


  • 0

#23
Izzy1665

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

So far it seems to be running better than before. I appreciate your help once again.

If I have any more problems that seem related to this, I'll post back to this thread. Thank you.

 

My daughters laptop is also having issues so I'm about to open a new thread on it.


  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,708 posts
  • MVP

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

If you use Facebook you need FB Purity: http://www.fbpurity.com/
To prevent a relatively new phishing attack:  In Firefox, type:

about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.
 "network.standard-url.punycode-host" Leave this one at default of Flase.
Close and restart firefox.

To test it you can go to:

https://www.xn--80ak6aa92e.com/

If the value is false you will see https://www.apple.cominstead of the correct value


If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent
http://www.majorgeek...ptoprevent.html

The free version. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!


  • 0

#25
Izzy1665

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

Ok, I've removed the programs we used and D/L several of the ones you recommended while we worked on my issue. I'm going to put those recommended ones on my wife's PC as well since she uses hers for both work and play.

Again, I appreciate your help with my issue and hope you're the one assisting me with my daughters laptop when I get the thread posted soon.


  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,708 posts
  • MVP

You can continue here if you like.  Start with FRST, Addition.txt, Process Explorer, Speccy.


  • 0

#27
Izzy1665

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

Hello again from Titusville RKinner, how about this weather we've had these last couple days :) ?

 

Anyway, I'm having Windows Update issues and wanted to know if I should continue here or start a new thread?


  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,708 posts
  • MVP


  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0

#29
Izzy1665

Izzy1665

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 118 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.11.2018 01
Ran by Bob (administrator) on LIVING-ROOM-PC (30-11-2018 19:37:50)
Running from C:\Users\Bob\Desktop\RKinner Repairs
Loaded Profiles: Bob (Available Profiles: Bob)
Platform: Windows 10 Pro Version 1803 17134.228 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.150.333\AVGBrowserCrashHandler.exe
(AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.150.333\AVGBrowserCrashHandler64.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Alcatel-Lucent) C:\Program Files\ATT\8.5.1.16\ma\bin\pcTrayApp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [290064 2018-11-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-04-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ATT_McciTrayApp] => C:\Program Files\ATT\8.5.1.16\ma\bin\pcTrayApp.exe [2943488 2015-12-11] (Alcatel-Lucent)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1067024 2018-01-03] (The Eraser Project)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [60074328 2018-07-25] (Discord Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\Run: [Discord] => C:\Users\Bob\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2018-03-04]
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-07-20]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Bob\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1387eb14-e241-4983-bf86-ea62a43c1f7d}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-26] (Oracle Corporation)

Edge:
======
Edge Extension: (Honey) -> EdgeExtension_HoneyScienceCorporationHoney_cbe4c63gm1mzr => C:\Program Files\WindowsApps\HoneyScienceCorporation.Honey_10.7.4.0_neutral__cbe4c63gm1mzr [2018-05-23]

FireFox:
========
FF DefaultProfile: g6gk6jy2.default-1538926022293
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\uqh1vwfw.default-1538876151857 [2018-11-30]
FF Extension: (Telemetry coverage) - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\uqh1vwfw.default-1538876151857\features\{7432d92a-cb0d-4874-8559-7b8b50fe1641}\telemetr[email protected] [2018-10-06] [Legacy]
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\g6gk6jy2.default-1538926022293 [2018-11-30]
FF Extension: (F.B Purity - Cleans up Facebook (WX)) - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\g6gk6jy2.default-1538926022293\Extensions\[email protected] [2018-11-21]
FF Extension: (Tampermonkey) - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\g6gk6jy2.default-1538926022293\Extensions\[email protected] [2018-11-18]
FF Extension: (Honey) - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\g6gk6jy2.default-1538926022293\Extensions\[email protected] [2018-11-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-29] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-26] (Oracle Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [2015-12-11] (AT&T)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default [2018-11-30]
CHR Extension: (Docs) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-04]
CHR Extension: (Google Drive) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-04]
CHR Extension: (YouTube) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-04]
CHR Extension: (Honey) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-12]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-11-20]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2018-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (AT&T Extension) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\okccnkhldjgdpjclfpdnlhlofcpginnm [2018-03-30]
CHR Extension: (Gmail) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-02]
CHR HKLM\...\Chrome\Extension: [okccnkhldjgdpjclfpdnlhlofcpginnm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okccnkhldjgdpjclfpdnlhlofcpginnm] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AT&T Troubleshoot & Resolve; C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\MAHostService.exe [321024 2015-12-11] (Alcatel-Lucent) [File not signed]
S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-06-28] (AVG Technologies)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [324048 2018-11-22] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [8237160 2018-11-22] (AVG Technologies CZ, s.r.o.)
S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-06-28] (AVG Technologies)
S4 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-04-17] (AVG Technologies CZ, s.r.o.)
S3 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [110048 2018-11-22] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-06-10] ()
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-17] (EasyAntiCheat Ltd)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
S4 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [241664 2012-03-26] (Atheros Communications, Inc.) [File not signed]
S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [1102848 2012-03-26] (Atheros Communications, Inc.) [File not signed]
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
S4 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [370176 2015-08-13] (Alcatel-Lucent) [File not signed]
S4 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [462336 2015-08-13] (Alcatel-Lucent) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5614592 2018-01-22] (AVG Technologies CZ, s.r.o.)
R2 unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-08-28] (Reason Software Company Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-02] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-02] (Microsoft Corporation)
S4 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [307928 2013-11-11] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athur; C:\WINDOWS\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Qualcomm Atheros Communications, Inc.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [201504 2018-11-22] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [231104 2018-11-22] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [202528 2018-11-22] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [346840 2018-11-22] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [59744 2018-11-22] (AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15344 2018-09-02] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [46648 2018-11-22] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42552 2018-11-22] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [163496 2018-11-22] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [112040 2018-11-22] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [87680 2018-11-22] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1028920 2018-11-22] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [469520 2018-11-22] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [208712 2018-11-22] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [380704 2018-11-22] (AVG Technologies CZ, s.r.o.)
S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2018-03-08] (Windows ® Win 7 DDK provider)
S3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2018-03-08] (Windows ® Win 7 DDK provider)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NPF; C:\Program Files\iVMS-4200 Station\iVMS-4200\Drivers\npf64.sys [36600 2018-08-13] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.)
S3 rspSanity; C:\WINDOWS\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Resplendence Software Projects Sp.)
S3 rspWhySoSlow; C:\WINDOWS\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Resplendence Software Projects Sp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2018-01-22] (AVG Netherlands B.V.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-11] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-08-02] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-08-02] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-02] (Microsoft Corporation)
S3 NovabenchDriver; \??\C:\Program Files\Novawave\Novabench\NovabenchDriverWin10.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-30 19:37 - 2018-11-30 19:37 - 000000000 ____D C:\FRST
2018-11-30 19:33 - 2018-11-30 19:37 - 000000000 ____D C:\Users\Bob\Desktop\RKinner Repairs
2018-11-30 16:48 - 2018-11-30 16:49 - 000000000 ____D C:\Users\Bob\Desktop\my update repair attempt
2018-11-30 15:51 - 2018-11-30 15:51 - 000000120 _____ C:\Users\Bob\Desktop\Crushed Seashell.txt
2018-11-30 15:16 - 2018-11-30 15:16 - 000000000 ___HD C:\OneDriveTemp
2018-11-30 15:05 - 2018-11-30 15:05 - 000000161 _____ C:\Users\Bob\Desktop\reset update.url
2018-11-29 17:36 - 2018-11-29 17:51 - 000000000 ____D C:\WINDOWS\system32\Catroot2.bak
2018-11-29 17:08 - 2018-09-04 17:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-11-25 13:27 - 2018-11-25 13:27 - 000239944 _____ C:\Users\Bob\Documents\2018 Benefits letter for medicaid.pdf
2018-11-25 13:26 - 2018-11-25 13:26 - 000062825 _____ C:\Users\Bob\Downloads\Benefit_Summary_Letter_11252018.pdf
2018-11-24 13:51 - 2018-11-24 13:53 - 000000000 ____D C:\Users\Bob\Desktop\Moms Laptop
2018-11-22 11:39 - 2018-11-22 11:39 - 000378640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-11-20 22:28 - 2018-11-22 23:49 - 000000098 _____ C:\Users\Bob\Desktop\TYLER RAM.txt
2018-11-20 20:11 - 2018-11-20 20:11 - 001078500 _____ C:\Users\Bob\Desktop\attchat.pdf
2018-11-18 15:05 - 2018-11-18 15:05 - 000663848 _____ C:\Users\Bob\Downloads\speedyfox.zip
2018-11-16 10:34 - 2018-11-19 18:07 - 000000357 _____ C:\Users\Bob\Desktop\Appointments.txt
2018-11-13 19:45 - 2018-11-13 19:51 - 000000103 _____ C:\Users\Bob\Desktop\HP Service order.txt
2018-11-09 16:48 - 2018-11-17 22:20 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-07 14:59 - 2018-11-07 14:59 - 000057021 _____ C:\Users\Bob\Desktop\brisket1.txt
2018-11-01 22:47 - 2018-11-01 22:48 - 000000000 ____D C:\LocalStorage
2018-11-01 22:47 - 2018-11-01 22:47 - 000002194 _____ C:\Users\Public\Desktop\iVMS-4200 Client.lnk
2018-11-01 22:47 - 2018-11-01 22:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iVMS-4200 Station
2018-11-01 22:43 - 2018-11-01 22:44 - 000000000 ____D C:\Program Files\iVMS-4200 Station
2018-11-01 22:40 - 2018-11-01 22:40 - 000000000 ____D C:\Users\Bob\AppData\Roaming\WinRAR
2018-11-01 22:39 - 2018-11-01 22:39 - 000001044 _____ C:\Users\Public\Desktop\WinRAR.lnk
2018-11-01 22:39 - 2018-11-01 22:39 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-11-01 22:39 - 2018-11-01 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-11-01 22:39 - 2018-11-01 22:39 - 000000000 ____D C:\Program Files\WinRAR
2018-11-01 22:37 - 2018-11-01 22:37 - 003190008 _____ (Alexander Roshal) C:\Users\Bob\Downloads\winrar-x64-561.exe
2018-11-01 22:10 - 2018-11-01 22:13 - 223582618 _____ C:\Users\Bob\Downloads\iVMS-4200(2.7.2.7).rar
2018-11-01 14:27 - 2018-11-22 11:39 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-11-30 19:33 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-30 19:33 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-30 19:30 - 2018-03-04 00:58 - 000000000 ____D C:\Users\Bob\AppData\LocalLow\Mozilla
2018-11-30 19:24 - 2018-05-20 02:24 - 000002216 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-11-30 19:24 - 2018-03-03 23:53 - 000000000 ___RD C:\Users\Bob\OneDrive
2018-11-30 19:23 - 2018-05-20 02:10 - 000000000 ____D C:\Users\Bob
2018-11-30 19:18 - 2018-05-20 02:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-30 19:18 - 2018-05-20 02:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-30 19:17 - 2018-09-04 17:01 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-11-30 19:17 - 2018-05-20 02:24 - 000003310 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-11-30 19:17 - 2018-05-20 02:24 - 000003048 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-30 19:17 - 2018-05-20 02:24 - 000002912 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-110091273-928939627-1752962748-1001
2018-11-30 15:54 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-30 15:22 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-30 15:14 - 2018-04-11 16:04 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-11-30 14:34 - 2018-06-14 11:58 - 000000000 ____D C:\WINDOWS\Minidump
2018-11-30 14:33 - 2018-04-12 11:27 - 000000000 ____D C:\Users\Bob\AppData\Local\CrashDumps
2018-11-29 18:48 - 2018-03-28 20:05 - 000000000 ____D C:\Users\Bob\AppData\Local\Adobe
2018-11-29 18:47 - 2018-05-20 02:24 - 000004584 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-29 18:47 - 2018-05-20 02:24 - 000004424 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-29 18:47 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-29 18:47 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-29 18:40 - 2018-03-03 21:49 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-29 17:06 - 2018-03-04 20:52 - 000000000 ____D C:\Users\Bob\AppData\Local\ElevatedDiagnostics
2018-11-29 13:03 - 2018-05-20 02:10 - 000002357 _____ C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-27 19:13 - 2018-03-04 00:48 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-27 10:02 - 2018-06-26 12:05 - 000000000 ____D C:\Users\Bob\AppData\Roaming\DVDVideoSoft
2018-11-22 11:39 - 2018-05-19 23:10 - 000469520 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000380704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000208712 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000201504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000163496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000112040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000087680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000046648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2018-11-22 11:39 - 2018-04-11 18:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-22 11:38 - 2018-05-19 23:10 - 001028920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2018-11-22 11:38 - 2018-05-19 23:10 - 000346840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2018-11-22 11:38 - 2018-05-19 23:10 - 000231104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2018-11-22 11:38 - 2018-05-19 23:10 - 000202528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2018-11-22 11:38 - 2018-05-19 23:10 - 000059744 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2018-11-21 19:45 - 2018-06-28 21:31 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk
2018-11-21 16:40 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-18 15:08 - 2018-05-28 23:19 - 000000000 ____D C:\Users\Bob\Downloads\speedyfox
2018-11-17 19:31 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-17 19:28 - 2018-09-12 11:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-17 19:28 - 2018-03-04 00:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-17 14:24 - 2018-09-12 11:46 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-13 18:44 - 2018-05-20 02:21 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-12 23:13 - 2018-03-04 20:20 - 000000416 _____ C:\WINDOWS\Tasks\update-sys.job
2018-11-12 23:13 - 2018-03-04 20:20 - 000000416 _____ C:\WINDOWS\Tasks\update-S-1-5-21-110091273-928939627-1752962748-1001.job
2018-11-12 23:11 - 2018-08-22 18:08 - 000003064 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-11-12 23:11 - 2018-06-28 21:03 - 000002594 _____ C:\WINDOWS\System32\Tasks\BlueStacksHelper
2018-11-12 23:11 - 2018-05-20 02:24 - 000003406 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-12 23:11 - 2018-05-20 02:24 - 000003360 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A29677FF-757A-4AC8-8014-4228864E097C}
2018-11-12 23:11 - 2018-05-20 02:24 - 000003182 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-12 23:11 - 2018-05-20 02:24 - 000003154 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2018-11-12 23:11 - 2018-05-20 02:24 - 000003104 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-110091273-928939627-1752962748-1001
2018-11-12 23:11 - 2018-05-20 02:24 - 000002856 _____ C:\WINDOWS\System32\Tasks\update-sys
2018-11-09 16:48 - 2018-03-04 00:48 - 000000000 ____D C:\Program Files\CCleaner
2018-11-05 19:37 - 2018-07-06 11:19 - 000000000 ____D C:\Users\Bob\Desktop\smoker folder
2018-11-01 22:43 - 2018-03-17 18:58 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-01 22:43 - 2018-03-03 23:56 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2018-10-08 22:02 - 2018-10-08 22:02 - 000000000 ____H () C:\Users\Bob\AppData\Local\BIT3252.tmp
2018-06-28 21:48 - 2018-06-28 21:48 - 000005632 _____ () C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-03-23 20:24 - 2018-03-23 20:24 - 000000017 _____ () C:\Users\Bob\AppData\Local\resmon.resmoncfg
2018-08-18 19:19 - 2018-08-18 19:21 - 000001293 _____ () C:\Users\Bob\AppData\Local\Temp1.html
2018-08-18 19:22 - 2018-08-18 19:22 - 000006591 _____ () C:\Users\Bob\AppData\Local\Temp34.html
2018-03-04 20:20 - 2018-03-04 20:20 - 000000003 _____ () C:\Users\Bob\AppData\Local\updater.log
2018-03-04 20:20 - 2018-03-04 20:20 - 000000425 _____ () C:\Users\Bob\AppData\Local\UserProducts.xml
2018-10-08 21:53 - 2018-10-08 21:53 - 000000000 _____ () C:\Users\Bob\AppData\Local\{C6E644F2-0988-4042-8DE1-06BEED3D8ABC}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-20 02:07

==================== End of FRST.txt ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.11.2018 01
Ran by Bob (30-11-2018 19:39:50)
Running from C:\Users\Bob\Desktop\RKinner Repairs
Windows 10 Pro Version 1803 17134.228 (X64) (2018-05-20 07:25:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-110091273-928939627-1752962748-500 - Administrator - Disabled)
Bob (S-1-5-21-110091273-928939627-1752962748-1001 - Administrator - Enabled) => C:\Users\Bob
DefaultAccount (S-1-5-21-110091273-928939627-1752962748-503 - Limited - Disabled)
Guest (S-1-5-21-110091273-928939627-1752962748-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-110091273-928939627-1752962748-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
AT&T Troubleshoot & Resolve (HKLM-x32\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.5.1.16 - AT&T)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.8.3071 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{9C775BB6-1453-45EB-8C78-A5CC5199113D}) (Version: 16.77.3 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.77.3.23060 - AVG Technologies)
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 70.0.659.104 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
Discord (HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Eraser 6.2.0.2982 (HKLM\...\{DFCF78CC-3DAD-4C1E-8BC6-94DC5B73461E}) (Version: 6.2.2982 - The Eraser Project)
Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
FMW 1 (HKLM\...\{DFA0CE4A-C162-40C1-A977-12E60098EB72}) (Version: 1.227.11 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
iVMS-4200(2.7.2.7) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.7.2.7 - hikvision)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{56F27690-F6EA-3356-980A-02BA379506EE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0 - Mozilla)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 2.2.0.1 - NETGEAR)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Puffin Browser version 7.6.0.452 (HKLM-x32\...\Puffin Browser_is1) (Version: 7.6.0.452 - CloudMosa, Inc.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.1.0 - Tweaking.com)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{E345A108-D9E8-456B-9550-435132D5C9CE}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{567756E0-361F-4E88-AF74-8B0E4628E5BC}) (Version: 1.12.0.0 - Microsoft Corporation) Hidden
WhySoSlow 1.00 (HKLM\...\WhySoSlowHome_is1) (Version:  - Resplendence Software Projects Sp.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22514 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-11-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-11-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1568C8CB-4699-47F2-85FF-6775FC0F51CC} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {2487DF5A-93FC-4C8B-A2F5-C1E7AC439B1F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe
Task: {3F38AC9C-5942-48D9-A79F-8CDF3BF1E2B5} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {406087F9-818F-4AD3-BA4C-05255D7FD5B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-04] (Google Inc.)
Task: {4286BFA5-A609-4A07-A424-258AE21852F3} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [2018-06-28] (AVG Technologies) <==== ATTENTION
Task: {4AFF7EEB-92C4-4A75-90D8-CA5A44232F13} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe
Task: {505BC152-7781-4A1D-80A4-8C7179B99EB9} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2018-01-22] (AVG Technologies CZ, s.r.o.)
Task: {5967FD50-EF61-4F46-B2C2-7D48D25D8271} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {78A7D284-5990-4B5C-9712-93A95FEB8369} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {7B6D3B6A-1B17-4517-AFDF-792758A6D30C} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-07-07] (Oracle Corporation)
Task: {9E82F1DC-7939-4B6A-A861-64CB00471DE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-04] (Google Inc.)
Task: {9F419D81-4A68-4243-A5C9-11EC31AF7FAD} - System32\Tasks\update-S-1-5-21-110091273-928939627-1752962748-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {B5598778-206E-46D4-85E6-2D7F4B7FA639} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {B8BCA3F2-8ECC-4AA6-BE4A-FBB6A4B30868} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-29] (Adobe Systems Incorporated)
Task: {CBA0E3BE-F6D2-466E-BCCE-278AAFB48E48} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe
Task: {DDE06B86-C55F-4D0F-A746-DBADF70C8E9C} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {E299A91B-A905-494E-9298-C6D45F5B27BF} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [2018-06-28] (AVG Technologies) <==== ATTENTION
Task: {E5B7F4E2-ADD9-44DB-A7F6-83E89BF94B1C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-29] (Adobe Systems Incorporated)
Task: {F43BCF6A-6D01-4871-B79D-7D98AD832E22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {F92089F3-6FF1-4B9E-8734-68307B566DC3} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-11-22] (AVG Technologies CZ, s.r.o.)
Task: {FC7AAA12-AD95-4C43-A622-A0688944F3D0} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-10-31] (AVG Technologies CZ, s.r.o.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-110091273-928939627-1752962748-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-11 18:34 - 2018-04-11 18:34 - 000444416 _____ () c:\windows\system32\SSDM.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-08-25 00:45 - 2018-08-02 22:09 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-06-25 23:52 - 2018-06-25 23:52 - 027126784 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-06-25 23:52 - 2018-06-25 23:52 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-06-25 23:52 - 2018-06-25 23:52 - 006735872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-03-03 22:11 - 2018-03-03 22:14 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-06-25 23:52 - 2018-06-25 23:52 - 009360384 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-03-03 23:56 - 2014-01-02 16:13 - 008266456 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
2018-04-11 18:34 - 2018-04-11 18:34 - 002068480 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 001465856 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2018-06-12 16:37 - 2018-06-08 03:55 - 003037184 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2018-04-04 00:14 - 2016-11-14 07:30 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2018-03-13 22:16 - 2018-03-13 22:14 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2018-03-04 01:13 - 2018-03-04 01:13 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2018-11-22 11:39 - 2018-11-22 11:39 - 000594192 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-03-03 23:56 - 2013-11-01 20:31 - 000278528 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [474]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2018-11-30 19:18 - 000002103 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-110091273-928939627-1752962748-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bob\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\24131584_1891126297602629_8616179405180199500_n.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AT&T Troubleshoot & Resolve => 2
MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: jswpbapi => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NovabenchService => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: pcCMService => 2
MSCONFIG\Services: pcCMService64 => 2
MSCONFIG\Services: ssh-agent => 3
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: WSWNA1100 => 2
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\StartupApproved\Run: => "Uninstall 18.131.0701.0007\amd64"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{E89EB124-57EF-4B21-927F-983BAA24DE37}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{D42B6ED9-DBAA-40D3-99A1-E034C6D1DA3C}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{8B9F07CC-FB9A-4026-8C18-E641A943C335}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{49056617-65B9-428C-BA7C-915186A049B9}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{E61513E9-D7A8-467A-9D3E-58BABBE74FBB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AEB2CEC3-5AF9-4E76-97A5-241D70DAE2C1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3D1B310A-376F-481C-BA4D-112CFD8B292B}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe
FirewallRules: [UDP Query User{31A40D39-916B-4365-A9BC-ED72B7B0D2F6}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe
FirewallRules: [TCP Query User{C5B8A256-1728-40B5-91AF-59EE8E20F3A5}C:\program files\ivms-4200 station\nginx\nginx.exe] => (Allow) C:\program files\ivms-4200 station\nginx\nginx.exe
FirewallRules: [UDP Query User{D1319AC9-92E4-4AC1-B76B-EA27D4554B42}C:\program files\ivms-4200 station\nginx\nginx.exe] => (Allow) C:\program files\ivms-4200 station\nginx\nginx.exe
FirewallRules: [{CB5684C8-2FFD-4DA3-B7C5-9BD553EA978A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{35B7760E-0AD2-4BAA-B0C0-1FCDD8D38BB6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{4DD757CE-7B8F-4EF4-A77E-77E6BDCA39DB}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
FirewallRules: [{3F99E657-6F13-4B0F-83AF-DF07D9F4C760}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{3281D272-5182-4C07-A196-E64B2D8627F4}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{1B4D88FE-710D-417E-9635-6FD7EEADDB5E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

