Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Really slow laptop

Started by BobScott49 , Dec 23 2019 02:14 PM

  • Please log in to reply

#46
RKinner
Posted 02 January 2020 - 02:59 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

See if you can search for

msconfig

hit Enter

then under the Services tag uncheck

R2 e-Safe Compliance Client; C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe [953376 2018-11-08] (Guardware Ltd. -> Guardware Ltd)
S2 GuardWareProxy; C:\Program Files (x86)\Guardware\Integrity Management\GWProxy.exe [4331552 2018-11-08] (Guardware Ltd. -> Guardware Ltd.)

R2 GWDogFile; C:\windows\system32\drivers\GWDogFile.sys [43376 2018-08-07] (Guardware Ltd. -> Guardware Ltd)
R2 GWPG; C:\windows\system32\drivers\GWPG.sys [39808 2017-02-16] (Guardware Ltd. -> Guardware Ltd)
R2 GWScanner; C:\windows\system32\drivers\GWScanner.sys [68576 2018-05-17] (Guardware Ltd. -> Guardware Ltd)
R2 gwwfp; C:\windows\system32\Drivers\gwwfp64.sys [56288 2018-03-08] (Guardware Ltd. -> Guardware Ltd.)

 

Then APPLY and reboot.  Go back into msconfig and see if they stayed unchecked.  If they did then make a process explorer log.


  • 0

Advertisements

#47
BobScott49
Posted 02 January 2020 - 03:28 PM

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

That worked.  It was only the first two that wouldn't uncheck in Autorun, the others were okay.

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
AGSService.exe        2,180 K    9,348 K    3616    Adobe Genuine Software Integrity Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.
amdow.exe        2,152 K    7,376 K    11176    AMD ReLive: Desktop Overlay    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
app_updater.exe        6,312 K    7,824 K    3760    Digital Wave Update Service    Digital Wave Ltd    (Verified) Digital Wave Ltd
ApplicationFrameHost.exe        7,424 K    28,404 K    11128    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows
armsvc.exe        1,628 K    6,216 K    3596    Adobe Acrobat Update Service    Adobe Systems    (Verified) Adobe Inc.
atiesrxx.exe        1,484 K    5,628 K    2260    AMD External Events Service Module    AMD    (Verified) Advanced Micro Devices, Inc.
audiodg.exe        10,356 K    19,280 K    14292    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
BTDevMgr.exe        2,104 K    7,004 K    3644    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
CastSrv.exe        4,432 K    3,444 K    9480    Casting protocol connection listener    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,484 K    5,664 K    3252    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,532 K    5,992 K    9080    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,520 K    6,540 K    11256    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        3,844 K    13,476 K    7908    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows
DbxSvc.exe        2,612 K    5,384 K    3744    Dropbox Service    Dropbox, Inc.    (Verified) Dropbox, Inc
dllhost.exe        3,436 K    9,876 K    5932    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        1,544 K    6,444 K    8780    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        4,032 K    11,156 K    9620    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        1,540 K    6,744 K    11736    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
Dropbox.exe        2,016 K    7,648 K    7896    Dropbox    Dropbox, Inc.    (Verified) Dropbox, Inc
Dropbox.exe        2,572 K    10,436 K    8712    Dropbox    Dropbox, Inc.    (Verified) Dropbox, Inc
DropboxUpdate.exe        2,220 K    3,764 K    9296    Dropbox Update    Dropbox, Inc.    (Verified) Dropbox, Inc
firefox.exe        41,732 K    49,480 K    13260    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        73,496 K    113,792 K    11300    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        47,740 K    63,408 K    4440    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
fontdrvhost.exe        1,568 K    2,876 K    264    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
fontdrvhost.exe        6,100 K    13,012 K    304    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
HPMSGSVC.exe        1,768 K    8,192 K    7872    HP Message Service    HP Inc.    (Verified) HP Inc.
HPWMISVC.exe        1,808 K    8,060 K    3868    HP WMI Service    HP Inc.    (Verified) HP Inc.
HxOutlook.exe    Suspended    80,764 K    85,928 K    11516    Microsoft Outlook    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
HxTsr.exe    Suspended    10,512 K    34,484 K    9628    Microsoft Outlook Communications    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
McCSPServiceHost.exe        6,544 K    5,344 K    5936    McAfee CSP Service Host    McAfee, LLC.    (Verified) McAfee, LLC.
mcshield.exe        49,000 K    20,276 K    1496    McAfee Scanner service    McAfee LLC.    (Verified) McAfee, Inc.
McSmtFwk.exe        3,672 K    11,820 K    5364    McAfee Trusted Advisor Framework Exe    McAfee, LLC.    (Verified) McAfee, LLC.
McUICnt.exe        10,448 K    6,344 K    12668    McAfee    McAfee, LLC.    (Verified) McAfee, LLC.
mDNSResponder.exe        1,836 K    5,980 K    3624    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
mfevtps.exe        5,672 K    10,216 K    5272    McAfee Process Validation Service    McAfee, LLC    (Verified) McAfee, Inc.
ModuleCoreService.exe        10,664 K    7,332 K    9248    McAfee Module Core Service    McAfee, LLC.    (Verified) McAfee, LLC
nlssrv32.exe        2,148 K    7,068 K    3500    This service enables products that use the Nalpeiron Licensing System     Nalpeiron Ltd.    (Certificate expired) Nalpeiron Ltd.
PEFService.exe        1,716 K    360 K    4156    McAfee PEF Service    McAfee, Inc.    (Verified) McAfee, LLC.
procexp.exe        5,444 K    11,000 K    14144    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
ProtectedModuleHost.exe        5,240 K    14,788 K    5376    McAfee Protected Module Host    McAfee, LLC.    (Verified) McAfee, LLC.
QtWebEngineProcess.exe        40,988 K    54,484 K    12872    Qt Qtwebengineprocess    The Qt Company Ltd.    (Verified) Dropbox, Inc
RadeonSettings.exe        160,580 K    51,300 K    9812    Radeon Settings: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
Registry        10,204 K    39,048 K    88            
RemindersServer.exe    Suspended    7,968 K    18,216 K    8668    Reminders WinRT OOP Server    Microsoft Corporation    (Verified) Microsoft Windows
RtkAudioService64.exe        1,800 K    7,692 K    2936    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtkBtManServ.exe        1,712 K    6,584 K    4188    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
RtkNGUI64.exe        4,672 K    14,092 K    4668    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtlS5Wake.exe        4,424 K    12,260 K    10128    Realtek WOWL Utility    Realtek    (Verified) Realtek Semiconductor Corp.
RuntimeBroker.exe        1,604 K    6,680 K    7008    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        4,344 K    24,728 K    8236    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        6,172 K    22,792 K    8704    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        4,004 K    18,088 K    13672    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        12,544 K    38,116 K    9192    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
SearchUI.exe    Suspended    100,388 K    85,204 K    3296    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
SecurityHealthService.exe        3,232 K    13,344 K    13500    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SgrmBroker.exe        4,112 K    7,024 K    12156    System Guard Runtime Monitor Broker Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
sihost.exe        6,308 K    25,024 K    3112    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
smartscreen.exe        7,732 K    22,200 K    13356    Windows Defender SmartScreen    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        1,188 K    920 K    412    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
spoolsv.exe        6,356 K    14,424 K    3260    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
StartMenuExperienceHost.exe        31,364 K    58,488 K    8632            (Verified) Microsoft Windows
svchost.exe        1,548 K    5,896 K    1924    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,004 K    7,704 K    2712    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,012 K    7,292 K    2740    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        9,416 K    20,840 K    2812    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,952 K    6,800 K    3508    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,784 K    6,536 K    3520    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,688 K    6,208 K    3668    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,696 K    5,628 K    4164    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,060 K    6,984 K    4204    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,928 K    12,432 K    4424    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,356 K    5,164 K    4432    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,396 K    5,000 K    4516    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,480 K    4,852 K    5148    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,856 K    7,752 K    3284    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,876 K    7,476 K    7732    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,328 K    21,816 K    10036    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,680 K    11,620 K    12024    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,148 K    8,268 K    14100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,712 K    7,120 K    14284    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,320 K    8,696 K    14036    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,924 K    11,688 K    13448    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,808 K    5,440 K    5032    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,880 K    8,312 K    1204    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,924 K    9,004 K    8060    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,216 K    9,184 K    8396    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,824 K    6,916 K    9824    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,124 K    26,292 K    5372    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,048 K    7,088 K    2468    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,724 K    6,772 K    4364    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,840 K    5,928 K    2124    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,664 K    19,468 K    4356    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,220 K    8,444 K    2108    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,056 K    19,388 K    3116    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,888 K    12,668 K    2288    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,720 K    15,620 K    7548    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,040 K    14,552 K    3104    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,132 K    7,172 K    2600    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,592 K    21,664 K    9260    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        23,984 K    24,028 K    9800    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        9,472 K    16,124 K    3332    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,700 K    7,356 K    3048    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,044 K    6,036 K    4624    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,348 K    8,312 K    2384    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,864 K    9,552 K    5756    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,040 K    10,452 K    5320    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        14,900 K    20,424 K    3772    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,412 K    18,080 K    10288    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,028 K    10,956 K    2148    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,384 K    5,532 K    2612    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,220 K    7,052 K    10896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,864 K    13,724 K    3144    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        960 K    3,716 K    376    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,324 K    16,208 K    3020    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,576 K    7,704 K    64    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,796 K    12,728 K    2872    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,668 K    11,904 K    3752    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,272 K    7,520 K    2308    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,064 K    7,136 K    3400    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SynTPEnhService.exe        3,516 K    8,940 K    2184    64-bit Synaptics Pointing Enhance Service    Synaptics Incorporated    (Verified) Synaptics Incorporated
SynTPHelper.exe        2,256 K    5,804 K    7692    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
taskhostw.exe        5,988 K    14,440 K    7324    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,460 K    6,688 K    9596    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,376 K    6,388 K    6848    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
vidnotifier.exe        6,200 K    18,540 K    4100    Video Notifier    Digital Wave Ltd    (Verified) Digital Wave Ltd
wininit.exe        1,436 K    6,316 K    784    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
winlogon.exe        2,784 K    9,380 K    904    Windows Log-on Application    Microsoft Corporation    (Verified) Microsoft Windows
wlanext.exe        2,064 K    6,516 K    3224    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        3,252 K    9,248 K    5748    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
YourPhone.exe    Suspended    13,860 K    29,980 K    9284            (No signature was present in the subject)
firefox.exe    < 0.01    63,540 K    94,916 K    11728    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
svchost.exe    < 0.01    5,380 K    18,392 K    8048    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    4,800 K    12,756 K    1892    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    3,700 K    10,244 K    5096    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    5,028 K    6,832 K    1736    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    2,128 K    11,592 K    1408    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
RAVBg64.exe    < 0.01    6,376 K    14,612 K    9088    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
OfficeClickToRun.exe    < 0.01    27,820 K    42,596 K    3696    Microsoft Office Click-to-Run (SxS)    Microsoft Corporation    (Verified) Microsoft Corporation
ijplmsvc.exe    < 0.01    2,908 K    8,612 K    3860    Inkjet Printer/Scanner/Fax Extended Survey Program Service        (Verified) Canon Inc.
SynTPEnh.exe    0.01    7,708 K    17,044 K    7488    Synaptics TouchPad 64-bit Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe    0.01    2,300 K    6,560 K    1948    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.01    7,600 K    14,996 K    572    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
QtWebEngineProcess.exe    0.02    42,044 K    55,576 K    12444    Qt Qtwebengineprocess    The Qt Company Ltd.    (Verified) Dropbox, Inc
lsass.exe    0.02    7,280 K    14,576 K    864    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
mfefire.exe    0.02    4,856 K    10,244 K    5836    McAfee Core Firewall Service    McAfee, LLC    (Verified) McAfee, Inc.
psi_tray.exe    0.03    1,432 K    6,492 K    4816    Secunia PSI Tray    Secunia    (Verified) Secunia
amddvr.exe    0.03    171,588 K    14,652 K    10340    AMD ReLive: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
svchost.exe    0.03    2,696 K    9,452 K    1788    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.03    12,868 K    28,872 K    548    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
MMSSHOST.exe    0.03    25,592 K    28,664 K    5200    McAfee Management Service Host    McAfee, LLC.    (Verified) McAfee, LLC.
EOSUPNPSV.exe    0.03    3,532 K    9,620 K    4652    Canon EOS UPNP Detector    CANON INC.    (Verified) Canon Inc.
mfemms.exe    0.03    3,924 K    7,896 K    3876    McAfee Management Service    McAfee, LLC    (Verified) McAfee, Inc.
svchost.exe    0.03    2,336 K    7,672 K    4080    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
AGMService.exe    0.04    2,464 K    8,868 K    3604    Adobe Genuine Software Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.
svchost.exe    0.04    1,976 K    8,120 K    2008    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
ModuleCoreService.exe    0.04    28,372 K    14,328 K    3920    McAfee Module Core Service    McAfee, LLC.    (Verified) McAfee, LLC
uihost.exe    0.04    5,336 K    988 K    4760    McAfee WebAdvisor    McAfee, Inc.    (Verified) McAfee, LLC
svchost.exe    0.04    2,768 K    11,596 K    1332    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.04    1,448 K    5,616 K    1360    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
QtWebEngineProcess.exe    0.05    30,144 K    49,392 K    10360    Qt Qtwebengineprocess    The Qt Company Ltd.    (Verified) Dropbox, Inc
svchost.exe    0.05    2,836 K    9,160 K    1392    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
GWW.exe    0.05    45,856 K    32,924 K    10208    e-Safe Compliance Client Application    Guardware Ltd.    (Verified) Guardware Ltd.
svchost.exe    0.05    1,892 K    11,172 K    1368    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
mcapexe.exe    0.06    4,332 K    1,912 K    6780    McAfee Access Protection    McAfee, LLC    (Verified) McAfee, LLC.
EOS Utility.exe    0.07    27,412 K    29,504 K    7344    EOS Utility    Canon INC.    (Verified) Canon Inc.
svchost.exe    0.08    1,468 K    6,584 K    1940    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.10    2,124 K    7,664 K    1448    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.11    2,488 K    10,012 K    1232    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    0.11    158,688 K    235,424 K    10384    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
svchost.exe    0.13    1,996 K    6,988 K    1384    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchIndexer.exe    0.13    27,324 K    18,360 K    5280    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
services.exe    0.13    5,728 K    8,744 K    856    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.15    6,328 K    14,264 K    1276    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
Memory Compression    0.15    456 K    106,660 K    2700            
servicehost.exe    0.16    10,036 K    7,248 K    6544    McAfee WebAdvisor    McAfee, Inc.    (Verified) McAfee, LLC
svchost.exe    0.18    2,028 K    7,840 K    1780    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
explorer.exe    0.27    46,372 K    103,800 K    7984    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    0.29    1,748 K    4,852 K    680    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.30    17,460 K    16,360 K    1376    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
atieclxx.exe    0.35    2,452 K    9,516 K    2564    AMD External Events Client Module    AMD    (Verified) Advanced Micro Devices, Inc.
svchost.exe    0.38    41,644 K    50,624 K    2592    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
express.exe    0.43    45,260 K    82,020 K    3704    Garmin Express    Garmin Ltd. or its subsidiaries    (Verified) Garmin International, Inc.
firefox.exe    0.45    101,004 K    134,648 K    11504    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
cmd.exe    0.46    4,752 K    4,388 K    13048    Windows Command Processor    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.63    12,328 K    21,260 K    3892    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
csrss.exe    1.22    3,880 K    6,876 K    792    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
Interrupts    2.10    0 K    0 K    n/a    Hardware Interrupts and DPCs        
dwm.exe    3.11    87,156 K    89,752 K    1056    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
MfeAVSvc.exe    3.46    31,640 K    28,164 K    688    McAfee Cloud AV    McAfee, LLC.    (Verified) McAfee, LLC.
GWClient.exe    3.58    5,428 K    16,772 K    3796    e-Safe Compliance Client Service    Guardware Ltd    (Verified) Guardware Ltd.
System    4.03    204 K    1,164 K    4            
WmiPrvSE.exe    8.91    8,084 K    15,536 K    6944    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
Dropbox.exe    9.37    186,048 K    226,444 K    8740    Dropbox    Dropbox, Inc.    (Verified) Dropbox, Inc
procexp64.exe    18.53    33,488 K    64,732 K    11200    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
System Idle Process    40.22    60 K    8 K    0            


 


  • 0

#48
RKinner
Posted 02 January 2020 - 03:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Not quite:

 

GWClient.exe    3.58    5,428 K    16,772 K    3796    e-Safe Compliance Client Service    Guardware Ltd    (Verified) Guardware Ltd.

 

However it looks like this Guardware garbage is at fault for WMI being high.

 

Do you use Dropbox?  If not uninstall it.


  • 0

#49
BobScott49
Posted 02 January 2020 - 04:57 PM

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

These do not appear in either Autoruns or msconfig

 

I have been through them both and 

R2 e-Safe Compliance Client; C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe [953376 2018-11-08] (Guardware Ltd. -> Guardware Ltd)
S2 GuardWareProxy; C:\Program Files (x86)\Guardware\Integrity Management\GWProxy.exe [4331552 2018-11-08] (Guardware Ltd. -> Guardware Ltd.)

 

are both unchecked in msconfig and

 

R2 GWDogFile; C:\windows\system32\drivers\GWDogFile.sys [43376 2018-08-07] (Guardware Ltd. -> Guardware Ltd)
R2 GWPG; C:\windows\system32\drivers\GWPG.sys [39808 2017-02-16] (Guardware Ltd. -> Guardware Ltd)
R2 GWScanner; C:\windows\system32\drivers\GWScanner.sys [68576 2018-05-17] (Guardware Ltd. -> Guardware Ltd)
R2 gwwfp; C:\windows\system32\Drivers\gwwfp64.sys [56288 2018-03-08] (Guardware Ltd. -> Guardware Ltd.)

 

 do not appear in msconfig but are unchecked in Autoruns.

 

 

I have been through Autoruns and msconfig very carefully and there are no other Guardware entries

 

 

I have uninstalled dropbox


  • 0

#50
RKinner
Posted 02 January 2020 - 05:59 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Bring up FRST

put

gwclient.exe

in the search box.

 

Hit Search Registry.  You will get one file.  Please post.


  • 0

#51
BobScott49
Posted 03 January 2020 - 05:03 AM

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by Bob Scott (03-01-2020 10:39:52)
Running from C:\Users\Bob Scott\Desktop
Boot Mode: Normal

================== Search Registry: "gwclient.exe" ===========

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\e-Safe Compliance Client]
"Path"=""C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\e-Safe Compliance Client]
"Path.Org"=""C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\e-Safe Compliance Client]
"Path.Win32"="C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\e-Safe Compliance Client]
"ImagePath"=""C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75AF006E-1262-4459-86AC-6DCA895A4A54}"="v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Public|App=C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe|Name=e-Safe Compliance Enterprise Client|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{34BFF36A-5E57-4C12-BE98-D30B1BB33663}"="v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe|Name=e-Safe Systems Client|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D3C737D-F1B6-40F6-836B-E875272984C6}"="v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe|Name=e-Safe Systems Client|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C3B80472-BC8C-4CC1-9A6E-E810FA0678C1}"="v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe|Name=e-Safe Systems Client|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{65F8B161-DDCB-4EB9-B735-AB43A877226D}"="v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe|Name=e-Safe Systems Client|"

====== End of Search ======


  • 0

#52
RKinner
Posted 03 January 2020 - 05:31 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Search for

regedit.exe

hit Enter

 

Navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\e-Safe Compliance Client

 

Click on

e-Safe Compliance Client

Look in the right pane for

StartType

Note its value.  (Probably 2)

Double click on StartType.  Type: 4

 

OK.  Does it complain or does it allow you to change it to 4?

 

Just to be sure it doesn't run:

 

Do the same thing for:

HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\e-Safe Compliance Client

 

If you were able to change both values then reboot and see if Process Explorer shows any Guardware programs running.

 

If you don't see  any running then save a copy of the log and post it  then you can go back into regedit.exe and change the two values back to 2

 


  • 0

#53
BobScott49
Posted 03 January 2020 - 07:13 AM

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

I changed the value on both to 4 (although in the currentcontrolset there was no StartType, only Start).  Rebooted but gww.exe and gwclient.exe are still showing in process explorer

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
AdobeIPCBroker.exe        2,072 K    9,464 K    11648    Adobe IPC Broker    Adobe Systems Incorporated    (Verified) Adobe Systems Incorporated
AGSService.exe        2,104 K    9,920 K    3620    Adobe Genuine Software Integrity Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.
amdow.exe        2,140 K    7,696 K    9128    AMD ReLive: Desktop Overlay    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
app_updater.exe        6,308 K    9,636 K    3752    Digital Wave Update Service    Digital Wave Ltd    (Verified) Digital Wave Ltd
armsvc.exe        1,624 K    6,752 K    3596    Adobe Acrobat Update Service    Adobe Systems    (Verified) Adobe Inc.
atiesrxx.exe        1,468 K    5,992 K    2308    AMD External Events Service Module    AMD    (Verified) Advanced Micro Devices, Inc.
audiodg.exe        9,724 K    17,092 K    2740    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
backgroundTaskHost.exe    Suspended    5,476 K    13,120 K    8164    Background Task Host    Microsoft Corporation    (Verified) Microsoft Windows
backgroundTaskHost.exe    Suspended    7,596 K    25,984 K    10984    Background Task Host    Microsoft Corporation    (Verified) Microsoft Windows
backgroundTaskHost.exe    Suspended    8,576 K    30,296 K    8436    Background Task Host    Microsoft Corporation    (Verified) Microsoft Windows
backgroundTaskHost.exe        14,136 K    18,248 K    10552    Background Task Host    Microsoft Corporation    (Verified) Microsoft Windows
BTDevMgr.exe        2,048 K    7,540 K    3648    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
conhost.exe        6,496 K    10,660 K    3268    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,516 K    10,920 K    5228    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,516 K    10,916 K    10728    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        3,348 K    12,448 K    6244    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        3,232 K    9,768 K    6424    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        1,532 K    6,536 K    4200    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe        26,428 K    49,760 K    10860    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
fontdrvhost.exe        1,564 K    3,428 K    376    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
fontdrvhost.exe        6,592 K    13,572 K    276    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
HPMSGSVC.exe        1,820 K    8,460 K    6152    HP Message Service    HP Inc.    (Verified) HP Inc.
HPWMISVC.exe        1,768 K    8,344 K    7488    HP WMI Service    HP Inc.    (Verified) HP Inc.
McCSPServiceHost.exe        6,520 K    20,164 K    7004    McAfee CSP Service Host    McAfee, LLC.    (Verified) McAfee, LLC.
mcshield.exe        36,780 K    2,340 K    10040    McAfee Scanner service    McAfee LLC.    (Verified) McAfee, Inc.
McUICnt.exe        10,580 K    30,888 K    1092    McAfee    McAfee, LLC.    (Verified) McAfee, LLC.
mDNSResponder.exe        1,960 K    6,600 K    3636    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
mfemms.exe        4,308 K    10,012 K    3928    McAfee Management Service    McAfee, LLC    (Verified) McAfee, Inc.
mfevtps.exe        5,760 K    10,724 K    5936    McAfee Process Validation Service    McAfee, LLC    (Verified) McAfee, Inc.
ModuleCoreService.exe        12,512 K    33,188 K    6092    McAfee Module Core Service    McAfee, LLC.    (Verified) McAfee, LLC
nlssrv32.exe        2,232 K    8,016 K    4016    This service enables products that use the Nalpeiron Licensing System     Nalpeiron Ltd.    (Certificate expired) Nalpeiron Ltd.
OfficeClickToRun.exe        15,020 K    29,560 K    3744    Microsoft Office Click-to-Run (SxS)    Microsoft Corporation    (Verified) Microsoft Corporation
PEFService.exe        1,696 K    7,436 K    3272    McAfee PEF Service    McAfee, Inc.    (Verified) McAfee, LLC.
procexp.exe        5,264 K    11,012 K    11644    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
ProtectedModuleHost.exe        5,188 K    15,680 K    5976    McAfee Protected Module Host    McAfee, LLC.    (Verified) McAfee, LLC.
Registry        10,900 K    34,884 K    88            
RemindersServer.exe    Suspended    7,940 K    17,924 K    5892    Reminders WinRT OOP Server    Microsoft Corporation    (Verified) Microsoft Windows
RtkAudioService64.exe        1,796 K    8,056 K    2936    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtkBtManServ.exe        1,708 K    7,244 K    4116    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
RtkNGUI64.exe        4,728 K    14,864 K    10124    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtlS5Wake.exe        4,240 K    12,620 K    7036    Realtek WOWL Utility    Realtek    (Verified) Realtek Semiconductor Corp.
RuntimeBroker.exe        6,460 K    23,992 K    6276    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        1,500 K    6,760 K    8344    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
SearchFilterHost.exe        1,520 K    6,208 K    11224    Microsoft Windows Search Filter Host    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe        27,000 K    19,344 K    7792    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
SearchUI.exe    Suspended    76,348 K    68,748 K    1016    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
SecurityHealthService.exe        2,144 K    9,340 K    11532    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
services.exe        5,512 K    9,940 K    856    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SettingSyncHost.exe        2,956 K    5,692 K    7360    Host Process for Setting Synchronization    Microsoft Corporation    (Verified) Microsoft Windows
SgrmBroker.exe        3,308 K    6,432 K    11204    System Guard Runtime Monitor Broker Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
sihost.exe        5,872 K    24,072 K    5844    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
smartscreen.exe        8,232 K    22,948 K    3872    Windows Defender SmartScreen    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        1,180 K    1,096 K    408    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe        30,808 K    66,284 K    8004            (Verified) Microsoft Windows
svchost.exe        908 K    3,872 K    268    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,456 K    5,472 K    980    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,356 K    5,584 K    4152    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,636 K    7,132 K    1620    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,684 K    6,544 K    4100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,960 K    8,120 K    3676    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,308 K    7,896 K    1680    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,884 K    7,776 K    1288    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,936 K    7,252 K    1164    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,752 K    6,548 K    4180    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,132 K    8,672 K    1636    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,524 K    6,292 K    1904    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,320 K    7,664 K    1280    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,040 K    7,836 K    4124    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,740 K    7,724 K    3504    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,848 K    7,808 K    5996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,796 K    7,016 K    3520    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,004 K    7,808 K    2692    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,436 K    6,100 K    6796    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,680 K    8,624 K    6640    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,128 K    11,960 K    1312    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,020 K    10,512 K    1296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,616 K    13,720 K    4452    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,512 K    5,724 K    3052    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,264 K    15,920 K    2764    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,724 K    10,436 K    1232    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,908 K    12,808 K    2012    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,332 K    9,320 K    2276    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,824 K    27,892 K    6100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,940 K    10,320 K    11408    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,212 K    7,760 K    2528    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,736 K    11,632 K    9252    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,800 K    6,636 K    8032    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,652 K    8,760 K    1888    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,096 K    16,660 K    3100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,092 K    8,352 K    1212    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,768 K    9,476 K    1628    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,676 K    7,908 K    3000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,184 K    8,396 K    2664    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,344 K    9,020 K    2452    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,896 K    21,228 K    4208    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,044 K    6,848 K    4420    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,752 K    7,060 K    11864    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,856 K    15,308 K    1244    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,252 K    12,552 K    2160    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,320 K    8,472 K    7080    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        9,384 K    17,792 K    3336    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,380 K    5,832 K    2552    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,280 K    9,716 K    5500    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,980 K    14,360 K    3152    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,448 K    26,976 K    5988    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,900 K    7,692 K    6096    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,840 K    10,288 K    6420    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,944 K    24,504 K    8324    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,764 K    11,572 K    1396    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,468 K    5,936 K    1272    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,968 K    13,380 K    2848    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,316 K    8,008 K    3916    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,068 K    7,808 K    3360    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        10,012 K    17,512 K    3768    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,656 K    8,228 K    896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,328 K    7,300 K    264    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        12,852 K    29,824 K    612    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,284 K    13,264 K    1976    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        18,968 K    20,692 K    1656    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,812 K    12,824 K    3728    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,132 K    7,508 K    10888    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SynTPEnhService.exe        3,512 K    9,540 K    2204    64-bit Synaptics Pointing Enhance Service    Synaptics Incorporated    (Verified) Synaptics Incorporated
SynTPHelper.exe        2,244 K    6,312 K    6760    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
taskhostw.exe        5,976 K    14,212 K    2548    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,356 K    6,612 K    5488    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,436 K    6,844 K    10540    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
vidnotifier.exe        5,352 K    20,568 K    8528    Video Notifier    Digital Wave Ltd    (Verified) Digital Wave Ltd
wininit.exe        1,724 K    6,648 K    788    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
winlogon.exe        2,560 K    9,316 K    940    Windows Log-on Application    Microsoft Corporation    (Verified) Microsoft Windows
wlanext.exe        2,072 K    7,092 K    3252    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        3,256 K    9,424 K    6728    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
YourPhone.exe    Suspended    13,864 K    29,304 K    8420            (No signature was present in the subject)
firefox.exe    < 0.01    59,420 K    98,972 K    10964    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
RadeonSettings.exe    < 0.01    159,980 K    40,832 K    6164    Radeon Settings: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
svchost.exe    < 0.01    5,472 K    17,996 K    6596    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    3,584 K    11,160 K    5108    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
RAVBg64.exe    < 0.01    6,400 K    15,700 K    4320    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
csrss.exe    < 0.01    1,936 K    5,004 K    684    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
GWClient.exe    < 0.01    5,472 K    16,824 K    3792    e-Safe Compliance Client Service    Guardware Ltd    (Verified) Guardware Ltd.
svchost.exe    < 0.01    3,068 K    8,052 K    2376    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    1,832 K    6,508 K    3068    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    < 0.01    43,184 K    69,312 K    10420    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
svchost.exe    < 0.01    7,260 K    23,432 K    10884    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SynTPEnh.exe    < 0.01    7,864 K    14,856 K    3708    Synaptics TouchPad 64-bit Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
mfefire.exe    0.01    4,228 K    11,164 K    6660    McAfee Core Firewall Service    McAfee, LLC    (Verified) McAfee, Inc.
SearchProtocolHost.exe    0.01    1,888 K    7,632 K    8632    Microsoft Windows Search Protocol Host    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    17,116 K    24,776 K    8668    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
RuntimeBroker.exe    0.01    4,972 K    18,924 K    12200    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
HxTsr.exe    0.01    6,796 K    25,752 K    11440    Microsoft Outlook Communications    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
GWW.exe    0.01    44,576 K    43,396 K    8728    e-Safe Compliance Client Application    Guardware Ltd.    (Verified) Guardware Ltd.
ModuleCoreService.exe    0.01    31,148 K    62,668 K    3968    McAfee Module Core Service    McAfee, LLC.    (Verified) McAfee, LLC
svchost.exe    0.01    1,912 K    7,196 K    2212    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
Memory Compression    0.01    252 K    46,036 K    2592            
svchost.exe    0.01    4,308 K    16,104 K    2352    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
psi_tray.exe    0.01    1,424 K    6,748 K    7800    Secunia PSI Tray    Secunia    (Verified) Secunia
lsass.exe    0.01    7,160 K    16,172 K    864    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
MMSSHOST.exe    0.02    25,076 K    53,460 K    5884    McAfee Management Service Host    McAfee, LLC.    (Verified) McAfee, LLC.
CastSrv.exe    0.02    3,832 K    9,020 K    9056    Casting protocol connection listener    Microsoft Corporation    (Verified) Microsoft Windows
AGMService.exe    0.02    2,452 K    9,624 K    3608    Adobe Genuine Software Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.
RuntimeBroker.exe    0.02    2,760 K    11,196 K    11976    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe    0.02    11,056 K    35,908 K    6112    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
amddvr.exe    0.02    171,236 K    14,288 K    8920    AMD ReLive: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
svchost.exe    0.03    3,912 K    16,544 K    1256    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
EOSUPNPSV.exe    0.03    3,532 K    9,968 K    10812    Canon EOS UPNP Detector    CANON INC.    (Verified) Canon Inc.
uihost.exe    0.03    4,704 K    13,040 K    9504    McAfee WebAdvisor    McAfee, Inc.    (Verified) McAfee, LLC
firefox.exe    0.04    145,620 K    217,316 K    4392    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
svchost.exe    0.04    6,800 K    12,956 K    708    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.04    1,436 K    5,444 K    4296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
mcapexe.exe    0.05    4,236 K    11,896 K    9524    McAfee Access Protection    McAfee, LLC    (Verified) McAfee, LLC.
spoolsv.exe    0.05    6,384 K    15,288 K    3244    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
EOS Utility.exe    0.08    27,076 K    31,080 K    580    EOS Utility    Canon INC.    (Verified) Canon Inc.
servicehost.exe    0.13    9,344 K    21,804 K    8464    McAfee WebAdvisor    McAfee, Inc.    (Verified) McAfee, LLC
explorer.exe    0.14    46,676 K    100,420 K    3440    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
ijplmsvc.exe    0.22    5,696 K    8,164 K    3888    Inkjet Printer/Scanner/Fax Extended Survey Program Service        (Verified) Canon Inc.
firefox.exe    0.24    100,868 K    144,908 K    10648    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
atieclxx.exe    0.27    2,532 K    10,088 K    2500    AMD External Events Client Module    AMD    (Verified) Advanced Micro Devices, Inc.
express.exe    0.31    46,760 K    87,976 K    7424    Garmin Express    Garmin Ltd. or its subsidiaries    (Verified) Garmin International, Inc.
svchost.exe    0.36    13,088 K    23,048 K    3896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
csrss.exe    0.88    2,524 K    5,044 K    804    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    1.23    41,980 K    50,976 K    2536    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
MfeAVSvc.exe    1.80    26,548 K    51,060 K    9644    McAfee Cloud AV    McAfee, LLC.    (Verified) McAfee, LLC.
Interrupts    1.53    0 K    0 K    n/a    Hardware Interrupts and DPCs        
dwm.exe    1.88    49,464 K    62,836 K    1064    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
System    3.20    204 K    1,120 K    4            
WmiPrvSE.exe    18.32    7,828 K    16,260 K    5564    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
procexp64.exe    20.59    34,356 K    63,008 K    11732    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
System Idle Process    35.48    60 K    8 K    0            


 


  • 0

#54
RKinner
Posted 03 January 2020 - 07:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Can you right click on both and Suspend?  If so wait a minute then make a new log.

If not

Try running FRST

put

gww.exe

 

in the Search Box and then hit Search Registry.  You will get only one log.  Please post.


  • 0

#55
BobScott49
Posted 03 January 2020 - 08:07 AM

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Okay done that

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    66.11    60 K    8 K    0            
WmiPrvSE.exe    17.87    7,616 K    14,020 K    5564    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
procexp64.exe    10.04    33,184 K    63,976 K    10824    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
System    1.05    204 K    2,564 K    4            
Interrupts    0.88    0 K    0 K    n/a    Hardware Interrupts and DPCs        
firefox.exe    0.67    104,692 K    136,424 K    11172    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
svchost.exe    0.61    11,868 K    20,108 K    3896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
dwm.exe    0.59    90,812 K    94,240 K    1064    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
express.exe    0.41    43,312 K    73,116 K    7424    Garmin Express    Garmin Ltd. or its subsidiaries    (Verified) Garmin International, Inc.
MfeAVSvc.exe    0.40    26,592 K    27,940 K    9644    McAfee Cloud AV    McAfee, LLC.    (Verified) McAfee, LLC.
csrss.exe    0.22    5,776 K    8,184 K    804    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
servicehost.exe    0.20    8,512 K    7,856 K    8464    McAfee WebAdvisor    McAfee, Inc.    (Verified) McAfee, LLC
firefox.exe    0.20    187,992 K    248,276 K    2428    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
explorer.exe    0.16    50,936 K    102,952 K    3440    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.09    337,828 K    391,324 K    704    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
EOS Utility.exe    0.08    27,020 K    27,868 K    580    EOS Utility    Canon INC.    (Verified) Canon Inc.
ModuleCoreService.exe    0.06    29,228 K    16,160 K    3968    McAfee Module Core Service    McAfee, LLC.    (Verified) McAfee, LLC
firefox.exe    0.04    86,228 K    120,288 K    11100    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
EOSUPNPSV.exe    0.04    3,584 K    9,604 K    10812    Canon EOS UPNP Detector    CANON INC.    (Verified) Canon Inc.
amddvr.exe    0.04    171,204 K    8,288 K    8920    AMD ReLive: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
psi_tray.exe    0.04    1,356 K    6,448 K    7800    Secunia PSI Tray    Secunia    (Verified) Secunia
SearchIndexer.exe    0.04    28,916 K    34,280 K    7792    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
uihost.exe    0.03    4,544 K    2,452 K    9504    McAfee WebAdvisor    McAfee, Inc.    (Verified) McAfee, LLC
AGMService.exe    0.03    2,300 K    8,912 K    3608    Adobe Genuine Software Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.
firefox.exe    0.03    207,680 K    233,440 K    10648    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
mcapexe.exe    0.02    3,248 K    3,116 K    9524    McAfee Access Protection    McAfee, LLC    (Verified) McAfee, LLC.
lsass.exe    0.02    7,352 K    15,148 K    864    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SynTPEnh.exe    0.01    7,904 K    14,224 K    3708    Synaptics TouchPad 64-bit Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
atieclxx.exe    0.01    2,500 K    9,532 K    2500    AMD External Events Client Module    AMD    (Verified) Advanced Micro Devices, Inc.
svchost.exe    0.01    12,576 K    28,568 K    612    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    7,728 K    14,616 K    708    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
OfficeClickToRun.exe    < 0.01    27,784 K    29,372 K    3744    Microsoft Office Click-to-Run (SxS)    Microsoft Corporation    (Verified) Microsoft Corporation
svchost.exe    < 0.01    5,220 K    10,336 K    6420    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
RAVBg64.exe    < 0.01    6,440 K    15,280 K    4320    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
svchost.exe    < 0.01    3,588 K    10,220 K    5108    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
YourPhone.exe    Suspended    13,864 K    28,564 K    8420            (No signature was present in the subject)
WmiPrvSE.exe        2,616 K    9,056 K    6728    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
wlanext.exe        2,036 K    6,468 K    3252    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        2,788 K    9,196 K    940    Windows Log-on Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,412 K    6,276 K    788    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
vidnotifier.exe        5,412 K    18,896 K    8528    Video Notifier    Digital Wave Ltd    (Verified) Digital Wave Ltd
unsecapp.exe        1,324 K    6,428 K    5488    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,408 K    6,612 K    10540    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
taskhostw.exe        5,876 K    14,240 K    2548    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
SynTPHelper.exe        2,184 K    5,736 K    6760    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
SynTPEnhService.exe        3,404 K    8,644 K    2204    64-bit Synaptics Pointing Enhance Service    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe        44,172 K    49,864 K    2536    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,228 K    15,792 K    6596    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,304 K    7,676 K    2376    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,496 K    11,228 K    2160    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,716 K    13,268 K    3152    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,092 K    8,976 K    5500    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,784 K    8,976 K    1296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,636 K    19,324 K    4208    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,292 K    26,360 K    6100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,460 K    18,384 K    984    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,440 K    5,596 K    1272    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,152 K    6,800 K    10888    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,988 K    6,084 K    4420    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,624 K    13,532 K    1976    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,068 K    7,040 K    3360    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,316 K    7,756 K    3916    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,028 K    13,088 K    2848    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,620 K    7,532 K    896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        22,296 K    24,236 K    3768    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,984 K    7,424 K    2212    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        13,708 K    13,540 K    1656    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,780 K    9,460 K    1628    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,772 K    14,508 K    3100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,748 K    12,432 K    2012    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,892 K    8,364 K    2452    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,408 K    9,680 K    1232    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,516 K    8,244 K    2276    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,064 K    18,860 K    5988    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,832 K    6,052 K    3068    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,224 K    6,616 K    264    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,944 K    6,764 K    2528    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        9,116 K    28,100 K    10884    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,176 K    7,248 K    3000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,348 K    14,108 K    1244    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,080 K    11,612 K    1312    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,784 K    9,680 K    11408    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,564 K    14,188 K    1256    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,960 K    8,292 K    11116    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        8,812 K    15,236 K    3336    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,188 K    12,920 K    3728    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,332 K    5,604 K    2552    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,576 K    5,816 K    11352    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,744 K    11,112 K    1396    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,700 K    8,240 K    6640    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,920 K    8,824 K    6796    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        960 K    3,612 K    268    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,900 K    6,540 K    1280    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,884 K    10,888 K    1288    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,472 K    6,484 K    1620    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,024 K    8,072 K    1636    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,172 K    7,972 K    1680    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,824 K    6,680 K    1888    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,416 K    5,816 K    1904    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,904 K    7,676 K    2664    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,004 K    7,252 K    2692    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,636 K    6,732 K    3504    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,748 K    6,080 K    3520    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,904 K    7,548 K    3676    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,628 K    5,784 K    4100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,932 K    6,880 K    4124    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,304 K    5,172 K    4152    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,660 K    6,292 K    4180    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,324 K    4,972 K    4296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,712 K    11,996 K    4452    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,372 K    4,996 K    980    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,740 K    7,276 K    5996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,792 K    7,036 K    6096    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,004 K    14,660 K    8324    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,224 K    8,532 K    7080    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,516 K    10,900 K    9252    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,788 K    10,568 K    11936    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe        29,796 K    52,108 K    8004            (Verified) Microsoft Windows
spoolsv.exe        6,256 K    13,156 K    3244    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        1,148 K    964 K    408    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
smartscreen.exe        7,800 K    22,116 K    5260    Windows Defender SmartScreen    Microsoft Corporation    (Verified) Microsoft Windows
sihost.exe        5,980 K    24,428 K    5844    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
SgrmBroker.exe        3,884 K    6,272 K    11204    System Guard Runtime Monitor Broker Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SettingSyncHost.exe        2,544 K    4,500 K    7360    Host Process for Setting Synchronization    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        5,436 K    8,004 K    856    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SecurityHealthService.exe        3,628 K    14,452 K    11532    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchUI.exe    Suspended    76,316 K    70,568 K    1016    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        1,376 K    6,592 K    8344    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        7,912 K    24,220 K    6112    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        5,928 K    21,900 K    6276    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        4,920 K    27,264 K    2924    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        3,904 K    15,988 K    12200    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RtlS5Wake.exe        4,092 K    10,988 K    7036    Realtek WOWL Utility    Realtek    (Verified) Realtek Semiconductor Corp.
RtkNGUI64.exe        4,728 K    13,940 K    10124    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtkBtManServ.exe        1,680 K    6,788 K    4116    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
RtkAudioService64.exe        1,796 K    7,684 K    2936    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RemindersServer.exe    Suspended    8,272 K    19,320 K    5892    Reminders WinRT OOP Server    Microsoft Corporation    (Verified) Microsoft Windows
Registry        8,312 K    30,172 K    88            
RadeonSettings.exe        160,000 K    22,056 K    6164    Radeon Settings: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
ProtectedModuleHost.exe        4,336 K    14,380 K    5976    McAfee Protected Module Host    McAfee, LLC.    (Verified) McAfee, LLC.
procexp.exe        5,464 K    11,020 K    9024    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PEFService.exe        1,636 K    1,172 K    3272    McAfee PEF Service    McAfee, Inc.    (Verified) McAfee, LLC.
nlssrv32.exe        2,092 K    7,448 K    4016    This service enables products that use the Nalpeiron Licensing System     Nalpeiron Ltd.    (Certificate expired) Nalpeiron Ltd.
ModuleCoreService.exe        9,852 K    6,704 K    6092    McAfee Module Core Service    McAfee, LLC.    (Verified) McAfee, LLC
MMSSHOST.exe        26,964 K    34,580 K    5884    McAfee Management Service Host    McAfee, LLC.    (Verified) McAfee, LLC.
mfevtps.exe        5,456 K    10,396 K    5936    McAfee Process Validation Service    McAfee, LLC    (Verified) McAfee, Inc.
mfemms.exe        3,244 K    8,472 K    3928    McAfee Management Service    McAfee, LLC    (Verified) McAfee, Inc.
mfefire.exe        3,644 K    10,492 K    6660    McAfee Core Firewall Service    McAfee, LLC    (Verified) McAfee, Inc.
Memory Compression        612 K    166,084 K    2592            
mDNSResponder.exe        1,848 K    6,136 K    3636    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
McUICnt.exe        10,248 K    10,252 K    1092    McAfee    McAfee, LLC.    (Verified) McAfee, LLC.
McSmtFwk.exe        3,652 K    11,912 K    3800    McAfee Trusted Advisor Framework Exe    McAfee, LLC.    (Verified) McAfee, LLC.
mcshield.exe        35,568 K    18,672 K    10040    McAfee Scanner service    McAfee LLC.    (Verified) McAfee, Inc.
McCSPServiceHost.exe        7,892 K    14,652 K    7004    McAfee CSP Service Host    McAfee, LLC.    (Verified) McAfee, LLC.
LocalBridge.exe        28,896 K    39,676 K    7756    LocalBridge        (Verified) Microsoft Corporation
ijplmsvc.exe        1,684 K    7,384 K    3888    Inkjet Printer/Scanner/Fax Extended Survey Program Service        (Verified) Canon Inc.
HxTsr.exe    Suspended    12,060 K    37,892 K    2616    Microsoft Outlook Communications    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
HxOutlook.exe    Suspended    88,388 K    96,320 K    8496    Microsoft Outlook    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
HPWMISVC.exe        1,552 K    8,004 K    7488    HP WMI Service    HP Inc.    (Verified) HP Inc.
HPMSGSVC.exe        1,524 K    8,052 K    6152    HP Message Service    HP Inc.    (Verified) HP Inc.
GWW.exe    Suspended    48,968 K    32,660 K    8728    e-Safe Compliance Client Application    Guardware Ltd.    (Verified) Guardware Ltd.
GWClient.exe    Suspended    6,116 K    16,832 K    3792    e-Safe Compliance Client Service    Guardware Ltd    (Verified) Guardware Ltd.
fontdrvhost.exe        4,908 K    8,684 K    276    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
fontdrvhost.exe        1,564 K    2,836 K    376    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe        142,152 K    138,740 K    11152    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        68,116 K    91,904 K    12076    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        39,740 K    51,296 K    520    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dllhost.exe        1,472 K    6,584 K    7396    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        3,256 K    9,536 K    6424    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        1,368 K    6,256 K    4200    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        4,524 K    12,972 K    6244    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe        1,776 K    4,760 K    684    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
conhost.exe        6,516 K    5,972 K    10728    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,436 K    5,636 K    3268    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,488 K    5,992 K    5228    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
CastSrv.exe        3,664 K    8,600 K    9056    Casting protocol connection listener    Microsoft Corporation    (Verified) Microsoft Windows
BTDevMgr.exe        2,016 K    6,964 K    3648    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
audiodg.exe        11,584 K    20,900 K    10496    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
atiesrxx.exe        1,388 K    5,544 K    2308    AMD External Events Service Module    AMD    (Verified) Advanced Micro Devices, Inc.
armsvc.exe        1,400 K    6,420 K    3596    Adobe Acrobat Update Service    Adobe Systems    (Verified) Adobe Inc.
ApplicationFrameHost.exe        9,880 K    29,524 K    11324    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows
app_updater.exe        6,168 K    7,916 K    3752    Digital Wave Update Service    Digital Wave Ltd    (Verified) Digital Wave Ltd
amdow.exe        2,104 K    7,124 K    9128    AMD ReLive: Desktop Overlay    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
AGSService.exe        1,960 K    9,332 K    3620    Adobe Genuine Software Integrity Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.


 


  • 0

Advertisements

#56
RKinner
Posted 03 January 2020 - 08:21 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Did you wait a full minute before running Process Explorer?   Does the amount of CPU used by WmiPrvSE.exe vary  if you let it sit for a while?

System Idle is the best we've seen so far.  If you add in the CPU used by latency monitor we are up to 76%  If we could get WmiPrvSE down to normal we would have over 90 which would be normal.  I wonder if McAfee might be causing the problem?  Are you paying for it?

 

Can you run Latency Monitor again?  Also give me screen shots of the Processes and Drivers tabs.

 

Also give me a new FRST scan.


  • 0

#57
BobScott49
Posted 03 January 2020 - 09:39 AM

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Here's another process explorer log for which I waited a good 5 minutes.

 

WmiPrvSE.exe CPU seems to vary from very low up to 30% but is generally around 20ish

 

I am paying for McAfee but the license runs out in one month and I have already told them that I will not be renewing as I am fed up with all the pop ups and notifications I keep getting which are unrelated to its performance.  I'm therefore in the market for a new virus protector and would happily get rid of McAfee now if you have any suggestions for a replacement

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    45.40    60 K    8 K    0            
WmiPrvSE.exe    16.41    9,364 K    12,932 K    5564    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
procexp64.exe    7.70    34,160 K    64,724 K    968    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
LatMon.exe    7.13    29,056 K    48,396 K    9480    LatencyMon    Resplendence Software Projects Sp.    (Verified) Daniel Terhell
System    1.42    208 K    4,028 K    4            
Interrupts    1.67    0 K    0 K    n/a    Hardware Interrupts and DPCs        
dwm.exe    0.72    83,260 K    53,736 K    7096    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
express.exe    0.40    44,068 K    24,796 K    7508    Garmin Express    Garmin Ltd. or its subsidiaries    (Verified) Garmin International, Inc.
svchost.exe    0.30    12,284 K    14,700 K    3896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    0.29    144,344 K    178,796 K    8508    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
csrss.exe    0.25    4,412 K    4,784 K    1208    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
servicehost.exe    0.16    8,560 K    8,860 K    8464    McAfee WebAdvisor    McAfee, Inc.    (Verified) McAfee, LLC
explorer.exe    0.12    47,748 K    62,364 K    8340    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.09    41,264 K    39,472 K    2536    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    0.08    167,020 K    236,144 K    4268    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
EOS Utility.exe    0.06    27,112 K    7,244 K    2072    EOS Utility    Canon INC.    (Verified) Canon Inc.
services.exe    0.05    5,364 K    6,212 K    856    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    0.05    72,740 K    99,744 K    9904    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
ModuleCoreService.exe    0.05    32,048 K    28,528 K    3968    McAfee Module Core Service    McAfee, LLC.    (Verified) McAfee, LLC
mcapexe.exe    0.04    3,288 K    1,880 K    9524    McAfee Access Protection    McAfee, LLC    (Verified) McAfee, LLC.
AGMService.exe    0.04    2,312 K    2,396 K    3608    Adobe Genuine Software Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.
uihost.exe    0.04    4,556 K    2,240 K    5368    McAfee WebAdvisor    McAfee, Inc.    (Verified) McAfee, LLC
psi_tray.exe    0.04    1,352 K    1,204 K    7492    Secunia PSI Tray    Secunia    (Verified) Secunia
amddvr.exe    0.03    171,076 K    7,020 K    10820    AMD ReLive: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
MfeAVSvc.exe    0.03    20,960 K    20,908 K    9644    McAfee Cloud AV    McAfee, LLC.    (Verified) McAfee, LLC.
EOSUPNPSV.exe    0.02    3,604 K    4,164 K    2524    Canon EOS UPNP Detector    CANON INC.    (Verified) Canon Inc.
svchost.exe    0.34    13,272 K    17,944 K    612    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.16    8,164 K    10,584 K    708    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
lsass.exe    0.06    7,676 K    10,752 K    864    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
sihost.exe    0.01    6,112 K    13,940 K    5748    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
SynTPEnh.exe    0.01    7,836 K    6,552 K    2228    Synaptics TouchPad 64-bit Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
csrss.exe    < 0.01    1,812 K    1,884 K    684    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        960 K    468 K    268    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
atieclxx.exe    < 0.01    2,364 K    2,680 K    10548    AMD External Events Client Module    AMD    (Verified) Advanced Micro Devices, Inc.
RAVBg64.exe    < 0.01    6,324 K    7,004 K    3128    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
svchost.exe    < 0.01    3,532 K    2,516 K    5108    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
MMSSHOST.exe    < 0.01    27,532 K    25,468 K    5884    McAfee Management Service Host    McAfee, LLC.    (Verified) McAfee, LLC.
svchost.exe    < 0.01    2,692 K    2,844 K    3152    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
Memory Compression    < 0.01    572 K    109,528 K    2592            
RadeonSettings.exe    < 0.01    162,392 K    12,280 K    10524    Radeon Settings: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
YourPhone.exe    Suspended    13,844 K    356 K    11796            (No signature was present in the subject)
WmiPrvSE.exe        2,616 K    5,704 K    8256    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
wlanext.exe        2,040 K    1,316 K    3252    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        2,652 K    3,784 K    8512    Windows Log-on Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,420 K    668 K    788    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe        15,316 K    10,012 K    7216    WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe    Microsoft Corporation    (Verified) Microsoft Windows
vidnotifier.exe        6,192 K    7,160 K    1348    Video Notifier    Digital Wave Ltd    (Verified) Digital Wave Ltd
unsecapp.exe        1,324 K    2,036 K    5488    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,408 K    2,108 K    972    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
taskhostw.exe        7,384 K    9,364 K    2464    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
SystemSettings.exe    Suspended    25,296 K    1,268 K    3948    Settings    Microsoft Corporation    (Verified) Microsoft Windows
SynTPHelper.exe        2,180 K    1,072 K    492    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
SynTPEnhService.exe        3,404 K    1,916 K    2204    64-bit Synaptics Pointing Enhance Service    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe        3,988 K    6,904 K    2848    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,680 K    9,212 K    10884    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,296 K    3,884 K    6596    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,344 K    11,344 K    1976    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,316 K    2,732 K    3916    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,016 K    2,220 K    3360    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.11    2,748 K    3,688 K    896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,568 K    1,460 K    1272    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,668 K    5,464 K    2160    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,228 K    2,288 K    10888    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,232 K    2,972 K    6420    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,424 K    2,044 K    1232    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,600 K    8,976 K    1244    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,900 K    888 K    1280    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,896 K    808 K    1288    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,840 K    2,384 K    1296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,100 K    3,976 K    1312    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,784 K    4,856 K    1396    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,472 K    664 K    1620    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,728 K    4,256 K    1628    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,024 K    776 K    1636    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        13,340 K    9,188 K    1656    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,168 K    1,072 K    1680    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,160 K    3,752 K    1888    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,412 K    1,352 K    1904    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,212 K    1,952 K    264    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,796 K    5,052 K    2012    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,972 K    2,876 K    2212    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,288 K    3,788 K    2376    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,104 K    4,928 K    2452    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,120 K    3,684 K    2528    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,332 K    1,396 K    2552    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,024 K    4,700 K    2664    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,004 K    2,376 K    2692    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,832 K    2,160 K    3068    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,640 K    2,476 K    2276    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,172 K    2,868 K    3000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,852 K    5,832 K    3100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        8,928 K    6,680 K    3336    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,636 K    1,380 K    3504    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,768 K    964 K    3520    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,904 K    1,684 K    3676    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,392 K    8,460 K    3728    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        30,408 K    27,184 K    3768    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,628 K    372 K    4100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,932 K    1,200 K    4124    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,304 K    684 K    4152    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,660 K    1,112 K    4180    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,708 K    10,116 K    4208    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,328 K    704 K    4296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,988 K    588 K    4420    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,728 K    3,380 K    4452    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,372 K    352 K    980    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,804 K    8,956 K    1256    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,784 K    1,020 K    6096    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,916 K    4,888 K    6796    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,752 K    4,380 K    6640    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,512 K    4,136 K    5500    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,068 K    2,668 K    8324    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,556 K    5,488 K    7080    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,816 K    3,584 K    11408    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,516 K    1,092 K    9252    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,804 K    4,720 K    11936    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,052 K    4,396 K    11116    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,712 K    1,064 K    11144    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,440 K    2,976 K    2648    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,404 K    16,536 K    64    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,480 K    9,756 K    5512    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,136 K    3,588 K    5880    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,488 K    5,792 K    516    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe        30,196 K    21,616 K    96            (Verified) Microsoft Windows
spoolsv.exe        6,164 K    5,372 K    3244    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        1,148 K    300 K    408    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SgrmBroker.exe        3,268 K    3,656 K    11204    System Guard Runtime Monitor Broker Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SettingSyncHost.exe        7,628 K    1,772 K    8644    Host Process for Setting Synchronization    Microsoft Corporation    (Verified) Microsoft Windows
SecurityHealthService.exe        3,688 K    8,052 K    11532    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchUI.exe    Suspended    76,604 K    1,312 K    11892    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe        29,552 K    16,380 K    7792    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        8,892 K    16,268 K    7768    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        5,876 K    5,924 K    2424    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        1,496 K    1,600 K    4608    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        4,112 K    12,728 K    10856    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        6,784 K    18,004 K    8580    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        1,360 K    956 K    8764    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RtlS5Wake.exe        4,268 K    2,732 K    1700    Realtek WOWL Utility    Realtek    (Verified) Realtek Semiconductor Corp.
RtkNGUI64.exe        4,700 K    3,784 K    5016    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtkBtManServ.exe        1,680 K    2,032 K    4116    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
RtkAudioService64.exe        1,796 K    2,336 K    2936    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RemindersServer.exe    Suspended    7,788 K    6,604 K    1144    Reminders WinRT OOP Server    Microsoft Corporation    (Verified) Microsoft Windows
Registry        8,660 K    31,524 K    88            
ProtectedModuleHost.exe        4,336 K    1,676 K    5976    McAfee Protected Module Host    McAfee, LLC.    (Verified) McAfee, LLC.
procexp.exe        5,440 K    10,996 K    10784    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PEFService.exe        1,636 K    972 K    3272    McAfee PEF Service    McAfee, Inc.    (Verified) McAfee, LLC.
OfficeClickToRun.exe        29,072 K    22,568 K    3744    Microsoft Office Click-to-Run (SxS)    Microsoft Corporation    (Verified) Microsoft Corporation
nlssrv32.exe        2,092 K    756 K    4016    This service enables products that use the Nalpeiron Licensing System     Nalpeiron Ltd.    (Certificate expired) Nalpeiron Ltd.
ModuleCoreService.exe        9,756 K    8,956 K    1712    McAfee Module Core Service    McAfee, LLC.    (Verified) McAfee, LLC
MicrosoftEdgeSH.exe    Suspended    3,892 K    260 K    1192    Microsoft Edge Web Platform    Microsoft Corporation    (Verified) Microsoft Windows
MicrosoftEdgeCP.exe    Suspended    5,728 K    304 K    1332    Microsoft Edge Content Process    Microsoft Corporation    (Verified) Microsoft Windows
MicrosoftEdge.exe    Suspended    24,164 K    1,044 K    5624    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
mfevtps.exe        6,036 K    6,844 K    5936    McAfee Process Validation Service    McAfee, LLC    (Verified) McAfee, Inc.
mfemms.exe        3,248 K    2,024 K    3928    McAfee Management Service    McAfee, LLC    (Verified) McAfee, Inc.
mfefire.exe        3,640 K    3,148 K    6660    McAfee Core Firewall Service    McAfee, LLC    (Verified) McAfee, Inc.
mDNSResponder.exe        1,848 K    1,512 K    3636    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
McUICnt.exe        13,252 K    13,872 K    10148    McAfee    McAfee, LLC.    (Verified) McAfee, LLC.
McSmtFwk.exe        2,716 K    1,976 K    3800    McAfee Trusted Advisor Framework Exe    McAfee, LLC.    (Verified) McAfee, LLC.
mcshield.exe        43,732 K    22,728 K    10040    McAfee Scanner service    McAfee LLC.    (Verified) McAfee, Inc.
McCSPServiceHost.exe        7,800 K    10,000 K    7004    McAfee CSP Service Host    McAfee, LLC.    (Verified) McAfee, LLC.
ijplmsvc.exe        5,592 K    4,244 K    3888    Inkjet Printer/Scanner/Fax Extended Survey Program Service        (Verified) Canon Inc.
HxTsr.exe    Suspended    12,712 K    25,528 K    4344    Microsoft Outlook Communications    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
HxOutlook.exe    Suspended    95,960 K    62,500 K    2220    Microsoft Outlook    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
HPWMISVC.exe        1,584 K    1,472 K    7488    HP WMI Service    HP Inc.    (Verified) HP Inc.
HPMSGSVC.exe        1,524 K    1,276 K    1940    HP Message Service    HP Inc.    (Verified) HP Inc.
GWClient.exe    Suspended    6,116 K    928 K    3792    e-Safe Compliance Client Service    Guardware Ltd    (Verified) Guardware Ltd.
fontdrvhost.exe        4,688 K    4,956 K    1668    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
fontdrvhost.exe        1,832 K    988 K    376    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe        36,856 K    54,540 K    1000    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        35,484 K    49,408 K    10836    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dllhost.exe        3,312 K    3,536 K    6424    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        1,500 K    3,004 K    5952    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        4,212 K    7,268 K    11744    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,436 K    1,032 K    3268    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,492 K    1,084 K    9148    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,496 K    1,028 K    8476    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
CastSrv.exe        4,284 K    2,240 K    1932    Casting protocol connection listener    Microsoft Corporation    (Verified) Microsoft Windows
BTDevMgr.exe        2,016 K    2,316 K    3648    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
browser_broker.exe        1,564 K    1,576 K    2700    Browser_Broker    Microsoft Corporation    (Verified) Microsoft Windows
atiesrxx.exe        1,388 K    764 K    2308    AMD External Events Service Module    AMD    (Verified) Advanced Micro Devices, Inc.
armsvc.exe        1,400 K    728 K    3596    Adobe Acrobat Update Service    Adobe Systems    (Verified) Adobe Inc.
ApplicationFrameHost.exe        14,520 K    15,556 K    11628    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows
app_updater.exe        6,168 K    1,972 K    3752    Digital Wave Update Service    Digital Wave Ltd    (Verified) Digital Wave Ltd
amdow.exe        2,100 K    1,992 K    10296    AMD ReLive: Desktop Overlay    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
AGSService.exe        1,960 K    1,028 K    3620    Adobe Genuine Software Integrity Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by Bob Scott (administrator) on RS-140429774-01 (HP HP Laptop 15-db0xxx) (03-01-2020 15:28:31)
Running from C:\Users\Bob Scott\Desktop
Loaded Profiles: Bob Scott (Available Profiles: Bob Scott)
Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334924.inf_amd64_05abf00239dfc53b\B334881\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334924.inf_amd64_05abf00239dfc53b\B334881\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> Canon INC.) C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
(Daniel Terhell -> Resplendence Software Projects Sp.) C:\Program Files\LatencyMon\LatMon.exe
(Digital Wave Ltd -> Digital Wave Ltd) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Digital Wave Ltd -> Digital Wave Ltd) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Guardware Ltd. -> Guardware Ltd) C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, Inc.) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, LLC. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_19_7\mcapexe.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\CSP\3.2.117.0\McCSPServiceHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, LLC. -> McAfee, LLC.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nalpeiron LTD -> Nalpeiron Ltd.) [File not signed] C:\Windows\SysWOW64\nlssrv32.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Secunia -> Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2019-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobePSE17AutoAnalyzer] => C:\Program Files\Adobe\Elements 2019 Organizer\Elements Auto Creations 2019.exe [3058696 2018-08-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277520 2019-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709160 2018-05-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\Run: [vidnotifier.exe] => C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe [1814848 2019-07-25] (Digital Wave Ltd -> Digital Wave Ltd)
HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\Run: [Amazon Photos] => C:\Users\Bob Scott\AppData\Local\Amazon Drive\AmazonPhotos.exe [9232552 2019-11-12] (Amazon Services LLC -> Amazon.com Inc.)
HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30868464 2019-11-21] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [807936 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2019-09-13]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia -> Secunia)
Startup: C:\Users\Bob Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk [2019-07-06]
ShortcutTarget: EOS Utility.lnk -> C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe (Canon Inc. -> Canon INC.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {010DC41D-C102-4589-BCE9-BCA77E9AD217} - System32\Tasks\AdobeAAMUpdater-1.0-RS-140429774-01-Bob Scott => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {05BAE5FF-D17A-413B-BD0B-DF7D213516B8} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {06D65E62-A42C-4411-84A5-CDC377FF258B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2019-11-21] (Garmin International, Inc. -> )
Task: {0C35CBA6-7395-4948-A3C5-E706BA44C669} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {109B7335-D075-4AC1-8A46-2066D6669DC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {1A9E6804-7F1F-405C-82FE-109BD4BA7274} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-10-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {277EBFCA-4599-47F8-9096-AB73CEB2363C} - System32\Tasks\CMPCUAC => C:\Program Files\CleanMyPC\CleanMyPC.exe
Task: {3CC3F966-A1B4-4F3F-AB04-2F3A3DE8527E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-10] (Google Inc -> Google Inc.)
Task: {43567BB9-7962-4337-B1A3-4594FBC2E777} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {46A584C7-4C3D-492A-812D-79DA703D0B23} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E62E2C4-38A0-4D3B-8C64-C0EB5A3CC306} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {52597AF1-A2FE-457E-9E66-0E62DBA03AEE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {5447552C-0DDA-4080-B35B-4B5E19FD6372} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {56AB627C-12D8-4DF6-852E-715A99518EB6} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.111\DADUpdater.exe [4145800 2019-11-15] (McAfee, Inc. -> McAfee, Inc.)
Task: {60E532B8-32D5-436F-A58A-5296BEF96140} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {6556E102-F480-43CB-8451-9365905856C2} - System32\Tasks\{4883A0DE-9902-705E-B636-6DDF05F40033}\gorika => C:\Users\BOBSCO~1\AppData\Local\4883A0~1\gorika.exe
Task: {6961D7FD-8173-44F5-85BE-B51E592849A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {6974DC85-BE2C-43AC-9AD2-921FE95D0559} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1040688 2019-09-10] (McAfee, LLC. -> McAfee, LLC.)
Task: {77A59A9F-B281-4917-B0DB-6EE2044F06CD} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe
Task: {7E8D82AB-F0D4-4C8F-9C0C-B1DD0E35D60F} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-10-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {8EED8701-E99C-441E-A881-C0C2BE24FE07} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {951EAE93-59D0-4DAC-8CF8-645D7C9CB48D} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1040688 2019-09-10] (McAfee, LLC. -> McAfee, LLC.)
Task: {BA118E3F-6FEC-4F80-88B6-9BAB8514D5E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {BE0E3263-665C-4783-BFF9-009B5173E0CA} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {C00C013B-42E2-412A-A5E8-C07A07FB45E5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Task: {CA1948FE-0409-4717-ADCB-7A5FAFBF0821} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {CC7F3CDA-D5F5-489A-83BC-FBCBAFD8B061} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-10] (Google Inc -> Google Inc.)
Task: {DD9C434A-82F6-43FA-9AF3-23BF8A858A78} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE728870-77A8-43D6-9879-EC57AC698720} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {E2EAB2ED-C683-4D46-AF4E-3C43225A4BF3} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [759752 2019-08-14] (McAfee, LLC. -> McAfee, LLC.)
Task: {E3A4DB10-71CF-48A2-B0C5-A8EEDB441A0A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4552376 2019-08-20] (McAfee, LLC -> McAfee, LLC.)
Task: {EE2E02FB-F49D-4FDD-AED9-BE2C9C01939E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe
Task: {F883D350-34EA-4D33-81A6-DDF60024A3DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{26394e85-046b-4547-b7b9-ef33c9799dcc}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKLM -> {C7A0D298-5785-42C3-9CE1-89D3E52CDDFD} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {C7A0D298-5785-42C3-9CE1-89D3E52CDDFD} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2617516664-2097498628-2091352067-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2617516664-2097498628-2091352067-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2617516664-2097498628-2091352067-1001 -> {C7A0D298-5785-42C3-9CE1-89D3E52CDDFD} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
Toolbar: HKLM - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKLM-x32 - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2019-09-17] (McAfee, LLC. -> McAfee, LLC.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2019-09-17] (McAfee, LLC. -> McAfee, LLC.)

Edge:
======
DownloadDir: C:\Users\Bob Scott\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2617516664-2097498628-2091352067-1001 -> about:start

FireFox:
========
FF DefaultProfile: uk60tjfu.default-1573382213419
FF ProfilePath: C:\Users\Bob Scott\AppData\Roaming\Mozilla\Firefox\Profiles\uk60tjfu.default-1573382213419 [2020-01-03]
FF Extension: (uBlock Origin) - C:\Users\Bob Scott\AppData\Roaming\Mozilla\Firefox\Profiles\uk60tjfu.default-1573382213419\Extensions\[email protected] [2019-12-29]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2019-12-12]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2019-09-17] (McAfee, LLC. -> )
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2019-09-17] (McAfee, LLC. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-14] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\gwSetting.js [2019-09-13] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\MoSetting.cfg [2019-09-13] <==== ATTENTION

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0334924.inf_amd64_05abf00239dfc53b\B334881\atiesrxx.exe [481768 2019-02-06] (Advanced Micro Devices, Inc. -> AMD)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [679400 2018-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [441664 2019-07-25] (Digital Wave Ltd -> Digital Wave Ltd)
R2 e-Safe Compliance Client; C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe [953376 2018-11-08] (Guardware Ltd. -> Guardware Ltd)
S2 GuardWareProxy; C:\Program Files (x86)\Guardware\Integrity Management\GWProxy.exe [4331552 2018-11-08] (Guardware Ltd. -> Guardware Ltd.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [397256 2018-11-19] (Canon Inc. -> )
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [913208 2019-12-12] (McAfee, LLC -> McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_19_7\McApExe.exe [747896 2019-09-17] (McAfee, LLC. -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.2.117.0\\McCSPServiceHost.exe [2226608 2019-10-22] (McAfee, LLC. -> McAfee, LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [630160 2019-08-19] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1731480 2019-10-21] (McAfee, LLC -> McAfee, LLC.)
R2 nlsX86cc; C:\WINDOWS\SysWOW64\nlssrv32.exe [66560 2012-09-05] (Nalpeiron LTD -> Nalpeiron Ltd.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1367040 2019-09-19] (McAfee, LLC. -> McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [717776 2019-09-06] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [382008 2019-08-15] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S2 HPJumpStartBridge; "c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
S2 WildTangentHelper; "C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [26888 2019-02-06] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0334924.inf_amd64_05abf00239dfc53b\B334881\atikmdag.sys [44624360 2019-02-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0334924.inf_amd64_05abf00239dfc53b\B334881\atikmpag.sys [567784 2019-02-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137688 2019-02-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStor.SYS [108992 2018-04-27] (Alcorlink Corp. -> )
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [107496 2019-02-06] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75696 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
S4 GWDogFile; C:\windows\system32\drivers\GWDogFile.sys [43376 2018-08-07] (Guardware Ltd. -> Guardware Ltd)
S4 GWPG; C:\windows\system32\drivers\GWPG.sys [39808 2017-02-16] (Guardware Ltd. -> Guardware Ltd)
S4 GWScanner; C:\windows\system32\drivers\GWScanner.sys [68576 2018-05-17] (Guardware Ltd. -> Guardware Ltd)
S4 gwwfp; C:\windows\system32\Drivers\gwwfp64.sys [56288 2018-03-08] (Guardware Ltd. -> Guardware Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [217912 2019-06-04] (McAfee, LLC -> McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [521648 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [379824 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2019-08-22] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [517040 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [993712 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [563640 2019-08-31] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107448 2019-08-31] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116656 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252336 2019-08-22] (McAfee, Inc. -> McAfee, LLC)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation -> Corel Corporation)
R3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1160488 2019-12-29] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\System32\drivers\RtkBtfilter.sys [787736 2019-09-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6686224 2017-02-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [48688 2019-08-15] (Synaptics Incorporated -> Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [46632 2018-04-20] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2019-08-06] (HP Inc. -> HP)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-03 15:28 - 2020-01-03 15:31 - 000032333 _____ C:\Users\Bob Scott\Desktop\FRST.txt
2020-01-03 15:19 - 2020-01-03 15:19 - 000022417 _____ C:\Users\Bob Scott\Desktop\WmiPrvSE.exe.txt
2020-01-02 15:03 - 2020-01-02 15:03 - 000263222 _____ C:\Users\Bob Scott\Desktop\wbem.reg
2020-01-01 09:45 - 2020-01-03 13:55 - 000001301 _____ C:\ProgramData\ipconfig.txt
2019-12-31 18:53 - 2019-12-31 18:56 - 000000000 _____ C:\Users\Bob
2019-12-29 19:04 - 2019-12-29 19:04 - 000003084 _____ C:\WINDOWS\system32\Tasks\CMPCUAC
2019-12-29 19:03 - 2019-12-29 19:03 - 026089528 _____ (MacPaw, Inc. ) C:\Users\Bob Scott\Downloads\CleanMyPC.exe
2019-12-29 15:52 - 2019-12-29 15:52 - 000000000 ____D C:\Program Files (x86)\Cisco
2019-12-29 15:51 - 2019-12-29 15:51 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-12-29 15:38 - 2019-12-29 15:40 - 046193560 _____ (Hewlett-Packard Company ) C:\Users\Bob Scott\Downloads\sp79676.exe
2019-12-29 12:04 - 2019-12-29 12:07 - 000003003 _____ C:\Users\Bob Scott\Downloads\OOSU10.ini
2019-12-29 12:04 - 2019-12-29 12:04 - 001106808 _____ (O&O Software GmbH) C:\Users\Bob Scott\Downloads\OOSU10.exe
2019-12-29 12:00 - 2019-12-29 15:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-12-29 11:15 - 2019-12-29 11:15 - 000000000 ____D C:\WINDOWS\Firmware
2019-12-29 11:00 - 2019-12-29 11:03 - 140239944 _____ (HP Inc. ) C:\Users\Bob Scott\Downloads\sp99450.exe
2019-12-27 18:20 - 2019-12-27 18:20 - 000001075 _____ C:\Users\Public\Desktop\Music Center for PC.lnk
2019-12-27 18:20 - 2019-12-27 18:20 - 000001075 _____ C:\ProgramData\Desktop\Music Center for PC.lnk
2019-12-27 18:20 - 2019-12-27 18:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Center
2019-12-27 18:20 - 2019-12-27 18:20 - 000000000 ____D C:\Program Files (x86)\Sony
2019-12-27 16:57 - 2020-01-03 15:12 - 000001047 _____ C:\Users\Bob Scott\Desktop\LatencyMon.lnk
2019-12-27 16:57 - 2019-12-27 16:57 - 000000850 _____ C:\Users\Bob Scott\Desktop\In Depth Latency Tests.lnk
2019-12-27 16:57 - 2019-12-27 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2019-12-27 16:57 - 2019-12-27 16:57 - 000000000 ____D C:\Program Files\LatencyMon
2019-12-27 16:57 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2019-12-27 16:55 - 2019-12-27 16:55 - 002323432 _____ (Resplendence Software Projects Sp. ) C:\Users\Bob Scott\Desktop\LatencyMon.exe
2019-12-26 10:34 - 2019-12-26 10:34 - 000761656 _____ (Sysinternals - www.sysinternals.com) C:\Users\Bob Scott\Desktop\autoruns.exe
2019-12-25 11:24 - 2020-01-03 13:04 - 000036192 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2019-12-24 18:03 - 2019-12-24 18:03 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2019-12-24 18:03 - 2019-12-24 18:03 - 000000844 _____ C:\ProgramData\Desktop\Speccy.lnk
2019-12-24 18:03 - 2019-12-24 18:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2019-12-24 18:03 - 2019-12-24 18:03 - 000000000 ____D C:\Program Files\Speccy
2019-12-24 18:00 - 2019-12-24 18:01 - 006889184 _____ (Piriform Ltd) C:\Users\Bob Scott\Desktop\spsetup132.exe
2019-12-24 17:57 - 2019-12-24 17:58 - 000034188 _____ C:\junk.txt
2019-12-24 17:47 - 2019-12-24 17:47 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\Bob Scott\Desktop\procexp.exe
2019-12-23 17:27 - 2020-01-03 15:30 - 000000000 ____D C:\FRST
2019-12-23 17:22 - 2020-01-03 10:27 - 002272256 _____ (Farbar) C:\Users\Bob Scott\Desktop\FRST64.exe
2019-12-22 17:11 - 2019-12-22 17:11 - 000001419 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2019-12-22 17:11 - 2019-12-22 17:11 - 000001419 _____ C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk
2019-12-19 14:48 - 2019-12-19 14:48 - 000008354 _____ C:\Users\Bob Scott\Documents\Sandman Signature Newcastle Hotel, UK - Reservation Confirmation.eml
2019-12-10 23:24 - 2019-12-10 23:24 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-12-10 23:24 - 2019-12-10 23:24 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-12-10 23:24 - 2019-12-10 23:24 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-12-10 23:24 - 2019-12-10 23:24 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-12-10 23:24 - 2019-12-10 23:24 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-12-10 23:24 - 2019-12-10 23:24 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-12-10 23:24 - 2019-12-10 23:24 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2019-12-10 23:24 - 2019-12-10 23:24 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-12-10 23:23 - 2019-12-10 23:23 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-12-10 23:23 - 2019-12-10 23:23 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2019-12-10 23:23 - 2019-12-10 23:23 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2019-12-10 23:23 - 2019-12-10 23:23 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2019-12-10 23:23 - 2019-12-10 23:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-03 15:27 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-03 15:20 - 2019-09-03 14:25 - 000004030 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D624D13F-375D-459E-9CCE-AC7FB0752FD7}
2020-01-03 15:01 - 2019-09-03 13:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-01-03 15:01 - 2019-04-03 13:51 - 000000000 ____D C:\Users\Bob Scott\AppData\LocalLow\Mozilla
2020-01-03 14:36 - 2019-02-04 17:29 - 000000000 ____D C:\Users\Bob Scott\AppData\Local\D3DSCache
2020-01-03 13:00 - 2019-02-04 13:15 - 000000000 ____D C:\ProgramData\Guardware
2020-01-03 12:59 - 2019-09-03 14:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-01-03 12:58 - 2019-03-19 04:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-01-03 12:58 - 2018-11-10 04:57 - 000065536 _____ C:\WINDOWS\psp_storage.bin
2020-01-03 10:30 - 2019-02-06 19:49 - 000000000 ____D C:\Users\Bob Scott\AppData\Local\Adobe
2020-01-02 15:11 - 2019-03-19 04:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-01-02 15:09 - 2019-09-13 11:55 - 000000000 ____H C:\Users\Bob Scott\AppData\Local\IconCache.db.backup
2020-01-02 14:36 - 2019-10-03 21:13 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-01-02 14:36 - 2019-10-03 21:13 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-01-02 13:52 - 2019-02-27 10:09 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-12-30 19:24 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-30 19:19 - 2019-01-28 23:13 - 000000000 ____D C:\Users\Bob Scott\AppData\Local\Packages
2019-12-29 21:54 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps
2019-12-29 21:27 - 2019-08-21 11:50 - 000000000 ____D C:\Users\Bob Scott\AppData\Roaming\ON1
2019-12-29 21:27 - 2019-08-21 11:47 - 000000000 ____D C:\ProgramData\ON1
2019-12-29 21:27 - 2019-02-27 10:07 - 000000000 ____D C:\Program Files (x86)\Canon
2019-12-29 21:17 - 2018-06-01 07:05 - 000000000 ____D C:\Program Files\HP
2019-12-29 21:17 - 2018-06-01 07:04 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2019-12-29 19:57 - 2019-02-27 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2019-12-29 15:58 - 2019-12-03 10:02 - 000000000 ____D C:\Program Files (x86)\McAfee
2019-12-29 15:57 - 2019-04-03 13:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-12-29 15:51 - 2019-03-19 04:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-29 15:50 - 2018-11-10 04:58 - 000000744 _____ C:\WINDOWS\HPSetLog.txt
2019-12-29 15:49 - 2018-06-01 15:34 - 000000000 ____D C:\SWSetup
2019-12-29 12:47 - 2019-12-03 09:56 - 000000000 ____D C:\Program Files\Common Files\McAfee
2019-12-29 12:46 - 2019-04-03 13:50 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-12-29 12:44 - 2019-12-03 10:05 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2019-12-29 12:32 - 2019-02-04 13:32 - 000000000 ____D C:\Users\Bob Scott\AppData\Local\PlaceholderTileLogoFolder
2019-12-29 11:45 - 2018-11-10 04:59 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-12-29 11:42 - 2019-02-06 15:22 - 001160488 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2019-12-27 18:11 - 2019-03-08 13:48 - 000000000 ____D C:\Users\Bob Scott\AppData\Local\Downloaded Installations
2019-12-22 18:34 - 2019-02-06 19:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-22 17:11 - 2019-02-11 15:05 - 000001482 _____ C:\Users\Public\Desktop\Free YouTube To MP3 Converter.lnk
2019-12-22 17:11 - 2019-02-11 15:05 - 000001482 _____ C:\ProgramData\Desktop\Free YouTube To MP3 Converter.lnk
2019-12-22 17:11 - 2019-02-11 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2019-12-22 17:11 - 2019-02-11 15:05 - 000000000 ____D C:\Program Files (x86)\DVDVideoSoft
2019-12-14 11:34 - 2019-02-04 14:21 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-12-14 11:28 - 2019-09-03 14:25 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-14 11:28 - 2019-09-03 14:25 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2019-12-12 13:02 - 2019-09-03 14:13 - 000934996 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-12 13:00 - 2019-02-04 16:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-12-12 12:47 - 2019-02-04 16:12 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-12-11 00:11 - 2019-01-28 23:13 - 000000000 ___RD C:\Users\Bob Scott\3D Objects
2019-12-11 00:11 - 2018-04-28 06:07 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-12-11 00:08 - 2019-09-03 13:52 - 000381184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-12-11 00:04 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SystemResources
2019-12-11 00:04 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-12-11 00:04 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-12-10 23:37 - 2019-03-19 04:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-12-07 18:11 - 2019-12-03 10:02 - 000003564 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2019-12-06 15:45 - 2019-12-03 10:10 - 000003186 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2019-12-06 15:36 - 2019-09-03 14:25 - 000003344 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2617516664-2097498628-2091352067-1001
2019-12-06 15:36 - 2019-09-03 14:25 - 000003262 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2

==================== Files in the root of some directories ========

2019-03-18 14:17 - 2019-03-18 14:17 - 000000264 _____ () C:\ProgramData\fontcacheev1.dat
2019-07-21 13:11 - 2019-07-21 13:11 - 000000000 _____ () C:\Users\Bob Scott\AppData\Local\oobelibMkey.log
2019-08-31 18:57 - 2019-08-31 18:58 - 000020229 _____ () C:\Users\Bob Scott\AppData\Local\TempRuntimeBroker.exe.0195.wxtu.dmp
2019-04-06 08:07 - 2019-04-06 08:07 - 000033301 _____ () C:\Users\Bob Scott\AppData\Local\Tempsvchost.exe.1c0e.wxtu.dmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by Bob Scott (03-01-2020 15:32:30)
Running from C:\Users\Bob Scott\Desktop
Windows 10 Home Version 1903 18362.535 (X64) (2019-09-03 14:27:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2617516664-2097498628-2091352067-500 - Administrator - Disabled)
Bob Scott (S-1-5-21-2617516664-2097498628-2091352067-1001 - Administrator - Enabled) => C:\Users\Bob Scott
DefaultAccount (S-1-5-21-2617516664-2097498628-2091352067-503 - Limited - Disabled)
Guest (S-1-5-21-2617516664-2097498628-2091352067-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2617516664-2097498628-2091352067-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2019 (HKLM-x32\...\PSE_17_0) (Version: 17.0 - Adobe Systems Incorporated)
Album Art Downloader XUI 1.03 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.03 - hxxp://sourceforge.net/projects/album-art)
Amazon Photos (HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\Amazon Photos) (Version: 6.2.3 - Amazon.com, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.1016.918.14930 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{96973E1F-5AA8-4D30-9E9C-00E580F8D1C5}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ASUS E-Green Uninstall (HKLM-x32\...\EGREEN) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.0.1 - Canon Inc.)
Canon MG3600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3600_series) (Version: 1.00 - Canon Inc.)
Canon MG3600 series On-screen Manual (HKLM-x32\...\Canon MG3600 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon MG3600 series User Registration (HKLM-x32\...\Canon MG3600 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.7.21.0 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.7.10.0 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Utility 3 (HKLM-x32\...\EOS Utility 3) (Version: 3.7.0.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.6.30.1 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.19.10.0 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Elevated Installer (HKLM-x32\...\{1EF3F348-0065-4ED7-884F-BBB8B1FA8CA1}) (Version: 6.19.3.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
e-Safe Compliance Enterprise Client (HKLM-x32\...\{B6FB9F0A-6D60-46A9-960B-DCA5A978350B}) (Version: 4.4.0.77 - Guardware Ltd) Hidden
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.3.6.1209 - Digital Wave Ltd)
Garmin Express (HKLM-x32\...\{8526ab9f-b231-461d-964e-45bbed08f381}) (Version: 6.19.3.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9939845A-42CA-41A1-9A7E-848C95F02FD5}) (Version: 6.19.3.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{3EC04ABB-D60E-44B6-9403-0D9DE44F56D9}) (Version: 1.6.0.0 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{9DD60999-A4F0-4333-9D00-E45C718EA6C1}) (Version: 1.4.30 - HP Inc.)
LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R22 - McAfee, LLC.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.57 - McAfee, LLC.)
Microsoft Office Home and Student 2019 - en-us (HKLM\...\HomeStudent2019Retail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 71.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 71.0 (x64 en-GB)) (Version: 71.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla)
Music Center for PC (HKLM-x32\...\{B40F8BB7-7DAD-4F0C-AA48-015BE5386B93}) (Version: 2.2.0.01817 - Sony Home Entertainment & Sound Products Inc.)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.38.1118.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8734.1 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.85 - REALTEK Semiconductor Corp.)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Sky Go 1.5.16.0 (HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\com.bskyb.skygoplayer_is1) (Version: 1.5.16.0 - Sky)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Packages:
=========
Duplicates Cleaner -> C:\Program Files\WindowsApps\6655kaeros.DuplicatesCleaner_3.48.0.0_x64__wbzechdf9an1w [2019-09-05] (kaeros)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.481.0_x86__v10z8vjag6ke6 [2018-11-10] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa [2019-12-12] (Apple Inc.) [Startup Task]
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.16.0_x64__wafk5atnkzcwy [2019-10-09] (McAfee Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35042.0.0_x64__807d65c4rvak2 [2019-05-31] (Synaptics Incorporated)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2617516664-2097498628-2091352067-1001_Classes\CLSID\{0047ADBE-9F73-CAFE-3A65-ACE857BAD45F}\localserver32 -> C:\Program Files\Adobe\Elements 2019 Organizer\Elements Auto Creations 2019.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-09-17] (McAfee, LLC. -> McAfee, LLC.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-10-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2019-09-17] (McAfee, LLC. -> McAfee, LLC.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-09-09 07:13 - 2019-09-09 07:13 - 001364992 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2019-11-21 12:01 - 2019-11-21 12:01 - 000073216 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000325632 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2019-07-27 08:57 - 2019-07-27 08:57 - 096071680 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2017-04-19 14:23 - 2017-04-19 14:23 - 001715712 _____ () [File not signed] C:\Program Files (x86)\Guardware\Integrity Management\opencv_core231.dll
2017-04-19 14:23 - 2017-04-19 14:23 - 000436736 _____ () [File not signed] C:\Program Files (x86)\Guardware\Integrity Management\opencv_ml231.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 21:22 - 2018-04-24 21:22 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-11-21 12:01 - 2019-11-21 12:01 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2019-02-27 10:30 - 2015-03-17 08:51 - 000375296 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2019-11-21 12:03 - 2019-11-21 12:03 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2019-11-21 12:01 - 2019-11-21 12:01 - 002711552 _____ (Garmin International) [File not signed] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 09:35 - 2017-05-08 09:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2019-11-21 12:01 - 2019-11-21 12:01 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2019-11-21 12:02 - 2019-11-21 12:02 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2019-07-27 08:57 - 2019-07-27 08:57 - 000762368 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-10-16 08:16 - 2018-10-16 08:16 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-04-24 21:21 - 2018-04-24 21:21 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000109568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 069968896 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 21:22 - 2018-04-24 21:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 23:38 - 2018-04-11 23:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: e-Safe Compliance Client => 2
MSCONFIG\Services: GuardWareProxy => 2
HKU\S-1-5-21-2617516664-2097498628-2091352067-1001\...\StartupApproved\Run: => "Amazon Photos"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0728530E-7888-43E6-8397-EFAE49F1F2DD}] => (Allow) C:\Program Files\ON1\ON1 Effects 2019\on1sandbox.exe No File
FirewallRules: [{CDBE8AFF-85B9-4DD9-8A26-1FC30C31DA55}] => (Allow) C:\Program Files\ON1\ON1 Effects 2019\on1sandbox.exe No File
FirewallRules: [{07C9DD9E-E35F-4403-8A5D-855F60A1E8CD}] => (Allow) C:\Program Files\ON1\ON1 Effects 2019\ON1 Effects 2019.exe No File
FirewallRules: [{81A12862-8BAA-4142-9993-819765EB9D3D}] => (Allow) C:\Program Files\ON1\ON1 Effects 2019\ON1 Effects 2019.exe No File
FirewallRules: [{DC6DA0AD-F60B-4295-B23E-43F11FF5FE1B}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{B177C50A-F78A-4954-AE16-EFDD78455FF2}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe (Canon Inc. -> CANON INC.)
FirewallRules: [{5280C64C-029E-4EC9-BCF3-CBBE4D281724}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B2A23393-44F1-429F-A8D0-044216D459D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3292F0CC-AA7C-435A-9887-31EDF335F43F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{2BD409AB-D68F-4A4B-8893-EE0C771A4E98}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{0E0A5CF8-FCB1-4762-8D18-4244CA7E7548}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{5C2412C1-F569-4C14-B60F-92AF6C87DC7F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe No File
FirewallRules: [{505A00A5-E095-41CB-97AA-3BD3C79DCC83}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{F44CC958-BC3B-4890-BF60-A7CB206B08FB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{67953562-922C-4E55-859C-3012BCFF5132}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{6D0BAD0B-9927-48BE-944B-7725889795EA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12094.102.41046.0_x64__nzyj5cx40ttqa\iTunes.exe No File
FirewallRules: [{DACDF505-FA08-482D-8D2A-F83C4DF7FD3D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe No File
FirewallRules: [{B30A24B4-36A8-44A9-AC2B-53E790CF539C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{06124C85-CE47-4AF1-91A1-4EE9439EA2A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BFE3F414-D97D-43E1-A591-2AD74E041A4D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9B1A867F-BCD1-4A27-A953-58E6688B7ACD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{75AF006E-1262-4459-86AC-6DCA895A4A54}] => (Allow) C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe (Guardware Ltd. -> Guardware Ltd)
FirewallRules: [{CBE4CA56-7EA4-480A-B7AD-C8D8D25C1C46}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{3A85FDF0-76F9-4875-B83E-79AEB8625A9B}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{BC21EE94-D33A-4041-88C3-F0F2FF020162}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC. -> McAfee, LLC.)
FirewallRules: [{7AFD8705-38DB-466C-81CC-A2F1FE2DE1B4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0DD9ECBF-809A-445A-B80F-D7C4A431B5BE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1C6D7CCB-F412-47CE-8B0A-4855EDE7D175}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7D1FFD12-B8A8-4D25-B441-5EDF13F19EF4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0B6F91A3-7316-4607-AC34-ADFBA2139B4B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{39B7E190-64A0-46CB-9EB8-30F6165DB60A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{19AA9FAD-C05B-426D-A35A-165D68EE8DD2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A1AB11A4-1705-487F-8690-AF48C5E7C1E9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9CCE241B-9F10-4F0D-9FEE-A5A945EDE0FD}] => (Allow) C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe (Guardware Ltd. -> Guardware Ltd)
FirewallRules: [{716E7C02-B23B-4545-B92F-7365A35DB5EC}] => (Allow) C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe (Guardware Ltd. -> Guardware Ltd)
FirewallRules: [{47B7D5AE-1446-4966-BE32-81AEDB4DD916}] => (Allow) C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe (Guardware Ltd. -> Guardware Ltd)
FirewallRules: [{40CC0DE1-EC10-4B65-9C5A-4D3D545C8002}] => (Allow) C:\Program Files (x86)\Guardware\Integrity Management\GWClient.exe (Guardware Ltd. -> Guardware Ltd)

==================== Restore Points =========================

03-12-2019 14:27:59 McAfee Vulnerability Scanner
10-12-2019 22:19:30 Windows Update
27-12-2019 18:15:37 Installed Music Center for PC.
29-12-2019 12:05:43 O&O ShutUp10

==================== Faulty Device Manager Devices ============

Name: System Firmware
Description: System Firmware
Class Guid: {f2e7dd72-6468-4e36-b6f1-6488f42c1b52}
Manufacturer: HP Inc.
Service:
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/03/2020 03:34:07 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8856,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/03/2020 02:41:23 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8708,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/03/2020 02:27:59 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12000,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/03/2020 02:21:40 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1440,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/03/2020 02:10:09 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8976,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/03/2020 01:24:55 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9960,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/03/2020 01:14:42 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (2764,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/03/2020 12:24:31 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10388,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (01/03/2020 01:56:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GuardWareProxy service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/03/2020 01:56:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Error: (01/03/2020 01:56:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GuardWareProxy service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/03/2020 01:56:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Error: (01/03/2020 01:56:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GuardWareProxy service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/03/2020 01:56:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.

Error: (01/03/2020 01:55:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GuardWareProxy service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/03/2020 01:55:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (300000 milliseconds) while waiting for the GuardWareProxy service to connect.


Windows Defender:
===================================
Date: 2019-12-03 10:15:59.312
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.291.1173.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x800705b4
Error description: This operation returned because the timeout period expired.

Date: 2019-12-03 10:15:59.264
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.291.1173.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x800705b4
Error description: This operation returned because the timeout period expired.

Date: 2019-12-03 10:15:59.256
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.291.1173.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x800705b4
Error description: This operation returned because the timeout period expired.

Date: 2019-12-03 09:44:09.535
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.291.1173.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2019-12-03 09:44:09.534
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.291.1173.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240022
Error description: The program can't check for definition updates.

CodeIntegrity:
===================================

Date: 2020-01-03 14:32:36.217
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-01-03 14:32:36.205
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-01-03 14:32:36.182
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-01-03 13:28:21.415
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-01-03 13:28:20.632
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.

Date: 2020-01-03 13:03:13.707
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-03 13:03:13.690
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.

Date: 2020-01-03 13:03:13.679
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.11 08/20/2018
Motherboard: HP 84AC
Processor: AMD A6-9225 RADEON R4, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 68%
Total physical RAM: 3981.68 MB
Available physical RAM: 1266.4 MB
Total Virtual: 10381.68 MB
Available Virtual: 6048.91 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.59 GB) (Free:686.49 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.69 GB) (Free:1.87 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{a8b4e400-241a-4576-9c58-422d137d1804}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.34 GB) NTFS
\\?\Volume{aca34e70-1cf0-4216-976f-cb879e3a4865}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AEFD05AD)

Partition: GPT.

==================== End of Addition.txt =======================
 

Attached Thumbnails

  • Annotation 2020-01-03 152045.jpg
  • Annotation 2020-01-03 152046.jpg
  • Annotation 2020-01-03 152047.jpg

  • 0

#58
RKinner
Posted 03 January 2020 - 10:24 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Apparently your guardware has a 300 second (5 minutes) timeout so that might explain slow boots when the thing doesn't work.

 

Let's try the free Avast as a replacement for McAfee.  It's what I use.  It likes to talk too but there is a trick to shut it up.

This is a direct link to the offline installer.  Just download and save it for now.

https://www.avast.co...ST&locale=en-us

 

Get the McAfee removal tool

https://www.techspot...moval-tool.html

Then go into Control panel, Programs and Features and uninstall McAfee.

 

Reboot.

 

Right click on the McAfee removal tool and run as admin.

 

Reboot.

 

Run a new Process Explorer log then right click on your downloaded Avast installer and Run As Admin.  They will try to talk you into a  free trial but stick with the Basic free version.  Also sometimes they sometimes offer optional software like dropbox or Chrome.  Uncheck those.  They want you to run a quick scan at the beginning but best to decline it.

 

After you have Avast installed and things have settled down.  Rerun Process Explorer and make a log.

 

Search for

device manager

hit Enter

View, Show Hidden Devices

Now look in the right pane for yellow flagged devices.  Right click on one and select properties then click on the Details tab.  Change Property to Hardware IDs.  Click on the top one then right click and copy.  Paste that into a reply.  Repeat for all yellow flagged devices.


  • 0

#59
BobScott49
Posted 03 January 2020 - 01:14 PM

BobScott49

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

I have uninstalled McAfee and installed Avast.  Process logs below pre and post installation.  I don't seem to have a right hand pane in Device Manager?

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    49.59    60 K    8 K    0            
procexp64.exe    10.81    34,816 K    63,008 K    10140    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
GWW.exe    6.84    46,152 K    43,076 K    6884    e-Safe Compliance Client Application    Guardware Ltd.    (Verified) Guardware Ltd.
MsMpEng.exe    6.27    167,140 K    149,052 K    4120    Antimalware Service Executable    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WmiPrvSE.exe    6.01    5,440 K    12,788 K    2376    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
System    4.84    216 K    7,484 K    4            
dwm.exe    4.72    83,284 K    88,852 K    552    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    2.66    0 K    0 K    n/a    Hardware Interrupts and DPCs        
csrss.exe    2.04    2,508 K    5,236 K    700    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
GWClient.exe    0.97    5,544 K    17,372 K    3620    e-Safe Compliance Client Service    Guardware Ltd    (Verified) Guardware Ltd.
atieclxx.exe    0.70    2,484 K    10,276 K    2352    AMD External Events Client Module    AMD    (Verified) Advanced Micro Devices, Inc.
lsass.exe    0.58    6,092 K    15,248 K    756    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.56    2,052 K    7,328 K    3280    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
express.exe    0.49    45,260 K    87,200 K    8184    Garmin Express    Garmin Ltd. or its subsidiaries    (Verified) Garmin International, Inc.
firefox.exe    0.36    146,588 K    219,108 K    7304    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe    0.33    107,100 K    148,380 K    9240    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
svchost.exe    0.32    3,064 K    7,520 K    2228    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
explorer.exe    0.28    40,976 K    102,760 K    6524    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.24    36,700 K    46,052 K    2360    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    0.19    35,580 K    59,052 K    8736    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
ijplmsvc.exe    0.18    5,492 K    8,116 K    3676    Inkjet Printer/Scanner/Fax Extended Survey Program Service        (Verified) Canon Inc.
amddvr.exe    0.17    171,516 K    15,224 K    8988    AMD ReLive: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
svchost.exe    0.11    10,760 K    20,184 K    3724    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.08    2,380 K    6,932 K    2000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
EOS Utility.exe    0.08    26,852 K    31,280 K    5892    EOS Utility    Canon INC.    (Verified) Canon Inc.
svchost.exe    0.07    1,372 K    5,092 K    4396    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchIndexer.exe    0.06    25,548 K    25,608 K    1624    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
fontdrvhost.exe    0.05    6,324 K    13,044 K    940    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.05    62,544 K    97,928 K    9472    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
AGMService.exe    0.04    2,420 K    10,148 K    3444    Adobe Genuine Software Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.
services.exe    0.04    5,472 K    9,388 K    748    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
psi_tray.exe    0.04    1,424 K    6,816 K    2372    Secunia PSI Tray    Secunia    (Verified) Secunia
OfficeClickToRun.exe    0.04    14,792 K    32,916 K    3536    Microsoft Office Click-to-Run (SxS)    Microsoft Corporation    (Verified) Microsoft Corporation
taskhostw.exe    0.03    5,388 K    14,556 K    3608    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.03    1,372 K    5,660 K    2400    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
EOSUPNPSV.exe    0.03    3,544 K    10,008 K    5876    Canon EOS UPNP Detector    CANON INC.    (Verified) Canon Inc.
svchost.exe    0.03    7,480 K    14,708 K    480    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
NisSrv.exe    0.03    4,948 K    9,516 K    5640    Microsoft Network Realtime Inspection Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SynTPEnh.exe    0.01    7,748 K    20,388 K    6532    Synaptics TouchPad 64-bit Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe    0.01    16,564 K    16,280 K    1660    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    5,784 K    20,688 K    5832    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    3,536 K    12,176 K    4420    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
csrss.exe    < 0.01    1,748 K    5,256 K    584    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
RAVBg64.exe    < 0.01    6,436 K    15,764 K    6508    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
svchost.exe    < 0.01    2,892 K    13,828 K    2932    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
YourPhone.exe    Suspended    13,876 K    29,940 K    7864            (No signature was present in the subject)
WmiPrvSE.exe        3,184 K    9,712 K    8492    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
wlanext.exe        1,952 K    6,928 K    3120    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        2,776 K    11,852 K    816    Windows Log-on Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,416 K    6,580 K    684    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
vidnotifier.exe        5,732 K    20,700 K    8168    Video Notifier    Digital Wave Ltd    (Verified) Digital Wave Ltd
unsecapp.exe        1,340 K    6,392 K    4864    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,456 K    6,864 K    8752    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
SynTPHelper.exe        2,240 K    6,368 K    7100    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
SynTPEnhService.exe        3,488 K    9,220 K    2040    64-bit Synaptics Pointing Enhance Service    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe        2,196 K    11,908 K    1208    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,008 K    25,976 K    5576    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,112 K    21,488 K    504    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,796 K    33,056 K    3196    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        12,684 K    30,412 K    1016    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,796 K    11,884 K    2132    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,212 K    7,568 K    8000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,820 K    13,244 K    2716    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,764 K    10,660 K    1924    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,404 K    18,344 K    8608    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,460 K    14,628 K    1776    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,336 K    8,328 K    3788    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,468 K    8,252 K    572    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,796 K    12,688 K    3552    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,428 K    5,616 K    1184    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,012 K    6,516 K    3048    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        12,844 K    18,400 K    3588    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,948 K    14,968 K    1316    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,668 K    13,160 K    3364    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,004 K    11,204 K    5744    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        22,004 K    37,532 K    3920    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,924 K    7,524 K    1796    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,960 K    11,624 K    1200    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,224 K    10,012 K    7172    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,872 K    8,424 K    2456    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,276 K    7,664 K    3068    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,900 K    16,832 K    2604    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,912 K    9,352 K    2968    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,828 K    6,104 K    2960    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,860 K    13,388 K    2092    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,468 K    10,512 K    1168    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,676 K    20,588 K    4052    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,020 K    23,244 K    9116    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,568 K    8,924 K    1392    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,800 K    12,140 K    4100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,724 K    6,396 K    3996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,136 K    7,412 K    2344    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,848 K    7,820 K    6296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,048 K    8,308 K    5060    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,852 K    25,216 K    7436    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,876 K    9,160 K    3628    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,368 K    5,032 K    3840    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,764 K    8,892 K    4984    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,624 K    5,944 K    3928    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,920 K    7,416 K    3948    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,288 K    5,416 K    3988    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,688 K    7,220 K    3716    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,648 K    5,584 K    3656    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,676 K    6,644 K    3504    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        10,108 K    13,764 K    3256    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,008 K    7,464 K    2584    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,080 K    8,216 K    2532    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,836 K    9,876 K    1736    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,440 K    6,272 K    1988    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,892 K    7,052 K    2204    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,916 K    8,088 K    1192    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,076 K    8,708 K    1592    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,520 K    6,596 K    1572    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,192 K    8,464 K    1448    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,772 K    11,960 K    1508    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,992 K    11,512 K    1216    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        960 K    3,740 K    932    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,788 K    7,136 K    4160    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,924 K    9,132 K    6972    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,256 K    8,712 K    2196    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,840 K    8,180 K    5592    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,140 K    7,892 K    1028    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,796 K    7,056 K    5888    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe        30,416 K    70,304 K    6268            (Verified) Microsoft Windows
spoolsv.exe        6,328 K    14,548 K    3156    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        1,156 K    996 K    392    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
sihost.exe        6,412 K    26,640 K    1304    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
SgrmBroker.exe        2,672 K    5,436 K    5928    System Guard Runtime Monitor Broker Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SecurityHealthService.exe        2,112 K    9,216 K    8132    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchUI.exe    Suspended    72,624 K    68,468 K    924    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        10,108 K    31,100 K    6584    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        6,680 K    24,312 K    5756    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        1,592 K    6,832 K    7988    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        4,392 K    25,348 K    8316    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RtlS5Wake.exe        4,240 K    12,592 K    7720    Realtek WOWL Utility    Realtek    (Verified) Realtek Semiconductor Corp.
RtkNGUI64.exe        4,744 K    14,944 K    7280    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtkBtManServ.exe        1,952 K    7,468 K    3936    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
RtkAudioService64.exe        1,792 K    7,900 K    2840    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RemindersServer.exe    Suspended    8,248 K    19,024 K    7372    Reminders WinRT OOP Server    Microsoft Corporation    (Verified) Microsoft Windows
Registry        10,588 K    88,288 K    88            
RadeonSettings.exe        161,772 K    55,756 K    6988    Radeon Settings: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
procexp.exe        5,332 K    10,984 K    10092    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
nlssrv32.exe        2,160 K    7,680 K    3844    This service enables products that use the Nalpeiron Licensing System     Nalpeiron Ltd.    (Certificate expired) Nalpeiron Ltd.
Memory Compression        324 K    63,248 K    2500            
mDNSResponder.exe        1,824 K    6,204 K    3460    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
HxTsr.exe    Suspended    10,440 K    35,884 K    8448    Microsoft Outlook Communications    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
HxOutlook.exe    Suspended    80,180 K    90,980 K    6664    Microsoft Outlook    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
HPWMISVC.exe        1,864 K    8,672 K    3736    HP WMI Service    HP Inc.    (Verified) HP Inc.
HPMSGSVC.exe        1,808 K    8,652 K    6472    HP Message Service    HP Inc.    (Verified) HP Inc.
fontdrvhost.exe        1,488 K    2,396 K    952    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe        30,484 K    49,936 K    9420    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dllhost.exe        3,136 K    10,084 K    5972    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        1,516 K    6,740 K    8376    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        1,444 K    6,540 K    6620    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        3,552 K    13,828 K    6444    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,516 K    10,932 K    8760    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,444 K    5,448 K    3148    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
CastSrv.exe        3,816 K    3,512 K    7572    Casting protocol connection listener    Microsoft Corporation    (Verified) Microsoft Windows
BTDevMgr.exe        1,876 K    7,284 K    3472    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
atiesrxx.exe        1,496 K    5,832 K    2072    AMD External Events Service Module    AMD    (Verified) Advanced Micro Devices, Inc.
armsvc.exe        1,532 K    6,692 K    3436    Adobe Acrobat Update Service    Adobe Systems    (Verified) Adobe Inc.
ApplicationFrameHost.exe        7,312 K    28,200 K    7752    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows
app_updater.exe        6,156 K    9,096 K    3564    Digital Wave Update Service    Digital Wave Ltd    (Verified) Digital Wave Ltd
amdow.exe        2,164 K    7,756 K    5364    AMD ReLive: Desktop Overlay    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
AGSService.exe        1,992 K    11,092 K    3452    Adobe Genuine Software Integrity Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.


Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    61.78    60 K    8 K    0            
WmiPrvSE.exe    23.99    5,724 K    12,780 K    2376    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
procexp64.exe    7.42    35,432 K    69,208 K    6104    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
System    1.60    216 K    6,116 K    4            
Interrupts    0.87    0 K    0 K    n/a    Hardware Interrupts and DPCs        
svchost.exe    0.79    10,632 K    19,480 K    3724    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
dwm.exe    0.67    67,676 K    61,336 K    552    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
express.exe    0.55    44,980 K    59,884 K    8184    Garmin Express    Garmin Ltd. or its subsidiaries    (Verified) Garmin International, Inc.
explorer.exe    0.55    60,652 K    126,140 K    6524    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.39    147,056 K    165,856 K    9240    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
AvastSvc.exe    0.30    120,532 K    39,408 K    8172    Avast Antivirus  Service    AVAST Software    (Verified) AVAST Software s.r.o.
csrss.exe    0.29    6,608 K    9,744 K    700    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
amddvr.exe    0.19    171,488 K    10,468 K    8988    AMD ReLive: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
AvastUI.exe    0.14    34,716 K    32,816 K    9308    Avast Antivirus     AVAST Software    (Verified) AVAST Software s.r.o.
firefox.exe    0.08    166,432 K    201,320 K    7304    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
Memory Compression    0.07    484 K    86,068 K    2500            
EOS Utility.exe    0.07    26,632 K    27,820 K    5892    EOS Utility    Canon INC.    (Verified) Canon Inc.
psi_tray.exe    0.07    1,356 K    6,624 K    2372    Secunia PSI Tray    Secunia    (Verified) Secunia
AGMService.exe    0.04    2,412 K    9,728 K    3444    Adobe Genuine Software Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.
svchost.exe    0.04    2,220 K    6,992 K    8000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
EOSUPNPSV.exe    0.03    3,636 K    9,592 K    5876    Canon EOS UPNP Detector    CANON INC.    (Verified) Canon Inc.
lsass.exe    0.02    6,696 K    16,268 K    756    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
atieclxx.exe    0.01    2,484 K    9,784 K    2352    AMD External Events Client Module    AMD    (Verified) Advanced Micro Devices, Inc.
SynTPEnh.exe    0.01    7,772 K    18,572 K    6532    Synaptics TouchPad 64-bit Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
ijplmsvc.exe    0.01    5,576 K    8,072 K    3676    Inkjet Printer/Scanner/Fax Extended Survey Program Service        (Verified) Canon Inc.
svchost.exe    < 0.01    5,556 K    19,696 K    5832    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
OfficeClickToRun.exe    < 0.01    27,048 K    44,072 K    3536    Microsoft Office Click-to-Run (SxS)    Microsoft Corporation    (Verified) Microsoft Corporation
svchost.exe    < 0.01    48,964 K    56,964 K    2360    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
aswidsagent.exe    < 0.01    24,864 K    39,860 K    8540    Avast Behavior Shield    AVAST Software    (Verified) AVAST Software s.r.o.
svchost.exe    < 0.01    3,588 K    10,840 K    4420    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    3,832 K    13,340 K    2716    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
RadeonSettings.exe    < 0.01    161,684 K    33,436 K    6988    Radeon Settings: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
RAVBg64.exe    < 0.01    6,384 K    14,844 K    6508    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
YourPhone.exe    Suspended    13,876 K    30,836 K    7864            (No signature was present in the subject)
wsc_proxy.exe        2,584 K    9,904 K    4832    Avast Antivirus  remediation exe    AVAST Software    (Verified) AVAST Software s.r.o.
WmiPrvSE.exe        2,504 K    9,068 K    8492    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
wlanext.exe        1,952 K    6,616 K    3120    Windows Wireless LAN 802.11 Extensibility Framework    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        2,776 K    10,560 K    816    Windows Log-on Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,492 K    6,560 K    684    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe        15,368 K    38,668 K    4428    WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe    Microsoft Corporation    (Verified) Microsoft Windows
vidnotifier.exe        5,888 K    18,832 K    8168    Video Notifier    Digital Wave Ltd    (Verified) Digital Wave Ltd
unsecapp.exe        1,424 K    6,716 K    4864    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,424 K    6,628 K    8752    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
taskhostw.exe        5,964 K    14,980 K    3608    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
taskhostw.exe        5,544 K    15,500 K    2248    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
SynTPHelper.exe        2,188 K    6,040 K    7100    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Synaptics Incorporated
SynTPEnhService.exe        3,444 K    9,176 K    2040    64-bit Synaptics Pointing Enhance Service    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe        7,492 K    14,664 K    480    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,596 K    7,872 K    572    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,124 K    19,444 K    7436    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,732 K    13,500 K    2932    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,356 K    7,860 K    3788    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,052 K    7,364 K    3280    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,380 K    19,256 K    4052    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,624 K    12,984 K    1776    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,484 K    5,592 K    1184    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,480 K    10,132 K    5060    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        12,876 K    29,660 K    1016    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        19,536 K    22,644 K    3588    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,764 K    11,912 K    2132    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,096 K    7,648 K    2228    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,336 K    6,792 K    2000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,712 K    9,808 K    1924    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,924 K    6,944 K    2344    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        10,452 K    15,936 K    3256    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,476 K    24,492 K    9116    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,660 K    20,712 K    8608    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,868 K    8,392 K    2456    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,816 K    8,836 K    2968    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,840 K    8,160 K    1796    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,808 K    12,972 K    2092    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,504 K    31,496 K    3196    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,012 K    6,048 K    3048    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,132 K    11,756 K    1208    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,880 K    16,700 K    504    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,860 K    10,660 K    1200    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,776 K    15,016 K    2604    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        14,304 K    15,140 K    1660    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,544 K    19,436 K    5576    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,528 K    10,020 K    1168    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,828 K    6,084 K    2960    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,152 K    10,272 K    1392    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,792 K    9,636 K    1736    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,128 K    7,476 K    3068    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,180 K    9,376 K    7172    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,320 K    5,644 K    2400    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,900 K    6,764 K    2204    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,464 K    14,724 K    1316    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,836 K    11,120 K    5744    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,872 K    5,880 K    3656    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,364 K    13,284 K    3552    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,916 K    8,940 K    6972    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,796 K    7,324 K    6296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,732 K    7,736 K    5592    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,088 K    7,924 K    1028    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,376 K    9,900 K    4984    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,008 K    7,468 K    2584    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,368 K    4,944 K    3840    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,320 K    4,972 K    4396    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,920 K    7,020 K    3948    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,804 K    11,784 K    4100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,676 K    6,360 K    3996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,624 K    5,652 K    3928    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,288 K    5,268 K    3988    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,620 K    6,400 K    3504    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,768 K    7,484 K    3716    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,864 K    7,864 K    2532    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,440 K    6,072 K    1988    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,932 K    10,984 K    1216    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,020 K    8,188 K    1592    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,756 K    11,596 K    1508    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,464 K    6,524 K    1572    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,140 K    8,140 K    1448    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,916 K    7,584 K    1192    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        960 K    3,668 K    932    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe        36,232 K    84,020 K    6268            (Verified) Microsoft Windows
spoolsv.exe        6,196 K    14,624 K    3156    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        1,156 K    1,016 K    392    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
sihost.exe        6,824 K    27,056 K    1304    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
SgrmBroker.exe        3,580 K    6,096 K    5928    System Guard Runtime Monitor Broker Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
services.exe        5,580 K    8,812 K    748    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SecurityHealthService.exe        2,824 K    11,524 K    8132    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchUI.exe    Suspended    79,716 K    78,296 K    856    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe        28,764 K    36,832 K    1624    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        3,112 K    19,004 K    8332    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        12,072 K    34,228 K    6584    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        4,960 K    19,300 K    10056    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        7,300 K    28,812 K    5756    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        1,528 K    6,672 K    7988    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RtlS5Wake.exe        4,272 K    12,440 K    7720    Realtek WOWL Utility    Realtek    (Verified) Realtek Semiconductor Corp.
RtkNGUI64.exe        4,744 K    13,764 K    7280    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtkBtManServ.exe        1,952 K    7,248 K    3936    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
RtkAudioService64.exe        1,792 K    7,812 K    2840    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RemindersServer.exe    Suspended    7,728 K    19,376 K    7372    Reminders WinRT OOP Server    Microsoft Corporation    (Verified) Microsoft Windows
Registry        9,156 K    48,628 K    88            
procexp.exe        5,392 K    11,180 K    6792    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
nlssrv32.exe        2,160 K    7,664 K    3844    This service enables products that use the Nalpeiron Licensing System     Nalpeiron Ltd.    (Certificate expired) Nalpeiron Ltd.
mDNSResponder.exe        1,852 K    6,212 K    3460    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
HxTsr.exe    Suspended    10,524 K    180 K    3364    Microsoft Outlook Communications    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
HxOutlook.exe    Suspended    37,284 K    840 K    6032    Microsoft Outlook    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
HPWMISVC.exe        1,720 K    8,376 K    3736    HP WMI Service    HP Inc.    (Verified) HP Inc.
HPMSGSVC.exe        1,652 K    8,304 K    6472    HP Message Service    HP Inc.    (Verified) HP Inc.
GWW.exe    Suspended    48,648 K    31,504 K    6884    e-Safe Compliance Client Application    Guardware Ltd.    (Verified) Guardware Ltd.
GWClient.exe    Suspended    5,664 K    16,780 K    3620    e-Safe Compliance Client Service    Guardware Ltd    (Verified) Guardware Ltd.
fontdrvhost.exe        5,244 K    11,420 K    940    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
fontdrvhost.exe        1,564 K    3,172 K    952    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe        63,384 K    84,904 K    9472    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        36,524 K    59,728 K    8736    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        30,484 K    40,932 K    9420    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dllhost.exe        1,456 K    6,448 K    6620    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        3,344 K    10,388 K    5972    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        3,716 K    11,908 K    5272    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        1,356 K    6,444 K    8376    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        4,728 K    14,804 K    6444    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe        1,708 K    5,132 K    584    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
conhost.exe        6,516 K    5,952 K    8760    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        6,444 K    5,844 K    3148    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
CastSrv.exe        3,120 K    4,368 K    7572    Casting protocol connection listener    Microsoft Corporation    (Verified) Microsoft Windows
BTDevMgr.exe        1,880 K    7,336 K    3472    Realtek Bluetooth BTDevManager Service Application    Realtek Semiconductor Corp.    (Verified) Microsoft Windows Hardware Compatibility Publisher
AvastUI.exe        14,696 K    35,376 K    10044    Avast Antivirus     AVAST Software    (Verified) AVAST Software s.r.o.
atiesrxx.exe        1,496 K    5,864 K    2072    AMD External Events Service Module    AMD    (Verified) Advanced Micro Devices, Inc.
armsvc.exe        1,460 K    6,520 K    3436    Adobe Acrobat Update Service    Adobe Systems    (Verified) Adobe Inc.
ApplicationFrameHost.exe        7,640 K    28,640 K    7752    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows
app_updater.exe        6,156 K    8,380 K    3564    Digital Wave Update Service    Digital Wave Ltd    (Verified) Digital Wave Ltd
amdow.exe        2,128 K    7,156 K    5364    AMD ReLive: Desktop Overlay    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
AGSService.exe        1,988 K    9,816 K    3452    Adobe Genuine Software Integrity Service    Adobe Systems, Incorporated    (Verified) Adobe Inc.


Annotation 2020-01-03 191017.jpg

 

 


  • 0

#60
RKinner
Posted 03 January 2020 - 03:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Sorry about the right pane stuff.  I usually get to Device Manager by right clicking on This PC (or Computer) and select Manage then the stuff you see in Device Manager is in a separate pane to the right.  Just right click on the one that says System Firmware since it has a yellow flag.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP