Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29.11.2018 01
Ran by Bob (administrator) on LIVING-ROOM-PC (30-11-2018 19:37:50)
Running from C:\Users\Bob\Desktop\RKinner Repairs
Loaded Profiles: Bob (Available Profiles: Bob)
Platform: Windows 10 Pro Version 1803 17134.228 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.150.333\AVGBrowserCrashHandler.exe
(AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.4.150.333\AVGBrowserCrashHandler64.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Alcatel-Lucent) C:\Program Files\ATT\8.5.1.16\ma\bin\pcTrayApp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [290064 2018-11-22] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-04-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ATT_McciTrayApp] => C:\Program Files\ATT\8.5.1.16\ma\bin\pcTrayApp.exe [2943488 2015-12-11] (Alcatel-Lucent)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1067024 2018-01-03] (The Eraser Project)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [60074328 2018-07-25] (Discord Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-07-07] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\Run: [Discord] => C:\Users\Bob\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19476424 2018-11-06] (Piriform Software Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2018-03-04]
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2018-07-20]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Bob\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1387eb14-e241-4983-bf86-ea62a43c1f7d}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll [2018-07-26] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-07-26] (Oracle Corporation)
Edge:
======
Edge Extension: (Honey) -> EdgeExtension_HoneyScienceCorporationHoney_cbe4c63gm1mzr => C:\Program Files\WindowsApps\HoneyScienceCorporation.Honey_10.7.4.0_neutral__cbe4c63gm1mzr [2018-05-23]
FireFox:
========
FF DefaultProfile: g6gk6jy2.default-1538926022293
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\uqh1vwfw.default-1538876151857 [2018-11-30]
FF Extension: (Telemetry coverage) - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\uqh1vwfw.default-1538876151857\features\{7432d92a-cb0d-4874-8559-7b8b50fe1641}\[email protected] [2018-10-06] [Legacy]
FF ProfilePath: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\g6gk6jy2.default-1538926022293 [2018-11-30]
FF Extension: (F.B Purity - Cleans up Facebook (WX)) - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\g6gk6jy2.default-1538926022293\Extensions\[email protected] [2018-11-21]
FF Extension: (Tampermonkey) - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\g6gk6jy2.default-1538926022293\Extensions\[email protected] [2018-11-18]
FF Extension: (Honey) - C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\g6gk6jy2.default-1538926022293\Extensions\[email protected] [2018-11-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_153.dll [2018-11-29] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_153.dll [2018-11-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll [2018-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.181.2 -> C:\Program Files (x86)\Java\jre1.8.0_181\bin\plugin2\npjp2.dll [2018-07-26] (Oracle Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [2015-12-11] (AT&T)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default [2018-11-30]
CHR Extension: (Docs) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-04]
CHR Extension: (Google Drive) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-04]
CHR Extension: (YouTube) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-04]
CHR Extension: (Honey) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-12]
CHR Extension: (AVG SafePrice | Comparison, deals, coupons) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-11-20]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2018-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (AT&T Extension) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\okccnkhldjgdpjclfpdnlhlofcpginnm [2018-03-30]
CHR Extension: (Gmail) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-04]
CHR Extension: (Chrome Media Router) - C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-02]
CHR HKLM\...\Chrome\Extension: [okccnkhldjgdpjclfpdnlhlofcpginnm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okccnkhldjgdpjclfpdnlhlofcpginnm] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AT&T Troubleshoot & Resolve; C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\MAHostService.exe [321024 2015-12-11] (Alcatel-Lucent) [File not signed]
S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-06-28] (AVG Technologies)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [324048 2018-11-22] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [8237160 2018-11-22] (AVG Technologies CZ, s.r.o.)
S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [165520 2018-06-28] (AVG Technologies)
S4 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-04-17] (AVG Technologies CZ, s.r.o.)
S3 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [110048 2018-11-22] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5745672 2018-06-10] ()
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-17] (EasyAntiCheat Ltd)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-11-14] (NVIDIA Corporation)
S4 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [241664 2012-03-26] (Atheros Communications, Inc.) [File not signed]
S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [1102848 2012-03-26] (Atheros Communications, Inc.) [File not signed]
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-11-14] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-11-14] (NVIDIA Corporation)
S4 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [370176 2015-08-13] (Alcatel-Lucent) [File not signed]
S4 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [462336 2015-08-13] (Alcatel-Lucent) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5614592 2018-01-22] (AVG Technologies CZ, s.r.o.)
R2 unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-08-28] (Reason Software Company Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-02] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-02] (Microsoft Corporation)
S4 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [307928 2013-11-11] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 athur; C:\WINDOWS\System32\drivers\athuwbx.sys [2702336 2013-11-20] (Qualcomm Atheros Communications, Inc.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [201504 2018-11-22] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [231104 2018-11-22] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [202528 2018-11-22] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [346840 2018-11-22] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [59744 2018-11-22] (AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [15344 2018-09-02] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [46648 2018-11-22] (AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [42552 2018-11-22] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [163496 2018-11-22] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [112040 2018-11-22] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [87680 2018-11-22] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1028920 2018-11-22] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [469520 2018-11-22] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [208712 2018-11-22] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [380704 2018-11-22] (AVG Technologies CZ, s.r.o.)