06-11-2018 18:42:24 Scheduled Checkpoint
16-11-2018 00:39:05 Scheduled Checkpoint
25-11-2018 15:04:57 Scheduled Checkpoint
29-11-2018 17:07:54 Windows Update

==================== Faulty Device Manager Devices =============

Name: Generic Bluetooth Radio
Description: Generic Bluetooth Radio
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Cambridge Silicon Radio Ltd.
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: NETGEAR WNA1100 N150 Wireless USB Adapter
Description: NETGEAR WNA1100 N150 Wireless USB Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Netgear Inc.
Service: athur
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2018 07:28:44 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.

Error: (11/30/2018 07:18:29 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.

Error: (11/30/2018 06:28:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.

Error: (11/30/2018 05:28:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.

Error: (11/30/2018 04:30:46 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: LIVING-ROOM-PC)
Description: microsoft.skypeapp_kzf8qxf38zg5c-2147023887

Error: (11/30/2018 04:30:44 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: LIVING-ROOM-PC)
Description: microsoft.microsoftofficehub_8wekyb3d8bbwe-2147023887

Error: (11/30/2018 04:28:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.

Error: (11/30/2018 03:28:44 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.


System errors:
=============
Error: (11/30/2018 07:39:26 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.

Error: (11/30/2018 07:39:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.

Error: (11/30/2018 07:39:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.

Error: (11/30/2018 07:39:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.

Error: (11/30/2018 07:39:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.

Error: (11/30/2018 07:39:13 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.

Error: (11/30/2018 07:39:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.

Error: (11/30/2018 07:39:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.


Windows Defender:
===================================
Date: 2018-08-02 10:11:33.866
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.273.717.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15100.1
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2018-08-02 10:11:33.861
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.273.717.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15100.1
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2018-08-02 09:58:45.990
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.141.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2018-08-02 09:58:45.987
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.141.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240022
Error description: The program can't check for definition updates.

CodeIntegrity:
===================================

Date: 2018-07-26 00:35:40.816
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 62%
Total physical RAM: 4094.49 MB
Available physical RAM: 1535.72 MB
Total Virtual: 8702.49 MB
Available Virtual: 5247.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.95 GB) (Free:856.18 GB) NTFS

\\?\Volume{9dabe905-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{9dabe905-0000-0000-0000-70c3e8000000}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 9DABE905)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=468 MB) - (Type=27)

==================== End of Addition.txt ============================

 

 

 

 

 

 

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    88.57    52 K    8 K    0            
procexp64.exe    6.57    50,932 K    66,360 K    8116    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
dwm.exe    1.45    37,832 K    36,904 K    396    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    0.64    0 K    0 K    n/a    Hardware Interrupts and DPCs        
System    0.51    196 K    1,832 K    4            
firefox.exe    0.50    409,784 K    416,908 K    1192    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe    0.48    194,852 K    63,984 K    6436    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe    0.38    178,528 K    252,196 K    1488    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
NvBackend.exe    0.25    8,324 K    15,824 K    6464    NVIDIA Backend    NVIDIA Corporation    (Verified) NVIDIA Corporation
csrss.exe    0.20    2,340 K    4,548 K    636    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
AVGUI.exe    0.18    24,780 K    49,708 K    6124    AVG Antivirus    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies USA
explorer.exe    0.08    65,292 K    128,808 K    5336    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
pcTrayApp.exe    0.05    3,744 K    7,160 K    6196    mcci+McciTrayApp    Alcatel-Lucent    (No signature was present in the subject) Alcatel-Lucent
unchecky_bg.exe    0.03    1,856 K    9,192 K    5000    Unchecky Background Process    Reason Software Company Inc.    (Verified) Reason Software Company Inc.
AVGSvc.exe    0.03    98,072 K    40,488 K    2088    AVG Service    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies USA
CCleaner64.exe    0.02    10,896 K    26,360 K    7132    CCleaner    Piriform Software Ltd    (Verified) Piriform Software Ltd
services.exe    0.01    4,796 K    8,076 K    652    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.01    2,576 K    7,172 K    980    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WNA1100.exe    0.01    2,544 K    7,880 K    5684    Netgear        (Verified) NETGEAR
aswidsagenta.exe    0.01    20,172 K    34,408 K    4316    AVG Software Analyzer    AVG Technologies CZ, s.r.o.    (Verified) AVG Technologies USA
OneDrive.exe    0.01    13,944 K    40,668 K    7028    Microsoft OneDrive    Microsoft Corporation    (Verified) Microsoft Corporation
avguix.exe    < 0.01    10,056 K    18,136 K    6176    AVG User Interface    AVG Technologies CZ, s.r.o.    (Verified) AVG Netherlands B.V.
smartscreen.exe    < 0.01    18,008 K    40,392 K    9172    Windows Defender SmartScreen    Microsoft Corporation    (Verified) Microsoft Windows
pcContextHookShim.exe    < 0.01    1,636 K    7,568 K    6204    mcci+McciContextHookShim    Alcatel-Lucent    (No signature was present in the subject) Alcatel-Lucent
Lightshot.exe    < 0.01    4,712 K    9,896 K    5728    Lightshot    Skillbrains    (No signature was present in the subject) Skillbrains
svchost.exe    < 0.01    61,796 K    69,600 K    1332    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WmiPrvSE.exe        2,456 K    8,944 K    892    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        2,396 K    8,312 K    688    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,496 K    5,792 K    584    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
Video.UI.exe    Suspended    25,804 K    25,508 K    6644            (No signature was present in the subject)
unsecapp.exe        1,436 K    6,408 K    4672    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
unchecky_svc.exe        1,616 K    6,508 K    2980    Unchecky Service    Reason Software Company Inc.    (Verified) Reason Software Company Inc.
taskhostw.exe        6,448 K    16,268 K    4088    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        6,728 K    11,932 K    936    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,204 K    7,420 K    1340    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        9,988 K    23,468 K    900    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,000 K    16,948 K    1676    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,520 K    24,376 K    5008    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,580 K    14,252 K    3712    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        12,960 K    27,988 K    2852    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,772 K    8,496 K    1820    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        8,820 K    16,212 K    2408    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,228 K    7,544 K    2460    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        11,600 K    14,792 K    2844    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,340 K    10,548 K    2000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,160 K    9,868 K    888    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        32,500 K    39,620 K    2244    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        14,308 K    12,188 K    1296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,468 K    5,448 K    1348    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        11,760 K    16,836 K    1096    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,344 K    12,004 K    1560    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,012 K    11,028 K    1104    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,948 K    52,588 K    1512    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,428 K    7,992 K    2888    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,740 K    10,144 K    1080    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,064 K    13,432 K    1032    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,312 K    7,028 K    1812    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,468 K    5,116 K    3116    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,056 K    6,044 K    1136    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,328 K    26,272 K    4344    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,236 K    9,508 K    2068    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,548 K    19,576 K    7920    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,312 K    17,828 K    3020    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,284 K    9,560 K    1836    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,720 K    11,044 K    6896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,684 K    6,772 K    2200    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,512 K    4,984 K    1112    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,960 K    7,760 K    5016    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,856 K    7,516 K    2324    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,312 K    22,164 K    3732    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,848 K    5,680 K    1828    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,024 K    6,924 K    1184    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,016 K    6,748 K    2952    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,312 K    10,120 K    2864    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,220 K    8,856 K    792    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,992 K    7,736 K    3700    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,712 K    6,276 K    2992    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,196 K    8,424 K    1524    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,712 K    6,072 K    2828    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,428 K    5,124 K    2932    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,484 K    12,600 K    2708    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,348 K    8,888 K    2304    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,940 K    6,852 K    6848    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,056 K    6,944 K    1456    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,552 K    6,240 K    3780    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,132 K    6,324 K    2876    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,388 K    7,084 K    3428    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,736 K    5,876 K    2900    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,384 K    8,832 K    2600    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,020 K    7,616 K    1440    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,064 K    3,544 K    836    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,552 K    9,868 K    3256    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,296 K    8,072 K    4788    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,024 K    7,512 K    1464    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,540 K    6,604 K    1784    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,764 K    5,480 K    1948    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,244 K    10,888 K    2096    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,940 K    11,648 K    2836    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,800 K    7,992 K    3936    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,664 K    8,788 K    1304    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,960 K    5,696 K    3920    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
spoolsv.exe        5,512 K    11,196 K    2384    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        584 K    904 K    384    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
sihost.exe        5,692 K    24,384 K    4188    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
ShellExperienceHost.exe    Suspended    27,784 K    44,388 K    5816    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
SgrmBroker.exe        2,256 K    4,092 K    4900    System Guard Runtime Monitor Broker Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SecurityHealthService.exe        4,188 K    14,200 K    2908    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchUI.exe    Suspended    60,808 K    66,028 K    6004    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe        27,792 K    27,788 K    3220    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        6,476 K    23,456 K    2352    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        3,796 K    19,100 K    6308    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        5,720 K    20,156 K    6068    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        5,124 K    14,812 K    5468    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        2,316 K    8,288 K    8036    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        2,640 K    8,816 K    7280    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
Registry        2,556 K    94,236 K    88            
procexp.exe        3,144 K    10,460 K    144    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PeopleExperienceHost.exe    Suspended    18,920 K    38,216 K    8148    Windows My People    Microsoft Corporation    (Verified) Microsoft Windows
MSASCuiL.exe        2,112 K    8,628 K    5980    Windows Defender notification icon    Microsoft Corporation    (Verified) Microsoft Windows
Memory Compression        312 K    23,112 K    1860            
lsass.exe        6,160 K    14,004 K    728    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
GoogleUpdate.exe        2,388 K    532 K    2616    Google Installer    Google Inc.    (Verified) Google Inc
fontdrvhost.exe        2,164 K    5,100 K    828    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
fontdrvhost.exe        1,648 K    3,080 K    820    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe        80,416 K    113,492 K    6548    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        156,308 K    177,660 K    5432    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dasHost.exe        6,068 K    14,492 K    3196    Device Association Framework Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        4,220 K    13,424 K    5204    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe        1,856 K    4,484 K    504    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
AVGBrowserCrashHandler64.exe        1,880 K    452 K    4240    AVG Browser Update    AVG Technologies    (Verified) AVG Netherlands B.V.
AVGBrowserCrashHandler.exe        1,900 K    576 K    4272    AVG Browser Update    AVG Technologies    (Verified) AVG Netherlands B.V.
audiodg.exe        6,720 K    12,604 K    6960    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows

 

 

 

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                        88 N/A                                         
smss.exe                       384 N/A                                         
csrss.exe                      504 N/A                                         
wininit.exe                    584 N/A                                         
csrss.exe                      636 N/A                                         
services.exe                   652 N/A                                         
winlogon.exe                   688 N/A                                         
lsass.exe                      728 KeyIso, SamSs, VaultSvc                     
fontdrvhost.exe                820 N/A                                         
fontdrvhost.exe                828 N/A                                         
svchost.exe                    836 PlugPlay                                    
svchost.exe                    900 BrokerInfrastructure, DcomLaunch, Power,    
                                   SystemEventsBroker                          
svchost.exe                    936 RpcEptMapper, RpcSs                         
svchost.exe                    980 LSM                                         
dwm.exe                        396 N/A                                         
svchost.exe                    792 NcbService                                  
svchost.exe                   1032 Schedule                                    
svchost.exe                   1080 ProfSvc                                     
svchost.exe                   1096 BFE, CoreMessagingRegistrar, mpssvc         
svchost.exe                   1104 TimeBrokerSvc                               
svchost.exe                   1112 lmhosts                                     
svchost.exe                   1296 EventLog                                    
svchost.exe                   1304 UserManager                                 
svchost.exe                   1332 SysMain                                     
svchost.exe                   1340 EventSystem                                 
svchost.exe                   1348 Themes                                      
svchost.exe                   1440 SENS                                        
svchost.exe                   1456 AudioEndpointBuilder                        
svchost.exe                   1464 FontCache                                   
svchost.exe                   1512 Audiosrv                                    
svchost.exe                   1560 StateRepository                             
svchost.exe                   1784 nsi                                         
svchost.exe                   1812 Dhcp                                        
svchost.exe                   1820 Dnscache                                    
svchost.exe                   1828 DusmSvc                                     
svchost.exe                   1836 Wcmsvc                                      
Memory Compression            1860 N/A                                         
svchost.exe                   1948 hidserv                                     
svchost.exe                   2000 NlaSvc                                      
svchost.exe                   1184 WinHttpAutoProxySvc                         
svchost.exe                   1524 netprofm                                    
svchost.exe                   2068 WlanSvc                                     
AVGSvc.exe                    2088 AVG Antivirus                               
svchost.exe                   2096 ShellHWDetection                            
svchost.exe                   2200 NgcSvc                                      
svchost.exe                   2304 NcdAutoSetup                                
svchost.exe                   2324 NgcCtnrSvc                                  
spoolsv.exe                   2384 Spooler                                     
svchost.exe                   2408 Winmgmt                                     
svchost.exe                   2460 LanmanWorkstation                           
svchost.exe                   2708 LicenseManager                              
svchost.exe                   2828 DeviceAssociationService                    
svchost.exe                   2836 CryptSvc                                    
svchost.exe                   2844 DPS                                         
svchost.exe                   2852 DiagTrack                                   
svchost.exe                   2864 iphlpsvc                                    
svchost.exe                   2876 osrss                                       
svchost.exe                   2888 LanmanServer                                
svchost.exe                   2900 SstpSvc                                     
SecurityHealthService.exe     2908 SecurityHealthService                       
svchost.exe                   2932 TrkWks                                      
svchost.exe                   2952 stisvc                                      
unchecky_svc.exe              2980 unchecky                                    
svchost.exe                   2992 W32Time                                     
svchost.exe                   3020 WpnService                                  
svchost.exe                   2244 UsoSvc, wuauserv                            
svchost.exe                   1136 TapiSrv                                     
svchost.exe                   3116 WdiServiceHost                              
dasHost.exe                   3196 N/A                                         
svchost.exe                   3256 RasMan                                      
svchost.exe                   3428 SSDPSRV                                     
svchost.exe                   3920 WdiSystemHost                               
svchost.exe                   3936 PcaSvc                                      
svchost.exe                   2600 Netman                                      
svchost.exe                    888 wscsvc                                      
aswidsagenta.exe              4316 avgbIDSAgent                                
unsecapp.exe                  4672 N/A                                         
svchost.exe                   1676 CDPSvc                                      
AVGBrowserCrashHandler.ex     4272 N/A                                         
AVGBrowserCrashHandler64.     4240 N/A                                         
GoogleUpdate.exe              2616 N/A                                         
SgrmBroker.exe                4900 SgrmBroker                                  
SearchIndexer.exe             3220 WSearch                                     
svchost.exe                   3732 InstallService                              
svchost.exe                   4788 StorSvc                                     
unchecky_bg.exe               5000 N/A                                         
sihost.exe                    4188 N/A                                         
svchost.exe                   5008 CDPUserSvc_13d1bd                           
svchost.exe                   4344 WpnUserService_13d1bd                       
taskhostw.exe                 4088 N/A                                         
svchost.exe                   3712 TokenBroker                                 
svchost.exe                   5016 TabletInputService                          
ctfmon.exe                    5204 N/A                                         
explorer.exe                  5336 N/A                                         
ShellExperienceHost.exe       5816 N/A                                         
SearchUI.exe                  6004 N/A                                         
RuntimeBroker.exe             6068 N/A                                         
RuntimeBroker.exe             5468 N/A                                         
RuntimeBroker.exe             6308 N/A                                         
Video.UI.exe                  6644 N/A                                         
svchost.exe                   6896 lfsvc                                       
MSASCuiL.exe                  5980 N/A                                         
NvBackend.exe                 6464 N/A                                         
avguix.exe                    6176 N/A                                         
pcTrayApp.exe                 6196 N/A                                         
AVGUI.exe                     6124 N/A                                         
pcContextHookShim.exe         6204 N/A                                         
svchost.exe                   3780 Appinfo                                     
OneDrive.exe                  7028 N/A                                         
WNA1100.exe                   5684 N/A                                         
Lightshot.exe                 5728 N/A                                         
RuntimeBroker.exe             7280 N/A                                         
CCleaner64.exe                7132 N/A                                         
PeopleExperienceHost.exe      8148 N/A                                         
svchost.exe                   7920 OneSyncSvc_13d1bd,                          
                                   PimIndexMaintenanceSvc_13d1bd,              
                                   UnistoreSvc_13d1bd, UserDataSvc_13d1bd      
RuntimeBroker.exe             8036 N/A                                         
svchost.exe                   6848 gpsvc                                       
firefox.exe                   1488 N/A                                         
firefox.exe                   6436 N/A                                         
firefox.exe                   1192 N/A                                         
firefox.exe                   5432 N/A                                         
firefox.exe                   6548 N/A                                         
audiodg.exe                   6960 N/A                                         
smartscreen.exe               9172 N/A                                         
WmiPrvSE.exe                   892 N/A                                         
svchost.exe                   3700 swprv                                       
SearchProtocolHost.exe        2456 N/A                                         
SearchFilterHost.exe          3708 N/A                                         
dllhost.exe                   8888 N/A                                         
svchost.exe                   7596 wlidsvc                                     
RuntimeBroker.exe             8560 N/A                                         
backgroundTaskHost.exe         604 N/A                                         
svchost.exe                   7116 camsvc                                      
cmd.exe                       9008 N/A                                         
conhost.exe                    632 N/A                                         
tasklist.exe                  8708 N/A                                         
WmiPrvSE.exe                  5036 N/A                                         
 

 

 

 

SPECCY should be attached.

Attached Files


  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,708 posts
  • MVP

See if turning off Delivery Optimization helps:

 

https://www.thewindo...ry-optimization


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP