SFC/Scannow & Dism.../RestoreHealth Failure

Rowls1967

Member
Joined
Feb 26, 2021
Posts
16
Hi, thank you for taking the time to read my thread.

This all started because I received warning messages to say AVG and Windows Defender were off, although after many attempts at trying to to start them, I failed.

Therefore I tried to run SFC/Scannow, also DISM.../RestoreHealth, although both failed. Scannow reported unable to correct corrupt files, DSIM said unknown.

I have very limited knowledge of computers, so thought it best to speak to you guys. TIA.

Here are the .Txt files that I've been instructed to copy and paste:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-02-2021
Ran by Richard (administrator) on RICHARD (ASUSTeK COMPUTER INC. X550CA) (26-02-2021 06:41:05)
Running from C:\Users\Richard\Downloads
Loaded Profiles: Richard
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Smart Defrag\Pub\PubMonitor.exe
(IObit Information Technology -> IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.19750_none_fa39f32f9b2d0928\TiWorker.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(Paretologic Inc -> Digital Care Solutions (ParetoLogic)) C:\Program Files\BDServices\BitDefenderCOM.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [164608 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\Run: [Advanced SystemCare] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3636496 2020-03-06] (IObit Information Technology -> IObit)
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\KODAK EASYSHARE All-in-One Printer: C:\Windows\System32\spool\prtprocs\x64\EKIJ5000PPR.dll [261632 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\...\Print\Monitors\KODAK EASYSHARE All-in-One Printer: C:\WINDOWS\system32\EKIJ5000MON.dll [805376 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.190\Installer\chrmstp.exe [2021-02-25] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E3A5D45-B299-4F4F-963D-96639B163AD6} - System32\Tasks\Software Updater SkipUAC(Richard) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4513224 2021-01-19] (IObit Information Technology -> IObit) <==== ATTENTION
Task: {20D07301-0754-4D98-9023-33A6B22B9883} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-09] (Adobe Inc. -> Adobe)
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Antivirus Emergency Update" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\ASC_PerformanceMonitor" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\ASC_SkipUac_Richard" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\Optimize Start Menu Cache Files-S-1-5-21-3411107159-1070077873-1841525149-1001" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\RtHDVBg" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\RtHDVBg_ListenToDevice" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\RTKCPL" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\SmartDefrag_AutoAnalyze" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\SmartDefrag_Startup" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\SmartDefrag_Update" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\Software Updater Scheduler" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(16): schtasks.exe -> /Change /TN "\Software Updater SkipUAC(Richard)" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(17): schtasks.exe -> /Change /TN "\SU_AutoUpdate" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(18): schtasks.exe -> /Change /TN "\Uninstaller_SkipUac_Richard" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(19): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{98C8926F-187D-4723-A2B6-6CFA634D385A}" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(20): schtasks.exe -> /Change /TN "\{65C3D43E-E5A3-481D-9352-126F2DD99808}" /ENABLE
Task: {23EE9230-3ED4-46B7-8F5F-43C82D9CAEE3} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(21): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {3C893D5A-8C9A-4B15-8D4D-2BD4B1C8B9D8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {47DF9810-F6A2-4B0C-98E4-B70A28CABDF8} - System32\Tasks\{65C3D43E-E5A3-481D-9352-126F2DD99808} => C:\WINDOWS\system32\pcalua.exe -a C:\ProgramData\Kodak\Installer\Setup.exe -c /Web /x "{E0F274B7-592B-4669-8FB8-8D9825A09858}" CompanyName="Eastman Kodak Company" /code "2057"
Task: {5E415433-D5BC-414B-8985-44515AAE6A19} - System32\Tasks\Uninstaller_SkipUac_Richard => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5900560 2019-09-10] (IObit Information Technology -> IObit)
Task: {644370C0-0F78-4799-A741-525E9EFC74C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-23] (Google Inc -> Google Inc.)
Task: {73DF959D-C868-4F23-A973-6E80B6A277E2} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4730624 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {77D7B2E9-D157-4B75-849F-912D477BF1DD} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-07-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7FC8E34B-BC3E-41EE-A1EC-178912E8316B} - System32\Tasks\SU_AutoUpdate => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4513224 2021-01-19] (IObit Information Technology -> IObit)
Task: {8D939978-1C04-4261-9087-B58A7E403F0B} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-07-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {90CE6F7A-00B7-4C2A-A75F-69B1D9DD7BB3} - System32\Tasks\ASC_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [3183888 2020-03-10] (IObit Information Technology -> IObit)
Task: {ABA02E02-29A2-4267-93DF-7A1C4915F156} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3007760 2019-04-24] (IObit Information Technology -> IObit)
Task: {AD41904C-680D-4370-804D-82A489C025B7} - System32\Tasks\ASC_SkipUac_Richard => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [8876816 2020-03-11] (IObit Information Technology -> IObit)
Task: {B5DFDE52-BF65-47ED-A482-EC4E67E51CF6} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-07-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {B64A8C00-976B-4EE5-AD87-2FE13DBDF8B6} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [5849872 2019-07-05] (IObit Information Technology -> IObit)
Task: {C1D26FC8-180C-4AE7-9F10-9D30933380A0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {DB5AFBF8-22CC-445E-B842-BB00C6859B44} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {DFF09F86-325E-46CA-AE44-FB7F23C8B2EA} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [1789200 2020-06-30] (IObit Information Technology -> IObit Software updater) <==== ATTENTION
Task: {E4E84066-6172-43A6-A9F7-6540948D5DA2} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2018-05-02] (IObit Information Technology -> IObit)
Task: {FB4B7999-9C47-4041-973F-5BC9E1CD750E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-23] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AVG Driver Updater Scan.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\WINDOWS\Tasks\AVG Driver Updater Startup.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\WINDOWS\Tasks\SparkTrust Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{79D1DE68-56FB-4F72-B5E0-FB918DAD2B4C}: [DhcpNameServer] 10.0.0.243
Tcpip\..\Interfaces\{CA17CCC0-C1E3-4678-A9C4-A38235A3F540}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D33B41AE-F5DB-42CB-8859-CC313193AC99}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default [2021-02-26]
CHR DownloadDir: C:\Users\Richard\Downloads
CHR Notifications: Default -> hxxps://pirateproxy.cc; hxxps://thepiratebay.org; hxxps://www.electriciansforums.net; hxxps://www.facebook.com; hxxps://www.junglescout.com; hxxps://www.wakeupuk.net; hxxps://www.wish.com
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={013DF0A8-A4BC-4DD5-B565-06D763B93533}&mid=8743dd459dca47d29dc96da73dc8933a-3c5e627b1624c73ab826fb50cd5d9c87c5579247&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-16 09:28:15&v=17.3.1.91&pid=safeguard&sg=&sap=hp
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (DuckDuckGo) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-01-09]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2021-01-05]
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-23]
CHR Extension: (Honey) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-02-18]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Sheets) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-02-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2021-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
R2 AdvancedSystemCareService13; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [1290000 2019-12-27] (IObit Information Technology -> IObit)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [622184 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [353024 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7926328 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1038328 2017-08-09] (Paretologic Inc -> Digital Care Solutions (ParetoLogic))
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [298496 2017-03-22] (Brother Industries, Ltd.) [File not signed]
S3 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [156944 2019-08-23] (IObit Information Technology -> IObit)
S4 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [1900032 2020-09-04] () [File not signed]
S4 PrivateInternetAccessWireguard; C:\Program Files\Private Internet Access\pia-wgservice.exe [4433920 2020-09-04] () [File not signed]
R2 scan; C:\Program Files\BDServices\scan.dll [652568 2017-08-09] (Bitdefender SRL -> Bitdefender)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182328 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2020-12-18] (Microsoft) [File not signed]
S2 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2020-12-18] (Microsoft) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AscFileControl; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileControl.sys [22440 2019-07-02] (IObit Information Technology -> IObit)
R3 AscFileFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscFileFilter.sys [27528 2019-07-15] (IObit CO., LTD -> IObit)
R3 AscRegistryFilter; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\AscRegistryFilter.sys [28064 2019-07-15] (IObit CO., LTD -> IObit)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4318648 2020-01-04] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [73512 2015-11-01] (ASUSTeK Computer Inc. -> ASUS Corporation)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [35792 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [208176 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [357400 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [249368 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [98840 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41424 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175368 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [521472 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [107920 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83496 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [850248 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [465800 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [215464 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [327104 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 cpuz145; C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [49968 2021-02-26] (CPUID -> CPUID)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-10-30] (Martin Malik - REALiX -> REALiX(tm))
R3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [14680 2018-07-04] (IObit Information Technology -> IObit)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [25992 2019-07-30] (IObit CO., LTD -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUProcessFilter.sys [19280 2019-07-30] (IObit CO., LTD -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegistryFilter.sys [31648 2019-07-30] (IObit CO., LTD -> IObit)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] (ASUSTeK Computer Inc. -> )
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit Information Technology -> IObit)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43368 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2018-12-24] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
R3 tap-pia-0901; C:\WINDOWS\system32\DRIVERS\tap-pia-0901.sys [30720 2020-01-16] (Private Internet Access (London Trust Media Incorporated) -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-26 06:41 - 2021-02-26 06:42 - 000024863 _____ C:\Users\Richard\Downloads\FRST.txt
2021-02-26 06:40 - 2021-02-26 06:41 - 000000000 ____D C:\FRST
2021-02-26 06:39 - 2021-02-26 06:39 - 002301440 _____ (Farbar) C:\Users\Richard\Downloads\FRST64.exe
2021-02-26 06:37 - 2021-02-26 06:37 - 002781052 _____ C:\Users\Richard\Downloads\Speccy x64 portable.zip
2021-02-26 06:07 - 2021-02-26 06:16 - 000000000 ____D C:\Users\Richard\Documents\SysnativeFileCollectionApp
2021-02-26 06:07 - 2021-02-26 06:07 - 000175952 _____ (Sysnative) C:\Users\Richard\Downloads\SysnativeBSODCollectionApp.exe
2021-02-26 05:22 - 2021-02-26 05:22 - 000000017 _____ C:\Users\Richard\AppData\Local\resmon.resmoncfg
2021-02-26 00:30 - 2021-02-26 00:30 - 000288032 _____ C:\WINDOWS\Minidump\022621-39015-01.dmp
2021-02-26 00:22 - 2021-02-26 00:30 - 619322642 _____ C:\WINDOWS\MEMORY.DMP
2021-02-26 00:22 - 2021-02-26 00:22 - 000288032 _____ C:\WINDOWS\Minidump\022621-39781-01.dmp
2021-02-26 00:05 - 2021-02-26 00:06 - 000288032 _____ C:\WINDOWS\Minidump\022621-59750-01.dmp
2021-02-25 23:54 - 2021-02-25 23:54 - 098435072 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2021-02-25 23:54 - 2021-02-25 23:54 - 006205440 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2021-02-25 23:54 - 2021-02-25 23:54 - 000425984 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2021-02-25 23:54 - 2021-02-25 23:54 - 000028672 _____ C:\WINDOWS\system32\config\SAM.iobit
2021-02-25 23:54 - 2021-02-25 23:54 - 000024576 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2021-02-23 23:13 - 2021-02-23 23:13 - 000175368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2021-02-23 01:53 - 2021-02-23 01:53 - 000319254 _____ C:\Users\Richard\Downloads\Untitled_Message (3).zip
2021-02-23 01:53 - 2021-02-23 01:53 - 000000000 ____D C:\Users\Richard\Downloads\Untitled_Message (3)
2021-02-23 01:44 - 2021-02-23 01:45 - 004162925 _____ C:\Users\Richard\Downloads\Untitled_Message (2).zip
2021-02-23 01:38 - 2021-02-23 01:38 - 004162925 _____ C:\Users\Richard\Downloads\Untitled_Message.zip
2021-02-23 01:38 - 2021-02-23 01:38 - 004162925 _____ C:\Users\Richard\Downloads\Untitled_Message (1).zip
2021-02-21 09:56 - 2021-02-21 09:57 - 000288032 _____ C:\WINDOWS\Minidump\022121-41500-01.dmp
2021-02-21 08:41 - 2021-02-21 08:42 - 015970496 _____ (IObit ) C:\Users\Richard\Downloads\smart-defrag-setup.exe
2021-02-20 03:36 - 2021-02-20 03:36 - 000095903 _____ C:\Users\Richard\Downloads\Tracked_Returns_label_DA088912438GB.pdf
2021-02-18 22:28 - 2021-02-26 00:10 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak1
2021-02-18 19:36 - 2021-02-25 17:03 - 000004162 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2021-02-18 19:36 - 2021-02-18 19:36 - 000465800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000850248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000521472 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000357400 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2021-02-18 19:35 - 2021-02-18 19:35 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000249368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000215464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000208176 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000098840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000083496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000041424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000035792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2021-02-17 11:26 - 2021-02-17 11:26 - 000000964 _____ C:\ProgramData\Desktop\Brother iPrint&Scan.lnk
2021-02-17 08:04 - 2021-02-17 09:13 - 025559040 _____ C:\Users\Richard\Downloads\Win8.1_English_x64.iso
2021-02-16 22:09 - 2021-02-16 22:09 - 000000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA%
2021-02-16 19:26 - 2021-02-16 19:26 - 000288032 _____ C:\WINDOWS\Minidump\021621-45015-01.dmp
2021-02-16 19:09 - 2021-02-16 19:09 - 000288032 _____ C:\WINDOWS\Minidump\021621-37656-01.dmp
2021-02-16 19:01 - 2021-02-16 19:02 - 000288344 _____ C:\WINDOWS\Minidump\021621-37812-01.dmp
2021-02-16 16:47 - 2021-02-16 16:48 - 000288032 _____ C:\WINDOWS\Minidump\021621-46406-01.dmp
2021-02-16 16:43 - 2021-02-16 16:43 - 000288032 _____ C:\WINDOWS\Minidump\021621-42000-01.dmp
2021-02-16 01:07 - 2021-02-16 01:08 - 000288032 _____ C:\WINDOWS\Minidump\021621-43968-01.dmp
2021-02-16 00:51 - 2021-02-16 00:51 - 000288032 _____ C:\WINDOWS\Minidump\021621-44796-01.dmp
2021-02-14 11:18 - 2021-02-14 11:18 - 001578036 _____ C:\Users\Richard\Desktop\Vaccine_n.mp4
2021-02-13 15:18 - 2021-02-13 15:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-13 02:50 - 2021-02-13 02:50 - 000288032 _____ C:\WINDOWS\Minidump\021321-51406-01.dmp
2021-02-10 12:43 - 2021-01-12 06:07 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-02-10 12:43 - 2021-01-12 05:46 - 002132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-02-10 12:43 - 2021-01-12 05:44 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-02-10 12:43 - 2021-01-12 05:31 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-02-09 16:53 - 2021-02-25 17:03 - 000003370 _____ C:\WINDOWS\system32\Tasks\SU_AutoUpdate
2021-02-09 16:53 - 2021-02-25 17:03 - 000003088 _____ C:\WINDOWS\system32\Tasks\Software Updater Scheduler
2021-02-09 16:53 - 2021-02-25 17:03 - 000002844 _____ C:\WINDOWS\system32\Tasks\Software Updater SkipUAC(Richard)
2021-02-09 16:53 - 2021-02-09 16:54 - 000002146 _____ C:\ProgramData\Desktop\IObit Software Updater.lnk
2021-02-09 16:53 - 2021-02-09 16:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Software Updater
2021-02-09 07:53 - 2021-02-16 16:08 - 011636936 _____ C:\Users\Richard\Downloads\MB-SupportTool.exe
2021-02-09 07:53 - 2021-02-13 15:11 - 002297344 _____ (Farbar) C:\Users\Richard\Downloads\FRSTEnglish.exe
2021-02-09 03:11 - 2021-02-09 03:11 - 000000000 __SHD C:\found.001
2021-02-08 21:06 - 2021-02-08 21:06 - 000002172 _____ C:\ProgramData\Desktop\Google Earth.lnk
2021-02-08 21:06 - 2021-02-08 21:06 - 000000000 ____D C:\Users\Richard\AppData\LocalLow\Google
2021-02-08 21:06 - 2021-02-08 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2021-02-08 21:05 - 2021-02-08 21:05 - 030589432 _____ C:\Users\Richard\Downloads\googleearthwin.exe
2021-02-08 08:45 - 2021-02-08 08:45 - 000288032 _____ C:\WINDOWS\Minidump\020821-47187-01.dmp
2021-02-08 08:39 - 2021-02-08 08:39 - 000288344 _____ C:\WINDOWS\Minidump\020821-45875-01.dmp
2021-02-08 07:17 - 2021-02-08 07:17 - 000288032 _____ C:\WINDOWS\Minidump\020821-36906-01.dmp
2021-02-08 07:14 - 2021-02-08 07:14 - 000288032 _____ C:\WINDOWS\Minidump\020821-33203-01.dmp
2021-02-08 07:08 - 2021-02-08 07:08 - 000288344 _____ C:\WINDOWS\Minidump\020821-33281-01.dmp
2021-02-06 16:55 - 2021-02-17 06:00 - 000000000 _____ C:\Recovery.txt
2021-02-06 08:35 - 2021-02-06 08:35 - 000000000 __SHD C:\found.000
2021-02-05 09:39 - 2021-02-05 09:39 - 000096940 _____ C:\Users\Richard\Downloads\Three Peaks Walk.mmo
2021-02-05 09:39 - 2021-02-05 09:39 - 000009868 _____ C:\Users\Richard\Downloads\Three Peaks Walk.gpx
2021-02-03 10:12 - 2021-02-03 10:12 - 002086424 _____ (Malwarebytes) C:\Users\Richard\Downloads\MBSetup.exe
2021-02-03 05:03 - 2021-02-03 05:03 - 000000274 _____ C:\Users\Richard\Downloads\Untitled Project.kml
2021-02-03 04:59 - 2021-02-03 04:59 - 000080288 _____ C:\Users\Richard\Desktop\Google Earth.html
2021-02-03 04:59 - 2021-02-03 04:59 - 000000000 ____D C:\Users\Richard\Desktop\Google Earth_files
2021-01-29 16:16 - 2021-01-29 16:16 - 000288032 _____ C:\WINDOWS\Minidump\012921-47890-01.dmp
2021-01-29 11:57 - 2021-01-29 11:57 - 000001968 _____ C:\ProgramData\Desktop\AVG AntiVirus FREE.lnk
2021-01-29 11:57 - 2021-01-29 11:57 - 000000000 ____D C:\Users\Richard\AppData\Roaming\AVG
2021-01-29 11:57 - 2021-01-29 11:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2021-01-29 11:52 - 2021-01-29 11:52 - 000000000 ____D C:\Program Files\AVG
2021-01-29 11:51 - 2021-01-29 11:51 - 000261056 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Richard\Downloads\avg_antivirus_free_setup (2).exe
2021-01-29 09:28 - 2021-01-29 09:28 - 000261056 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Richard\Downloads\avg_antivirus_free_setup (1).exe
2021-01-29 09:27 - 2021-01-29 09:27 - 000000000 ____D C:\Users\Richard\Documents\TotalAV
2021-01-29 09:24 - 2021-01-29 09:24 - 000000000 ____D C:\Users\Richard\AppData\Local\GUI.Win
2021-01-29 09:24 - 2021-01-29 09:24 - 000000000 ____D C:\ProgramData\SecuritySuite
2021-01-29 09:23 - 2021-01-29 16:16 - 000000000 ____D C:\ProgramData\TotalAV
2021-01-29 09:23 - 2021-01-29 16:16 - 000000000 ____D C:\Program Files (x86)\TotalAV
2021-01-29 07:20 - 2021-01-29 09:23 - 054108544 _____ C:\Users\Richard\Downloads\TotalAV_Setup.exe
2021-01-29 06:37 - 2021-01-29 06:36 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe
2021-01-29 06:14 - 2021-01-29 06:14 - 014191056 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Richard\Downloads\avgclear.exe
2021-01-28 16:14 - 2021-01-28 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VEGAS
2021-01-28 16:14 - 2021-01-28 16:14 - 000000000 ____D C:\ProgramData\Magix
2021-01-28 16:12 - 2021-01-29 07:04 - 000000000 ____D C:\ProgramData\VEGAS Pro
2021-01-28 16:12 - 2021-01-28 16:12 - 000000000 ____D C:\Users\Richard\AppData\Local\VEGAS
2021-01-28 16:12 - 2021-01-28 16:12 - 000000000 ____D C:\ProgramData\VEGAS
2021-01-28 16:12 - 2021-01-28 16:12 - 000000000 ____D C:\Program Files\VEGAS
2021-01-28 16:06 - 2021-01-28 16:06 - 000000000 ____D C:\Users\Richard\Downloads\Sony Vegas Pro 17.0.0 Build 421 incl Patch [CrackingPatching.com]
2021-01-28 13:27 - 2021-01-28 13:28 - 026571028 _____ (The qBittorrent project) C:\Users\Richard\Downloads\qbittorrent_4.3.3_x64_setup.exe
2021-01-28 13:18 - 2021-01-28 13:18 - 000001044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Internet Access.lnk
2021-01-28 13:04 - 2021-01-29 07:05 - 000000000 ____D C:\ProgramData\Sony
2021-01-28 13:03 - 2021-01-28 16:11 - 000000000 ____D C:\Users\Richard\AppData\Roaming\Sony
2021-01-27 08:10 - 2021-01-27 08:10 - 000038745 _____ C:\Users\Richard\Downloads\8124862467387172_payment.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-26 06:35 - 2020-08-02 10:48 - 000000000 ____D C:\ProgramData\AVG
2021-02-26 06:06 - 2017-04-22 20:26 - 000000000 ___RD C:\Users\Richard\OneDrive
2021-02-26 06:00 - 2013-08-22 14:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-26 02:05 - 2013-08-22 13:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2021-02-26 02:02 - 2017-04-22 20:14 - 000000000 ____D C:\Users\Richard
2021-02-26 00:51 - 2018-07-22 15:55 - 000000000 ____D C:\Users\Richard\AppData\Local\CrashDumps
2021-02-26 00:50 - 2017-04-23 09:31 - 000987136 ___SH C:\Users\Richard\Desktop\Thumbs.db
2021-02-26 00:30 - 2018-04-08 18:49 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-26 00:02 - 2013-08-22 15:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-25 23:55 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\Inf
2021-02-25 17:45 - 2017-04-22 20:25 - 000003600 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3411107159-1070077873-1841525149-1001
2021-02-25 17:10 - 2017-04-23 09:15 - 000003930 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{98C8926F-187D-4723-A2B6-6CFA634D385A}
2021-02-25 17:03 - 2020-03-22 16:00 - 000002826 _____ C:\WINDOWS\system32\Tasks\ASC_SkipUac_Richard
2021-02-25 17:03 - 2019-11-29 16:34 - 000003026 _____ C:\WINDOWS\system32\Tasks\ASC_PerformanceMonitor
2021-02-25 17:03 - 2019-11-02 13:51 - 000002862 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Richard
2021-02-25 17:03 - 2019-08-02 18:27 - 000003174 _____ C:\WINDOWS\system32\Tasks\SmartDefrag_AutoAnalyze
2021-02-25 17:03 - 2018-07-21 08:46 - 000004476 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2021-02-25 17:03 - 2018-07-21 08:46 - 000004324 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2021-02-25 17:03 - 2018-07-21 08:36 - 000003282 _____ C:\WINDOWS\system32\Tasks\{65C3D43E-E5A3-481D-9352-126F2DD99808}
2021-02-25 17:03 - 2018-02-15 07:36 - 000003022 _____ C:\WINDOWS\system32\Tasks\SmartDefrag_Startup
2021-02-25 17:03 - 2018-02-15 07:36 - 000003020 _____ C:\WINDOWS\system32\Tasks\SmartDefrag_Update
2021-02-25 17:03 - 2017-04-23 16:02 - 000003180 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_ListenToDevice
2021-02-25 17:03 - 2017-04-23 16:02 - 000003168 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-02-25 17:03 - 2017-04-23 16:02 - 000003152 _____ C:\WINDOWS\system32\Tasks\RtHDVBg
2021-02-25 17:03 - 2017-04-23 09:20 - 000003332 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-25 17:03 - 2017-04-23 09:20 - 000003204 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-25 06:23 - 2018-09-26 20:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-02-25 02:33 - 2017-04-23 09:21 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-25 02:33 - 2017-04-23 09:21 - 000002205 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-02-24 15:18 - 2018-12-16 08:46 - 000000000 ____D C:\Users\Richard\AppData\Roaming\WhatsApp
2021-02-23 23:12 - 2017-04-27 12:38 - 000000000 ____D C:\ProgramData\ProductData
2021-02-23 01:54 - 2021-01-24 13:26 - 000171008 ___SH C:\Users\Richard\Downloads\Thumbs.db
2021-02-21 08:45 - 2020-04-08 09:06 - 000000000 ____D C:\Users\Richard\AppData\Roaming\Telegram Desktop
2021-02-20 03:51 - 2017-04-22 20:18 - 000000000 ____D C:\Users\Richard\AppData\Local\Packages
2021-02-18 22:29 - 2017-04-23 10:12 - 000000000 ____D C:\Users\Richard\AppData\Local\ElevatedDiagnostics
2021-02-17 22:26 - 2019-09-21 11:46 - 000000000 ____D C:\Users\Richard\AppData\Local\WhatsApp
2021-02-17 11:26 - 2018-07-06 10:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2021-02-17 11:26 - 2018-07-06 09:56 - 000000000 ____D C:\Program Files (x86)\Brother
2021-02-17 11:26 - 2018-04-14 08:39 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-16 19:26 - 2017-10-30 18:01 - 000000000 ____D C:\ProgramData\Kodak
2021-02-16 16:35 - 2017-04-23 03:59 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak
2021-02-16 00:38 - 2013-08-22 15:36 - 000000000 ___RD C:\WINDOWS\ToastData
2021-02-16 00:37 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-16 00:37 - 2013-08-22 15:36 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 06:32 - 2017-04-23 14:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-12 06:27 - 2017-04-23 14:55 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-09 16:53 - 2017-04-27 12:34 - 000000000 ____D C:\Program Files (x86)\IObit
2021-02-09 16:52 - 2017-04-27 12:34 - 000000000 ____D C:\ProgramData\IObit
2021-02-08 21:06 - 2017-04-23 09:20 - 000000000 ____D C:\Program Files (x86)\Google
2021-02-08 08:53 - 2017-09-18 16:06 - 000000000 ____D C:\Users\Richard\Desktop\Gary Cooksley
2021-02-07 21:55 - 2019-12-06 13:55 - 000000000 ____D C:\Users\Richard\AppData\Roaming\vlc
2021-02-03 10:39 - 2017-11-19 15:30 - 000000000 ____D C:\Program Files (x86)\SparkTrust
2021-01-29 16:16 - 2019-09-02 05:16 - 000000000 ____D C:\Program Files\Common Files\AVG
2021-01-29 07:07 - 2018-07-17 21:22 - 000000000 ____D C:\ProgramData\ScanSoft
2021-01-29 07:03 - 2018-07-06 10:36 - 000000000 ____D C:\ProgramData\Nuance
2021-01-29 06:59 - 2017-04-27 12:34 - 000000000 ____D C:\Users\Richard\AppData\Roaming\IObit
2021-01-29 06:57 - 2017-05-18 06:43 - 000000000 ____D C:\Program Files (x86)\Adobe
2021-01-29 06:41 - 2017-06-12 06:11 - 000000000 ____D C:\Users\Richard\AppData\Local\Avg
2021-01-28 13:18 - 2020-02-29 11:56 - 000000000 ____D C:\Program Files\Private Internet Access

==================== Files in the root of some directories ========

2017-11-19 15:31 - 2017-11-22 05:54 - 000000115 _____ () C:\Users\Richard\AppData\Roaming\LogFile.txt
2017-10-30 18:13 - 2017-10-30 18:13 - 000003178 _____ () C:\Users\Richard\AppData\Local\installer.log
2017-10-30 18:13 - 2017-10-30 18:13 - 000000236 _____ () C:\Users\Richard\AppData\Local\LaunchHomeCenter.log
2021-02-26 05:22 - 2021-02-26 05:22 - 000000017 _____ () C:\Users\Richard\AppData\Local\resmon.resmoncfg
2019-12-10 05:00 - 2019-12-10 05:00 - 000000000 _____ () C:\Users\Richard\AppData\Local\{735F5212-8A05-435A-8589-15A45D7DCAF5}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-12-03 01:33
==================== End of FRST.txt ========================




And:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-02-2021
Ran by Richard (26-02-2021 06:50:15)
Running from C:\Users\Richard\Downloads
Windows 8.1 (Update) (X64) (2017-04-22 20:18:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3411107159-1070077873-1841525149-500 - Administrator - Disabled)
Guest (S-1-5-21-3411107159-1070077873-1841525149-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3411107159-1070077873-1841525149-1003 - Limited - Enabled)
Richard (S-1-5-21-3411107159-1070077873-1841525149-1001 - Administrator - Enabled) => C:\Users\Richard

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
Advanced SystemCare (HKLM-x32\...\Advanced SystemCare_is1) (Version: 13.3.0 - IObit)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.1.3164 - AVG Technologies)
AVG Driver Updater (HKLM-x32\...\{BAAB946F-7E00-41F4-BEC7-B8CCF758E012}) (Version: 2.3.0 - AVG Netherlands B.V) Hidden
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{0F3243B3-FEA6-44DA-A6A6-4CA42F6A20DF}) (Version: 6.1.3.4 - Brother Industries, Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{f3688e1e-b3e5-403f-9750-b51816920212}) (Version: 6.1.3.4 - Brother Industries, Ltd.)
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{05421625-9BA9-482B-ACF2-794221A06F4E}) (Version: 1.0.23 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{272543B6-B337-4C8F-B9F1-19E884C2C7AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{1162495D-7CE7-4EF9-A0F8-151196F3A660}) (Version: 1.0.17.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.190 - Google LLC)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
HttpToUsbBridge (HKLM-x32\...\{7BC71E16-6656-4F86-A274-4DF34437975E}) (Version: 1.2.25.1 - Brother Industries Ltd.)
iCare Data Recovery Free (HKLM-x32\...\{43D63B27-661F-428E-97B7-70D0604D28E8}_is1) (Version: 8.0.3 - iCareAll Inc.)
IObit Software Updater (HKLM-x32\...\IObit Software Updater_is1) (Version: 3.6.0.2072 - IObit)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0002 - Nuance Communications, Inc.)
PC-FAXReceive (HKLM-x32\...\{65EA2C86-30CD-444C-ADAB-8762BE4E2E8C}) (Version: 1.8.003.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{03BF5A21-6363-410C-B3BE-0946B0012704}) (Version: 3.7.3.1 - Brother Industries Ltd.) Hidden
PowerENGAGE (HKLM-x32\...\{BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1}) (Version: 3.2.13 - Aviata, Inc.) Hidden
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Private Internet Access (HKLM\...\{33023371-7761-4F81-BBB1-0E0D0D175ACF}) (Version: 2.4.0+05574 - Private Internet Access, Inc.)
Private Internet Access WinTUN Driver (HKLM\...\{0419A0C0-4CC8-459E-9BAE-F3BF5D2E2CCB}) (Version: 1.0 - Private Internet Access, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.27055 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
RemoteSetup (HKLM-x32\...\{FAB8A30A-B074-48F9-9D73-5E9A757403F8}) (Version: 3.10.2.0 - Brother Industries Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Smart Defrag 6 (HKLM-x32\...\Smart Defrag_is1) (Version: 6.3 - IObit)
SoftwareUpdateNotification (HKLM-x32\...\{F58E9F54-C092-42C5-B4C3-C4B7C337750B}) (Version: 1.0.7.0 - Brother Insutries Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden
Telegram Desktop version 2.5.1 (HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.1 - Telegram FZ-LLC)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WhatsApp (HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\WhatsApp) (Version: 2.2104.10 - WhatsApp)

Packages:
=========
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2017-04-23] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3411107159-1070077873-1841525149-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2019-09-19] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-10-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-10-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit Information Technology -> IObit)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.ZZZ.....Z.ZZZ:1 [1122]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ:1 [1122]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZ....Z....Z:1 [1122]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2019-06-20] (IObit Information Technology -> IObit)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2019-01-08 02:47 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService13 => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AVG Tools => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BitDefenderCOM => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 2
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: IObitUnSvr => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: Kodak AiO Network Discovery Service => 2
MSCONFIG\Services: Kodak AiO Status Monitor Service => 2
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: ose64 => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: PrivateInternetAccessService => 2
MSCONFIG\Services: PrivateInternetAccessWireguard => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: scan => 3
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: ss_conn_launcher_service => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: USBAppControl => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 2
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WorkflowAppControl => 2
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\StartupApproved\Run: => "AVGBrowserAutoLaunch_8A93C1D26E6679F3B6F436A3F299CCC8"
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\StartupApproved\Run: => "Advanced SystemCare"
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_94A469CBA2277F7295F560B121FA07B1"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD1A15A1-B23B-496D-828C-29E7D4558070}] => (Allow) LPort=1688
FirewallRules: [{DEEE57D2-A2EA-4964-8E2E-252BDCAEE3C3}] => (Block) LPort=445
FirewallRules: [{76EE6F2B-E7C7-44AE-89E1-5788E5E6B14C}] => (Block) LPort=445
FirewallRules: [{FF3805C2-55BF-42C0-8654-306F8337774F}] => (Allow) LPort=1688
FirewallRules: [{D1B01DC0-E1C9-4B59-A24A-1E4895016F3A}] => (Allow) LPort=9322
FirewallRules: [{4264BA44-9581-4C56-9A04-6E4EF7CE720E}] => (Allow) LPort=5353
FirewallRules: [{1B6EED72-800D-4471-952E-E61E663FC658}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{0737E079-EE02-474E-9FB2-45A5DC809EF1}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{B974E3FC-650A-47DB-9BBC-0530E3261882}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{C31B4A1F-ACBC-4C7B-BFC7-FCCC2EEC030C}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{06476668-F55E-4D2A-861D-549D086C6935}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{00339ADE-2FA0-47E3-B417-FE2BD710DABB}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{EF6E52B3-9D82-48E4-987C-00D36BD36E0C}] => (Allow) E:\Install\wlan_wiz\.\wlan_assistant\waw.exe => No File
FirewallRules: [{074A51E3-D035-45D4-A084-B7F16EA2C6DB}] => (Allow) LPort=54925
FirewallRules: [{81CF8617-2F01-4071-BE89-58D3140A67DF}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{993AF3CF-D964-4CE6-B0EF-F8F447FE9384}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [TCP Query User{3CFA0FAC-534E-4A74-BC1A-7C84054B7452}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{4A854861-308D-4F13-94B2-A69479B22ED6}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{E63762B9-801F-482E-A2A9-7C85474D7DB4}] => (Allow) LPort=54950
FirewallRules: [{762BEB76-C88E-407A-BCF1-1B5521E3551D}] => (Allow) LPort=54955
FirewallRules: [{2FCE1BA5-FAB8-4DA5-BA22-1872BA500C59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/26/2021 06:06:52 AM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (02/26/2021 06:05:23 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.

Error: (02/26/2021 06:05:23 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...

Error: (02/26/2021 06:05:23 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (02/26/2021 06:05:23 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (02/26/2021 06:05:23 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[1]: 192.168.1.7

Error: (02/26/2021 06:05:23 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[0]: fe80::1dab:377f:dad:847%3

Error: (02/26/2021 06:05:23 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList.Length: 2


System errors:
=============
Error: (02/26/2021 06:14:22 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume D:.

The exact nature of the corruption is unknown. The file system structures need to be scanned online.

Error: (02/26/2021 06:14:13 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The exact nature of the corruption is unknown. The file system structures need to be scanned online.

Error: (02/26/2021 06:06:53 AM) (Source: DCOM) (EventID: 10016) (User: RICHARD)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user Richard\Richard SID (S-1-5-21-3411107159-1070077873-1841525149-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2021 06:06:53 AM) (Source: DCOM) (EventID: 10016) (User: RICHARD)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user Richard\Richard SID (S-1-5-21-3411107159-1070077873-1841525149-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2021 06:06:53 AM) (Source: DCOM) (EventID: 10016) (User: RICHARD)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user Richard\Richard SID (S-1-5-21-3411107159-1070077873-1841525149-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2021 06:06:52 AM) (Source: DCOM) (EventID: 10016) (User: RICHARD)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user Richard\Richard SID (S-1-5-21-3411107159-1070077873-1841525149-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2021 06:06:51 AM) (Source: DCOM) (EventID: 10016) (User: RICHARD)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user Richard\Richard SID (S-1-5-21-3411107159-1070077873-1841525149-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/26/2021 06:06:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Work Folders service hung on starting.


Windows Defender:
================
Date: 2017-06-11 14:44:05.806
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-11 14:32:39.187
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-11 13:50:33.124
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-07 02:23:33.175
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-05-26 14:46:41.511
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-12 07:15:04.980
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.730.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-12 07:15:04.979
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.730.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-12 07:15:04.529
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-12 07:15:04.528
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-12 07:14:55.167
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.730.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X550CA.212 08/13/2013
Motherboard: ASUSTeK COMPUTER INC. X550CA
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 46%
Total physical RAM: 6029.74 MB
Available physical RAM: 3213.28 MB
Total Virtual: 12173.74 MB
Available Virtual: 9465.28 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:371.38 GB) (Free:298.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:537.8 GB) (Free:536.7 GB) NTFS
Drive f: (Seagate Expansion Drive) (Fixed) (Total:465.76 GB) (Free:245.07 GB) NTFS

\\?\Volume{b81970ed-33f5-4c1e-868a-a9f407dc4092}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.77 GB) NTFS
\\?\Volume{2789036b-ad4f-4416-9f8e-e20a9348f31d}\ () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{21b11954-97a1-4a1d-ba35-26ec54f79eda}\ (Restore) (Fixed) (Total:20.01 GB) (Free:7.74 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FAF3F0E5)

Partition: GPT.

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 13CC50B2)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 
Hi ,Rowls1967..! :-) Welcome to Sysnative! Thank you for the diaries ..! Please give me some time to go over your logs and I will get back to you as soon as possible...:-)
 
Hi ,Rowls1967..! Before we continue, I would like to draw your attention to the following posts of our colleagues Aura and quietman7:

Advanced System Care Ultimate - Anti-Virus, Anti-Malware, and Privacy Software
Advanced System Care Ultimate - Anti-Virus, Anti-Malware, and Privacy Software

Because such products are visible in your system, my opinion is that they are the cause of your problem ..! I am waiting for your decision whether to remove the programs in question ...?

Advanced SystemCare

IObit Software Updater

Smart Defrag
 
Hi ,Rowls1967..! Before we continue, I would like to draw your attention to the following posts of our colleagues Aura and quietman7:

Advanced System Care Ultimate - Anti-Virus, Anti-Malware, and Privacy Software
Advanced System Care Ultimate - Anti-Virus, Anti-Malware, and Privacy Software

Because such products are visible in your system, my opinion is that they are the cause of your problem ..! I am waiting for your decision whether to remove the programs in question ...?
Hi, thank you for your feedback. Although I will delete the suggested programs, I must make you aware of something that I forgot to mention. My son went onto Piratebay to get some software without telling me, he has now informed me that he opened the executable file, which he thought did nothing. However, by trolling the net to get a resolution, I did stumble across Services local (please see screen shot). Therefore, I obtained a screen print of the settings that each line should have, with most of mine disabled, therefore, I copied as many as I could (cannot state categorically that they are all correct), so God only knows what else this .exe file changed - probably loads in the registry, as I've tried to manually fix some things, with stated keys missing from the Registry.
 

Attachments

  • Screenshot (8).png
    Screenshot (8).png
    109.8 KB · Views: 9
Hi, thank you for your feedback. Although I will delete the suggested programs, I must make you aware of something that I forgot to mention. My son went onto Piratebay to get some software without telling me, he has now informed me that he opened the executable file, which he thought did nothing. However, by trolling the net to get a resolution, I did stumble across Services local (please see screen shot). Therefore, I obtained a screen print of the settings that each line should have, with most of mine disabled, therefore, I copied as many as I could (cannot state categorically that they are all correct), so God only knows what else this .exe file changed - probably loads in the registry, as I've tried to manually fix some things, with stated keys missing from the Registry.
After uninstalling the requested, I still receive this error message when trying to run Windows Defender. However, I should make you aware that I was unable to uninstall IOBit Uninstall.
 

Attachments

  • Screenshot (9).png
    Screenshot (9).png
    115.7 KB · Views: 7
After uninstalling the requested, I still receive this error message when trying to run Windows Defender. However, I should make you aware that I was unable to uninstall IOBit Uninstall.
Hi again, I'm trying to do as much as I can with the basic knowledge that I have. I came across this post, finding the second folder with both values set to "1", however, the first folder doesn't exist "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender", and I don't know how to create it either.
 

Attachments

  • Screenshot (10).png
    Screenshot (10).png
    132.7 KB · Views: 4
  • Screenshot (11).png
    Screenshot (11).png
    70.2 KB · Views: 4
Hi ,Rowls1967..! If you uninstalled the software in question, follow these steps:


Re-scan with FRST
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.



Please just follow my instructions and do not make any changes to your system ..!

Thanks ..!
 
Hi ,Rowls1967..! If you uninstalled the software in question, follow these steps:


Re-scan with FRST
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.



Please just follow my instructions and do not make any changes to your system ..!

Thanks ..!
HI, I tried to run, although AVG quarantined, now I can't restore, please help...
 
Hi ,Rowls1967..!..! Are you still with me..? :-)
Apologies for the delay, please find the txt below. Thank you.


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Richard (07-03-2021 13:09:00)
Running from C:\Users\Richard\Downloads
Windows 8.1 (Update) (X64) (2017-04-22 20:18:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3411107159-1070077873-1841525149-500 - Administrator - Disabled)
Guest (S-1-5-21-3411107159-1070077873-1841525149-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3411107159-1070077873-1841525149-1003 - Limited - Enabled)
Richard (S-1-5-21-3411107159-1070077873-1841525149-1001 - Administrator - Enabled) => C:\Users\Richard

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)











Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by Richard (administrator) on RICHARD (ASUSTeK COMPUTER INC. X550CA) (07-03-2021 13:03:58)
Running from C:\Users\Richard\Downloads
Loaded Profiles: Richard
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <51>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(Paretologic Inc -> Digital Care Solutions (ParetoLogic)) C:\Program Files\BDServices\BitDefenderCOM.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [164608 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-09] (Adobe Inc. -> Adobe)
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\KODAK EASYSHARE All-in-One Printer: C:\Windows\System32\spool\prtprocs\x64\EKIJ5000PPR.dll [261632 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\...\Print\Monitors\KODAK EASYSHARE All-in-One Printer: C:\WINDOWS\system32\EKIJ5000MON.dll [805376 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.190\Installer\chrmstp.exe [2021-02-25] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20D07301-0754-4D98-9023-33A6B22B9883} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-09] (Adobe Inc. -> Adobe)
Task: {3C893D5A-8C9A-4B15-8D4D-2BD4B1C8B9D8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {47DF9810-F6A2-4B0C-98E4-B70A28CABDF8} - System32\Tasks\{65C3D43E-E5A3-481D-9352-126F2DD99808} => C:\WINDOWS\system32\pcalua.exe -a C:\ProgramData\Kodak\Installer\Setup.exe -c /Web /x "{E0F274B7-592B-4669-8FB8-8D9825A09858}" CompanyName="Eastman Kodak Company" /code "2057"
Task: {5E415433-D5BC-414B-8985-44515AAE6A19} - System32\Tasks\Uninstaller_SkipUac_Richard => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5900560 2019-09-10] (IObit Information Technology -> IObit)
Task: {644370C0-0F78-4799-A741-525E9EFC74C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-23] (Google Inc -> Google Inc.)
Task: {73DF959D-C868-4F23-A973-6E80B6A277E2} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4730624 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {77D7B2E9-D157-4B75-849F-912D477BF1DD} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-07-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {8D939978-1C04-4261-9087-B58A7E403F0B} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-07-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {B5DFDE52-BF65-47ED-A482-EC4E67E51CF6} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-07-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {C1D26FC8-180C-4AE7-9F10-9D30933380A0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Antivirus Emergency Update" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\RtHDVBg" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\RtHDVBg_ListenToDevice" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\RTKCPL" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\Uninstaller_SkipUac_Richard" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{98C8926F-187D-4723-A2B6-6CFA634D385A}" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\{65C3D43E-E5A3-481D-9352-126F2DD99808}" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {DB5AFBF8-22CC-445E-B842-BB00C6859B44} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {FB4B7999-9C47-4041-973F-5BC9E1CD750E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-23] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AVG Driver Updater Scan.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\WINDOWS\Tasks\AVG Driver Updater Startup.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\WINDOWS\Tasks\SparkTrust Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{79D1DE68-56FB-4F72-B5E0-FB918DAD2B4C}: [DhcpNameServer] 10.0.0.243
Tcpip\..\Interfaces\{CA17CCC0-C1E3-4678-A9C4-A38235A3F540}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D33B41AE-F5DB-42CB-8859-CC313193AC99}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default [2021-03-07]
CHR DownloadDir: C:\Users\Richard\Downloads
CHR Notifications: Default -> hxxps://pirateproxy.cc; hxxps://thepiratebay.org; hxxps://www.electriciansforums.net; hxxps://www.facebook.com; hxxps://www.junglescout.com; hxxps://www.wakeupuk.net; hxxps://www.wish.com
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={013DF0A8-A4BC-4DD5-B565-06D763B93533}&mid=8743dd459dca47d29dc96da73dc8933a-3c5e627b1624c73ab826fb50cd5d9c87c5579247&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-16 09:28:15&v=17.3.1.91&pid=safeguard&sg=&sap=hp
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (DuckDuckGo) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-03-05]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2021-01-05]
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-23]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Sheets) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2021-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [622184 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [353024 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [7926328 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1038328 2017-08-09] (Paretologic Inc -> Digital Care Solutions (ParetoLogic))
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [298496 2017-03-22] (Brother Industries, Ltd.) [File not signed]
S3 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [156944 2019-08-23] (IObit Information Technology -> IObit)
S4 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [1900032 2020-09-04] () [File not signed]
S4 PrivateInternetAccessWireguard; C:\Program Files\Private Internet Access\pia-wgservice.exe [4433920 2020-09-04] () [File not signed]
R2 scan; C:\Program Files\BDServices\scan.dll [652568 2017-08-09] (Bitdefender SRL -> Bitdefender)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182328 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2020-12-18] (Microsoft) [File not signed]
S2 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2020-12-18] (Microsoft) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4318648 2020-01-04] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [73512 2015-11-01] (ASUSTeK Computer Inc. -> ASUS Corporation)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [35792 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [208176 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [357400 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [249368 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [98840 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41424 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175368 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [521472 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [107920 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83496 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [850248 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [465800 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [215464 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [327104 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 cpuz145; C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [49968 2021-02-26] (CPUID -> CPUID)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-10-30] (Martin Malik - REALiX -> REALiX(tm))
S3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [25992 2019-07-30] (IObit CO., LTD -> IObit)
S3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUProcessFilter.sys [19280 2019-07-30] (IObit CO., LTD -> IObit)
S3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegistryFilter.sys [31648 2019-07-30] (IObit CO., LTD -> IObit)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] (ASUSTeK Computer Inc. -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43368 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2018-12-24] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
R3 tap-pia-0901; C:\WINDOWS\system32\DRIVERS\tap-pia-0901.sys [30720 2020-01-16] (Private Internet Access (London Trust Media Incorporated) -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-07 13:02 - 2021-03-07 13:02 - 002301440 _____ (Farbar) C:\Users\Richard\Downloads\FRST64 (2).exe
2021-03-07 13:02 - 2021-03-07 13:02 - 002301440 _____ (Farbar) C:\Users\Richard\Downloads\FRST64 (1).exe
2021-03-07 13:01 - 2021-03-07 13:01 - 002301440 _____ (Farbar) C:\Users\Richard\Downloads\FRST64.exe
2021-03-04 01:55 - 2021-03-04 01:55 - 000675494 _____ C:\Users\Richard\Downloads\PhoneCallWithRyan_20210303-192955_01133209634.amr
2021-02-28 10:31 - 2021-02-28 10:31 - 000357446 _____ C:\Users\Richard\Downloads\PhoneCallWithKev_20210226-171938_01133209634.amr
2021-02-28 10:29 - 2021-02-28 10:29 - 001481574 _____ C:\Users\Richard\Downloads\PhoneCallWithAlicia_20210226-164643_03300081555.amr
2021-02-27 08:13 - 2021-02-27 08:13 - 000175952 _____ (Sysnative) C:\Users\Richard\Downloads\SysnativeBSODCollectionApp (1).exe
2021-02-27 08:01 - 2021-03-02 17:30 - 000000000 ____D C:\Users\Richard\Downloads\FRST-OlderVersion
2021-02-26 06:50 - 2021-02-26 06:52 - 000037762 _____ C:\Users\Richard\Downloads\Addition.txt
2021-02-26 06:41 - 2021-03-07 13:05 - 000019532 _____ C:\Users\Richard\Downloads\FRST.txt
2021-02-26 06:40 - 2021-03-07 13:04 - 000000000 ____D C:\FRST
2021-02-26 06:37 - 2021-02-26 06:37 - 002781052 _____ C:\Users\Richard\Downloads\Speccy x64 portable.zip
2021-02-26 06:07 - 2021-02-27 08:16 - 000000000 ____D C:\Users\Richard\Documents\SysnativeFileCollectionApp
2021-02-26 06:07 - 2021-02-26 06:07 - 000175952 _____ (Sysnative) C:\Users\Richard\Downloads\SysnativeBSODCollectionApp.exe
2021-02-26 05:22 - 2021-02-26 05:22 - 000000017 _____ C:\Users\Richard\AppData\Local\resmon.resmoncfg
2021-02-26 00:30 - 2021-02-26 00:30 - 000288032 _____ C:\WINDOWS\Minidump\022621-39015-01.dmp
2021-02-26 00:22 - 2021-02-26 00:22 - 000288032 _____ C:\WINDOWS\Minidump\022621-39781-01.dmp
2021-02-26 00:05 - 2021-02-26 00:06 - 000288032 _____ C:\WINDOWS\Minidump\022621-59750-01.dmp
2021-02-25 23:54 - 2021-02-25 23:54 - 098435072 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2021-02-25 23:54 - 2021-02-25 23:54 - 006205440 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2021-02-25 23:54 - 2021-02-25 23:54 - 000425984 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2021-02-25 23:54 - 2021-02-25 23:54 - 000028672 _____ C:\WINDOWS\system32\config\SAM.iobit
2021-02-25 23:54 - 2021-02-25 23:54 - 000024576 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2021-02-23 23:13 - 2021-02-23 23:13 - 000175368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2021-02-23 01:53 - 2021-02-23 01:53 - 000319254 _____ C:\Users\Richard\Downloads\Untitled_Message (3).zip
2021-02-23 01:53 - 2021-02-23 01:53 - 000000000 ____D C:\Users\Richard\Downloads\Untitled_Message (3)
2021-02-23 01:44 - 2021-02-23 01:45 - 004162925 _____ C:\Users\Richard\Downloads\Untitled_Message (2).zip
2021-02-23 01:38 - 2021-02-23 01:38 - 004162925 _____ C:\Users\Richard\Downloads\Untitled_Message.zip
2021-02-23 01:38 - 2021-02-23 01:38 - 004162925 _____ C:\Users\Richard\Downloads\Untitled_Message (1).zip
2021-02-21 09:56 - 2021-02-21 09:57 - 000288032 _____ C:\WINDOWS\Minidump\022121-41500-01.dmp
2021-02-21 08:41 - 2021-02-21 08:42 - 015970496 _____ (IObit ) C:\Users\Richard\Downloads\smart-defrag-setup.exe
2021-02-20 03:36 - 2021-02-20 03:36 - 000095903 _____ C:\Users\Richard\Downloads\Tracked_Returns_label_DA088912438GB.pdf
2021-02-18 22:28 - 2021-02-26 00:10 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak1
2021-02-18 19:36 - 2021-03-06 15:10 - 000004164 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2021-02-18 19:36 - 2021-02-18 19:36 - 000465800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000850248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000521472 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000357400 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2021-02-18 19:35 - 2021-02-18 19:35 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000249368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000215464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000208176 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000098840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000083496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000041424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000035792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2021-02-17 08:04 - 2021-02-17 09:13 - 025559040 _____ C:\Users\Richard\Downloads\Win8.1_English_x64.iso
2021-02-16 22:09 - 2021-02-16 22:09 - 000000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA%
2021-02-16 19:26 - 2021-02-16 19:26 - 000288032 _____ C:\WINDOWS\Minidump\021621-45015-01.dmp
2021-02-16 19:09 - 2021-02-16 19:09 - 000288032 _____ C:\WINDOWS\Minidump\021621-37656-01.dmp
2021-02-16 19:01 - 2021-02-16 19:02 - 000288344 _____ C:\WINDOWS\Minidump\021621-37812-01.dmp
2021-02-16 16:47 - 2021-02-16 16:48 - 000288032 _____ C:\WINDOWS\Minidump\021621-46406-01.dmp
2021-02-16 16:43 - 2021-02-16 16:43 - 000288032 _____ C:\WINDOWS\Minidump\021621-42000-01.dmp
2021-02-16 01:07 - 2021-02-16 01:08 - 000288032 _____ C:\WINDOWS\Minidump\021621-43968-01.dmp
2021-02-16 00:51 - 2021-02-16 00:51 - 000288032 _____ C:\WINDOWS\Minidump\021621-44796-01.dmp
2021-02-14 11:18 - 2021-02-14 11:18 - 001578036 _____ C:\Users\Richard\Desktop\Vaccine_n.mp4
2021-02-13 15:18 - 2021-02-13 15:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-13 02:50 - 2021-02-13 02:50 - 000288032 _____ C:\WINDOWS\Minidump\021321-51406-01.dmp
2021-02-10 12:43 - 2021-01-12 06:07 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-02-10 12:43 - 2021-01-12 05:46 - 002132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-02-10 12:43 - 2021-01-12 05:44 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-02-10 12:43 - 2021-01-12 05:31 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-02-09 07:53 - 2021-02-16 16:08 - 011636936 _____ C:\Users\Richard\Downloads\MB-SupportTool.exe
2021-02-09 03:11 - 2021-02-09 03:11 - 000000000 __SHD C:\found.001
2021-02-08 21:06 - 2021-02-08 21:06 - 000000000 ____D C:\Users\Richard\AppData\LocalLow\Google
2021-02-08 21:06 - 2021-02-08 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2021-02-08 21:05 - 2021-02-08 21:05 - 030589432 _____ C:\Users\Richard\Downloads\googleearthwin.exe
2021-02-08 08:45 - 2021-02-08 08:45 - 000288032 _____ C:\WINDOWS\Minidump\020821-47187-01.dmp
2021-02-08 08:39 - 2021-02-08 08:39 - 000288344 _____ C:\WINDOWS\Minidump\020821-45875-01.dmp
2021-02-08 07:17 - 2021-02-08 07:17 - 000288032 _____ C:\WINDOWS\Minidump\020821-36906-01.dmp
2021-02-08 07:14 - 2021-02-08 07:14 - 000288032 _____ C:\WINDOWS\Minidump\020821-33203-01.dmp
2021-02-08 07:08 - 2021-02-08 07:08 - 000288344 _____ C:\WINDOWS\Minidump\020821-33281-01.dmp
2021-02-06 16:55 - 2021-02-17 06:00 - 000000000 _____ C:\Recovery.txt
2021-02-06 08:35 - 2021-02-06 08:35 - 000000000 __SHD C:\found.000
2021-02-05 09:39 - 2021-02-05 09:39 - 000096940 _____ C:\Users\Richard\Downloads\Three Peaks Walk.mmo
2021-02-05 09:39 - 2021-02-05 09:39 - 000009868 _____ C:\Users\Richard\Downloads\Three Peaks Walk.gpx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-06 17:20 - 2019-01-30 22:08 - 000000000 ____D C:\Users\Richard\Documents\DadsWill
2021-03-06 15:10 - 2019-11-02 13:51 - 000002864 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Richard
2021-03-06 15:10 - 2018-09-26 20:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-03-06 15:10 - 2018-07-21 08:46 - 000004478 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2021-03-06 15:10 - 2018-07-21 08:46 - 000004326 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2021-03-06 15:10 - 2018-07-21 08:36 - 000003284 _____ C:\WINDOWS\system32\Tasks\{65C3D43E-E5A3-481D-9352-126F2DD99808}
2021-03-06 15:10 - 2017-04-23 16:02 - 000003182 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_ListenToDevice
2021-03-06 15:10 - 2017-04-23 16:02 - 000003170 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-03-06 15:10 - 2017-04-23 16:02 - 000003154 _____ C:\WINDOWS\system32\Tasks\RtHDVBg
2021-03-06 15:10 - 2017-04-23 09:20 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-06 15:10 - 2017-04-23 09:20 - 000003206 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-06 15:10 - 2017-04-23 09:15 - 000003932 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{98C8926F-187D-4723-A2B6-6CFA634D385A}
2021-03-06 10:45 - 2021-01-24 13:26 - 000196608 ___SH C:\Users\Richard\Downloads\Thumbs.db
2021-03-03 13:20 - 2019-12-06 13:55 - 000000000 ____D C:\Users\Richard\AppData\Roaming\vlc
2021-03-02 07:57 - 2017-04-23 09:31 - 000998912 ___SH C:\Users\Richard\Desktop\Thumbs.db
2021-02-27 08:01 - 2018-07-22 15:55 - 000000000 ____D C:\Users\Richard\AppData\Local\CrashDumps
2021-02-26 23:03 - 2020-08-02 10:48 - 000000000 ____D C:\ProgramData\AVG
2021-02-26 22:21 - 2017-04-22 20:25 - 000003600 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3411107159-1070077873-1841525149-1001
2021-02-26 22:16 - 2017-04-22 20:26 - 000000000 ___RD C:\Users\Richard\OneDrive
2021-02-26 22:00 - 2013-08-22 14:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-26 21:59 - 2013-08-22 13:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2021-02-26 21:44 - 2017-04-27 12:38 - 000000000 ____D C:\Users\Richard\AppData\LocalLow\IObit
2021-02-26 21:44 - 2017-04-27 12:34 - 000000000 ____D C:\Users\Richard\AppData\Roaming\IObit
2021-02-26 21:44 - 2017-04-27 12:34 - 000000000 ____D C:\ProgramData\IObit
2021-02-26 21:44 - 2017-04-27 12:34 - 000000000 ____D C:\Program Files (x86)\IObit
2021-02-26 02:02 - 2017-04-22 20:14 - 000000000 ____D C:\Users\Richard
2021-02-26 00:30 - 2018-04-08 18:49 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-26 00:02 - 2013-08-22 15:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-25 23:55 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\Inf
2021-02-25 02:33 - 2017-04-23 09:21 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-24 15:18 - 2018-12-16 08:46 - 000000000 ____D C:\Users\Richard\AppData\Roaming\WhatsApp
2021-02-23 23:12 - 2017-04-27 12:38 - 000000000 ____D C:\ProgramData\ProductData
2021-02-21 08:45 - 2020-04-08 09:06 - 000000000 ____D C:\Users\Richard\AppData\Roaming\Telegram Desktop
2021-02-20 03:51 - 2017-04-22 20:18 - 000000000 ____D C:\Users\Richard\AppData\Local\Packages
2021-02-18 22:29 - 2017-04-23 10:12 - 000000000 ____D C:\Users\Richard\AppData\Local\ElevatedDiagnostics
2021-02-17 22:26 - 2019-09-21 11:46 - 000000000 ____D C:\Users\Richard\AppData\Local\WhatsApp
2021-02-17 11:26 - 2018-07-06 10:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2021-02-17 11:26 - 2018-07-06 09:56 - 000000000 ____D C:\Program Files (x86)\Brother
2021-02-17 11:26 - 2018-04-14 08:39 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-16 19:26 - 2017-10-30 18:01 - 000000000 ____D C:\ProgramData\Kodak
2021-02-16 16:35 - 2017-04-23 03:59 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak
2021-02-16 00:38 - 2013-08-22 15:36 - 000000000 ___RD C:\WINDOWS\ToastData
2021-02-16 00:37 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-16 00:37 - 2013-08-22 15:36 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 06:32 - 2017-04-23 14:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-12 06:27 - 2017-04-23 14:55 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-08 21:06 - 2017-04-23 09:20 - 000000000 ____D C:\Program Files (x86)\Google
2021-02-08 08:53 - 2017-09-18 16:06 - 000000000 ____D C:\Users\Richard\Desktop\Gary Cooksley

==================== Files in the root of some directories ========

2017-11-19 15:31 - 2017-11-22 05:54 - 000000115 _____ () C:\Users\Richard\AppData\Roaming\LogFile.txt
2017-10-30 18:13 - 2017-10-30 18:13 - 000003178 _____ () C:\Users\Richard\AppData\Local\installer.log
2017-10-30 18:13 - 2017-10-30 18:13 - 000000236 _____ () C:\Users\Richard\AppData\Local\LaunchHomeCenter.log
2021-02-26 05:22 - 2021-02-26 05:22 - 000000017 _____ () C:\Users\Richard\AppData\Local\resmon.resmoncfg
2019-12-10 05:00 - 2019-12-10 05:00 - 000000000 _____ () C:\Users\Richard\AppData\Local\{735F5212-8A05-435A-8589-15A45D7DCAF5}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-12-03 01:33
==================== End of FRST.txt ========================

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.1.3164 - AVG Technologies)
AVG Driver Updater (HKLM-x32\...\{BAAB946F-7E00-41F4-BEC7-B8CCF758E012}) (Version: 2.3.0 - AVG Netherlands B.V) Hidden
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{0F3243B3-FEA6-44DA-A6A6-4CA42F6A20DF}) (Version: 6.1.3.4 - Brother Industries, Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{f3688e1e-b3e5-403f-9750-b51816920212}) (Version: 6.1.3.4 - Brother Industries, Ltd.)
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{05421625-9BA9-482B-ACF2-794221A06F4E}) (Version: 1.0.23 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{272543B6-B337-4C8F-B9F1-19E884C2C7AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{1162495D-7CE7-4EF9-A0F8-151196F3A660}) (Version: 1.0.17.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.190 - Google LLC)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
HttpToUsbBridge (HKLM-x32\...\{7BC71E16-6656-4F86-A274-4DF34437975E}) (Version: 1.2.25.1 - Brother Industries Ltd.)
iCare Data Recovery Free (HKLM-x32\...\{43D63B27-661F-428E-97B7-70D0604D28E8}_is1) (Version: 8.0.3 - iCareAll Inc.)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0002 - Nuance Communications, Inc.)
PC-FAXReceive (HKLM-x32\...\{65EA2C86-30CD-444C-ADAB-8762BE4E2E8C}) (Version: 1.8.003.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{03BF5A21-6363-410C-B3BE-0946B0012704}) (Version: 3.7.3.1 - Brother Industries Ltd.) Hidden
PowerENGAGE (HKLM-x32\...\{BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1}) (Version: 3.2.13 - Aviata, Inc.) Hidden
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Private Internet Access (HKLM\...\{33023371-7761-4F81-BBB1-0E0D0D175ACF}) (Version: 2.4.0+05574 - Private Internet Access, Inc.)
Private Internet Access WinTUN Driver (HKLM\...\{0419A0C0-4CC8-459E-9BAE-F3BF5D2E2CCB}) (Version: 1.0 - Private Internet Access, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.27055 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
RemoteSetup (HKLM-x32\...\{FAB8A30A-B074-48F9-9D73-5E9A757403F8}) (Version: 3.10.2.0 - Brother Industries Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
SoftwareUpdateNotification (HKLM-x32\...\{F58E9F54-C092-42C5-B4C3-C4B7C337750B}) (Version: 1.0.7.0 - Brother Insutries Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden
Telegram Desktop version 2.5.1 (HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.1 - Telegram FZ-LLC)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WhatsApp (HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\WhatsApp) (Version: 2.2104.10 - WhatsApp)

Packages:
=========
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2017-04-23] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3411107159-1070077873-1841525149-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-10-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-10-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.ZZZ.....Z.ZZZ:1 [1122]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ:1 [1122]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZ....Z....Z:1 [1122]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2019-06-20] (IObit Information Technology -> IObit)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2019-01-08 02:47 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService13 => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AVG Tools => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BitDefenderCOM => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 2
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: IObitUnSvr => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: Kodak AiO Network Discovery Service => 2
MSCONFIG\Services: Kodak AiO Status Monitor Service => 2
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: ose64 => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: PrivateInternetAccessService => 2
MSCONFIG\Services: PrivateInternetAccessWireguard => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: scan => 3
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: ss_conn_launcher_service => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: USBAppControl => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 2
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WorkflowAppControl => 2
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\StartupApproved\Run: => "AVGBrowserAutoLaunch_8A93C1D26E6679F3B6F436A3F299CCC8"
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\StartupApproved\Run: => "Advanced SystemCare"
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_94A469CBA2277F7295F560B121FA07B1"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD1A15A1-B23B-496D-828C-29E7D4558070}] => (Allow) LPort=1688
FirewallRules: [{DEEE57D2-A2EA-4964-8E2E-252BDCAEE3C3}] => (Block) LPort=445
FirewallRules: [{76EE6F2B-E7C7-44AE-89E1-5788E5E6B14C}] => (Block) LPort=445
FirewallRules: [{FF3805C2-55BF-42C0-8654-306F8337774F}] => (Allow) LPort=1688
FirewallRules: [{D1B01DC0-E1C9-4B59-A24A-1E4895016F3A}] => (Allow) LPort=9322
FirewallRules: [{4264BA44-9581-4C56-9A04-6E4EF7CE720E}] => (Allow) LPort=5353
FirewallRules: [{1B6EED72-800D-4471-952E-E61E663FC658}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{0737E079-EE02-474E-9FB2-45A5DC809EF1}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{B974E3FC-650A-47DB-9BBC-0530E3261882}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{C31B4A1F-ACBC-4C7B-BFC7-FCCC2EEC030C}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{06476668-F55E-4D2A-861D-549D086C6935}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{00339ADE-2FA0-47E3-B417-FE2BD710DABB}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{EF6E52B3-9D82-48E4-987C-00D36BD36E0C}] => (Allow) E:\Install\wlan_wiz\.\wlan_assistant\waw.exe => No File
FirewallRules: [{074A51E3-D035-45D4-A084-B7F16EA2C6DB}] => (Allow) LPort=54925
FirewallRules: [{81CF8617-2F01-4071-BE89-58D3140A67DF}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{993AF3CF-D964-4CE6-B0EF-F8F447FE9384}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [TCP Query User{3CFA0FAC-534E-4A74-BC1A-7C84054B7452}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{4A854861-308D-4F13-94B2-A69479B22ED6}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{E63762B9-801F-482E-A2A9-7C85474D7DB4}] => (Allow) LPort=54950
FirewallRules: [{762BEB76-C88E-407A-BCF1-1B5521E3551D}] => (Allow) LPort=54955
FirewallRules: [{2FCE1BA5-FAB8-4DA5-BA22-1872BA500C59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/07/2021 05:05:44 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/06/2021 03:48:43 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/05/2021 05:47:49 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/04/2021 04:40:26 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/03/2021 07:28:21 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/02/2021 12:17:40 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/01/2021 05:04:00 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/28/2021 07:05:33 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (03/05/2021 07:31:25 AM) (Source: iaStorA) (EventID: 4102) (User: )
Description: Error log: Smart event occured on disk :JDA0001V11AKUH

Error: (02/26/2021 11:01:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (02/26/2021 10:05:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Work Folders service hung on starting.

Error: (02/26/2021 10:03:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (02/26/2021 10:03:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Network Inspection Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (02/26/2021 06:14:22 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume D:.

The exact nature of the corruption is unknown. The file system structures need to be scanned online.

Error: (02/26/2021 06:14:13 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.

The exact nature of the corruption is unknown. The file system structures need to be scanned online.

Error: (02/26/2021 06:06:53 AM) (Source: DCOM) (EventID: 10016) (User: RICHARD)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
and APPID
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
to the user Richard\Richard SID (S-1-5-21-3411107159-1070077873-1841525149-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
================
Date: 2021-02-26 06:05:16.622
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-26 06:05:15.811
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-02-26 02:08:00.851
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-26 02:05:30.569
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-26 00:31:37.156
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-26 00:31:36.724
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-02-26 00:26:04.135
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-26 00:26:03.760
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-02-26 00:09:47.159
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-02-26 00:09:46.717
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.
Event[10]:

Date: 2021-02-25 22:33:40.432
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Event[11]:

Date: 2021-02-25 22:33:40.036
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-11 14:44:05.806
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-11 14:32:39.187
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-11 13:50:33.124
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-07 02:23:33.175
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-05-26 14:46:41.511
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-12 07:15:04.980
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.730.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-12 07:15:04.979
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.730.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-12 07:15:04.529
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-12 07:15:04.528
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-12 07:14:55.167
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.730.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X550CA.212 08/13/2013
Motherboard: ASUSTeK COMPUTER INC. X550CA
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 83%
Total physical RAM: 6029.74 MB
Available physical RAM: 1020.61 MB
Total Virtual: 12321.55 MB
Available Virtual: 3512.52 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:371.38 GB) (Free:295.86 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:537.8 GB) (Free:536.69 GB) NTFS
Drive f: (Seagate Expansion Drive) (Fixed) (Total:465.76 GB) (Free:245.07 GB) NTFS

\\?\Volume{b81970ed-33f5-4c1e-868a-a9f407dc4092}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.77 GB) NTFS
\\?\Volume{2789036b-ad4f-4416-9f8e-e20a9348f31d}\ () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{21b11954-97a1-4a1d-ba35-26ec54f79eda}\ (Restore) (Fixed) (Total:20.01 GB) (Free:7.74 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FAF3F0E5)

Partition: GPT.

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 13CC50B2)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard
Code:
Start::

CreateRestorePoint:
CloseProcesses:

(Paretologic Inc -> Digital Care Solutions (ParetoLogic)) C:\Program Files\BDServices\BitDefenderCOM.exe
R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1038328 2017-08-09] (Paretologic Inc -> Digital Care Solutions (ParetoLogic))
R2 scan; C:\Program Files\BDServices\scan.dll [652568 2017-08-09] (Bitdefender SRL -> Bitdefender)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Antivirus Emergency Update" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\RtHDVBg" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\RtHDVBg_ListenToDevice" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\RTKCPL" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\Uninstaller_SkipUac_Richard" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{98C8926F-187D-4723-A2B6-6CFA634D385A}" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\{65C3D43E-E5A3-481D-9352-126F2DD99808}" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
2021-03-06 15:10 - 2018-09-26 20:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
Task: C:\WINDOWS\Tasks\SparkTrust Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
2021-02-03 10:39 - 2017-11-19 15:30 - 000000000 ____D C:\Program Files (x86)\SparkTrust
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.ZZZ.....Z.ZZZ:1 [1122]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ:1 [1122]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZ....Z....Z:1 [1122]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{EF6E52B3-9D82-48E4-987C-00D36BD36E0C}] => (Allow) E:\Install\wlan_wiz\.\wlan_assistant\waw.exe => No File

C:\Program Files\BDServices
C:\WINDOWS\system32\Tasks\AVAST Software
C:\Program Files (x86)\Common Files\SparkTrust

EmptyTemp:
End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.


n your next reply, please include:
  • Fixlog.txt
 
Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard
Code:
Start::

CreateRestorePoint:
CloseProcesses:

(Paretologic Inc -> Digital Care Solutions (ParetoLogic)) C:\Program Files\BDServices\BitDefenderCOM.exe
R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1038328 2017-08-09] (Paretologic Inc -> Digital Care Solutions (ParetoLogic))
R2 scan; C:\Program Files\BDServices\scan.dll [652568 2017-08-09] (Bitdefender SRL -> Bitdefender)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Antivirus Emergency Update" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\RtHDVBg" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\RtHDVBg_ListenToDevice" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\RTKCPL" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\Uninstaller_SkipUac_Richard" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{98C8926F-187D-4723-A2B6-6CFA634D385A}" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\{65C3D43E-E5A3-481D-9352-126F2DD99808}" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
2021-03-06 15:10 - 2018-09-26 20:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
Task: C:\WINDOWS\Tasks\SparkTrust Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
2021-02-03 10:39 - 2017-11-19 15:30 - 000000000 ____D C:\Program Files (x86)\SparkTrust
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.ZZZ.....Z.ZZZ:1 [1122]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ:1 [1122]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZ....Z....Z:1 [1122]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{EF6E52B3-9D82-48E4-987C-00D36BD36E0C}] => (Allow) E:\Install\wlan_wiz\.\wlan_assistant\waw.exe => No File

C:\Program Files\BDServices
C:\WINDOWS\system32\Tasks\AVAST Software
C:\Program Files (x86)\Common Files\SparkTrust

EmptyTemp:
End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.


n your next reply, please include:
  • Fixlog.txt
FixLog.Txt

Hi, Idon't know what running that code did, although after running, the Laptop restarted, I typed the password in, it took ages for the screen to turn from black to the desktop, then an error message appeared, which I didn't have time to read, as I had the blue screen of death, sot the laptop restarted again - this time no error message or blue screen of death. However, my laptop is now exceedingly slow, to give you an example, to open the folder containing the FixLog.txt took approx 3.5 mins.

Here is the txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Richard (07-03-2021 15:19:54) Run:1
Running from C:\Users\Richard\Downloads
Loaded Profiles: Richard
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
(Paretologic Inc -> Digital Care Solutions (ParetoLogic)) C:\Program Files\BDServices\BitDefenderCOM.exe
R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1038328 2017-08-09] (Paretologic Inc -> Digital Care Solutions (ParetoLogic))
R2 scan; C:\Program Files\BDServices\scan.dll [652568 2017-08-09] (Bitdefender SRL -> Bitdefender)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Adobe Flash Player PPAPI Notifier" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\Adobe Flash Player Updater" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\Antivirus Emergency Update" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\RtHDVBg" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\RtHDVBg_ListenToDevice" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\RTKCPL" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\Uninstaller_SkipUac_Richard" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{98C8926F-187D-4723-A2B6-6CFA634D385A}" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\{65C3D43E-E5A3-481D-9352-126F2DD99808}" /ENABLE
Task: {CCCB25D3-6D41-4BA2-8853-CA32202E1008} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
2021-03-06 15:10 - 2018-09-26 20:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
Task: C:\WINDOWS\Tasks\SparkTrust Registration3.job => rundll32.exe C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]
2021-02-03 10:39 - 2017-11-19 15:30 - 000000000 ____D C:\Program Files (x86)\SparkTrust
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.ZZZ.....Z.ZZZ:1 [1122]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ:1 [1122]
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZ....Z....Z:1 [1122]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{EF6E52B3-9D82-48E4-987C-00D36BD36E0C}] => (Allow) E:\Install\wlan_wiz\.\wlan_assistant\waw.exe => No File
C:\Program Files\BDServices
C:\WINDOWS\system32\Tasks\AVAST Software
C:\Program Files (x86)\Common Files\SparkTrust
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
(Paretologic Inc -> Digital Care Solutions (ParetoLogic)) C:\Program Files\BDServices\BitDefenderCOM.exe => Error: No automatic fix found for this entry.
BitDefenderCOM => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\BitDefenderCOM => removed successfully
BitDefenderCOM => service removed successfully
scan => Unable to stop service.
HKLM\System\CurrentControlSet\Services\scan => removed successfully
scan => service removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{CCCB25D3-6D41-4BA2-8853-CA32202E1008}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCCB25D3-6D41-4BA2-8853-CA32202E1008}" => removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCCB25D3-6D41-4BA2-8853-CA32202E1008}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCCB25D3-6D41-4BA2-8853-CA32202E1008}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCCB25D3-6D41-4BA2-8853-CA32202E1008}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCCB25D3-6D41-4BA2-8853-CA32202E1008}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCCB25D3-6D41-4BA2-8853-CA32202E1008}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCCB25D3-6D41-4BA2-8853-CA32202E1008}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCCB25D3-6D41-4BA2-8853-CA32202E1008}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCCB25D3-6D41-4BA2-8853-CA32202E1008}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCCB25D3-6D41-4BA2-8853-CA32202E1008}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCCB25D3-6D41-4BA2-8853-CA32202E1008}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCCB25D3-6D41-4BA2-8853-CA32202E1008}" => not found
"C:\WINDOWS\System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Gaming mode Task Scheduler recovery" => not found
C:\WINDOWS\system32\Tasks\AVAST Software => moved successfully
C:\WINDOWS\Tasks\SparkTrust Registration3.job => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKLM\System\CurrentControlSet\Services\cpuz143 => removed successfully
cpuz143 => service removed successfully
C:\Program Files (x86)\SparkTrust => moved successfully
C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.ZZZ.....Z.ZZZ => ":1" ADS removed successfully
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ => ":1" ADS removed successfully
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZ....Z....Z => ":1" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF6E52B3-9D82-48E4-987C-00D36BD36E0C}" => removed successfully
C:\Program Files\BDServices => moved successfully
"C:\WINDOWS\system32\Tasks\AVAST Software" => not found
C:\Program Files (x86)\Common Files\SparkTrust => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2250400 B
Java, Flash, Steam htmlcache => 1040 B
Windows/system/drivers => 116782 B
Edge => 0 B
Chrome => 496396955 B
Yandex => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6112 B
ProgramData => 6112 B
Public => 6112 B
systemprofile => 252119 B
systemprofile32 => 252247 B
LocalService => 252247 B
NetworkService => 252247 B
Richard => 205798457 B

RecycleBin => 4186739 B
EmptyTemp: => 684.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:23:49 ====
 
I suggest you calm down .. as you can see we are currently working on your system .. !!! We have a lot of work on it ... :-)


AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.


Check system's services

  • Please download Farbar Service Scanner and save it on your Desktop.
  • Right click on the tool icon and run it as administrator.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.


Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.


In your next reply, please post:

  1. The AdwCleaner[S0*].txt
  2. The FSS.txt
  3. The fresh FRST logs, FRST.txt and Addition.txt


 
I suggest you calm down .. as you can see we are currently working on your system .. !!! We have a lot of work on it ... :-)


AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Filestab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.


Check system's services

  • Please download Farbar Service Scanner and save it on your Desktop.
  • Right click on the tool icon and run it as administrator.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.


Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please attach the content of these two logs in your next reply.


In your next reply, please post:

  1. The AdwCleaner[S0*].txt
  2. The FSS.txt
  3. The fresh FRST logs, FRST.txt and Addition.txt
Icotonev, I can assure you that I'm perfectly calm, all I'm doing is giving you feedback as it may be relevant. I'm aware that a lot of work as to be done, which I'm extremely grateful for.


# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-03-03.1 (Cloud)
# Support: Customer Support & Help Center | Malwarebytes
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-07-2021
# Duration: 00:00:17
# OS: Windows 8.1
# Scanned: 3538
# Detected: 56


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy C:\Program Files (x86)\TotalAV
PUP.Optional.Legacy C:\ProgramData\SparkTrust
PUP.Optional.Legacy C:\ProgramData\TotalAV
PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.Legacy C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
PUP.Optional.Legacy C:\Users\Richard\AppData\Roaming\SparkTrust
PUP.Optional.Legacy C:\Users\Richard\Documents\TotalAV
PUP.Optional.Legacy C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
PUP.Optional.PCProtect C:\ProgramData\SecuritySuite
PUP.Optional.ScanGuard C:\quardata

***** [ Files ] *****

PUP.Optional.Legacy C:\Windows\System32\drivers\swdumon.sys
PUP.Optional.TotalAV C:\Users\Richard\Downloads\TOTALAV_SETUP.EXE

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 11
PUP.Optional.AdvancedSystemCare HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 12
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector
PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 10
PUP.Optional.Legacy HKCU\Software\sparktrust
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{65416821-217D-44BD-9C61-F53398FB1B46}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{94915A56-4D71-4F85-B59C-CC040F5AC6F0}
PUP.Optional.Legacy HKLM\Software\Classes\CLSID\{E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{34F4FEAF-4921-4B5D-8BE5-CA384BFFC2CE}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B}
PUP.Optional.Legacy HKLM\Software\Microsoft\Shared Tools\MSConfig\services\scan
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{34F4FEAF-4921-4B5D-8BE5-CA384BFFC2CE}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\MediaPlayer\ShimInclusionList\browser.exe
PUP.Optional.PCProtect HKCU\Software\SSProtect
PUP.Optional.PCProtect HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService
PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP
PUP.Optional.SlimCleanerPlus HKCU\Software\SlimWare Utilities Inc
PUP.Optional.SlimCleanerPlus HKLM\Software\Wow6432Node\SlimWare Utilities Inc
PUP.Optional.TotalAV HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.TotalAV HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
PUP.Optional.VLCPlusPlayer.DE HKLM\Software\Classes\TypeLib\{DF2BBE39-40A8-433B-A279-073F48DA94B6}
PUP.Optional.VLCPlusPlayer.DE HKLM\Software\Wow6432Node\\Classes\TypeLib\{DF2BBE39-40A8-433B-A279-073F48DA94B6}

***** [ Chromium (and derivatives) ] *****

PUP.Optional.AmazonBrowserBar Amazon Assistant for Chrome - pbjikboenpfhbbejgkoklgkhjpfogcam
PUP.Optional.ArcadeYum jmbmildjdmppofnohldicmnkojfhggmb

***** [ Chromium URLs ] *****

PUP.Optional.Legacy AVG Secure Search
PUP.Optional.Legacy AVG Secure Search
PUP.Optional.Legacy Search{013DF0A8-A4BC-4DD5-B565-06D763B93533}&mid=8743dd459dca47d29dc96da73dc8933a-3c5e627b1624c73ab826fb50cd5d9c87c5579247&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-16 09:28:15&v=17.3.1.91&pid=safeguard&sg=&sap=hp
PUP.Optional.MySearch AVG Secure Search
PUP.Optional.MySearch AVG Secure Search
PUP.Optional.MySearch Search{013DF0A8-A4BC-4DD5-B565-06D763B93533}&mid=8743dd459dca47d29dc96da73dc8933a-3c5e627b1624c73ab826fb50cd5d9c87c5579247&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-16 09:28:15&v=17.3.1.91&pid=safeguard&sg=&sap=hp

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


Farbar Service Scanner Version: 23-12-2020
Ran by Richard (administrator) on 07-03-2021 at 17:30:50
Running from "C:\Users\Richard\Downloads"
Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll
[2017-04-23 10:40] - [2016-01-06 16:47] - 0146944 ____A (Microsoft Corporation) 501D5EFAB9711039479AE48401386D2B

C:\Windows\System32\wbem\WMIsvc.dll
[2020-08-12 05:39] - [2020-07-10 17:58] - 0231936 ____A (Microsoft Corporation) 80644B29E2B93A2967E72A3E0E948EA3

C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Richard (07-03-2021 17:38:20)
Running from C:\Users\Richard\Downloads
Windows 8.1 (Update) (X64) (2017-04-22 20:18:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3411107159-1070077873-1841525149-500 - Administrator - Disabled)
Guest (S-1-5-21-3411107159-1070077873-1841525149-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3411107159-1070077873-1841525149-1003 - Limited - Enabled)
Richard (S-1-5-21-3411107159-1070077873-1841525149-1001 - Administrator - Enabled) => C:\Users\Richard

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.465 - Adobe)
aioprnt (HKLM\...\{0645A454-AD44-4F0D-99CF-6B762735AD1F}) (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{376348C2-E372-48BC-A138-E896757BD86A}) (Version: 5.8.10.0 - Your Company Name) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.1.3164 - AVG Technologies)
AVG Driver Updater (HKLM-x32\...\{BAAB946F-7E00-41F4-BEC7-B8CCF758E012}) (Version: 2.3.0 - AVG Netherlands B.V) Hidden
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{0F3243B3-FEA6-44DA-A6A6-4CA42F6A20DF}) (Version: 6.1.3.4 - Brother Industries, Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{f3688e1e-b3e5-403f-9750-b51816920212}) (Version: 6.1.3.4 - Brother Industries, Ltd.)
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{05421625-9BA9-482B-ACF2-794221A06F4E}) (Version: 1.0.23 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{272543B6-B337-4C8F-B9F1-19E884C2C7AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{1162495D-7CE7-4EF9-A0F8-151196F3A660}) (Version: 1.0.17.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.190 - Google LLC)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
HttpToUsbBridge (HKLM-x32\...\{7BC71E16-6656-4F86-A274-4DF34437975E}) (Version: 1.2.25.1 - Brother Industries Ltd.)
iCare Data Recovery Free (HKLM-x32\...\{43D63B27-661F-428E-97B7-70D0604D28E8}_is1) (Version: 8.0.3 - iCareAll Inc.)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.9.1.1 - Eastman Kodak Company)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
ocr (HKLM-x32\...\{BFBCF96F-7361-486A-965C-54B17AC35421}) (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0002 - Nuance Communications, Inc.)
PC-FAXReceive (HKLM-x32\...\{65EA2C86-30CD-444C-ADAB-8762BE4E2E8C}) (Version: 1.8.003.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{03BF5A21-6363-410C-B3BE-0946B0012704}) (Version: 3.7.3.1 - Brother Industries Ltd.) Hidden
PowerENGAGE (HKLM-x32\...\{BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1}) (Version: 3.2.13 - Aviata, Inc.) Hidden
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Private Internet Access (HKLM\...\{33023371-7761-4F81-BBB1-0E0D0D175ACF}) (Version: 2.4.0+05574 - Private Internet Access, Inc.)
Private Internet Access WinTUN Driver (HKLM\...\{0419A0C0-4CC8-459E-9BAE-F3BF5D2E2CCB}) (Version: 1.0 - Private Internet Access, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.27055 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
RemoteSetup (HKLM-x32\...\{FAB8A30A-B074-48F9-9D73-5E9A757403F8}) (Version: 3.10.2.0 - Brother Industries Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
SoftwareUpdateNotification (HKLM-x32\...\{F58E9F54-C092-42C5-B4C3-C4B7C337750B}) (Version: 1.0.7.0 - Brother Insutries Ltd.) Hidden
StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden
Telegram Desktop version 2.5.1 (HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.5.1 - Telegram FZ-LLC)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3115087) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{C48D0508-2A21-42EA-8BC9-D387768F54F4}) (Version: - Microsoft)
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WhatsApp (HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\WhatsApp) (Version: 2.2106.10 - WhatsApp)

Packages:
=========
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2017-04-23] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2017-04-23] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3411107159-1070077873-1841525149-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-10-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-10-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2019-07-30] (IObit Information Technology -> IObit)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2019-06-20] (IObit Information Technology -> IObit)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-05-20] (Microsoft Corporation -> Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2019-01-08 02:47 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService13 => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AppReadiness => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AVG Tools => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BitDefenderCOM => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: DeviceAssociationService => 2
MSCONFIG\Services: DeviceInstall => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: DiagTrack => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: DsmSvc => 3
MSCONFIG\Services: Eaphost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: fhsvc => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: IObitUnSvr => 2
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: Kodak AiO Network Discovery Service => 2
MSCONFIG\Services: Kodak AiO Status Monitor Service => 2
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: NcaSvc => 3
MSCONFIG\Services: NcbService => 3
MSCONFIG\Services: NcdAutoSetup => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: ose64 => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PlugPlay => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: PrintNotify => 3
MSCONFIG\Services: PrivateInternetAccessService => 2
MSCONFIG\Services: PrivateInternetAccessWireguard => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: scan => 3
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: ss_conn_launcher_service => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: USBAppControl => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 2
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WorkflowAppControl => 2
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
HKLM\...\StartupApproved\Run: => "EKIJ5000StatusMonitor"
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKLM\...\StartupApproved\Run32: => "EKStatusMonitor"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "EKIJ5000StatusMonitor"
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\StartupApproved\Run: => "AVGBrowserAutoLaunch_8A93C1D26E6679F3B6F436A3F299CCC8"
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\StartupApproved\Run: => "Advanced SystemCare"
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_94A469CBA2277F7295F560B121FA07B1"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD1A15A1-B23B-496D-828C-29E7D4558070}] => (Allow) LPort=1688
FirewallRules: [{DEEE57D2-A2EA-4964-8E2E-252BDCAEE3C3}] => (Block) LPort=445
FirewallRules: [{76EE6F2B-E7C7-44AE-89E1-5788E5E6B14C}] => (Block) LPort=445
FirewallRules: [{FF3805C2-55BF-42C0-8654-306F8337774F}] => (Allow) LPort=1688
FirewallRules: [{D1B01DC0-E1C9-4B59-A24A-1E4895016F3A}] => (Allow) LPort=9322
FirewallRules: [{4264BA44-9581-4C56-9A04-6E4EF7CE720E}] => (Allow) LPort=5353
FirewallRules: [{1B6EED72-800D-4471-952E-E61E663FC658}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{0737E079-EE02-474E-9FB2-45A5DC809EF1}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{B974E3FC-650A-47DB-9BBC-0530E3261882}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{C31B4A1F-ACBC-4C7B-BFC7-FCCC2EEC030C}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{06476668-F55E-4D2A-861D-549D086C6935}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{00339ADE-2FA0-47E3-B417-FE2BD710DABB}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe (Eastman Kodak Company -> Eastman Kodak Company)
FirewallRules: [{074A51E3-D035-45D4-A084-B7F16EA2C6DB}] => (Allow) LPort=54925
FirewallRules: [{81CF8617-2F01-4071-BE89-58D3140A67DF}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{993AF3CF-D964-4CE6-B0EF-F8F447FE9384}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [TCP Query User{3CFA0FAC-534E-4A74-BC1A-7C84054B7452}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{4A854861-308D-4F13-94B2-A69479B22ED6}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{E63762B9-801F-482E-A2A9-7C85474D7DB4}] => (Allow) LPort=54950
FirewallRules: [{762BEB76-C88E-407A-BCF1-1B5521E3551D}] => (Allow) LPort=54955
FirewallRules: [{2FCE1BA5-FAB8-4DA5-BA22-1872BA500C59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/07/2021 04:47:00 PM) (Source: SecurityCenter) (EventID: 3) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error: (03/07/2021 04:45:39 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.

Error: (03/07/2021 04:45:39 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...

Error: (03/07/2021 04:45:39 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (03/07/2021 04:45:39 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (03/07/2021 04:45:39 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[1]: 192.168.1.7

Error: (03/07/2021 04:45:39 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[0]: fe80::1dab:377f:dad:847%3

Error: (03/07/2021 04:45:39 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList.Length: 2


System errors:
=============
Error: (03/07/2021 04:46:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Work Folders service hung on starting.

Error: (03/07/2021 04:46:18 PM) (Source: DCOM) (EventID: 10010) (User: RICHARD)
Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.

Error: (03/07/2021 04:45:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (03/07/2021 04:45:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Network Inspection Service service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (03/07/2021 04:44:28 PM) (Source: DCOM) (EventID: 10010) (User: RICHARD)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (03/07/2021 04:43:42 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/07/2021 04:43:38 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (03/07/2021 04:43:34 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Windows Defender:
================
Date: 2017-06-11 14:44:05.806
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-11 14:32:39.187
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-11 13:50:33.124
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-07 02:23:33.175
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-05-26 14:46:41.511
Description:
Windows Defender scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2017-06-12 07:15:04.980
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.730.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-12 07:15:04.979
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.730.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-12 07:15:04.529
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-12 07:15:04.528
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:
Error code: 0x80070652
Error description: Another installation is already in progress. Complete that installation before proceeding with this install.

Date: 2017-06-12 07:14:55.167
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.730.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: American Megatrends Inc. X550CA.212 08/13/2013
Motherboard: ASUSTeK COMPUTER INC. X550CA
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 66%
Total physical RAM: 6029.74 MB
Available physical RAM: 2009.02 MB
Total Virtual: 12173.74 MB
Available Virtual: 7860.49 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:371.38 GB) (Free:295.84 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:537.8 GB) (Free:536.69 GB) NTFS

\\?\Volume{b81970ed-33f5-4c1e-868a-a9f407dc4092}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.77 GB) NTFS
\\?\Volume{2789036b-ad4f-4416-9f8e-e20a9348f31d}\ () (Fixed) (Total:0.44 GB) (Free:0.15 GB) NTFS
\\?\Volume{21b11954-97a1-4a1d-ba35-26ec54f79eda}\ (Restore) (Fixed) (Total:20.01 GB) (Free:7.74 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FAF3F0E5)

Partition: GPT.

==================== End of Addition.txt =======================


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by Richard (administrator) on RICHARD (ASUSTeK COMPUTER INC. X550CA) (07-03-2021 17:35:15)
Running from C:\Users\Richard\Downloads
Loaded Profiles: Richard
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe <3>
(Farbar) [File not signed] C:\Users\Richard\Downloads\FSS.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <36>
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Richard\Downloads\AdwCleaner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe <2>
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(WhatsApp, Inc -> WhatsApp) C:\Users\Richard\AppData\Local\WhatsApp\app-2.2104.10\WhatsApp.exe <5>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [164608 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3411107159-1070077873-1841525149-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\KODAK EASYSHARE All-in-One Printer: C:\Windows\System32\spool\prtprocs\x64\EKIJ5000PPR.dll [261632 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\...\Print\Monitors\KODAK EASYSHARE All-in-One Printer: C:\WINDOWS\system32\EKIJ5000MON.dll [805376 2012-10-08] (Microsoft Windows Hardware Compatibility Publisher -> Eastman Kodak Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.190\Installer\chrmstp.exe [2021-02-25] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20D07301-0754-4D98-9023-33A6B22B9883} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-09] (Adobe Inc. -> Adobe)
Task: {3C893D5A-8C9A-4B15-8D4D-2BD4B1C8B9D8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {47DF9810-F6A2-4B0C-98E4-B70A28CABDF8} - System32\Tasks\{65C3D43E-E5A3-481D-9352-126F2DD99808} => C:\WINDOWS\system32\pcalua.exe -a C:\ProgramData\Kodak\Installer\Setup.exe -c /Web /x "{E0F274B7-592B-4669-8FB8-8D9825A09858}" CompanyName="Eastman Kodak Company" /code "2057"
Task: {5E415433-D5BC-414B-8985-44515AAE6A19} - System32\Tasks\Uninstaller_SkipUac_Richard => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5900560 2019-09-10] (IObit Information Technology -> IObit)
Task: {644370C0-0F78-4799-A741-525E9EFC74C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-23] (Google Inc -> Google Inc.)
Task: {73DF959D-C868-4F23-A973-6E80B6A277E2} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [4730624 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {77D7B2E9-D157-4B75-849F-912D477BF1DD} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-07-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {8D939978-1C04-4261-9087-B58A7E403F0B} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-07-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {B5DFDE52-BF65-47ED-A482-EC4E67E51CF6} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506384 2019-07-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {C1D26FC8-180C-4AE7-9F10-9D30933380A0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
Task: {DB5AFBF8-22CC-445E-B842-BB00C6859B44} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1822976 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {FB4B7999-9C47-4041-973F-5BC9E1CD750E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-04-23] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AVG Driver Updater Scan.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\WINDOWS\Tasks\AVG Driver Updater Startup.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{79D1DE68-56FB-4F72-B5E0-FB918DAD2B4C}: [DhcpNameServer] 10.0.0.243
Tcpip\..\Interfaces\{CA17CCC0-C1E3-4678-A9C4-A38235A3F540}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D33B41AE-F5DB-42CB-8859-CC313193AC99}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default [2021-03-07]
CHR DownloadDir: C:\Users\Richard\Downloads
CHR Notifications: Default -> hxxps://pirateproxy.cc; hxxps://thepiratebay.org; hxxps://www.electriciansforums.net; hxxps://www.facebook.com; hxxps://www.junglescout.com; hxxps://www.wakeupuk.net; hxxps://www.wish.com
CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={013DF0A8-A4BC-4DD5-B565-06D763B93533}&mid=8743dd459dca47d29dc96da73dc8933a-3c5e627b1624c73ab826fb50cd5d9c87c5579247&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-16 09:28:15&v=17.3.1.91&pid=safeguard&sg=&sap=hp
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (DuckDuckGo) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-03-07]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2021-01-05]
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-23]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-29]
CHR Extension: (Sheets) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2021-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-29]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-09] (Adobe Inc. -> Adobe)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [622184 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files\AVG\Antivirus\avgToolsSvc.exe [353024 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [8091704 2021-03-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [298496 2017-03-22] (Brother Industries, Ltd.) [File not signed]
S3 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [156944 2019-08-23] (IObit Information Technology -> IObit)
S4 PrivateInternetAccessService; C:\Program Files\Private Internet Access\pia-service.exe [1900032 2020-09-04] () [File not signed]
S4 PrivateInternetAccessWireguard; C:\Program Files\Private Internet Access\pia-wgservice.exe [4433920 2020-09-04] () [File not signed]
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182328 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2020-12-18] (Microsoft) [File not signed]
S2 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2020-12-18] (Microsoft) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4318648 2020-01-04] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [73512 2015-11-01] (ASUSTeK Computer Inc. -> ASUS Corporation)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [35792 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [208176 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [357400 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [249368 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [98840 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41424 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [175368 2021-02-23] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [521472 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [107920 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83496 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [850248 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [465800 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [215464 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [327104 2021-02-18] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2018-10-30] (Martin Malik - REALiX -> REALiX(tm))
S3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [25992 2019-07-30] (IObit CO., LTD -> IObit)
S3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUProcessFilter.sys [19280 2019-07-30] (IObit CO., LTD -> IObit)
S3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegistryFilter.sys [31648 2019-07-30] (IObit CO., LTD -> IObit)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-02] (ASUSTeK Computer Inc. -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43368 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2018-12-24] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
R3 tap-pia-0901; C:\WINDOWS\system32\DRIVERS\tap-pia-0901.sys [30720 2020-01-16] (Private Internet Access (London Trust Media Incorporated) -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-07 17:30 - 2021-03-07 17:31 - 000003060 _____ C:\Users\Richard\Downloads\FSS.txt
2021-03-07 17:29 - 2021-03-07 17:29 - 000909824 _____ (Farbar) C:\Users\Richard\Downloads\FSS.exe
2021-03-07 17:23 - 2021-03-07 17:24 - 008463216 _____ (Malwarebytes) C:\Users\Richard\Downloads\AdwCleaner.exe
2021-03-07 15:19 - 2021-03-07 15:23 - 000011940 _____ C:\Users\Richard\Downloads\Fixlog.txt
2021-03-07 13:02 - 2021-03-07 13:02 - 002301440 _____ (Farbar) C:\Users\Richard\Downloads\FRST64 (2).exe
2021-03-07 13:02 - 2021-03-07 13:02 - 002301440 _____ (Farbar) C:\Users\Richard\Downloads\FRST64 (1).exe
2021-03-07 13:01 - 2021-03-07 13:01 - 002301440 _____ (Farbar) C:\Users\Richard\Downloads\FRST64.exe
2021-03-04 01:55 - 2021-03-04 01:55 - 000675494 _____ C:\Users\Richard\Downloads\PhoneCallWithRyan_20210303-192955_01133209634.amr
2021-02-28 10:31 - 2021-02-28 10:31 - 000357446 _____ C:\Users\Richard\Downloads\PhoneCallWithKev_20210226-171938_01133209634.amr
2021-02-28 10:29 - 2021-02-28 10:29 - 001481574 _____ C:\Users\Richard\Downloads\PhoneCallWithAlicia_20210226-164643_03300081555.amr
2021-02-27 08:13 - 2021-02-27 08:13 - 000175952 _____ (Sysnative) C:\Users\Richard\Downloads\SysnativeBSODCollectionApp (1).exe
2021-02-27 08:01 - 2021-03-07 16:35 - 000000000 ____D C:\Users\Richard\Downloads\FRST-OlderVersion
2021-02-26 06:50 - 2021-03-07 13:11 - 000039602 _____ C:\Users\Richard\Downloads\Addition.txt
2021-02-26 06:41 - 2021-03-07 17:36 - 000016520 _____ C:\Users\Richard\Downloads\FRST.txt
2021-02-26 06:40 - 2021-03-07 17:35 - 000000000 ____D C:\FRST
2021-02-26 06:37 - 2021-02-26 06:37 - 002781052 _____ C:\Users\Richard\Downloads\Speccy x64 portable.zip
2021-02-26 06:07 - 2021-02-27 08:16 - 000000000 ____D C:\Users\Richard\Documents\SysnativeFileCollectionApp
2021-02-26 06:07 - 2021-02-26 06:07 - 000175952 _____ (Sysnative) C:\Users\Richard\Downloads\SysnativeBSODCollectionApp.exe
2021-02-26 05:22 - 2021-02-26 05:22 - 000000017 _____ C:\Users\Richard\AppData\Local\resmon.resmoncfg
2021-02-26 00:30 - 2021-02-26 00:30 - 000288032 _____ C:\WINDOWS\Minidump\022621-39015-01.dmp
2021-02-26 00:22 - 2021-02-26 00:22 - 000288032 _____ C:\WINDOWS\Minidump\022621-39781-01.dmp
2021-02-26 00:05 - 2021-02-26 00:06 - 000288032 _____ C:\WINDOWS\Minidump\022621-59750-01.dmp
2021-02-25 23:54 - 2021-02-25 23:54 - 098435072 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2021-02-25 23:54 - 2021-02-25 23:54 - 006205440 _____ C:\WINDOWS\system32\config\DRIVERS.iobit
2021-02-25 23:54 - 2021-02-25 23:54 - 000425984 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2021-02-25 23:54 - 2021-02-25 23:54 - 000028672 _____ C:\WINDOWS\system32\config\SAM.iobit
2021-02-25 23:54 - 2021-02-25 23:54 - 000024576 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2021-02-23 23:13 - 2021-02-23 23:13 - 000175368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2021-02-23 01:53 - 2021-02-23 01:53 - 000319254 _____ C:\Users\Richard\Downloads\Untitled_Message (3).zip
2021-02-23 01:53 - 2021-02-23 01:53 - 000000000 ____D C:\Users\Richard\Downloads\Untitled_Message (3)
2021-02-23 01:44 - 2021-02-23 01:45 - 004162925 _____ C:\Users\Richard\Downloads\Untitled_Message (2).zip
2021-02-23 01:38 - 2021-02-23 01:38 - 004162925 _____ C:\Users\Richard\Downloads\Untitled_Message.zip
2021-02-23 01:38 - 2021-02-23 01:38 - 004162925 _____ C:\Users\Richard\Downloads\Untitled_Message (1).zip
2021-02-21 09:56 - 2021-02-21 09:57 - 000288032 _____ C:\WINDOWS\Minidump\022121-41500-01.dmp
2021-02-21 08:41 - 2021-02-21 08:42 - 015970496 _____ (IObit ) C:\Users\Richard\Downloads\smart-defrag-setup.exe
2021-02-20 03:36 - 2021-02-20 03:36 - 000095903 _____ C:\Users\Richard\Downloads\Tracked_Returns_label_DA088912438GB.pdf
2021-02-18 22:28 - 2021-02-26 00:10 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak1
2021-02-18 19:36 - 2021-03-07 16:38 - 000004162 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2021-02-18 19:36 - 2021-02-18 19:36 - 000465800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000850248 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000521472 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000357400 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000340224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2021-02-18 19:35 - 2021-02-18 19:35 - 000327104 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000249368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000215464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000208176 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000107920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000098840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000083496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000041424 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2021-02-18 19:35 - 2021-02-18 19:35 - 000035792 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2021-02-17 08:04 - 2021-02-17 09:13 - 025559040 _____ C:\Users\Richard\Downloads\Win8.1_English_x64.iso
2021-02-16 22:09 - 2021-02-16 22:09 - 000000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA%
2021-02-16 19:26 - 2021-02-16 19:26 - 000288032 _____ C:\WINDOWS\Minidump\021621-45015-01.dmp
2021-02-16 19:09 - 2021-02-16 19:09 - 000288032 _____ C:\WINDOWS\Minidump\021621-37656-01.dmp
2021-02-16 19:01 - 2021-02-16 19:02 - 000288344 _____ C:\WINDOWS\Minidump\021621-37812-01.dmp
2021-02-16 16:47 - 2021-02-16 16:48 - 000288032 _____ C:\WINDOWS\Minidump\021621-46406-01.dmp
2021-02-16 16:43 - 2021-02-16 16:43 - 000288032 _____ C:\WINDOWS\Minidump\021621-42000-01.dmp
2021-02-16 01:07 - 2021-02-16 01:08 - 000288032 _____ C:\WINDOWS\Minidump\021621-43968-01.dmp
2021-02-16 00:51 - 2021-02-16 00:51 - 000288032 _____ C:\WINDOWS\Minidump\021621-44796-01.dmp
2021-02-14 11:18 - 2021-02-14 11:18 - 001578036 _____ C:\Users\Richard\Desktop\Vaccine_n.mp4
2021-02-13 15:18 - 2021-02-13 15:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-13 02:50 - 2021-02-13 02:50 - 000288032 _____ C:\WINDOWS\Minidump\021321-51406-01.dmp
2021-02-10 12:43 - 2021-01-12 06:07 - 000088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-02-10 12:43 - 2021-01-12 05:46 - 002132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-02-10 12:43 - 2021-01-12 05:44 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-02-10 12:43 - 2021-01-12 05:31 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-02-09 07:53 - 2021-02-16 16:08 - 011636936 _____ C:\Users\Richard\Downloads\MB-SupportTool.exe
2021-02-09 03:11 - 2021-02-09 03:11 - 000000000 __SHD C:\found.001
2021-02-08 21:06 - 2021-02-08 21:06 - 000000000 ____D C:\Users\Richard\AppData\LocalLow\Google
2021-02-08 21:06 - 2021-02-08 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2021-02-08 21:05 - 2021-02-08 21:05 - 030589432 _____ C:\Users\Richard\Downloads\googleearthwin.exe
2021-02-08 08:45 - 2021-02-08 08:45 - 000288032 _____ C:\WINDOWS\Minidump\020821-47187-01.dmp
2021-02-08 08:39 - 2021-02-08 08:39 - 000288344 _____ C:\WINDOWS\Minidump\020821-45875-01.dmp
2021-02-08 07:17 - 2021-02-08 07:17 - 000288032 _____ C:\WINDOWS\Minidump\020821-36906-01.dmp
2021-02-08 07:14 - 2021-02-08 07:14 - 000288032 _____ C:\WINDOWS\Minidump\020821-33203-01.dmp
2021-02-08 07:08 - 2021-02-08 07:08 - 000288344 _____ C:\WINDOWS\Minidump\020821-33281-01.dmp
2021-02-06 16:55 - 2021-02-17 06:00 - 000000000 _____ C:\Recovery.txt
2021-02-06 08:35 - 2021-02-06 08:35 - 000000000 __SHD C:\found.000
2021-02-05 09:39 - 2021-02-05 09:39 - 000096940 _____ C:\Users\Richard\Downloads\Three Peaks Walk.mmo
2021-02-05 09:39 - 2021-02-05 09:39 - 000009868 _____ C:\Users\Richard\Downloads\Three Peaks Walk.gpx

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-07 17:30 - 2018-12-16 08:46 - 000000000 ____D C:\Users\Richard\AppData\Roaming\WhatsApp
2021-03-07 17:25 - 2016-11-19 14:09 - 000000000 ____D C:\AdwCleaner
2021-03-07 17:05 - 2017-04-23 09:15 - 000003930 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{98C8926F-187D-4723-A2B6-6CFA634D385A}
2021-03-07 16:56 - 2019-09-21 11:46 - 000000000 ____D C:\Users\Richard\AppData\Local\WhatsApp
2021-03-07 16:49 - 2020-08-02 10:48 - 000000000 ____D C:\ProgramData\AVG
2021-03-07 16:47 - 2017-04-23 09:31 - 000998912 ___SH C:\Users\Richard\Desktop\Thumbs.db
2021-03-07 16:47 - 2017-04-22 20:26 - 000000000 ___RD C:\Users\Richard\OneDrive
2021-03-07 16:47 - 2013-08-22 13:36 - 000000000 ____D C:\WINDOWS\Inf
2021-03-07 16:42 - 2017-04-22 20:14 - 000000000 ____D C:\Users\Richard
2021-03-07 16:41 - 2013-08-22 14:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-07 16:33 - 2013-08-22 13:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2021-03-07 15:23 - 2019-09-29 22:09 - 000000000 ____D C:\Users\Richard\AppData\LocalLow\Temp
2021-03-07 15:21 - 2019-11-02 13:51 - 000002862 _____ C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Richard
2021-03-07 15:21 - 2018-07-21 08:46 - 000004476 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2021-03-07 15:21 - 2018-07-21 08:46 - 000004324 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater
2021-03-07 15:21 - 2018-07-21 08:36 - 000003282 _____ C:\WINDOWS\system32\Tasks\{65C3D43E-E5A3-481D-9352-126F2DD99808}
2021-03-07 15:21 - 2017-04-23 16:02 - 000003180 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_ListenToDevice
2021-03-07 15:21 - 2017-04-23 16:02 - 000003168 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-03-07 15:21 - 2017-04-23 16:02 - 000003152 _____ C:\WINDOWS\system32\Tasks\RtHDVBg
2021-03-07 15:21 - 2017-04-23 09:20 - 000003332 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-07 15:21 - 2017-04-23 09:20 - 000003204 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-06 17:20 - 2019-01-30 22:08 - 000000000 ____D C:\Users\Richard\Documents\DadsWill
2021-03-06 10:45 - 2021-01-24 13:26 - 000196608 ___SH C:\Users\Richard\Downloads\Thumbs.db
2021-03-03 13:20 - 2019-12-06 13:55 - 000000000 ____D C:\Users\Richard\AppData\Roaming\vlc
2021-02-27 08:01 - 2018-07-22 15:55 - 000000000 ____D C:\Users\Richard\AppData\Local\CrashDumps
2021-02-26 22:21 - 2017-04-22 20:25 - 000003600 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3411107159-1070077873-1841525149-1001
2021-02-26 21:44 - 2017-04-27 12:38 - 000000000 ____D C:\Users\Richard\AppData\LocalLow\IObit
2021-02-26 21:44 - 2017-04-27 12:34 - 000000000 ____D C:\Users\Richard\AppData\Roaming\IObit
2021-02-26 21:44 - 2017-04-27 12:34 - 000000000 ____D C:\ProgramData\IObit
2021-02-26 21:44 - 2017-04-27 12:34 - 000000000 ____D C:\Program Files (x86)\IObit
2021-02-26 00:30 - 2018-04-08 18:49 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-26 00:02 - 2013-08-22 15:20 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-25 02:33 - 2017-04-23 09:21 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-23 23:12 - 2017-04-27 12:38 - 000000000 ____D C:\ProgramData\ProductData
2021-02-21 08:45 - 2020-04-08 09:06 - 000000000 ____D C:\Users\Richard\AppData\Roaming\Telegram Desktop
2021-02-20 03:51 - 2017-04-22 20:18 - 000000000 ____D C:\Users\Richard\AppData\Local\Packages
2021-02-18 22:29 - 2017-04-23 10:12 - 000000000 ____D C:\Users\Richard\AppData\Local\ElevatedDiagnostics
2021-02-17 11:26 - 2018-07-06 10:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2021-02-17 11:26 - 2018-07-06 09:56 - 000000000 ____D C:\Program Files (x86)\Brother
2021-02-17 11:26 - 2018-04-14 08:39 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-16 19:26 - 2017-10-30 18:01 - 000000000 ____D C:\ProgramData\Kodak
2021-02-16 16:35 - 2017-04-23 03:59 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak
2021-02-16 00:38 - 2013-08-22 15:36 - 000000000 ___RD C:\WINDOWS\ToastData
2021-02-16 00:37 - 2013-08-22 15:36 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-16 00:37 - 2013-08-22 15:36 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 06:32 - 2017-04-23 14:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-12 06:27 - 2017-04-23 14:55 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-08 21:06 - 2017-04-23 09:20 - 000000000 ____D C:\Program Files (x86)\Google
2021-02-08 08:53 - 2017-09-18 16:06 - 000000000 ____D C:\Users\Richard\Desktop\Gary Cooksley

==================== Files in the root of some directories ========

2017-11-19 15:31 - 2017-11-22 05:54 - 000000115 _____ () C:\Users\Richard\AppData\Roaming\LogFile.txt
2017-10-30 18:13 - 2017-10-30 18:13 - 000003178 _____ () C:\Users\Richard\AppData\Local\installer.log
2017-10-30 18:13 - 2017-10-30 18:13 - 000000236 _____ () C:\Users\Richard\AppData\Local\LaunchHomeCenter.log
2021-02-26 05:22 - 2021-02-26 05:22 - 000000017 _____ () C:\Users\Richard\AppData\Local\resmon.resmoncfg
2019-12-10 05:00 - 2019-12-10 05:00 - 000000000 _____ () C:\Users\Richard\AppData\Local\{735F5212-8A05-435A-8589-15A45D7DCAF5}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-12-03 01:33
==================== End of FRST.txt ========================
 
AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please attach it of the file in your next reply.

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
 
AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please attach it of the file in your next reply.

In your next reply, please post:
  1. The AdwCleaner[C0*].txt
# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-03-03.1 (Cloud)
# Support: Customer Support & Help Center | Malwarebytes
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-07-2021
# Duration: 00:00:10
# OS: Windows 8.1
# Cleaned: 56
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\TotalAV
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\ProgramData\SecuritySuite
Deleted C:\ProgramData\SparkTrust
Deleted C:\ProgramData\TotalAV
Deleted C:\Users\Public\Documents\Downloaded Installers
Deleted C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
Deleted C:\Users\Richard\AppData\Roaming\SparkTrust
Deleted C:\Users\Richard\Documents\TotalAV
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV
Deleted C:\quardata

***** [ Files ] *****

Deleted C:\Users\Richard\Downloads\TOTALAV_SETUP.EXE
Deleted C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 10
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 11
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare 12
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\SSProtect
Deleted HKCU\Software\SlimWare Utilities Inc
Deleted HKCU\Software\sparktrust
Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant
Deleted HKLM\Software\Classes\CLSID\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF}
Deleted HKLM\Software\Classes\CLSID\{65416821-217D-44BD-9C61-F53398FB1B46}
Deleted HKLM\Software\Classes\CLSID\{6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC}
Deleted HKLM\Software\Classes\CLSID\{94915A56-4D71-4F85-B59C-CC040F5AC6F0}
Deleted HKLM\Software\Classes\CLSID\{E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC}
Deleted HKLM\Software\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF}
Deleted HKLM\Software\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46}
Deleted HKLM\Software\Classes\TypeLib\{34F4FEAF-4921-4B5D-8BE5-CA384BFFC2CE}
Deleted HKLM\Software\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B}
Deleted HKLM\Software\Classes\TypeLib\{DF2BBE39-40A8-433B-A279-073F48DA94B6}
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\services\scan
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{65416821-217D-44BD-9C61-F53398FB1B46}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{34F4FEAF-4921-4B5D-8BE5-CA384BFFC2CE}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{39A37965-0A96-43A3-870E-821FE5C84B0B}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{DF2BBE39-40A8-433B-A279-073F48DA94B6}
Deleted HKLM\Software\Wow6432Node\\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
Deleted HKLM\Software\Wow6432Node\\Microsoft\MediaPlayer\ShimInclusionList\browser.exe
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService

***** [ Chromium (and derivatives) ] *****

Deleted Amazon Assistant for Chrome - pbjikboenpfhbbejgkoklgkhjpfogcam
Deleted jmbmildjdmppofnohldicmnkojfhggmb

***** [ Chromium URLs ] *****

Deleted AVG Secure Search
Deleted AVG Secure Search
Deleted AVG Secure Search
Deleted AVG Secure Search
Deleted Search{013DF0A8-A4BC-4DD5-B565-06D763B93533}&mid=8743dd459dca47d29dc96da73dc8933a-3c5e627b1624c73ab826fb50cd5d9c87c5579247&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-16 09:28:15&v=17.3.1.91&pid=safeguard&sg=&sap=hp
Deleted Search{013DF0A8-A4BC-4DD5-B565-06D763B93533}&mid=8743dd459dca47d29dc96da73dc8933a-3c5e627b1624c73ab826fb50cd5d9c87c5579247&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-16 09:28:15&v=17.3.1.91&pid=safeguard&sg=&sap=hp

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [6642 octets] - [07/03/2021 17:25:44]
AdwCleaner[S01].txt - [6703 octets] - [07/03/2021 18:18:31]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 
Uninstalling Adobe Flash Player

--------------------

Note: Adobe Flash Player is no longer supported and is a security risk.
  • Download Adobe Flash Player Uninstaller and save it to your Desktop
  • Right click on the icon and select Run as administrator
  • Click Uninstall then Done to reboot your comptuer


Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
Code:
Start::
CreateRestorePoint:
CloseProcesses:
cmd: sfc /scannow
End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.


BlueScreenView

  • Download BlueScreenView and save it to your desktop
  • Right click on BlueScreenView.exe then select Run as administrator
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply


n your next reply, please include:
  • Fixlog.txt
  • BSOD.txt
 
Uninstalling Adobe Flash Player

--------------------

Note: Adobe Flash Player is no longer supported and is a security risk.
  • Download Adobe Flash Player Uninstaller and save it to your Desktop
  • Right click on the icon and select Run as administrator
  • Click Uninstall then Done to reboot your comptuer


Farbar Recovery Scan Tool - Fix

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
Code:
Start::
CreateRestorePoint:
CloseProcesses:
cmd: sfc /scannow
End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.


BlueScreenView

  • Download BlueScreenView and save it to your desktop
  • Right click on BlueScreenView.exe then select Run as administrator
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply


n your next reply, please include:
  • Fixlog.txt
  • BSOD.txt
Hi, the blueScreenView link isn't working, so I downloaded it from Softtonic to try and save you bother, however, I don't know how to use the software - sorry.

Would you like me to copy and paste the CBS.Log ?

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by Richard (07-03-2021 19:06:20) Run:2
Running from C:\Users\Richard\Downloads
Loaded Profiles: Richard
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
cmd: sfc /scannow

*****************

Restore point was successfully created.
Processes closed successfully.

========= sfc /scannow =========



Beginning system scan. This process will take some time.



Beginning verification phase of system scan.

Verification 0% complete.Verification 0% complete.Verification 1% complete.Verification 1% complete.Verification 1% complete.Verification 2% complete.Verification 2% complete.Verification 2% complete.Verification 3% complete.Verification 3% complete.Verification 3% complete.Verification 4% complete.Verification 4% complete.Verification 4% complete.Verification 5% complete.Verification 5% complete.Verification 5% complete.Verification 6% complete.Verification 6% complete.Verification 6% complete.Verification 7% complete.Verification 7% complete.Verification 7% complete.Verification 8% complete.Verification 8% complete.Verification 8% complete.Verification 9% complete.Verification 9% complete.Verification 9% complete.Verification 10% complete.Verification 10% complete.Verification 10% complete.Verification 11% complete.Verification 11% complete.Verification 11% complete.Verification 12% complete.Verification 12% complete.Verification 12% complete.Verification 13% complete.Verification 13% complete.Verification 13% complete.Verification 14% complete.Verification 14% complete.Verification 14% complete.Verification 15% complete.Verification 15% complete.Verification 15% complete.Verification 16% complete.Verification 16% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 18% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 20% complete.Verification 20% complete.Verification 21% complete.Verification 21% complete.Verification 21% complete.Verification 22% complete.Verification 22% complete.Verification 22% complete.Verification 23% complete.Verification 23% complete.Verification 23% complete.Verification 24% complete.Verification 24% complete.Verification 24% complete.Verification 25% complete.Verification 25% complete.Verification 25% complete.Verification 26% complete.Verification 26% complete.Verification 26% complete.Verification 27% complete.Verification 27% complete.Verification 27% complete.Verification 28% complete.Verification 28% complete.Verification 28% complete.Verification 29% complete.Verification 29% complete.Verification 29% complete.Verification 30% complete.Verification 30% complete.Verification 30% complete.Verification 31% complete.Verification 31% complete.Verification 31% complete.Verification 32% complete.Verification 32% complete.Verification 32% complete.Verification 33% complete.Verification 33% complete.Verification 33% complete.Verification 34% complete.Verification 34% complete.Verification 34% complete.Verification 35% complete.Verification 35% complete.Verification 36% complete.Verification 36% complete.Verification 36% complete.Verification 37% complete.Verification 37% complete.Verification 37% complete.Verification 38% complete.Verification 38% complete.Verification 38% complete.Verification 39% complete.Verification 39% complete.Verification 39% complete.Verification 40% complete.Verification 40% complete.Verification 40% complete.Verification 41% complete.Verification 41% complete.Verification 41% complete.Verification 42% complete.Verification 42% complete.Verification 42% complete.Verification 43% complete.Verification 43% complete.Verification 43% complete.Verification 44% complete.Verification 44% complete.Verification 44% complete.Verification 45% complete.Verification 45% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 47% complete.Verification 47% complete.Verification 48% complete.Verification 48% complete.Verification 48% complete.Verification 49% complete.Verification 49% complete.Verification 49% complete.Verification 50% complete.Verification 50% complete.Verification 50% complete.Verification 51% complete.Verification 51% complete.Verification 51% complete.Verification 52% complete.Verification 52% complete.Verification 52% complete.Verification 53% complete.Verification 53% complete.Verification 54% complete.Verification 54% complete.Verification 54% complete.Verification 55% complete.Verification 55% complete.Verification 55% complete.Verification 56% complete.Verification 56% complete.Verification 56% complete.Verification 57% complete.Verification 57% complete.Verification 57% complete.Verification 58% complete.Verification 58% complete.Verification 58% complete.Verification 59% complete.Verification 59% complete.Verification 59% complete.Verification 60% complete.Verification 60% complete.Verification 60% complete.Verification 61% complete.Verification 61% complete.Verification 61% complete.Verification 62% complete.Verification 62% complete.Verification 62% complete.Verification 63% complete.Verification 63% complete.Verification 63% complete.Verification 64% complete.Verification 64% complete.Verification 64% complete.Verification 65% complete.Verification 65% complete.Verification 65% complete.Verification 66% complete.Verification 66% complete.Verification 66% complete.Verification 67% complete.Verification 67% complete.Verification 67% complete.Verification 68% complete.Verification 68% complete.Verification 68% complete.Verification 69% complete.Verification 69% complete.Verification 69% complete.Verification 70% complete.Verification 70% complete.Verification 71% complete.Verification 71% complete.Verification 71% complete.Verification 72% complete.Verification 72% complete.Verification 72% complete.Verification 73% complete.Verification 73% complete.Verification 73% complete.Verification 74% complete.Verification 74% complete.Verification 74% complete.Verification 75% complete.Verification 75% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 77% complete.Verification 77% complete.Verification 78% complete.Verification 78% complete.Verification 78% complete.Verification 79% complete.Verification 79% complete.Verification 79% complete.Verification 80% complete.Verification 80% complete.Verification 80% complete.Verification 81% complete.Verification 81% complete.Verification 81% complete.Verification 82% complete.Verification 82% complete.Verification 82% complete.Verification 83% complete.Verification 83% complete.Verification 83% complete.Verification 84% complete.Verification 84% complete.Verification 84% complete.Verification 85% complete.Verification 85% complete.Verification 85% complete.Verification 86% complete.Verification 86% complete.Verification 86% complete.Verification 87% complete.Verification 87% complete.Verification 87% complete.Verification 88% complete.Verification 88% complete.Verification 89% complete.Verification 89% complete.Verification 89% complete.Verification 90% complete.Verification 90% complete.Verification 90% complete.Verification 91% complete.Verification 91% complete.Verification 91% complete.Verification 92% complete.Verification 92% complete.Verification 92% complete.Verification 93% complete.Verification 93% complete.Verification 93% complete.Verification 94% complete.Verification 94% complete.Verification 94% complete.Verification 95% complete.Verification 95% complete.Verification 95% complete.Verification 96% complete.Verification 96% complete.Verification 96% complete.Verification 97% complete.Verification 97% complete.Verification 97% complete.Verification 98% complete.Verification 98% complete.Verification 98% complete.Verification 99% complete.Verification 99% complete.Verification 99% complete.Verification 100% complete.


Windows Resource Protection found corrupt files but was unable to fix some

of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For

example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not

supported in offline servicing scenarios.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 19:43:59 ====
 
Hey, Just to let you know, as of tomorrow morning, I'm going wild camping, therefore I won't have access to my laptop until Wednesday.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top