S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2018-03-08] (Windows ® Win 7 DDK provider)
S3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2018-03-08] (Windows ® Win 7 DDK provider)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NPF; C:\Program Files\iVMS-4200 Station\iVMS-4200\Drivers\npf64.sys [36600 2018-08-13] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-11-14] (NVIDIA Corporation)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.)
S3 rspSanity; C:\WINDOWS\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Resplendence Software Projects Sp.)
S3 rspWhySoSlow; C:\WINDOWS\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Resplendence Software Projects Sp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2018-01-22] (AVG Netherlands B.V.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-11] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-08-02] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-08-02] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-02] (Microsoft Corporation)
S3 NovabenchDriver; \??\C:\Program Files\Novawave\Novabench\NovabenchDriverWin10.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-30 19:37 - 2018-11-30 19:37 - 000000000 ____D C:\FRST
2018-11-30 19:33 - 2018-11-30 19:37 - 000000000 ____D C:\Users\Bob\Desktop\RKinner Repairs
2018-11-30 16:48 - 2018-11-30 16:49 - 000000000 ____D C:\Users\Bob\Desktop\my update repair attempt
2018-11-30 15:51 - 2018-11-30 15:51 - 000000120 _____ C:\Users\Bob\Desktop\Crushed Seashell.txt
2018-11-30 15:16 - 2018-11-30 15:16 - 000000000 ___HD C:\OneDriveTemp
2018-11-30 15:05 - 2018-11-30 15:05 - 000000161 _____ C:\Users\Bob\Desktop\reset update.url
2018-11-29 17:36 - 2018-11-29 17:51 - 000000000 ____D C:\WINDOWS\system32\Catroot2.bak
2018-11-29 17:08 - 2018-09-04 17:36 - 001476904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2018-11-25 13:27 - 2018-11-25 13:27 - 000239944 _____ C:\Users\Bob\Documents\2018 Benefits letter for medicaid.pdf
2018-11-25 13:26 - 2018-11-25 13:26 - 000062825 _____ C:\Users\Bob\Downloads\Benefit_Summary_Letter_11252018.pdf
2018-11-24 13:51 - 2018-11-24 13:53 - 000000000 ____D C:\Users\Bob\Desktop\Moms Laptop
2018-11-22 11:39 - 2018-11-22 11:39 - 000378640 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-11-20 22:28 - 2018-11-22 23:49 - 000000098 _____ C:\Users\Bob\Desktop\TYLER RAM.txt
2018-11-20 20:11 - 2018-11-20 20:11 - 001078500 _____ C:\Users\Bob\Desktop\attchat.pdf
2018-11-18 15:05 - 2018-11-18 15:05 - 000663848 _____ C:\Users\Bob\Downloads\speedyfox.zip
2018-11-16 10:34 - 2018-11-19 18:07 - 000000357 _____ C:\Users\Bob\Desktop\Appointments.txt
2018-11-13 19:45 - 2018-11-13 19:51 - 000000103 _____ C:\Users\Bob\Desktop\HP Service order.txt
2018-11-09 16:48 - 2018-11-17 22:20 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-11-07 14:59 - 2018-11-07 14:59 - 000057021 _____ C:\Users\Bob\Desktop\brisket1.txt
2018-11-01 22:47 - 2018-11-01 22:48 - 000000000 ____D C:\LocalStorage
2018-11-01 22:47 - 2018-11-01 22:47 - 000002194 _____ C:\Users\Public\Desktop\iVMS-4200 Client.lnk
2018-11-01 22:47 - 2018-11-01 22:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iVMS-4200 Station
2018-11-01 22:43 - 2018-11-01 22:44 - 000000000 ____D C:\Program Files\iVMS-4200 Station
2018-11-01 22:40 - 2018-11-01 22:40 - 000000000 ____D C:\Users\Bob\AppData\Roaming\WinRAR
2018-11-01 22:39 - 2018-11-01 22:39 - 000001044 _____ C:\Users\Public\Desktop\WinRAR.lnk
2018-11-01 22:39 - 2018-11-01 22:39 - 000000000 ____D C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-11-01 22:39 - 2018-11-01 22:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-11-01 22:39 - 2018-11-01 22:39 - 000000000 ____D C:\Program Files\WinRAR
2018-11-01 22:37 - 2018-11-01 22:37 - 003190008 _____ (Alexander Roshal) C:\Users\Bob\Downloads\winrar-x64-561.exe
2018-11-01 22:10 - 2018-11-01 22:13 - 223582618 _____ C:\Users\Bob\Downloads\iVMS-4200(2.7.2.7).rar
2018-11-01 14:27 - 2018-11-22 11:39 - 000042552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-11-30 19:33 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-30 19:33 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-30 19:30 - 2018-03-04 00:58 - 000000000 ____D C:\Users\Bob\AppData\LocalLow\Mozilla
2018-11-30 19:24 - 2018-05-20 02:24 - 000002216 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-11-30 19:24 - 2018-03-03 23:53 - 000000000 ___RD C:\Users\Bob\OneDrive
2018-11-30 19:23 - 2018-05-20 02:10 - 000000000 ____D C:\Users\Bob
2018-11-30 19:18 - 2018-05-20 02:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-30 19:18 - 2018-05-20 02:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-30 19:17 - 2018-09-04 17:01 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-11-30 19:17 - 2018-05-20 02:24 - 000003310 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-11-30 19:17 - 2018-05-20 02:24 - 000003048 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-11-30 19:17 - 2018-05-20 02:24 - 000002912 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-110091273-928939627-1752962748-1001
2018-11-30 15:54 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-30 15:22 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-30 15:14 - 2018-04-11 16:04 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-11-30 14:34 - 2018-06-14 11:58 - 000000000 ____D C:\WINDOWS\Minidump
2018-11-30 14:33 - 2018-04-12 11:27 - 000000000 ____D C:\Users\Bob\AppData\Local\CrashDumps
2018-11-29 18:48 - 2018-03-28 20:05 - 000000000 ____D C:\Users\Bob\AppData\Local\Adobe
2018-11-29 18:47 - 2018-05-20 02:24 - 000004584 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-29 18:47 - 2018-05-20 02:24 - 000004424 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-29 18:47 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-29 18:47 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-29 18:40 - 2018-03-03 21:49 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-11-29 17:06 - 2018-03-04 20:52 - 000000000 ____D C:\Users\Bob\AppData\Local\ElevatedDiagnostics
2018-11-29 13:03 - 2018-05-20 02:10 - 000002357 _____ C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-27 19:13 - 2018-03-04 00:48 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-27 10:02 - 2018-06-26 12:05 - 000000000 ____D C:\Users\Bob\AppData\Roaming\DVDVideoSoft
2018-11-22 11:39 - 2018-05-19 23:10 - 000469520 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000380704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000208712 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000201504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000163496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000112040 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000087680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2018-11-22 11:39 - 2018-05-19 23:10 - 000046648 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2018-11-22 11:39 - 2018-04-11 18:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-22 11:38 - 2018-05-19 23:10 - 001028920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2018-11-22 11:38 - 2018-05-19 23:10 - 000346840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2018-11-22 11:38 - 2018-05-19 23:10 - 000231104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2018-11-22 11:38 - 2018-05-19 23:10 - 000202528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2018-11-22 11:38 - 2018-05-19 23:10 - 000059744 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2018-11-21 19:45 - 2018-06-28 21:31 - 000002375 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk
2018-11-21 16:40 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-18 15:08 - 2018-05-28 23:19 - 000000000 ____D C:\Users\Bob\Downloads\speedyfox
2018-11-17 19:31 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2018-11-17 19:28 - 2018-09-12 11:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-17 19:28 - 2018-03-04 00:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-17 14:24 - 2018-09-12 11:46 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-13 18:44 - 2018-05-20 02:21 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-12 23:13 - 2018-03-04 20:20 - 000000416 _____ C:\WINDOWS\Tasks\update-sys.job
2018-11-12 23:13 - 2018-03-04 20:20 - 000000416 _____ C:\WINDOWS\Tasks\update-S-1-5-21-110091273-928939627-1752962748-1001.job
2018-11-12 23:11 - 2018-08-22 18:08 - 000003064 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2018-11-12 23:11 - 2018-06-28 21:03 - 000002594 _____ C:\WINDOWS\System32\Tasks\BlueStacksHelper
2018-11-12 23:11 - 2018-05-20 02:24 - 000003406 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-11-12 23:11 - 2018-05-20 02:24 - 000003360 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A29677FF-757A-4AC8-8014-4228864E097C}
2018-11-12 23:11 - 2018-05-20 02:24 - 000003182 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-11-12 23:11 - 2018-05-20 02:24 - 000003154 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2018-11-12 23:11 - 2018-05-20 02:24 - 000003104 _____ C:\WINDOWS\System32\Tasks\update-S-1-5-21-110091273-928939627-1752962748-1001
2018-11-12 23:11 - 2018-05-20 02:24 - 000002856 _____ C:\WINDOWS\System32\Tasks\update-sys
2018-11-09 16:48 - 2018-03-04 00:48 - 000000000 ____D C:\Program Files\CCleaner
2018-11-05 19:37 - 2018-07-06 11:19 - 000000000 ____D C:\Users\Bob\Desktop\smoker folder
2018-11-01 22:43 - 2018-03-17 18:58 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-01 22:43 - 2018-03-03 23:56 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
==================== Files in the root of some directories =======
2018-10-08 22:02 - 2018-10-08 22:02 - 000000000 ____H () C:\Users\Bob\AppData\Local\BIT3252.tmp
2018-06-28 21:48 - 2018-06-28 21:48 - 000005632 _____ () C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-03-23 20:24 - 2018-03-23 20:24 - 000000017 _____ () C:\Users\Bob\AppData\Local\resmon.resmoncfg
2018-08-18 19:19 - 2018-08-18 19:21 - 000001293 _____ () C:\Users\Bob\AppData\Local\Temp1.html
2018-08-18 19:22 - 2018-08-18 19:22 - 000006591 _____ () C:\Users\Bob\AppData\Local\Temp34.html
2018-03-04 20:20 - 2018-03-04 20:20 - 000000003 _____ () C:\Users\Bob\AppData\Local\updater.log
2018-03-04 20:20 - 2018-03-04 20:20 - 000000425 _____ () C:\Users\Bob\AppData\Local\UserProducts.xml
2018-10-08 21:53 - 2018-10-08 21:53 - 000000000 _____ () C:\Users\Bob\AppData\Local\{C6E644F2-0988-4042-8DE1-06BEED3D8ABC}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-20 02:07
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29.11.2018 01
Ran by Bob (30-11-2018 19:39:50)
Running from C:\Users\Bob\Desktop\RKinner Repairs
Windows 10 Pro Version 1803 17134.228 (X64) (2018-05-20 07:25:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-110091273-928939627-1752962748-500 - Administrator - Disabled)
Bob (S-1-5-21-110091273-928939627-1752962748-1001 - Administrator - Enabled) => C:\Users\Bob
DefaultAccount (S-1-5-21-110091273-928939627-1752962748-503 - Limited - Disabled)
Guest (S-1-5-21-110091273-928939627-1752962748-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-110091273-928939627-1752962748-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.153 - Adobe Systems Incorporated)
AT&T Troubleshoot & Resolve (HKLM-x32\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.5.1.16 - AT&T)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.8.3071 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{9C775BB6-1453-45EB-8C78-A5CC5199113D}) (Version: 16.77.3 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.77.3.23060 - AVG Technologies)
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 70.0.659.104 - AVG Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.49 - Piriform)
Discord (HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{93BFE5DF-776E-436F-8693-DF1F72C0E3C1}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Eraser 6.2.0.2982 (HKLM\...\{DFCF78CC-3DAD-4C1E-8BC6-94DC5B73461E}) (Version: 6.2.2982 - The Eraser Project)
Facebook Gameroom 1.21.6697.19829 (HKLM-x32\...\{7BE2211B-F86C-40CA-A6CC-69564D9BD5E2}) (Version: 1.21.6697.19829 - Facebook)
FMW 1 (HKLM\...\{DFA0CE4A-C162-40C1-A977-12E60098EB72}) (Version: 1.227.11 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{BF354C72-AC4C-4A87-8D42-B089862BAE58}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
iVMS-4200(2.7.2.7) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.7.2.7 - hikvision)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{56F27690-F6EA-3356-980A-02BA379506EE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0 - Mozilla)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 2.2.0.1 - NETGEAR)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
OpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Version: 4.15.9789 - Apache Software Foundation)
Puffin Browser version 7.6.0.452 (HKLM-x32\...\Puffin Browser_is1) (Version: 7.6.0.452 - CloudMosa, Inc.)
RuneScape Launcher 2.2.4 (HKLM\...\RuneScape Launcher_is1) (Version: 2.2.4 - Jagex Ltd)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.1.0 - Tweaking.com)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{E345A108-D9E8-456B-9550-435132D5C9CE}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{567756E0-361F-4E88-AF74-8B0E4628E5BC}) (Version: 1.12.0.0 - Microsoft Corporation) Hidden
WhySoSlow 1.00 (HKLM\...\WhySoSlowHome_is1) (Version: - Resplendence Software Projects Sp.)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22514 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
WinRAR 5.61 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-11-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-11-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2018-01-03] (The Eraser Project)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1568C8CB-4699-47F2-85FF-6775FC0F51CC} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {2487DF5A-93FC-4C8B-A2F5-C1E7AC439B1F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe
Task: {3F38AC9C-5942-48D9-A79F-8CDF3BF1E2B5} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {406087F9-818F-4AD3-BA4C-05255D7FD5B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-04] (Google Inc.)
Task: {4286BFA5-A609-4A07-A424-258AE21852F3} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [2018-06-28] (AVG Technologies) <==== ATTENTION
Task: {4AFF7EEB-92C4-4A75-90D8-CA5A44232F13} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe
Task: {505BC152-7781-4A1D-80A4-8C7179B99EB9} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2018-01-22] (AVG Technologies CZ, s.r.o.)
Task: {5967FD50-EF61-4F46-B2C2-7D48D25D8271} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {78A7D284-5990-4B5C-9712-93A95FEB8369} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-06] (Piriform Ltd)
Task: {7B6D3B6A-1B17-4517-AFDF-792758A6D30C} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-07-07] (Oracle Corporation)
Task: {9E82F1DC-7939-4B6A-A861-64CB00471DE6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-04] (Google Inc.)
Task: {9F419D81-4A68-4243-A5C9-11EC31AF7FAD} - System32\Tasks\update-S-1-5-21-110091273-928939627-1752962748-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {B5598778-206E-46D4-85E6-2D7F4B7FA639} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {B8BCA3F2-8ECC-4AA6-BE4A-FBB6A4B30868} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe [2018-11-29] (Adobe Systems Incorporated)
Task: {CBA0E3BE-F6D2-466E-BCCE-278AAFB48E48} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe
Task: {DDE06B86-C55F-4D0F-A746-DBADF70C8E9C} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {E299A91B-A905-494E-9298-C6D45F5B27BF} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [2018-06-28] (AVG Technologies) <==== ATTENTION
Task: {E5B7F4E2-ADD9-44DB-A7F6-83E89BF94B1C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-11-29] (Adobe Systems Incorporated)
Task: {F43BCF6A-6D01-4871-B79D-7D98AD832E22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-06] (Piriform Software Ltd)
Task: {F92089F3-6FF1-4B9E-8734-68307B566DC3} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-11-22] (AVG Technologies CZ, s.r.o.)
Task: {FC7AAA12-AD95-4C43-A622-A0688944F3D0} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-10-31] (AVG Technologies CZ, s.r.o.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-110091273-928939627-1752962748-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-11 18:34 - 2018-04-11 18:34 - 000444416 _____ () c:\windows\system32\SSDM.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-08-25 00:45 - 2018-08-02 22:09 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-06-25 23:52 - 2018-06-25 23:52 - 027126784 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-06-25 23:52 - 2018-06-25 23:52 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-06-25 23:52 - 2018-06-25 23:52 - 006735872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-03-03 22:11 - 2018-03-03 22:14 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-06-25 23:52 - 2018-06-25 23:52 - 009360384 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-03-03 23:56 - 2014-01-02 16:13 - 008266456 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
2018-04-11 18:34 - 2018-04-11 18:34 - 002068480 _____ () C:\Windows\ShellExperiences\PeopleCommonControls.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 001465856 _____ () C:\Windows\ShellExperiences\PeopleBarFlyout.dll
2018-06-12 16:37 - 2018-06-08 03:55 - 003037184 _____ () C:\Windows\ShellExperiences\WindowsInternal.People.PeoplePicker.dll
2018-04-04 00:14 - 2016-11-14 07:30 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2018-03-13 22:16 - 2018-03-13 22:14 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2018-03-04 01:13 - 2018-03-04 01:13 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2018-11-22 11:39 - 2018-11-22 11:39 - 000594192 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2018-03-03 23:56 - 2013-11-01 20:31 - 000278528 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 02:24 - 2018-11-30 19:18 - 000002103 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-110091273-928939627-1752962748-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bob\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\24131584_1891126297602629_8616179405180199500_n.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
MSCONFIG\Services: AT&T Troubleshoot & Resolve => 2
MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: jswpbapi => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NovabenchService => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: pcCMService => 2
MSCONFIG\Services: pcCMService64 => 2
MSCONFIG\Services: ssh-agent => 3
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: WSWNA1100 => 2
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Discord"
HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-110091273-928939627-1752962748-1001\...\StartupApproved\Run: => "Uninstall 18.131.0701.0007\amd64"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{E89EB124-57EF-4B21-927F-983BAA24DE37}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{D42B6ED9-DBAA-40D3-99A1-E034C6D1DA3C}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{8B9F07CC-FB9A-4026-8C18-E641A943C335}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{49056617-65B9-428C-BA7C-915186A049B9}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{E61513E9-D7A8-467A-9D3E-58BABBE74FBB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AEB2CEC3-5AF9-4E76-97A5-241D70DAE2C1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3D1B310A-376F-481C-BA4D-112CFD8B292B}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe
FirewallRules: [UDP Query User{31A40D39-916B-4365-A9BC-ED72B7B0D2F6}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe
FirewallRules: [TCP Query User{C5B8A256-1728-40B5-91AF-59EE8E20F3A5}C:\program files\ivms-4200 station\nginx\nginx.exe] => (Allow) C:\program files\ivms-4200 station\nginx\nginx.exe
FirewallRules: [UDP Query User{D1319AC9-92E4-4AC1-B76B-EA27D4554B42}C:\program files\ivms-4200 station\nginx\nginx.exe] => (Allow) C:\program files\ivms-4200 station\nginx\nginx.exe
FirewallRules: [{CB5684C8-2FFD-4DA3-B7C5-9BD553EA978A}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{35B7760E-0AD2-4BAA-B0C0-1FCDD8D38BB6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{4DD757CE-7B8F-4EF4-A77E-77E6BDCA39DB}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe
FirewallRules: [{3F99E657-6F13-4B0F-83AF-DF07D9F4C760}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{3281D272-5182-4C07-A196-E64B2D8627F4}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{1B4D88FE-710D-417E-9635-6FD7EEADDB5E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
06-11-2018 18:42:24 Scheduled Checkpoint
16-11-2018 00:39:05 Scheduled Checkpoint
25-11-2018 15:04:57 Scheduled Checkpoint
29-11-2018 17:07:54 Windows Update
==================== Faulty Device Manager Devices =============
Name: Generic Bluetooth Radio
Description: Generic Bluetooth Radio
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Cambridge Silicon Radio Ltd.
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
Name: NETGEAR WNA1100 N150 Wireless USB Adapter
Description: NETGEAR WNA1100 N150 Wireless USB Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Netgear Inc.
Service: athur
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/30/2018 07:28:44 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
Error: (11/30/2018 07:18:29 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
Error: (11/30/2018 06:28:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
Error: (11/30/2018 05:28:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
Error: (11/30/2018 04:30:46 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: LIVING-ROOM-PC)
Description: microsoft.skypeapp_kzf8qxf38zg5c-2147023887
Error: (11/30/2018 04:30:44 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: LIVING-ROOM-PC)
Description: microsoft.microsoftofficehub_8wekyb3d8bbwe-2147023887
Error: (11/30/2018 04:28:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
Error: (11/30/2018 03:28:44 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: AVG Update Helper -- Error 1316. The specified account already exists.
System errors:
=============
Error: (11/30/2018 07:39:26 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.
Error: (11/30/2018 07:39:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.
Error: (11/30/2018 07:39:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.
Error: (11/30/2018 07:39:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.
Error: (11/30/2018 07:39:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.
Error: (11/30/2018 07:39:13 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.
Error: (11/30/2018 07:39:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.
Error: (11/30/2018 07:39:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Delivery Optimization service terminated with the following service-specific error:
%%2147943409 = The configuration registry database is corrupt.
Windows Defender:
===================================
Date: 2018-08-02 10:11:33.866
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.273.717.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15100.1
Error code: 0x80240022
Error description: The program can't check for definition updates.
Date: 2018-08-02 10:11:33.861
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.273.717.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15100.1
Error code: 0x80240022
Error description: The program can't check for definition updates.
Date: 2018-08-02 09:58:45.990
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.141.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240022
Error description: The program can't check for definition updates.
Date: 2018-08-02 09:58:45.987
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.141.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240022
Error description: The program can't check for definition updates.
CodeIntegrity:
===================================
Date: 2018-07-26 00:35:40.816
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 62%
Total physical RAM: 4094.49 MB
Available physical RAM: 1535.72 MB
Total Virtual: 8702.49 MB
Available Virtual: 5247.45 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.95 GB) (Free:856.18 GB) NTFS
\\?\Volume{9dabe905-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{9dabe905-0000-0000-0000-70c3e8000000}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 9DABE905)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=468 MB) - (Type=27)
==================== End of Addition.txt ============================
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 88.57 52 K 8 K 0
procexp64.exe 6.57 50,932 K 66,360 K 8116 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 1.45 37,832 K 36,904 K 396 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.64 0 K 0 K n/a Hardware Interrupts and DPCs
System 0.51 196 K 1,832 K 4
firefox.exe 0.50 409,784 K 416,908 K 1192 Firefox Mozilla Corporation (Verified) Mozilla Corporation
firefox.exe 0.48 194,852 K 63,984 K 6436 Firefox Mozilla Corporation (Verified) Mozilla Corporation
firefox.exe 0.38 178,528 K 252,196 K 1488 Firefox Mozilla Corporation (Verified) Mozilla Corporation
NvBackend.exe 0.25 8,324 K 15,824 K 6464 NVIDIA Backend NVIDIA Corporation (Verified) NVIDIA Corporation
csrss.exe 0.20 2,340 K 4,548 K 636 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
AVGUI.exe 0.18 24,780 K 49,708 K 6124 AVG Antivirus AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA
explorer.exe 0.08 65,292 K 128,808 K 5336 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
pcTrayApp.exe 0.05 3,744 K 7,160 K 6196 mcci+McciTrayApp Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
unchecky_bg.exe 0.03 1,856 K 9,192 K 5000 Unchecky Background Process Reason Software Company Inc. (Verified) Reason Software Company Inc.
AVGSvc.exe 0.03 98,072 K 40,488 K 2088 AVG Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA
CCleaner64.exe 0.02 10,896 K 26,360 K 7132 CCleaner Piriform Software Ltd (Verified) Piriform Software Ltd
services.exe 0.01 4,796 K 8,076 K 652 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 2,576 K 7,172 K 980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WNA1100.exe 0.01 2,544 K 7,880 K 5684 Netgear (Verified) NETGEAR
aswidsagenta.exe 0.01 20,172 K 34,408 K 4316 AVG Software Analyzer AVG Technologies CZ, s.r.o. (Verified) AVG Technologies USA
OneDrive.exe 0.01 13,944 K 40,668 K 7028 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
avguix.exe < 0.01 10,056 K 18,136 K 6176 AVG User Interface AVG Technologies CZ, s.r.o. (Verified) AVG Netherlands B.V.
smartscreen.exe < 0.01 18,008 K 40,392 K 9172 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
pcContextHookShim.exe < 0.01 1,636 K 7,568 K 6204 mcci+McciContextHookShim Alcatel-Lucent (No signature was present in the subject) Alcatel-Lucent
Lightshot.exe < 0.01 4,712 K 9,896 K 5728 Lightshot Skillbrains (No signature was present in the subject) Skillbrains
svchost.exe < 0.01 61,796 K 69,600 K 1332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WmiPrvSE.exe 2,456 K 8,944 K 892 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,396 K 8,312 K 688 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,496 K 5,792 K 584 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
Video.UI.exe Suspended 25,804 K 25,508 K 6644 (No signature was present in the subject)
unsecapp.exe 1,436 K 6,408 K 4672 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unchecky_svc.exe 1,616 K 6,508 K 2980 Unchecky Service Reason Software Company Inc. (Verified) Reason Software Company Inc.
taskhostw.exe 6,448 K 16,268 K 4088 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,728 K 11,932 K 936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,204 K 7,420 K 1340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,988 K 23,468 K 900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,000 K 16,948 K 1676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,520 K 24,376 K 5008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,580 K 14,252 K 3712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,960 K 27,988 K 2852 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,772 K 8,496 K 1820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,820 K 16,212 K 2408 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,228 K 7,544 K 2460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 11,600 K 14,792 K 2844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,340 K 10,548 K 2000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,160 K 9,868 K 888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 32,500 K 39,620 K 2244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 14,308 K 12,188 K 1296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,468 K 5,448 K 1348 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 11,760 K 16,836 K 1096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,344 K 12,004 K 1560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,012 K 11,028 K 1104 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,948 K 52,588 K 1512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,428 K 7,992 K 2888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,740 K 10,144 K 1080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,064 K 13,432 K 1032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,312 K 7,028 K 1812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,468 K 5,116 K 3116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,056 K 6,044 K 1136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,328 K 26,272 K 4344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,236 K 9,508 K 2068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,548 K 19,576 K 7920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,312 K 17,828 K 3020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,284 K 9,560 K 1836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,720 K 11,044 K 6896 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,684 K 6,772 K 2200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,512 K 4,984 K 1112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,960 K 7,760 K 5016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,856 K 7,516 K 2324 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,312 K 22,164 K 3732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,848 K 5,680 K 1828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,024 K 6,924 K 1184 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,016 K 6,748 K 2952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,312 K 10,120 K 2864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,220 K 8,856 K 792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,992 K 7,736 K 3700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,712 K 6,276 K 2992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,196 K 8,424 K 1524 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,712 K 6,072 K 2828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,428 K 5,124 K 2932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,484 K 12,600 K 2708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,348 K 8,888 K 2304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,940 K 6,852 K 6848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,056 K 6,944 K 1456 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,552 K 6,240 K 3780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,132 K 6,324 K 2876 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,388 K 7,084 K 3428 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,736 K 5,876 K 2900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,384 K 8,832 K 2600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,020 K 7,616 K 1440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,064 K 3,544 K 836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,552 K 9,868 K 3256 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,296 K 8,072 K 4788 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,024 K 7,512 K 1464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,540 K 6,604 K 1784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,764 K 5,480 K 1948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,244 K 10,888 K 2096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,940 K 11,648 K 2836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,800 K 7,992 K 3936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,664 K 8,788 K 1304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,960 K 5,696 K 3920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 5,512 K 11,196 K 2384 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 584 K 904 K 384 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
sihost.exe 5,692 K 24,384 K 4188 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 27,784 K 44,388 K 5816 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 2,256 K 4,092 K 4900 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SecurityHealthService.exe 4,188 K 14,200 K 2908 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 60,808 K 66,028 K 6004 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 27,792 K 27,788 K 3220 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,476 K 23,456 K 2352 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,796 K 19,100 K 6308 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,720 K 20,156 K 6068 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,124 K 14,812 K 5468 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 2,316 K 8,288 K 8036 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 2,640 K 8,816 K 7280 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
Registry 2,556 K 94,236 K 88
procexp.exe 3,144 K 10,460 K 144 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PeopleExperienceHost.exe Suspended 18,920 K 38,216 K 8148 Windows My People Microsoft Corporation (Verified) Microsoft Windows
MSASCuiL.exe 2,112 K 8,628 K 5980 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
Memory Compression 312 K 23,112 K 1860
lsass.exe 6,160 K 14,004 K 728 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
GoogleUpdate.exe 2,388 K 532 K 2616 Google Installer Google Inc. (Verified) Google Inc
fontdrvhost.exe 2,164 K 5,100 K 828 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 1,648 K 3,080 K 820 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
firefox.exe 80,416 K 113,492 K 6548 Firefox Mozilla Corporation (Verified) Mozilla Corporation
firefox.exe 156,308 K 177,660 K 5432 Firefox Mozilla Corporation (Verified) Mozilla Corporation
dasHost.exe 6,068 K 14,492 K 3196 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe 4,220 K 13,424 K 5204 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,856 K 4,484 K 504 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
AVGBrowserCrashHandler64.exe 1,880 K 452 K 4240 AVG Browser Update AVG Technologies (Verified) AVG Netherlands B.V.
AVGBrowserCrashHandler.exe 1,900 K 576 K 4272 AVG Browser Update AVG Technologies (Verified) AVG Netherlands B.V.
audiodg.exe 6,720 K 12,604 K 6960 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
Registry 88 N/A
smss.exe 384 N/A
csrss.exe 504 N/A
wininit.exe 584 N/A
csrss.exe 636 N/A
services.exe 652 N/A
winlogon.exe 688 N/A
lsass.exe 728 KeyIso, SamSs, VaultSvc
fontdrvhost.exe 820 N/A
fontdrvhost.exe 828 N/A
svchost.exe 836 PlugPlay
svchost.exe 900 BrokerInfrastructure, DcomLaunch, Power,
SystemEventsBroker
svchost.exe 936 RpcEptMapper, RpcSs
svchost.exe 980 LSM
dwm.exe 396 N/A
svchost.exe 792 NcbService
svchost.exe 1032 Schedule
svchost.exe 1080 ProfSvc
svchost.exe 1096 BFE, CoreMessagingRegistrar, mpssvc
svchost.exe 1104 TimeBrokerSvc
svchost.exe 1112 lmhosts
svchost.exe 1296 EventLog
svchost.exe 1304 UserManager
svchost.exe 1332 SysMain
svchost.exe 1340 EventSystem
svchost.exe 1348 Themes
svchost.exe 1440 SENS
svchost.exe 1456 AudioEndpointBuilder
svchost.exe 1464 FontCache
svchost.exe 1512 Audiosrv
svchost.exe 1560 StateRepository
svchost.exe 1784 nsi
svchost.exe 1812 Dhcp
svchost.exe 1820 Dnscache
svchost.exe 1828 DusmSvc
svchost.exe 1836 Wcmsvc
Memory Compression 1860 N/A
svchost.exe 1948 hidserv
svchost.exe 2000 NlaSvc
svchost.exe 1184 WinHttpAutoProxySvc
svchost.exe 1524 netprofm
svchost.exe 2068 WlanSvc
AVGSvc.exe 2088 AVG Antivirus
svchost.exe 2096 ShellHWDetection
svchost.exe 2200 NgcSvc
svchost.exe 2304 NcdAutoSetup
svchost.exe 2324 NgcCtnrSvc
spoolsv.exe 2384 Spooler
svchost.exe 2408 Winmgmt
svchost.exe 2460 LanmanWorkstation
svchost.exe 2708 LicenseManager
svchost.exe 2828 DeviceAssociationService
svchost.exe 2836 CryptSvc
svchost.exe 2844 DPS
svchost.exe 2852 DiagTrack
svchost.exe 2864 iphlpsvc
svchost.exe 2876 osrss
svchost.exe 2888 LanmanServer
svchost.exe 2900 SstpSvc
SecurityHealthService.exe 2908 SecurityHealthService
svchost.exe 2932 TrkWks
svchost.exe 2952 stisvc
unchecky_svc.exe 2980 unchecky
svchost.exe 2992 W32Time
svchost.exe 3020 WpnService
svchost.exe 2244 UsoSvc, wuauserv
svchost.exe 1136 TapiSrv
svchost.exe 3116 WdiServiceHost
dasHost.exe 3196 N/A
svchost.exe 3256 RasMan
svchost.exe 3428 SSDPSRV
svchost.exe 3920 WdiSystemHost
svchost.exe 3936 PcaSvc
svchost.exe 2600 Netman
svchost.exe 888 wscsvc
aswidsagenta.exe 4316 avgbIDSAgent
unsecapp.exe 4672 N/A
svchost.exe 1676 CDPSvc
AVGBrowserCrashHandler.ex 4272 N/A
AVGBrowserCrashHandler64. 4240 N/A
GoogleUpdate.exe 2616 N/A
SgrmBroker.exe 4900 SgrmBroker
SearchIndexer.exe 3220 WSearch
svchost.exe 3732 InstallService
svchost.exe 4788 StorSvc
unchecky_bg.exe 5000 N/A
sihost.exe 4188 N/A
svchost.exe 5008 CDPUserSvc_13d1bd
svchost.exe 4344 WpnUserService_13d1bd
taskhostw.exe 4088 N/A
svchost.exe 3712 TokenBroker
svchost.exe 5016 TabletInputService
ctfmon.exe 5204 N/A
explorer.exe 5336 N/A
ShellExperienceHost.exe 5816 N/A
SearchUI.exe 6004 N/A
RuntimeBroker.exe 6068 N/A
RuntimeBroker.exe 5468 N/A
RuntimeBroker.exe 6308 N/A
Video.UI.exe 6644 N/A
svchost.exe 6896 lfsvc
MSASCuiL.exe 5980 N/A
NvBackend.exe 6464 N/A
avguix.exe 6176 N/A
pcTrayApp.exe 6196 N/A
AVGUI.exe 6124 N/A
pcContextHookShim.exe 6204 N/A
svchost.exe 3780 Appinfo
OneDrive.exe 7028 N/A
WNA1100.exe 5684 N/A
Lightshot.exe 5728 N/A
RuntimeBroker.exe 7280 N/A
CCleaner64.exe 7132 N/A
PeopleExperienceHost.exe 8148 N/A
svchost.exe 7920 OneSyncSvc_13d1bd,
PimIndexMaintenanceSvc_13d1bd,
UnistoreSvc_13d1bd, UserDataSvc_13d1bd
RuntimeBroker.exe 8036 N/A
svchost.exe 6848 gpsvc
firefox.exe 1488 N/A
firefox.exe 6436 N/A
firefox.exe 1192 N/A
firefox.exe 5432 N/A
firefox.exe 6548 N/A
audiodg.exe 6960 N/A
smartscreen.exe 9172 N/A
WmiPrvSE.exe 892 N/A
svchost.exe 3700 swprv
SearchProtocolHost.exe 2456 N/A
SearchFilterHost.exe 3708 N/A
dllhost.exe 8888 N/A
svchost.exe 7596 wlidsvc
RuntimeBroker.exe 8560 N/A
backgroundTaskHost.exe 604 N/A
svchost.exe 7116 camsvc
cmd.exe 9008 N/A
conhost.exe 632 N/A
tasklist.exe 8708 N/A
WmiPrvSE.exe 5036 N/A
SPECCY should be attached.