Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Running Slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer Running Slow

Unread postby reddog1992000 » August 28th, 2018, 1:16 pm

Hello,
I am hoping to cleanup my computer it seems to be running slow. I haven't had a bunch of popups, but hopefully you guys can see what's slowing it down. :) Here are my logs
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.08.2018
Ran by Heather (administrator) on HEATHER (28-08-2018 09:54:37)
Running from C:\Users\Heather\Downloads
Loaded Profiles: Heather (Available Profiles: Heather)
Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Microsoft Corporation) C:\Config.Msi\3022d.rbf
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.bak
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{E961A532-AE23-401E-BDF6-C808E54A1036}\68.0.3440.106_67.0.3396.87_chrome_updater.exe
(Google Inc.) C:\Windows\Temp\CR_2DC8C.tmp\setup.exe
(Google Inc.) C:\Windows\Temp\CR_2DC8C.tmp\setup.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.bak
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Heather\AppData\Local\Google\Chrome\User Data\SwReporter\30.159.200\software_reporter_tool.exe
(Google) C:\Users\Heather\AppData\Local\Google\Chrome\User Data\SwReporter\30.159.200\software_reporter_tool.exe
(Google) C:\Users\Heather\AppData\Local\Google\Chrome\User Data\SwReporter\30.159.200\software_reporter_tool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Hewlett Packard) C:\Program Files (x86)\Hp\HPLJUT\HPLJUTSCH.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16690424 2016-08-26] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [291568 2018-06-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330176 2014-08-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124544 2016-02-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-10-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\...\Run: [GoogleChromeAutoLaunch_9FD81ADF5448AA63CA22E7DC63BA5047] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568 2018-06-11] (Google Inc.)
HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\...\Run: [Moffsoft FreeCalc] => C:\Program Files (x86)\Moffsoft FreeCalc\MoffFreeCalc.exe [791552 2004-08-28] (Moffsoft)
HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\...\Run: [AF14] => C:\Users\Heather\AppData\Local\Temp\Temp1_Auto-Facebook-2014-Group-Poster-Demo.zip\Auto Facebook 2014\Auto Facebook 2014.exe /hide <==== ATTENTION
HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\...\RunOnce: [Uninstall C:\Users\Heather\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Heather\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2016-01-31]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 74.40.74.41
Tcpip\..\Interfaces\{3e0ea58d-37e2-43a0-a524-49b2a34de207}: [DhcpNameServer] 192.168.254.254 74.40.74.41
Tcpip\..\Interfaces\{ed62aaf1-d2d3-4086-a1a3-3a7f1d931ee9}: [DhcpNameServer] 192.168.254.254 74.40.74.41

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-3680518506-1509505806-1380042551-1001 -> {5E49FEA7-D70F-4E95-B01B-49D470A1AC12} URL =
SearchScopes: HKU\S-1-5-21-3680518506-1509505806-1380042551-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={54873DE1-B34B-42B1-964B-B5AAD7B1BE76}&mid=ced9db8f953547cca8acbd389ff4de35-acb978f7e27035e6c1a7dca4d391bf3278058a1f&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516av&pr=fr&d=2016-04-26 00:58:58&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-08-28] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-07] (AVG)
BHO: No Name -> {BAC72C85-CEC6-4B86-AF06-FA20C259FAB8} -> No File
BHO-x32: Amazon Assistant -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-08-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: arj9p8w7.default
FF ProfilePath: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\arj9p8w7.default [2017-10-21]
FF Homepage: Mozilla\Firefox\Profiles\arj9p8w7.default -> hxxps://www.google.com/#gws_rd=ssl
FF Extension: (AVG Web TuneUp) - C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\arj9p8w7.default\Extensions\avg@toolbar.xpi [2018-08-28]
FF SearchPlugin: C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\arj9p8w7.default\searchplugins\avg-secure-search.xml [2017-02-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-18] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-18] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-06-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default [2018-08-28]
CHR Extension: (Google Drive) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-19]
CHR Extension: (Adblock Plus) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-08-28]
CHR Extension: (Google Docs Offline) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-28]
CHR Extension: (AdRemover for Google Chrome™) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2017-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-18]
CHR Extension: (Adblock Pro) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-07-16]
CHR Extension: (Chrome Media Router) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-22] () [File not signed]
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-01-31] (Adobe Systems) [File not signed]
S2 Amazon Assistant Service; C:\Program Files (x86)\Amazon\Amazon Assistant\amazonAssistantService.exe [105136 2018-02-22] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [318328 2018-06-18] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7670672 2018-06-18] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8853984 2018-08-09] (Microsoft Corporation)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-25] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332656 2018-05-02] (HP Inc.)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel(R) Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-18] (McAfee, Inc.)
R3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29181272 2008-12-18] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-05-04] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [908256 2016-07-14] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-07-14] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-07-14] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-07] (Microsoft Corporation)
S2 vToolbarUpdater40.3.7; "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe" [X]
S2 WtuSystemSupport; "C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101104 2015-06-23] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [277240 2015-06-23] (Advanced Micro Devices, Inc. )
R3 AsusVBus; C:\WINDOWS\System32\drivers\AsusVBus.sys [39704 2015-10-07] (Windows (R) Win 7 DDK provider)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [189032 2018-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [220600 2018-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192536 2018-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336848 2018-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [50776 2018-06-18] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39352 2018-06-18] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [151504 2018-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [103744 2018-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [78352 2018-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1020112 2018-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [452904 2018-06-18] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [198368 2018-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [373944 2018-06-18] (AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-04-13] ()
S3 FlyUsb; C:\WINDOWS\System32\drivers\FlyUsb.sys [24576 2015-06-04] (LeapFrog)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-07] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-07] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2018-08-28] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-10] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-08-10] (Realtek )
S3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [42184 2015-09-25] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [54424 2015-12-04] (Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 avgbdisk; \SystemRoot\system32\drivers\avgbdiska.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-28 09:58 - 2018-08-28 09:58 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-08-28 09:58 - 2018-08-28 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-08-28 09:54 - 2018-08-28 09:56 - 000024001 _____ C:\Users\Heather\Downloads\FRST.txt
2018-08-28 09:53 - 2018-08-28 09:54 - 000000000 ____D C:\FRST
2018-08-28 09:48 - 2018-08-28 09:53 - 002413056 _____ (Farbar) C:\Users\Heather\Downloads\FRST64.exe
2018-08-28 09:19 - 2018-08-28 09:19 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-08-28 09:19 - 2018-05-17 10:52 - 000023024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Luadgmgt.dll
2018-08-28 09:14 - 2018-08-28 09:14 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-08-28 09:14 - 2018-08-28 09:14 - 000002252 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-08-28 09:14 - 2018-08-28 09:14 - 000000000 ____D C:\Program Files\Google
2018-08-17 18:16 - 2018-08-17 18:16 - 000000000 ____D C:\ProgramData\TrueKey

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-28 09:58 - 2015-12-08 23:08 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-08-28 09:58 - 2015-12-08 23:08 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-08-28 09:58 - 2015-12-08 23:08 - 000002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-08-28 09:58 - 2015-12-08 23:08 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-08-28 09:58 - 2015-12-08 23:08 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-08-28 09:58 - 2015-12-08 23:08 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-08-28 09:55 - 2014-04-10 23:13 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-08-28 09:53 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-28 09:51 - 2016-07-16 04:47 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-28 09:43 - 2015-10-26 20:10 - 000000000 ____D C:\ProgramData\Avg
2018-08-28 09:42 - 2015-06-13 23:27 - 000000000 ____D C:\Program Files (x86)\AVG
2018-08-28 09:34 - 2016-09-02 04:51 - 000000000 ___DC C:\WINDOWS\Panther
2018-08-28 09:28 - 2016-12-25 00:57 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-08-28 09:27 - 2016-11-14 15:14 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2018-08-28 09:24 - 2016-09-02 04:03 - 000000000 ____D C:\Users\Heather
2018-08-28 09:22 - 2016-07-16 04:45 - 000000000 ____D C:\WINDOWS\INF
2018-08-28 09:19 - 2018-06-18 19:42 - 000000000 ____D C:\Program Files\rempl
2018-08-28 09:19 - 2017-04-07 15:21 - 000004282 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-08-28 09:17 - 2015-07-30 00:37 - 001729086 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-28 09:13 - 2016-09-02 03:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-28 09:13 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-08-28 09:13 - 2014-11-23 20:44 - 006996394 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2018-08-28 09:10 - 2017-02-07 13:08 - 000251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2018-08-28 09:09 - 2016-09-02 22:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-17 19:43 - 2016-09-02 03:56 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-08-17 19:43 - 2016-07-15 23:04 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2018-08-17 19:38 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-08-17 19:20 - 2018-06-18 19:43 - 000000000 __SHD C:\OSRSS
2018-08-17 19:13 - 2016-07-15 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM

==================== Files in the root of some directories =======

2017-05-02 10:56 - 2017-05-02 10:56 - 000000218 _____ () C:\Users\Heather\AppData\Local\recently-used.xbel
2016-07-27 22:21 - 2016-07-27 22:21 - 000000017 _____ () C:\Users\Heather\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2016-10-08 10:11 - 2000-02-07 15:02 - 000516159 ____R (Microsoft Corporation) C:\Users\Heather\AppData\Local\Temp\PDSetup4892.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-18 14:53

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23.08.2018
Ran by Heather (28-08-2018 10:02:02)
Running from C:\Users\Heather\Downloads
Windows 10 Home Version 1607 14393.1770 (X64) (2016-09-03 05:25:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3680518506-1509505806-1380042551-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3680518506-1509505806-1380042551-503 - Limited - Disabled)
Guest (S-1-5-21-3680518506-1509505806-1380042551-501 - Limited - Disabled)
Heather (S-1-5-21-3680518506-1509505806-1380042551-1001 - Administrator - Enabled) => C:\Users\Heather
HomeGroupUser$ (S-1-5-21-3680518506-1509505806-1380042551-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.18) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Amazon Assistant (HKLM-x32\...\{0538B1C2-85C1-4ECC-BA77-61F537D81092}) (Version: 10.18.0221 - Amazon) <==== ATTENTION
Amazon Kindle (HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{99213849-249E-7726-EBA7-ADFCA48E2246}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.1.17 - ASUS)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.4.3056 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 7.35.308.0 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\{B32C4059-6E7A-41EF-AD20-56DF1872B923}) (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4106.05 - CyberLink Corp.)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version: - )
ExtractNow (HKLM-x32\...\ExtractNow) (Version: 4.8.2.0 - Nathan Moinvaziri)
Free PDF to JPG Converter (HKLM-x32\...\{ECD1BC70-A5FD-42D3-AEBA-B71FE88FDBF2}) (Version: 1.0.0 - Free PDF Solutions)
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089) (HKLM-x32\...\KB960089_SQL9) (Version: 9.2.3077 - Microsoft Corporation)
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089) (HKLM-x32\...\KB960089_SQLTools9) (Version: 9.2.3077 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.)
Google Earth Pro (HKLM\...\{F914BC59-918A-498F-B2E3-B274C9CB48A8}) (Version: 7.3.2.5491 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP LaserJet Pro MFP M127-M128 (HKLM-x32\...\{3b050369-8d19-413d-9dec-84ff278472eb}) (Version: 15.0.15246.1255 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.6.18.11 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.9.18.3 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (HKLM-x32\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM128DSService (HKLM-x32\...\{F08687B3-BB9A-4CBC-AE6B-BDF4B642E7BA}) (Version: 001.001.08254 - Hewlett-Packard) Hidden
HPDXP (HKLM-x32\...\{EF292659-1504-4F78-A737-471E50D8E0A1}) (Version: 3.0.26.40 - HP) Hidden
HPLJDXPHelper (HKLM-x32\...\{010788AB-706E-4604-A46B-6785EAB64B5E}) (Version: 140.069.007 - HP) Hidden
HPLJProMFPM127M128 (HKLM-x32\...\{B5409C23-DE0C-4B48-8C8A-50AE38694955}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (HKLM-x32\...\{B445502B-2F83-4873-90F1-06059F71A46A}) (Version: 014.000.0001 - HP) Hidden
HPLJUTM127_128 (HKLM-x32\...\{2C886751-51BD-4A8C-B33A-B4C513AB5B9A}) (Version: 008.000.0001 - HP) Hidden
hppLaserJetService (HKLM-x32\...\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}) (Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM125LaserJetService (HKLM-x32\...\{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}) (Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{E35D0ED5-716B-4E1F-8477-54DD746DF527}) (Version: 140.040.00231 - Hewlett Packard) Hidden
hpStatusAlertsM127-M128 (HKLM-x32\...\{10D7EBAF-A550-48CD-8511-7D947184EE44}) (Version: 080.046.00112 - Hewlett-Packard) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.4.129.1 - Intel Security)
jpgtopdf_setup (HKLM-x32\...\{8D9D676D-E9FA-4CA3-8D47-9BA5990A6093}) (Version: 1.0.0.1 - jpgtopdf_setup_caudio) Hidden
LeapFrog Connect (HKLM-x32\...\{97CD1D2B-20BD-40E8-825E-B4BDA5071B73}) (Version: 7.0.7.20035 - LeapFrog) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.7.20035 - LeapFrog)
LeapFrog Tag Plugin (HKLM-x32\...\{6A04826B-5056-4B0F-BD5B-1F88DCFFD9B5}) (Version: 7.0.6.19846 - LeapFrog) Hidden
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Digital Image Starter Edition 2006 (HKLM-x32\...\PictureItSuiteTrial_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10325.20118 - Microsoft Corporation)
Microsoft Office Accounting 2008 (HKLM-x32\...\Microsoft Office Accounting 2008) (Version: 3.0.8627.1 - Microsoft Corporation)
Microsoft Office Accounting 2008 Equifax Addin (HKLM-x32\...\{0C2AF762-0565-4C91-9F55-B8B53BB82A38}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting 2008 Fixed Asset Manager (HKLM-x32\...\{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting 2008 PayPal Addin (HKLM-x32\...\{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}) (Version: 3.0.8231.0 - Microsoft Corporation)
Microsoft Office Accounting ADP Payroll Addin (HKLM-x32\...\{5FA793A6-0071-42C1-9355-8F69A428C44F}) (Version: 0.0.0.0 - ADP)
Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft PhotoDraw 2000 V2 (HKLM-x32\...\{3C5EA394-1033-11D2-A2CB-00C04F72F31D}) (Version: 2.00.00.1428 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{50822200-2E95-4E62-A8D8-41C3B308DF5E}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Moffsoft FreeCalc (HKLM-x32\...\MoffFreeCalc_is1) (Version: 1.1 - Moffsoft)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
PSP Application (HKLM\...\{8DB698FB-2E57-A223-0169-911CA8736440}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
Splashtop Personal (HKLM-x32\...\{E7CF0F14-8C1D-41F3-85ED-579C108262C7}) (Version: 2.6.0.0 - Splashtop Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.38 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.04.01 - Toshiba Client Solutions Co., Ltd.)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B02384B3-8C5B-4927-A190-E767C8FCFD25}) (Version: v3.0.0.1 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{A6F2ADC4-12C4-41E8-B90B-3BE018F5787C}) (Version: 2.48.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 7.0.6.19846 - LeapFrog)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )
YTD Video Downloader 5.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.6 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-06-18] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-07-15] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2018-06-18] (AVG Technologies CZ, s.r.o.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {015C7AF6-AD25-4FF1-96DF-C99958D790D6} - System32\Tasks\Microsoft\Windows\rempl\shell-maintenance => C:\Program Files\rempl\remsh.exe
Task: {037E1663-F70F-4FC6-80DF-21201B6CA8F6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {039E69E5-8491-4735-B6B0-B0901DE0D329} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-09] (Microsoft Corporation)
Task: {15AF9576-932B-496D-963C-897FFAAD54B6} - System32\Tasks\AVG-SSU_0317tb => C:\ProgramData\Avg_Update_0317tb\AVG-Secure-Search-Update_0317tb.exe
Task: {28E2645C-D45A-4209-A9FF-708F181C951A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {2BED3F08-E4C0-4877-8991-5591C8E657A7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-05-04] (Synaptics Incorporated)
Task: {33864532-2AED-4180-B5A0-615B2E2BFA46} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3DE62E88-96F9-4BF0-B7B6-ED016191B0B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {3E206538-C0AE-44D5-8470-2EA9C3164A36} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {41EC28B7-0AC4-4112-8EF6-99D6CEA71351} - System32\Tasks\{E7C3242C-0852-46D5-AD34-5A25125A5394} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {43A1D314-66A3-4C39-A14F-F971126BA8E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {4BA101D0-BFA5-47AA-8C85-9C9800134366} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2016-11-03] (AsusTek)
Task: {4E7748AB-0FB6-4536-A639-EA7986D5F14F} - \WPD\SqmUpload_S-1-5-21-3680518506-1509505806-1380042551-1001 -> No File <==== ATTENTION
Task: {57C97C60-AB93-47BD-A098-58B0FFA4EE5E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-18] (Adobe Systems Incorporated)
Task: {5EE29DC3-75CE-468E-BFF1-D6056B90DD5B} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-08-28] (Microsoft Corporation)
Task: {602DFE63-3FC6-4A41-A0BE-EC89A2EDFDA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {602F949F-FFDA-423E-9C57-37F043ABA656} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {63D4E331-AF24-4B3C-A595-9C9A84C5FA39} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-09] (Microsoft Corporation)
Task: {650C4B46-3ED3-46E1-BEF1-60CF2987750C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-08-28] (Microsoft Corporation)
Task: {660E1E6E-98DD-4901-B8FB-EA75682B61F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {73AFBF74-DEB9-45A3-AF9B-10F638ECA009} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {8445D2B3-01C8-4D17-B27A-93412682A2FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {859D3D2E-1D6F-4C1A-8215-155ABF616A70} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2014-10-19] (Hewlett Packard)
Task: {8CD21407-1F5B-4059-8F74-558C060283E2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9C967757-1FD8-4DE8-8166-FF4085C9902C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {9D19C738-0522-4A0A-A306-4AD4E43C12C6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A01659AD-A20A-47D0-A334-7E9DB4DF2F1E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A3463C43-867C-4CEA-B203-E3B95A0FC6B4} - System32\Tasks\AVG-SSU_0317tb_DELETE => C:\ProgramData\Avg_Update_0317tb\AVG-Secure-Search-Update_0317tb.exe
Task: {A536D5B5-0677-4482-9BE3-D05B13D859F8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BC4819DE-F8A9-485A-A8B7-D975F0BA14A9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {BE5EE3F4-7E07-4D33-91B4-73F9ACDE5F22} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-28] (Microsoft Corporation)
Task: {C8584513-6E7D-4C7D-B6F9-E9825E3DCF8B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-05-02] (HP Inc.)
Task: {C9C36229-C66E-407D-B907-AF9DC0B3471F} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2018-06-18] (AVG Technologies CZ, s.r.o.)
Task: {CEA7545F-9706-44CA-808D-DAD323174C03} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CF6F4303-5231-41C6-9D79-C75296B3C0F9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DAF67F8B-276A-4001-AAE5-FB5CFA649F59} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-28] (Microsoft Corporation)
Task: {E2927929-20DE-42AA-AAC6-977F936BCF35} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-18] (Adobe Systems Incorporated)
Task: {E5E26551-823F-4A0B-A43B-06AFE9819984} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {EAC34C8A-0943-462D-846F-E96BC9921E69} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F7CAE3A1-5423-4577-9530-6A8A67E96181} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\0215piUpdateInfo.job => C:\ProgramData\Avg_Update_0215pi\0215pi_AVG-Secure-Search-Update.exe
Task: C:\WINDOWS\Tasks\0715avUpdateInfo.job => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForHeather.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-07-16 04:42 - 2016-07-16 04:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2018-06-18 15:49 - 2017-09-06 23:01 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-06-03 11:46 - 2013-10-23 15:24 - 000087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-07-15 21:38 - 2015-07-15 21:38 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-04-22 23:48 - 2014-04-22 23:48 - 000140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2017-02-07 13:08 - 2017-04-13 08:20 - 002271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-09-03 08:44 - 2016-09-03 08:44 - 000959168 _____ () C:\Users\Heather\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-09-13 14:20 - 2016-09-06 21:56 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 17:53 - 2017-03-03 23:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 17:54 - 2017-03-03 23:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 17:54 - 2017-03-03 23:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 17:54 - 2017-03-03 23:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2018-06-18 15:49 - 2017-09-17 19:13 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2018-06-18 15:49 - 2017-09-17 19:14 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2018-06-18 15:49 - 2017-09-17 19:16 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 000020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2018-06-18 16:42 - 2018-06-18 16:43 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-06-18 16:42 - 2018-06-18 16:43 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-06-18 16:42 - 2018-06-18 16:43 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-06-18 16:42 - 2018-06-18 16:43 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-06-18 16:42 - 2018-06-18 16:43 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-06-18 15:53 - 2018-06-11 22:36 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libglesv2.dll
2018-06-18 15:53 - 2018-06-11 22:36 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.87\libegl.dll
2014-11-24 09:46 - 2014-11-24 09:46 - 000879104 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2018-06-18 12:56 - 2018-06-18 12:56 - 067127976 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2018-06-18 12:55 - 2018-06-18 12:55 - 000481008 _____ () C:\Program Files (x86)\AVG\Antivirus\streamback.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\...\amazon.com -> amazon.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2016-08-09 21:28 - 000000857 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Heather\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 192.168.254.254 - 74.40.74.41
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "StatusAlerts"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk"
HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9FD81ADF5448AA63CA22E7DC63BA5047"
HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3680518506-1509505806-1380042551-1001\...\StartupApproved\Run: => "Moffsoft FreeCalc"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{97D82B9E-AB9B-4C41-BAF1-2F3694C31CDB}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{DE2E1A79-2B86-4D8D-882D-DF3F06534EA5}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS6873\HPDiagnosticCoreUI.exe
FirewallRules: [{5C2B79A6-B484-41A9-9089-A2A539AF9AF6}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS6873\HPDiagnosticCoreUI.exe
FirewallRules: [{D269716B-9446-4E16-B843-F6EE75F3A434}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS3E3C\HPDiagnosticCoreUI.exe
FirewallRules: [{D303F36F-D21A-4205-8FFF-03BA32DA7B6F}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS3E3C\HPDiagnosticCoreUI.exe
FirewallRules: [{FEFDFB9F-95BE-43CE-AB7D-772F66E87AE7}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS26EB\HPDiagnosticCoreUI.exe
FirewallRules: [{774454DF-67A0-411E-8BC9-B5F8D723C342}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS26EB\HPDiagnosticCoreUI.exe
FirewallRules: [{42935994-D593-49BD-86A9-E2FA2424EDFC}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\EWSProxy.exe
FirewallRules: [{455D8D07-AC6B-4FEB-8861-C9ED945ACB85}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E85BAA9B-41AA-4F6A-858E-8E24E9E33F5D}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\FaxApplications.exe
FirewallRules: [{EAEB5CAA-62DD-4848-8CC4-D5CDA9B3E84D}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\FaxPrinterUtility.exe
FirewallRules: [{845CC6FF-7361-4DC2-9D87-09EF5E7D9523}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{C7A3FE7F-7D5C-49F2-961F-91BEB388E3CA}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\SendAFax.exe
FirewallRules: [{9CE70FF1-4EAC-4697-AF0F-9DD52D6C67E6}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS1ADD\HPDiagnosticCoreUI.exe
FirewallRules: [{E8DACA7F-9741-47D8-B69F-2D831F3F152F}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS1ADD\HPDiagnosticCoreUI.exe
FirewallRules: [{BCAE4A67-3BC7-4361-B809-40DD0BC80F29}] => (Allow) C:\Program Files (x86)\Hp\csiInstaller\3b050369-8d19-413d-9dec-84ff278472eb\Installer\hpbcsiInstaller.exe
FirewallRules: [{96B6D984-3685-4706-B01A-E0F39D74DE50}] => (Allow) C:\Program Files (x86)\Hp\csiInstaller\3b050369-8d19-413d-9dec-84ff278472eb\Installer\hpbcsiInstaller.exe
FirewallRules: [{7AE53A06-FDCE-4E62-B66F-E2083738FF47}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS0EF6\HPDiagnosticCoreUI.exe
FirewallRules: [{214AF145-6CFC-40C7-983E-F517A178B801}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS0EF6\HPDiagnosticCoreUI.exe
FirewallRules: [{61E5376B-9FAC-4E90-8A97-C08FE1D92633}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS04BB\HPDiagnosticCoreUI.exe
FirewallRules: [{C60F06FF-BB6B-4100-B652-28F84FCD1115}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS04BB\HPDiagnosticCoreUI.exe
FirewallRules: [{AF59A8A7-6DAE-4706-B090-0F78AF38B16C}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS0466\HPDiagnosticCoreUI.exe
FirewallRules: [{FC11B8DB-735B-46D3-8E9E-6C68AA49C8A3}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS0466\HPDiagnosticCoreUI.exe
FirewallRules: [{414A8514-6366-4541-B407-16EC00AFEAC4}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS3681\HPDiagnosticCoreUI.exe
FirewallRules: [{87096781-AF26-4A60-9E96-4CF1094354EB}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS3681\HPDiagnosticCoreUI.exe
FirewallRules: [{A572AF68-15BC-496E-9515-E1C985990A5C}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS0223\HPDiagnosticCoreUI.exe
FirewallRules: [{EBF155D4-53F0-4EF7-97CC-1657701F0A2E}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS0223\HPDiagnosticCoreUI.exe
FirewallRules: [{0FE47D22-22FA-4E2D-846F-76A8D7CC131A}] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{B627E830-0262-4592-B1D9-659F3B848CFF}] => (Block) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{8078C462-8634-4548-B2B6-4204BA1B2745}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [TCP Query User{210FB130-1730-48F5-8703-A13186531AC9}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{BA6874B9-5356-4792-8234-6B5C817CDFF1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{28E8F5B6-F2F6-4554-A904-15602BF7A185}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D6A31A55-5D4F-445D-9E10-7863A74CDC39}C:\users\heather\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\heather\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{A759F26F-9C41-4C8D-B024-F886A48915F1}C:\users\heather\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\heather\appdata\local\popcorn time\nw.exe
FirewallRules: [{DE62F3A7-B926-41B5-B6EC-8F914FA3D754}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{E3960374-7C6D-44A0-90DC-6F8C07E68368}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [UDP Query User{08DFBA49-F57C-4E79-9348-9C926D649A6C}C:\users\heather\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\heather\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{EA93A88D-E0CB-4306-AE2C-F2ECAB9AB178}C:\users\heather\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\heather\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{8E56CA6D-038F-4F3E-BF0D-329460895FC0}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS53B9\HPDiagnosticCoreUI.exe
FirewallRules: [{3EF8F663-3E76-46A2-A547-CE0336F5D079}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS53B9\HPDiagnosticCoreUI.exe
FirewallRules: [{E55DCC82-0532-4065-8D0D-AC65C9DED8FF}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS5305\HPDiagnosticCoreUI.exe
FirewallRules: [{8CB5F8B9-FD2F-4881-A805-28A010709BCB}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS5305\HPDiagnosticCoreUI.exe
FirewallRules: [{17D35BC3-64AF-425B-BB1C-57ECD7FDE560}] => (Allow) C:\Users\Heather\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{F303D779-0FFF-40D9-839E-DAF5FBB97024}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS165E\HPDiagnosticCoreUI.exe
FirewallRules: [{66319477-CF34-4043-83FE-BA9A30674ECC}] => (Allow) C:\Users\Heather\AppData\Local\Temp\7zS165E\HPDiagnosticCoreUI.exe
FirewallRules: [{FD903D18-A190-45BA-9237-8F9EBCA9AEF4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{9E9DC0BE-7884-4926-95C7-8D4F13F1FE6F}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{7BEFAC61-AE72-47E3-B620-27E71370F9E7}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{C949940E-AB9A-4240-A93D-1B457265EFD7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{8D20F9C2-DC33-4E77-84AD-EF01C02530F5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{742AC3FC-4AA5-4FA5-AFCA-42915DE62542}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{F4DC3787-C187-4E97-B94B-1D216F58C92C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{0E2BFF14-213D-4848-B6BE-7E33FA9CAC3B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C1C90BDC-874B-478E-B21C-3C614EC37DA2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{7FA28CF1-91AF-46A3-96EE-D1336B3FDFF5}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{2D8D64D8-15F0-4C82-B3EA-8DA4DE908D90}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [TCP Query User{A968A439-C798-47C8-8AC0-631D7D39D6F5}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{F0608C14-A710-4EB3-84C5-869CFFDA4785}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{6DF115C0-15C1-4B85-A79F-9FB01D138777}C:\users\heather\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\heather\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{52244A42-1AD7-4C9E-925C-187E1A87C226}C:\users\heather\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\heather\appdata\local\popcorn time\nw.exe
FirewallRules: [{7051775C-CE93-437D-8193-6C5A5CBBBB86}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{6A902937-4DB1-4F5F-8091-A079816213F2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D20F8AF7-C3BA-47C2-804E-93ED4FD98A5C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0D64B12F-19BE-4EBF-9234-4F6028AA4F34}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{70C7A355-3583-40C3-AAB2-9749A47B897F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D1A4DC6D-0D03-409B-9F47-730F29C445C5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{73EB9149-613C-4DE3-8B95-64213D3473A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9669FAD8-1BAE-4346-98F2-A4241B5D8460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{3656DAF7-3E66-44A2-8642-05BA7207C389}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [UDP Query User{9B036E33-3E6D-4EB6-946D-B1FA6AFCE5F8}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [TCP Query User{0C699A78-02DC-4647-9672-B7DED427865B}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [UDP Query User{78254569-D183-4B19-975D-C11A172E82DB}C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe] => (Block) C:\program files (x86)\asus\asus smart gesture\astpcenter\x64\asussgplusbtserver64.exe
FirewallRules: [{A5DFC51A-6853-4AE9-8B23-26583289B748}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{BAF33CE2-F019-4826-8E0C-3C0BDDAEFEC2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{730CFE50-F78D-4481-882D-AECB7B023F02}] => (Allow) C:\Users\Heather\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5C42DEF7-6A45-4E5D-A638-04B65258BF1A}] => (Allow) C:\Users\Heather\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F80C8332-8C2A-4955-87D1-A9C41B46B025}] => (Allow) C:\Users\Heather\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{976EFB7A-9D76-4F52-A9FE-8F96C06A1E6E}] => (Allow) C:\Users\Heather\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4D7D6300-F9D0-47E2-A5B1-3F7C034B333F}] => (Allow) C:\Users\Heather\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F9686A4D-773B-46B6-83CB-4794DEAFF3F6}] => (Allow) C:\Users\Heather\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EA8DF8AF-2AF0-4EDA-8EB8-C1596EB9811B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{CB3AC630-6B95-46E3-AF90-483265588C8F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

19-06-2018 05:40:43 Windows Update
17-08-2018 18:25:56 Windows Update
17-08-2018 18:30:14 Windows Update
28-08-2018 09:57:15 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2018 10:05:18 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Small Business 2007 - Update 'Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/28/2018 10:05:18 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office Small Business 2007 -- Error 2902.An internal error has occurred. (ixfAssemblyCopy ) Contact Microsoft Product Support Services (PSS) for assistance. For information about how to contact PSS, seePSS10R.CHM.

Error: (08/28/2018 10:01:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEATHER)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/28/2018 10:00:33 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <50, 0x80070005, "winrt://{S-1-5-21-3680518506-1509505806-1380042551-1001}/">.

Error: (08/28/2018 10:00:30 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x8007041d, "winrt://{S-1-5-21-3680518506-1509505806-1380042551-1001}/">.

Error: (08/28/2018 10:00:30 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x8007041d, "mapi16://{S-1-5-21-3680518506-1509505806-1380042551-1001}/">.

Error: (08/28/2018 10:00:30 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x8007041d, "iehistory://{S-1-5-21-3680518506-1509505806-1380042551-1001}/">.

Error: (08/28/2018 10:00:30 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x8007041d, "file:///C:\[d2f145ab-5132-4234-81c5-3ef0214230a4]\Users\">.


System errors:
=============
Error: (08/28/2018 10:01:23 AM) (Source: DCOM) (EventID: 10001) (User: HEATHER)
Description: Unable to start a DCOM Server: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\System32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

Error: (08/28/2018 10:00:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (08/28/2018 10:00:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (08/28/2018 10:00:33 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (08/28/2018 10:00:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/28/2018 10:00:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (08/28/2018 10:00:33 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (08/28/2018 10:00:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Windows Defender:
===================================
Date: 2017-04-07 23:25:47.846
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {80F0AD23-55CE-49EB-AFDD-1D04100B099C}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-04-07 22:31:35.229
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {8166D924-0912-4DAD-A0AC-72DF38EFC3E2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-04-07 21:52:20.254
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {32485CEC-77A0-4A97-8547-0E15784F51A2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-04-07 21:46:34.831
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {800315EA-B90C-461E-8E6F-919004171990}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-04-07 21:03:45.695
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {1945EAE9-0659-4751-B8FA-2163A43B92CC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2017-04-07 18:15:56.225
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-07 15:15:24.262
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-07 15:15:23.870
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-07 15:15:23.529
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-07 15:15:17.883
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-07 15:15:17.305
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-07 15:15:16.443
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-04-07 15:15:07.633
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 20%
Total physical RAM: 15321.26 MB
Available physical RAM: 12178.04 MB
Total Virtual: 15321.26 MB
Available Virtual: 12241.27 MB

==================== Drives ================================

Drive c: (TI10700500A) (Fixed) (Total:920.22 GB) (Free:430.11 GB) NTFS
Drive d: () (CDROM) (Total:0.41 GB) (Free:0 GB) CDFS

\\?\Volume{1b3dcde3-11ec-11e4-8c37-934e81383bd1}\ (System) (Fixed) (Total:1 GB) (Free:0.52 GB) NTFS
\\?\Volume{0fdf3c85-5029-4211-9d09-1c4f78331fff}\ () (Fixed) (Total:0.81 GB) (Free:0.37 GB) NTFS
\\?\Volume{4baba081-7393-11e4-80c8-008cfa893bbd}\ (Recovery) (Fixed) (Total:9.26 GB) (Free:0.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
reddog1992000
Regular Member
 
Posts: 51
Joined: December 13th, 2013, 3:57 pm
Advertisement
Register to Remove

Re: Computer Running Slow

Unread postby pgmigg » August 28th, 2018, 6:30 pm

Hello reddog1992000,

Welcome back to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer Running Slow

Unread postby pgmigg » August 28th, 2018, 6:52 pm

Hello reddog1992000,

Step 1.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 2.
TSG - SysInfo utility
  1. Please download SysInfo utility and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Step 3.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 4.
LicDiag Command
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    @Echo off
    Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab
    Notepad.exe %userprofile%\desktop\report.txt
    del %0
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Licdiag.bat to your Desktop.
  • Save as file type All Files or it won't work.
  • Now right click on Licdiag.bat and select Run as administrator.
  • A file report.txt will open on your Desktop, please post the contents in your next reply.
  • A file repfiles.cab will be produced on your Desktop. This is a backup and can be ignored for the time being.

Then:
Please tell me is this computer used for business or educational purposes and/or connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of SysInfo scan
  4. Contents of a log created by codecheck.txt
  5. Contents of report.txt created by LicDiag Command
  6. Answer to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Computer Running Slow

Unread postby pgmigg » September 2nd, 2018, 12:21 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 92 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware