Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Not sure if I have malware!


  • Please log in to reply

#1
rogerbid

rogerbid

    Member

  • Member
  • PipPipPip
  • 226 posts
Hello
 
I hope I am not wasting your time.  My wife's laptop is very slow and I want to eliminate malware as a possible cause.  I will be very grateful if you would review the following reports and let me know if there is any cause for concern.
 
Thank you for your time,
 
Roger
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-05-2020
Ran by Patricia (administrator) on TOSHIBA (TOSHIBA Satellite C50D-B) (12-05-2020 15:47:16)
Running from C:\Users\Patricia\Desktop
Loaded Profiles: Patricia & _ashbackuppb_
Platform: Windows 10 Home Version 1709 16299.1087 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
() [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
() [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupService-abpb.exe
(Ashampoo GmbH & Co. KG -> ) C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\oxHelper.exe
(AVerMedia TECHNOLOGIES, Inc.) [File not signed] C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
(AVerMedia) [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG TuneUp\TuneupSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG TuneUp\TuneupUI.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Secure VPN\Vpn.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Secure VPN\VpnSvc.exe
(AVG Technologies USA, Inc. -> The OpenVPN Project) C:\Program Files (x86)\AVG\Secure VPN\OpenVPN\openvpn.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\afwServ.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe <3>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe
(Beiley Software, Inc. -> Beiley Software Inc.) C:\Program Files (x86)\Remind-Me\RemindMe.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\WINDOWS\System32\BtwRSupportService.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Compal Electronics, Inc. -> TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(DTS, Inc. -> ) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe <6>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_2.1.18.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\WINDOWS\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\WINDOWS\System32\atiesrxx.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Storage Appliance Corporation -> SAC) C:\ProgramData\Clickfree\BoxSoftware\reminder\SacReminder.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(WildTangent Inc -> WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3873000 2016-06-02] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-09] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [Ashampoo Backup PB] => C:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupClient-abpb.exe [323504 2017-03-28] (Ashampoo GmbH & Co. KG -> )
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [156256 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-07-19] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-10-11] (Corel Corporation -> Corel Corporation)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-06] (Compal Electronics, Inc. -> TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA CORPORATION -> TOSHIBA)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-1038643954-3680076089-604325707-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1038643954-3680076089-604325707-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1038643954-3680076089-604325707-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-11] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll [2016-02-17] (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk [2015-07-21]
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk [2015-07-21]
ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG Secure VPN.lnk [2018-12-28]
ShortcutTarget: AVG Secure VPN.lnk -> C:\Program Files (x86)\AVG\Secure VPN\Vpn.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVG TuneUp.lnk [2019-12-01]
ShortcutTarget: AVG TuneUp.lnk -> C:\Program Files (x86)\AVG\AVG TuneUp\TuneupUI.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2018-11-15]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation -> Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk [2015-07-10]
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2019-12-03]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
Startup: C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RemindMe.lnk [2015-04-16]
ShortcutTarget: RemindMe.lnk -> C:\Program Files (x86)\Remind-Me\RemindMe.exe (Beiley Software, Inc. -> Beiley Software Inc.)
Startup: C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sticky Notes.lnk [2019-05-08]
ShortcutTarget: Sticky Notes.lnk ->  (No File)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {089C286E-824A-4652-951A-A94676D4A2F6} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [3373072 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {0CE88F57-BA56-46C0-91E1-D6FD764125E1} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-10-11] (Corel Corporation -> Corel Corporation)
Task: {0FAAF9AC-E965-4CDC-8A70-95BDDB18F913} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1323B463-6C98-44C0-96A6-A32A36C89A53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-15] (Google Inc -> Google Inc.)
Task: {1A907020-9666-4068-AB16-1306679002DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {1E2A1B32-EF51-46E5-98DF-3C62806803B5} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-10-11] (Corel Corporation -> Corel Corporation)
Task: {21B7B94A-A8E5-4AF9-B47B-93BAD136CEB6} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1692296 2020-04-03] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {294C58B1-9F1A-4A6E-BE72-3D3DDF3C9C82} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2BF3E8FB-6CF1-4EA2-AF06-E49485FE143A} - System32\Tasks\dts_apo_service_task => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_task.exe [14320 2015-05-27] (DTS, Inc. -> )
Task: {2CAEB363-D167-4428-9C7B-3977E2F8321B} - System32\Tasks\TOSHIBA\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {2DBBA33E-2AD1-4CE1-93B4-C381FC0A88C0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3717B651-E22F-4725-BC11-1BA6187B2D7F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {409F5BD5-67A1-4462-9165-6D1DC4D68E36} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4E855516-69F8-40E7-B6A3-475839977A0C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2017-09-29] (Microsoft Windows -> Microsoft Corporation)
Task: {675412B9-8E9B-42CC-9E4D-DF6BD3B4542B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {69C239EA-21F5-49D9-BA1F-9032B125F6EF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6DA995AC-C70F-430F-9516-B6E53F39C9FC} - System32\Tasks\TOSHIBA\StartCCC => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {75B2EE99-E19E-483A-9CA7-75CFD60916B9} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {81443312-1895-44CF-B1F1-E6000C1F6AD7} - System32\Tasks\AVG TuneUp Update => C:\Program Files (x86)\AVG\AVG TuneUp\TUNEUpdate.exe [1706528 2019-12-01] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {82BE1E17-B0FF-4C92-AF71-6F9E78297C68} - System32\Tasks\TOSHIBA\TecoResident => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8A48891D-8CD9-4625-A5DB-0DE284A2EE98} - System32\Tasks\TOSHIBA\SacReminderBOX => C:\ProgramData\Clickfree\BoxSoftware\reminder\SacReminder.exe [567120 2011-11-02] (Storage Appliance Corporation -> SAC)
Task: {90551A60-1339-4A1D-A8C3-90F170991471} - System32\Tasks\AVG Secure VPN Update => C:\Program Files (x86)\AVG\Secure VPN\VpnUpdate.exe [1426864 2019-08-13] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {945FECF0-1E0D-49FD-B123-0E5CD1219BD7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {96A9B0C7-E7BC-48AD-B80C-6E30DEEBD69D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [570240 2017-02-14] (Apple Inc. -> Apple Inc.)
Task: {9FA05F4A-9910-4F01-89CC-9D70D5609B4C} - System32\Tasks\ArcSoft Connect => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft, Inc. -> ArcSoft Inc.)
Task: {A3000F18-42B8-42BA-A8AB-E34A6CDE0CCE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-04-15] (Google Inc -> Google Inc.)
Task: {A4BF8A98-3591-4429-A4D2-28464051C51C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A62D6C41-6308-4D71-AA2B-932631997258} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B3B61889-8B0F-4942-979F-B2C6D1AE0262} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {B5FEB5C2-A112-40B8-B2B8-CB3613EF2BF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {B8F79936-2DA4-4698-AD93-54646CCB92E9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {BF6A803E-75F3-4FDE-B583-149850544B32} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files\WinZip\WZUpdateNotifier.exe [2814096 2019-10-11] (Corel Corporation -> Corel Corporation)
Task: {C1C8E3F1-C472-4246-8B87-18A49A0D2CE8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C3D95CD7-12B9-4D01-8747-D85B89F303BC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16690424 2016-08-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CFEFC93D-4490-4D14-A5B2-72349806CA11} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D5B6827E-2A10-4C88-A432-5E0AC0DA098D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E45CB5DE-7719-40C7-A8EE-8D73735ABC44} - System32\Tasks\TOSHIBA\TSVU => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA CORPORATION -> TOSHIBA)
Task: {EA939703-ABC8-4680-9F41-76DABA420868} - System32\Tasks\TOSHIBA\TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {ECC9C0D0-D17F-4F9E-AF54-D2B8320C5BB7} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [700040 2014-04-03] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {F277B906-9AD9-483C-8A2D-E25626689B90} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\..\Interfaces\{7dcfcdf8-6b55-4126-8d35-6535b5fb2e97}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ce2293a1-70ad-4a01-9ab3-ca2c2dba5904}: [NameServer] 100.120.128.1
Tcpip\..\Interfaces\{eb75e515-cb5c-43c6-87be-3334218831d0}: [DhcpNameServer] 192.168.0.1
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.0.12,1]
Internet Explorer:
==================
HKU\S-1-5-21-1038643954-3680076089-604325707-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nine.com.au/
HKU\S-1-5-21-1038643954-3680076089-604325707-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TAJB
SearchScopes: HKU\S-1-5-21-1038643954-3680076089-604325707-1001 -> DefaultScope {D1D7348B-41CC-4ABD-87A7-934403F6B971} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1038643954-3680076089-604325707-1001 -> {D1D7348B-41CC-4ABD-87A7-934403F6B971} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1038643954-3680076089-604325707-1001 -> {FBF7A67F-FB8D-482A-A96B-220A5E9BBC21} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKU\S-1-5-21-1038643954-3680076089-604325707-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Edge:
======
DownloadDir: C:\Users\Patricia\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-1038643954-3680076089-604325707-1001 -> hxxp://www.9news.com.au/
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2017-10-17] (CANON INC.) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2016-04-18] (WildTangent Inc -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-02] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1038643954-3680076089-604325707-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Patricia\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-28] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR Profile: C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default [2018-12-28]
CHR Notifications: Default -> hxxps://web.skype.com
CHR StartupUrls: Default -> "hxxp://www.news.ninemsn.com.au/"
CHR Extension: (Google Slides) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-15]
CHR Extension: (Google Docs) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-15]
CHR Extension: (Google Drive) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-15]
CHR Extension: (YouTube) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-15]
CHR Extension: (Google Sheets) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-15]
CHR Extension: (Google Docs Offline) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-20]
CHR Extension: (Gmail) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-15]
CHR Extension: (Chrome Media Router) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-20]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-23] () [File not signed]
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [264224 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed]
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [360448 2011-08-19] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [167936 2011-10-31] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [345960 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [1005744 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [5552064 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [110608 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 CleanupPSvc; C:\Program Files (x86)\AVG\AVG TuneUp\TuneupSvc.exe [10301176 2019-07-24] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19960 2015-05-27] (DTS, Inc. -> )
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144608 2016-06-02] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-04-18] (WildTangent Inc -> WildTangent)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [397472 2018-03-15] (Canon Inc. -> )
R2 SecureVpn; C:\Program Files (x86)\AVG\Secure VPN\VpnSvc.exe [7451056 2019-08-13] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-07-24] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-07-24] (Microsoft Corporation -> Microsoft Corporation)
R2 ashbackuppb; "c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\backupService-abpb.exe" "--controlFolder=c:\ProgramData\Ashampoo Backup PB\control" "--id=ashbackuppb" daemon
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21653520 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [686080 2015-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4251160 2016-12-14] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 AVerIT13x; C:\WINDOWS\System32\Drivers\AVerIT13x_x64.sys [198272 2012-12-06] (Microsoft Windows Hardware Compatibility Publisher -> AVerMedia TECHNOLOGIES, Inc.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [206672 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [234840 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [179032 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [61272 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16520 2020-04-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [43568 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175984 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [501752 2020-05-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [110064 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [85664 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [852392 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [459992 2020-05-11] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [235768 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgTap; C:\WINDOWS\System32\drivers\avgTap.sys [54888 2018-09-05] (AVG Technologies CZ, s.r.o. -> The OpenVPN Project)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [317864 2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [610336 2016-07-13] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31832 2016-06-02] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-07-29] (TOSHIBA CORPORATION -> Toshiba Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2019-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46592 2018-07-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-07-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-07-24] (Microsoft Windows -> Microsoft Corporation)
S3 btwaudio; \SystemRoot\system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\System32\drivers\btwavdt.sys [X]
S3 btwl2cap; \SystemRoot\system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\System32\drivers\btwrchid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-05-12 15:47 - 2020-05-12 15:49 - 000034981 _____ C:\Users\Patricia\Desktop\FRST.txt
2020-05-12 15:46 - 2020-05-12 15:48 - 000000000 ____D C:\FRST
2020-05-12 15:42 - 2020-05-12 15:42 - 002285568 _____ (Farbar) C:\Users\Patricia\Desktop\FRST64.exe
2020-04-28 11:34 - 2020-05-11 16:16 - 000501752 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2020-04-28 11:34 - 2020-04-28 11:33 - 000492416 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys.158917734123405
2020-04-28 11:34 - 2020-04-28 11:33 - 000235768 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2020-04-28 11:34 - 2020-04-28 11:33 - 000175984 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2020-04-28 11:34 - 2020-04-28 11:32 - 000337592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2020-04-28 11:25 - 2020-04-28 11:25 - 000000000 ____D C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-04-28 11:20 - 2020-04-28 11:35 - 000000000 ____D C:\Users\Patricia\AppData\Roaming\Zoom
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-05-12 15:49 - 2019-12-03 15:01 - 000002686 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 2
2020-05-12 15:49 - 2019-12-03 15:01 - 000002684 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 3
2020-05-12 15:49 - 2019-12-03 15:01 - 000002684 _____ C:\WINDOWS\system32\Tasks\WinZip Update Notifier 1
2020-05-12 15:49 - 2018-11-08 11:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-05-12 15:49 - 2018-03-01 17:02 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-05-12 15:49 - 2018-03-01 17:02 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-05-12 15:49 - 2018-03-01 17:02 - 000003262 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2020-05-12 15:49 - 2018-03-01 17:02 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-05-12 15:49 - 2018-03-01 17:02 - 000003124 _____ C:\WINDOWS\system32\Tasks\ArcSoft Connect
2020-05-12 15:49 - 2018-03-01 17:02 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1038643954-3680076089-604325707-1001
2020-05-12 15:49 - 2018-03-01 17:02 - 000002748 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1038643954-3680076089-604325707-500
2020-05-12 15:49 - 2018-03-01 17:02 - 000002376 _____ C:\WINDOWS\system32\Tasks\dts_apo_service_task
2020-05-12 15:49 - 2018-03-01 17:02 - 000002278 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2020-05-12 15:30 - 2017-09-29 23:44 - 000000000 ____D C:\WINDOWS\INF
2020-05-12 15:13 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2020-05-12 10:06 - 2016-04-14 12:37 - 000007630 _____ C:\Users\Patricia\AppData\Local\Resmon.ResmonCfg
2020-05-12 09:51 - 2019-05-08 16:38 - 000000000 ____D C:\WINDOWS\Panther
2020-05-12 09:25 - 2017-09-29 23:46 - 000000000 ___HD C:\Program Files\WindowsApps
2020-05-12 09:25 - 2017-09-29 23:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-05-11 16:34 - 2018-03-01 16:20 - 000000000 ____D C:\Users\Patricia
2020-05-11 16:33 - 2016-04-15 09:58 - 000002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-11 16:33 - 2016-04-15 09:58 - 000002303 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-05-11 16:33 - 2016-04-15 09:58 - 000002303 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-05-11 16:32 - 2019-05-30 09:26 - 000000000 ____D C:\Users\Patricia\AppData\Local\CrashDumps
2020-05-11 16:18 - 2016-07-29 11:43 - 000002423 _____ C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-05-11 16:18 - 2015-03-13 16:08 - 000000000 __RDO C:\Users\Patricia\OneDrive
2020-05-11 16:15 - 2018-08-02 14:20 - 000459992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2020-05-11 15:52 - 2018-03-01 17:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-11 15:52 - 2018-03-01 16:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-11 15:07 - 2019-10-19 02:06 - 000000000 ____D C:\Windows10Upgrade
2020-05-11 14:48 - 2019-12-01 11:27 - 000004246 _____ C:\WINDOWS\system32\Tasks\AVG TuneUp Update
2020-05-11 14:48 - 2018-12-28 14:15 - 000004260 _____ C:\WINDOWS\system32\Tasks\AVG Secure VPN Update
2020-05-10 20:09 - 2018-11-13 19:58 - 000000000 ____D C:\ProgramData\CanonIJPLM
2020-04-28 11:34 - 2017-09-29 23:46 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-04-28 11:33 - 2018-11-13 17:06 - 000043568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2020-04-28 11:33 - 2018-08-02 14:20 - 000460184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys.158917771896809
2020-04-28 11:33 - 2018-08-02 14:20 - 000317864 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2020-04-28 11:33 - 2018-08-02 14:20 - 000110064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2020-04-28 11:33 - 2018-08-02 14:20 - 000085664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2020-04-28 11:33 - 2018-07-14 09:18 - 000016520 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
2020-04-28 11:32 - 2018-08-02 14:20 - 000852392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2020-04-28 11:32 - 2018-08-02 14:20 - 000206672 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2020-04-28 11:31 - 2019-01-10 08:57 - 000234840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2020-04-28 11:31 - 2019-01-10 08:57 - 000179032 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2020-04-28 11:31 - 2019-01-10 08:57 - 000061272 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2020-04-28 11:17 - 2018-03-01 16:52 - 001119922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
==================== Files in the root of some directories ========
2016-01-09 09:41 - 2016-01-09 09:41 - 000000000 _____ () C:\Users\Patricia\AppData\Roaming\Microsoft\78B6.tmp
2016-04-14 12:37 - 2020-05-12 10:06 - 000007630 _____ () C:\Users\Patricia\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2019-12-01 11:52
==================== End of FRST.txt ========================
 
 
 
ot have Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2020
Ran by Patricia (12-05-2020 15:51:19)
Running from C:\Users\Patricia\Desktop
Windows 10 Home Version 1709 16299.1087 (X64) (2018-03-01 07:06:01)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1038643954-3680076089-604325707-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1038643954-3680076089-604325707-503 - Limited - Disabled)
Guest (S-1-5-21-1038643954-3680076089-604325707-501 - Limited - Disabled)
Patricia (S-1-5-21-1038643954-3680076089-604325707-1001 - Administrator - Enabled) => C:\Users\Patricia
WDAGUtilityAccount (S-1-5-21-1038643954-3680076089-604325707-504 - Limited - Disabled)
_ashbackuppb_ (S-1-5-21-1038643954-3680076089-604325707-1004 - Administrator - Enabled) => C:\Users\_ashbackuppb_
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Antivirus (Enabled) {2092F4DC-EC63-3680-C854-E2DACF7E736A}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{99213849-249E-7726-EBA7-ADFCA48E2246}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{EE72C3F7-4B98-493E-9263-AECFADBC8184}) (Version: 3.5.35.318 - ArcSoft)
Ashampoo Backup Pro 11 (HKLM\...\{DF972766-3CEA-0FEC-AD7D-0A1791430C35}_is1) (Version: 11.07 - Ashampoo GmbH & Co. KG)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
AVerMedia A835 USB DVB-T 8.2.64.64 (HKLM-x32\...\AVerMedia A835 USB DVB-T) (Version: 8.2.64.64 - AVerMedia TECHNOLOGIES, Inc.)
AVerTV 3D (HKLM-x32\...\{5016185F-05AF-455F-AA70-6B6E5D6D4E70}) (Version: 6.5.2.14 - AVerMedia Technologies, Inc.) Hidden
AVerTV 3D (HKLM-x32\...\InstallShield_{5016185F-05AF-455F-AA70-6B6E5D6D4E70}) (Version: 6.5.2.14 - AVerMedia Technologies, Inc.)
AVG Internet Security (HKLM-x32\...\AVG Antivirus) (Version: 20.2.3116 - AVG Technologies)
AVG Secure VPN (HKLM\...\{078F51FA-D92F-419A-9E69-08BC59265F7E}_is1) (Version: 1.7.670 - AVG)
AVG TuneUp (HKLM-x32\...\{949BE04F-D7E8-4C19-9F89-8B304AB4308A}_is1) (Version: 19.1.1209 - AVG Technologies)
Bejeweled 3 (HKLM-x32\...\WTA-38125e54-7503-4574-ac9d-28183f37510c) (Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.0.0 - Canon Inc.)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG3600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3600_series) (Version: 1.00 - Canon Inc.)
Canon MG3600 series On-screen Manual (HKLM-x32\...\Canon MG3600 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Codec-TS SDK (HKLM-x32\...\{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}) (Version:  - ArcSoft)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
De-interlace SDK (HKLM-x32\...\{9A0E0340-C3D7-42D1-96D4-64179FD456AE}) (Version:  - ArcSoft)
DTS Sound (HKLM-x32\...\{793B70D2-41E9-46AB-9DDC-B34C99D07DB5}) (Version: 1.02.4100 - DTS, Inc.)
ELAN Touchpad 15.8.12.5_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.12.5 - ELAN Microelectronic Corp.)
e-tax 2015 (HKLM-x32\...\{9D19C250-CE9A-4BF0-91C8-031665D54D16}) (Version: 2.10.541 - Australian Taxation Office)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Handy Address Book (HKLM-x32\...\Handy Address Book) (Version:  - Beiley Software)
iTunes (HKLM\...\{C4BCE5A0-6BE5-4CDB-A4BA-10F1E5EC616C}) (Version: 12.9.6.3 - Apple Inc.)
Luxor Evolved (HKLM-x32\...\WTA-6f011b44-189f-4200-b07d-c21cb39aef93) (Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1038643954-3680076089-604325707-1001\...\OneDriveSetup.exe) (Version: 20.052.0311.0011 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-9f5accdb-49ed-454c-a4a0-b1950095c724) (Version: 2.2.0.98 - WildTangent) Hidden
PSP Application (HKLM\...\{8DB698FB-2E57-A223-0169-911CA8736440}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
Remind-Me (HKLM-x32\...\Remind-Me) (Version:  - Beiley Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 4.02.00.6400 - Toshiba Corporation)
Toshiba Quality Application (HKLM-x32\...\InstallShield_{716C8275-A4A9-48CB-88C0-9829334CA3C5}) (Version: 1.0.9.4B1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TT-SB SDK (HKLM-x32\...\{AF9848E2-5F19-4E49-9E6E-044FBDC28404}) (Version:  - ArcSoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.53.3 - Compal) Hidden
Utility support driver (HKLM-x32\...\{56B116A2-FF34-4923-B1A7-1DFAB0B6E186}) (Version: 2.51.10.1 - TOSHIBA) Hidden
Utility support driver (HKLM-x32\...\InstallShield_{56B116A2-FF34-4923-B1A7-1DFAB0B6E186}) (Version: 2.51.10.1 - TOSHIBA) Hidden
VisiPics V1.31 (HKLM-x32\...\VisiPics_is1) (Version:  - Ozone)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.940 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.1.1.8 - WildTangent) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22532 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinFast DAB (HKLM-x32\...\{AC497343-E0D3-4A07-9496-ACB829A7338D}) (Version: 10.11.10.7 - Leadtek)
WinZip 24.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24125}) (Version: 24.0.13650 - Corel Corporation)
Zoom (HKU\S-1-5-21-1038643954-3680076089-604325707-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-03-21] (Canon Inc.)
Jewel Fever -> C:\Program Files\WindowsApps\SprakelsoftUG.JewelFever_1.1.16.0_x64__ge3twpst8dtre [2018-07-21] (Sprakelsoft GmbH) [MS Ad]
Jewel Fever 2 -> C:\Program Files\WindowsApps\SprakelsoftUG.JewelFever2_1.1.15.0_x64__ge3twpst8dtre [2018-07-21] (Sprakelsoft GmbH) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2018-07-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2018-07-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-11] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-05-11] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-25] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-25] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-12] (Microsoft Studios) [MS Ad]
MS Solitaire Collection -> C:\Program Files\WindowsApps\10867XAppsStudio.MSSolitaireCollection_1.0.0.4_neutral__9x90rfe02k9we [2016-02-13] (X Apps Studio) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-04] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-05-11] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-02-13] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-11] (Microsoft Corporation) [MS Ad]
Solitaire Collection X -> C:\Program Files\WindowsApps\10867XAppsStudio.SolitaireCollectionX_1.1.12.0_x64__9x90rfe02k9we [2019-08-24] (X Apps Studio) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-25] (Twitter Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1038643954-3680076089-604325707-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.WinZipExpressForOffice.dll (Corel Corporation -> )
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-10-11] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-10-11] (Corel Corporation -> WinZip Computing)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2020-04-28] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2019-10-11] (Corel Corporation -> WinZip Computing)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-12-01 11:26 - 2016-09-12 14:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVG\AVG TuneUp\libcef.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 000230912 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\jsoncpp.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 000045568 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\lzma.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 000084480 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\minizip.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 000227840 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\party.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 000571392 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\sqlite.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 000081408 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\zdll.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 000075776 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\ziputil.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 000024064 _____ () [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\zlibutil.dll
2014-12-20 19:01 - 2011-11-02 10:19 - 000050688 ____N () [File not signed] C:\ProgramData\Clickfree\BoxSoftware\reminder\ActivationLib.dll
2015-07-21 19:46 - 2012-08-31 17:07 - 000110592 ____R (AVerMedia Technologies, Inc.) [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\dll\CardID.dll
2015-07-21 19:46 - 2011-07-21 12:40 - 000368640 ____R (AVerMedia Technologies, Inc.) [File not signed] C:\Program Files (x86)\Common Files\AVerMedia\dll\GraphMaster.dll
2018-11-13 20:30 - 2017-07-05 12:43 - 000561152 _____ (CANON INC. ) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2018-11-13 20:18 - 2015-01-09 07:46 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2018-11-13 20:18 - 2015-01-09 07:44 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2018-11-13 19:58 - 2017-12-07 10:25 - 000123904 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJPLM\CNMPU.DLL
2018-11-13 20:30 - 2017-07-05 12:49 - 000593920 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2018-11-13 20:09 - 2015-03-17 07:51 - 000375296 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2014-12-20 19:01 - 2011-10-21 19:21 - 000512000 ____N (DMSoft Technologies) [File not signed] C:\ProgramData\Clickfree\BoxSoftware\reminder\SkinCrafterDll.dll
2018-12-28 14:26 - 2018-12-28 14:26 - 000434176 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\AVG\Secure VPN\chrome_elf.dll
2017-04-21 11:39 - 2017-01-18 13:23 - 002228224 _____ (The cURL library, hxxps://curl.haxx.se/) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\ash_libcurl.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 000353792 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\libcurl.dll
2018-12-28 14:14 - 2018-09-05 20:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\AVG\Secure VPN\libcrypto-1_1.dll
2017-04-21 11:39 - 2017-01-16 11:45 - 001966080 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\LIBEAY32.dll
2017-04-21 11:39 - 2017-01-16 11:45 - 000354816 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\SSLEAY32.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 000172544 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxbase310u_net_vc_ox.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 002276352 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxbase310u_vc_ox.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 000173056 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxbase310u_xml_vc_ox.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 001538560 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxmsw310u_adv_vc_ox.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 005490688 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxmsw310u_core_vc_ox.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 000707584 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxmsw310u_html_vc_ox.dll
2017-04-21 11:39 - 2017-02-28 18:52 - 000865792 _____ (wxWidgets development team) [File not signed] c:\Program Files\Ashampoo\Ashampoo Backup Pro 11\bin\wxmsw310u_xrc_vc_ox.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 23:25 - 2018-12-28 12:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\PROGRAM FILES (X86)\COMMON FILES\ARCSOFT\BIN;%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\PROGRAM FILES (X86)\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;
HKU\S-1-5-21-1038643954-3680076089-604325707-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\TOSHIBA\TOSHIBA1.jpg
HKU\S-1-5-21-1038643954-3680076089-604325707-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 100.120.128.1 - 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "AVerQuick.lnk"
HKLM\...\StartupApproved\StartupFolder: => "TMMonitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\StartupFolder: => "AVG TuneUp.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Ashampoo Backup PB"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKU\S-1-5-21-1038643954-3680076089-604325707-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1038643954-3680076089-604325707-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{508821AD-F3EA-43CF-9C6E-F2877F024F0A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{ED077476-74EA-43A5-9A0B-12EB003AC6E9}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe => No File
FirewallRules: [UDP Query User{509832F8-03C2-4F91-9A96-F88C221929D5}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe => No File
FirewallRules: [TCP Query User{95F0D941-4B11-4E66-A611-9CE67AA8C67E}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe => No File
FirewallRules: [UDP Query User{D8CFBA5C-AF09-4790-8217-DFCC59FE1117}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe => No File
FirewallRules: [{99D7A03E-CD81-4A6D-BB2A-E9F4417A6F67}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe (ArcSoft, Inc.) [File not signed]
FirewallRules: [{34F36603-FF32-4D46-B299-39ECD13CE50D}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe (ArcSoft, Inc.) [File not signed]
FirewallRules: [TCP Query User{462A2A07-8ADD-42FE-9AC9-A4EEA451804F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{260CD7F0-51BE-482D-94DC-9FB925D5BF28}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{AAA94A09-BD90-49DB-ABC8-730445C93751}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{DE944FCE-E5E7-415D-8035-71015E6FC4A1}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4B277B8F-17EC-4AA5-9367-1A0F1B1BDC8B}] => (Allow) C:\Program Files (x86)\AVG\Secure VPN\VpnUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{4785A207-BDB7-4ED2-BCF7-D8EEC8CF3DE1}] => (Allow) C:\Program Files (x86)\AVG\Secure VPN\VpnUpdate.exe (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
FirewallRules: [{2674A9ED-8B8E-4004-8674-1D50C5D99EAB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1F758323-1A15-4B7A-A17D-EE9FB0C2ACD8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E690F799-8CCD-4889-B8CE-AC98329B5EEE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0E8DE39D-E798-4D28-94C8-C738FFDF571B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0C3989D3-2464-4C6A-925D-D8A922139C15}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FF0E0604-7BE6-4503-AE00-E148F64498AA}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C52A328C-10D5-4A6D-96A8-B22994AE4EA7}] => (Allow) C:\Users\Patricia\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D9615E92-AD9B-4BA7-9369-B6CEC21C525C}] => (Allow) C:\Users\Patricia\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{3792A32B-FC3A-4E08-BAA9-8BEB44A5A704}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================

==================== Faulty Device Manager Devices ============
Name: Qualcomm Atheros AR3012 Bluetooth 4.0
Description: Qualcomm Atheros AR3012 Bluetooth 4.0
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: ========================
Application errors:
==================
Error: (05/12/2020 03:30:05 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (05/12/2020 03:28:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (05/12/2020 03:24:54 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (05/12/2020 03:23:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (05/12/2020 03:21:16 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (05/12/2020 03:17:46 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (05/12/2020 03:16:51 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (05/12/2020 03:15:37 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\System32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

System errors:
=============
Error: (05/12/2020 03:28:47 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.
Error: (05/12/2020 03:27:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Security Update for Microsoft Visio 2010 (KB4462225) 32-Bit Edition.
Error: (05/12/2020 03:26:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Security Update for Microsoft Office 2010 (KB3203462) 32-Bit Edition.
Error: (05/12/2020 03:17:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Security Update for Microsoft Office 2010 (KB4484126) 32-Bit Edition.
Error: (05/12/2020 03:15:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Security Update for Microsoft Excel 2010 (KB4484285) 32-Bit Edition.
Error: (05/12/2020 03:15:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Security Update for Microsoft Office 2010 (KB4484238) 32-Bit Edition.
Error: (05/12/2020 03:14:09 PM) (Source: DCOM) (EventID: 10010) (User: TOSHIBA)
Description: The server {45CC1698-D1CF-417B-BC32-80EB79E05EF1} did not register with DCOM within the required timeout.
Error: (05/12/2020 03:13:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Windows Defender:
===================================
Date: 2018-07-24 11:29:07.807
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.273.125.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15100.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2018-07-21 16:55:36.117
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.251.42.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80070643
Error description: Fatal error during installation.
Date: 2018-07-21 16:55:22.855
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.273.125.0
Previous Signature Version: 1.251.42.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.14104.0
Previous Engine Version: 1.1.14104.0
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
Date: 2018-07-21 16:55:22.854
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.273.125.0
Previous Signature Version: 1.251.42.0
Update Source: User
Signature Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.14104.0
Previous Engine Version: 1.1.14104.0
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel.
CodeIntegrity:
===================================
Date: 2020-05-12 15:38:42.050
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-12 15:38:42.045
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-12 15:38:41.027
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-12 15:38:40.998
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-12 15:30:10.248
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-12 15:30:10.241
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-12 15:30:06.343
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-12 15:30:06.338
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\WINDOWS\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: TOSHIBA 1.30 06/06/2014
Motherboard: TOSHIBA ZBWAE
Processor: AMD E1-6010 APU with AMD Radeon R2 Graphics
Percentage of memory in use: 67%
Total physical RAM: 3518.9 MB
Available physical RAM: 1149.11 MB
Total Virtual: 4414.9 MB
Available Virtual: 1188.31 MB
==================== Drives ================================
Drive c: (TI31278800C) (Fixed) (Total:210.67 GB) (Free:69.46 GB) NTFS
\\?\Volume{68656c3b-fc0c-467e-8d16-cd7d2f93c964}\ (System) (Fixed) (Total:1 GB) (Free:0.49 GB) NTFS
\\?\Volume{420c4305-c548-4b31-8a52-66cdc35b0b7d}\ () (Fixed) (Total:0.1 GB) (Free:0.05 GB) FAT32
\\?\Volume{1ed9af2b-a2ad-47c6-a030-59c526cd9430}\ () (Fixed) (Total:0.91 GB) (Free:0.45 GB) NTFS
\\?\Volume{9bdb2c92-74bb-4082-bbe5-dc54797ee9e9}\ (Recovery) (Fixed) (Total:10.77 GB) (Free:0.99 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: F569BAB0)
Partition: GPT.
==================== End of Addition.txt =======================
 

Edited by rogerbid, 12 May 2020 - 04:58 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,748 posts
  • MVP

No obvious malware but Windows is very old:

Windows 10 Home Version 1709 16299.1087 (X64)

Should be Version 1909

so something is wrong with Windows Update.  You might want to go to

Settings, Update & Security, Troubleshoot, Windows Update and see if it finds anything.  Also you can force the update to the latest version by going to

https://www.microsof...nload/windows10

clicking on Download Now then Saving the file.  Right click on the downloaded file and Run As Admin.  Expect it to take an hour or more.

If you get it to update please provide new FRST scans.  You may need to attach them as the update is very large and may make the scans too big for the forum.

 

 

Lot of deadwood left from when it was 8.1

 

Let's collect some more data and see why it's running slow:

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

Best to post logs as you get them rather than waiting to post them all at one time.

 


 


  • 0

#3
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
Thank you very much for the comprehensive reply. I will follow your instructions and post again later today,

Thanks again,

Roger
  • 0

#4
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Hello again,

 

 

I have been to Windows Update as suggested but the attached error prevented any progress there  Update error.JPG

 

 

I then went to the Software-Download site and clicked on 'Update now' rather than 'Download tool now'   Update options.JPG

 

 

Attempting to run the downloaded file has brought another error, attached as 'Running Update error'  Running Update error.JPG

 

 

 

I am now at a road block, can you suggest a way forward please?   (As a precaution I have created a System Restore point :) )

 

Thanks, I really appreciate your help.

 

Roger


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,748 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   558bytes   20 downloads

Run FRST and press Fix.  This will run two checks of the system files and attempt to repair any errors.  Can take up to 30 minutes to finish so be patient.  It will reboot when done.

A fix log will be generated please post that

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Go ahead and do the other stuff in my first post.


 


  • 0

#6
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Hello,

 
Thank you for the quick reply  (What time zone are you in?  GMT+11 here now)
 
Sorry to bother you, I have tried to run FRST64 as administrator again and now I am getting this popup.  I have tried downloading it again and the same thing happens. I am not sure how to get past this popup!  Sorry

 

FRST generated popup.JPG


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,748 posts
  • MVP

I'm in Melbourne Beach, Florida, USA.  Think it's +5 this time of year.  Was just about to go to bed.

 

Appears you have somehow gotten into S mode.

 

https://support.micr...h-out-of-s-mode

 

Smart Screen, Windows Defender and Avast have all been blocking FRST recently.  It's a false positive so pause your antivirus when downloading or running FRST.  If you get a message saying Smart Screen has blocked it you can click on More Info and you will see an option to Run Anyway.


 


  • 0

#8
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Hello again,  Sorry, you will be wishing you had not elected to help me with this problem!!

 

Thank you for the reply re S Mode "(I have no idea how I made this change!).  I have clicked the link you provided and after following item 1 in the instructions I am faced with this screen:

 

Switch out of S mode screen.jpg

 

The Microsoft Help article tells me to :

 

"2. In the Switch to Windows 10 Home or Switch to Windows 10 Pro section, select Go to the Store. (If you also see an "Upgrade your edition of Windows" section, be careful not to click the "Go to the Store" link that appears there.)"

 

​I cannot see 'the Switch to Windows 10 Home or Switch to Windows 10 Pro section' so cannot select Go to the Store!  What is more, I do have the "Upgrade your edition of Windows" section mentioned where it tells me specifically NOT to click the Go to the Store link!

 

Can you help me once again to get past this hurdle? 

 

​I do appreciate your patience and apologise for the trouble. Incidentally, I am in Melbourne, Australia!  What a coincidence!

 

​I look forward to hearing from you when you have a moment, thanks,

 

Roger


  • 0

#9
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Hello RK,

 

Please don't think I was doubting your advice, but out of curiosity I Googled getting out of S Mode and found a video in which the System section of Control Panel shows this screen:

 

video screenshot.JPG   In another video S Mode is mentioned on the Activation page: video screenshot 2.JPG

 

The corresponding screen on this laptop doesn't show S Mode, as shown here:

 

Am I in S Mode screen.JPG

 

Perhaps there is another reason I was unable to get past the Microsoft popup?

 

Thanks so much for your help,

 

Roger

 


  • 0

#10
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

I have Googled the Microsoft popup, and found this foreign language video which may offer a solution.

 

I stress that I do not want to turn my back on your assistance, but am merely looking for possible solutions. If you think I should click on the Open Settings tab in the MS popup to get to this screen please advise.could this be the answer.JPG

 

Roger


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,748 posts
  • MVP

Can you select Allow Apps From Anywhere?

 

When you log on do you use your Microsoft account?


  • 0

#12
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Hi, it's me again :(

 

Thanks once more for your reply.  To answer your second question first, I don't think my wife has ever created a Microsoft account as such though she does have a Hotmail email account.  Not sure if this is in fact a 'Microsoft Account'  Certainly she does not knowingly log in to a Microsoft account.

 

Re the first question, yes I clicked on Settings and could select Allow Apps From Anywhere, and this brought up the following windows:

 

Windows protected your PC.JPG

 

and when I click on More Info I get this screen:

 

Run anyway.JPG

 

I am optimistic that I will now be able to run FRST64 as Administrator so will go back to your earlier instructions and follow them.

 

Thank you and I will post the relevant logs as soon as they are done!

 

Best regards,

Roger


  • 0

#13
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Hello, I have had some success, and will start to send to you the logs generated by the apps you have suggested.  As I was unable to download and install Windows 10 v 1909 I am not sending new FRST reports, so the next ones you asked for are those generated by Process Explorer.

 

I am attaching 2 files, I am not sure which is the one you expect to see.  The first time I ran Process Explorer the file saved was named System Idle Process.txt.  Not sure I had run the app correctly I ran it again and when I saved the result it was named Hardware Interrupts and DPCs.txt!   A third run generated the same file name as the second, so I don't know what I have done wrong!  Sorry.

 

I will continue through your instructions and send more reports as they come along,

 

Thanks for everything,

 

Roger

Attached Files


  • 0

#14
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Hi,  Attached is the junk.txt file created after opening the Elevated Command Prompt

Attached Files


  • 0

#15
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Hi again,  Attached is the Speccy text file

Attached Files


  • 0






Similar Topics

7 user(s) are reading this topic

0 members, 7 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP