Jump to content

Search the Community

Showing results for tags 'slow'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 28 results

  1. Hello, post #1 for me. I'm desperate, but also very happy to have found this forum from online searching. And "big" OMG, thank you to the original post. I have the exact same symptom as described there including the screens freezing/stuttering, network freezing/stuttering. And my symptom started ONLY AFTER i took in Windows 1909 updates on Apr 17, 2020 Friday. I've been racking my brains since then, mostly living with this CRAZY stuttering, freezing behaviors while working from home during this crazy time we are all in. Due to work craziness, i couldn't spend time with any isolation's until now, came down to NordVPN and Malwarebytes. I disabled both. And behavior totally went away for over 2 days. And today decided to pick Malwarebytes and started it. And sure enough, symptoms ALL CAME BACK. At this point i wasn't sure what i can do since I NEED MALWAREBYTES to run next to the Windows Security. There was reason why i ditched McAfee two years ago (after being with them for over 5 years) to go to Malwarebytes to protect all my home systems, Windows and Mac devices. After reading this thread i have immediately disabled Web Protection also, and so far after few hours, symptoms have not returned. But now i'm without the protections that this feature provides. Meantime i will try the following workaround, thank you! Please Malwarebytes, please have this issue fixed. What can i do to help also?
  2. Hi, I'm not sure if this is correct place to post. I bought this laptop computer in 2016, but didn't start using it regularly until 2019/2020. In 2019 from about April until July, I used it for a part-time work-from-home survey job. Then, early this year I started using it exclusively when Windows 7 became obsolete. The laptop runs slow, and this isn't something that started after an update. It just seems to keep getting slower. Sometimes it seems particularly slow when using the internet or specific websites (like FaceBook, etc). Btw, I usually use MS Edge browser. Rarely do I use the Chrome browser. When I had that survey job last year, I had to use Firefox, which has since been deleted from this computer. Other times, the computer is slow in opening apps or files...or even slow to open task manager when I hit 'CTRL' + 'ALT' + 'DELETE'. I know there are a lot of MS apps on my computer that I don't even use. Not sure if they have anything to do with it. And, I don't know for sure how to ensure my non-MS apps are up-to-date. I used to use Avast (not premium, just free), and it would notify me if an app was out-of-date. My previous laptop with the Windows 7 (and way less storage, etc) ran much faster. Could you either help me figure this out, or send me to a more appropriate forum/website? And after this issue is resolved, are there guidelines for Windows 10 settings? Thank you, Julie
  3. Also have exactly the same issue here aswell.
  4. Just wanted to say thanks for posting here on this subject. I started having the same stuttering problem, starting getting the same problem from various clients, took a week or so to pin it down. Went to the web to see if anyone else was having this problem and found this exactly as you describe. I hope it gets resolved soon. I've had to turn this module off on over a hundred installations over several clients - VERY annoying. Interestingly most of my clients are using PCs on Windows Server active directory domains. I haven't heard any complaints nor experienced any problem on any non-domain PC. Might just be a coincidence, but just thought I'd mention it. Thanks again.
  5. I am experiencing what I believe is the same or a similar problem - Malwarebytes Pro Web Protection interferes with Internet traffic. Example, Youtube.com pages load very slowly; videos take minutes to start and then stutter. Another example is pinging google.com, which times out. If I disable Web Protection, the problems disappear. Youtube pages load immediately and videos play immediately with no stuttering. Also, see the ping results below. The first ping command was executed with Web Protection enabled; the second, with Web Protection disabled. (In case it's useful information, the ping google.com command succeeds with Web Protection enabled if I force IPv4, i.e., ping google.com -4.) I have the same experience on all four of my Windows 10 computers. Two are recent, clean installs. Two are connected via 1Gbps cable, the other two wireless. I am running Norton Security in parallel with Malwarebytes - and have been for years, with never a problem until recently. Please help! Microsoft Windows [Version 10.0.18363.815] (c) 2019 Microsoft Corporation. All rights reserved. Malwarebytes Web Protection enabled: C:\Users\ellis>ping google.com Pinging google.com [2607:f8b0:400f:801::200e] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 2607:f8b0:400f:801::200e: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Malwarebytes Web Protection disabled: C:\Users\ellis>ping google.com Pinging google.com [2607:f8b0:400f:801::200e] with 32 bytes of data: Reply from 2607:f8b0:400f:801::200e: time=12ms Reply from 2607:f8b0:400f:801::200e: time=9ms Reply from 2607:f8b0:400f:801::200e: time=8ms Reply from 2607:f8b0:400f:801::200e: time=9ms Ping statistics for 2607:f8b0:400f:801::200e: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 8ms, Maximum = 12ms, Average = 9ms
  6. I just opened ticket 3029068 because I've been noticing the same issue with DNS lately, but didn't realize it was MalwareBytes related until I tracked down the separate IPv6 ICMP issue. I also have Web Protection disabled to keep that working, but I still randomly have encountered times where DNS just stops resolving. Trying to ping google.com just doesn't return anything and hangs. Not that it can't be found, and not that it times out, just hangs waiting. Closing Malwarebytes from the Notification Area allows the resolution to complete immediately and starting Malwarebytes back up keeps resolution going for now. I am using OpenDNS for my DNS Provider if that makes any difference. I attached support logs to my ticket.
  7. Hello, I made an account to share and report my experiences with the software as it has impacted my ability to use my computer. The events started occurring in March up until early/mid April (that's when i decided to close the program indefinitely.) At first i believed the issue was my video card because my computer froze after viewing a stream online or dropped frames (playing online only). The issue happened frequently once in a day of use. And it really bothered me. I started having my suspicions after questioning why the screen stuttered (low frames) while trying to play an online game but there was no stutters or dropped frames playing offline. and because malwarebytes is always guarding my internet connection i decided to make it my target or experiment (i rarely install apps that run in the background). So ever since i closed malwarebytes i no longer had this repeated issue where my screen freezes which forces me manually shutdown. I'm confident that the program is causing this and i don't know what the issue is or if there is a fix.... the alternative solution for me was to reinstall the GPU driver card...but it got tedious. Eventually i kept malwarebytes closed.
  8. I am experiencing stuttering and lag in my PC and I think it is due to heavy RAM usage. I have 8GB of RAM; however, even keeping firefox and steam open leads to 60% usage. I tried doing a zombie handles test and there were a lot of zombie handle processes; however, I do not know how to remove these.
  9. Hi, I've been a fan of Malwarebytes since I was a student and helped people fix their slow PCs, often riddled with malware and PUPs/toolbars. As an ad-hoc scanner/cleaner there was no better option. So I'd always have a portable version with the latest definitions with me on my (write protected) USB-stick with malware removal tools. At some point I earned a life-time license and started using MWB as real-time malware/virus protection (together with Windows Defender). I thought it would be only fair to explain why I have now decided to uninstall it. It's also to underwrite the issues several others have recently posted about. These issues might be more widespread than currently visible. They're not easy to diagnose for regular users, because it's often other apps like your browser that display the issue. In recent year, every now and then new (major) releases led to issues ranging from annoying to rather serious. From slow browsing to entirely crippling performance and overall system instability. As an IT guy, I'm lucky I can troubleshoot and fix most issues myself. If I would be a regular home user, I think I'd lost my patience a lot earlier. The most recent issues I encountered are: Resolving host... in Chrome took literally ages. Also other DNS operations would time out or take very long. A reboot would temporarily fix it. Seemed to creep in over (up)time, possibly related to the daily quick scan. After a longer uptime not a single application would start anymore or take very very long to do so. (I often use sleep instead of a shutdown, only rebooting to update or fix issues) possibly a memory leak as hard faults / interrupts and mem usage were strangely high. The event viewer would be full of errors about permissions (apps trying to instantiate storage folders; so file system rights & DCOM application specific local activation permissions) Every few boots OneDrive would fail to start and access online files properly. Retrying/starting OneDrive never helped; only a reboot could solve it, but it was a lottery. Updating MWB indicated to take forever. It kept showing the spinning circle "installing updates". The first time I minimised the the UI to tray to continue browsing while waiting. Opening the UI again was no longer possible. A reboot resolved it and the update appeared to be successful. The next time it happened I did not close the UI but lost patience after at least half an hour of spinning wheel action. After the reboot all seemed fine again, logs and file update timestamps showed the update had already finished long before I had rebooted. I recently performed a clean install using the support tool to fix issues 1 and 2. While it looked like it fixed the DNS issues, I could not test long enough to be sure. The reason was that issue 2 popped up again and I was truly fed up by now. This is when I decided to uninstall Malwarebytes and use Defender instead. I've hardened it to be a bit more strict (using MAPS with cloud protection set to high and block at first sight enabled). Recent real-life* tests on eg. AV-comparatives show that even with default settings its defence is rather good nowadays. Even scoring higher than Malwarebytes. I'm using Windows 10 Pro N on version 1909 which was cleanly installed in August. All drivers and apps are kept up-to-date. I was not on a VPN and not part of a domain group. This is my home PC. The only tweak in MWB I did was turning off the forced registration in security centre (to keep Windows Defender on). In conclusion. Until you resolve the stability/reliability issues and provide a noticeable improvement over what comes for free with Windows 10, I'm not reinstalling Malwarebytes. *: They use real-life attack vectors like network shares/email attachments/website urls hosting the malware instead of a flat test that simply runs malware executables already on the local fs. I know the default answer about your behaviour detection being bypassed by the way they test. In my opinion it's no longer true they defeat this behaviour based security layer. They mimic a user visiting websites referring to malware (not the direct download URL) and opening emails.
  10. Wow yes same here! CPU usage was constantly like 10%. The I reboot it is ok for about 5 min. The audio stutters start happening again and cpu usage seems to start to rise. I used altency monitory and it was constantly at 11,000+ us then I close out malware bytes and immediately it goes to 56us in latency. Oh man. I am sorry, but I haev tos top using malware bytes until this is fixed (I have the premium version if that makes a difference). mbst-grab-results.zip
  11. I just created an account because I have been plagued with the exact same issue for about a month now. I even formatted my whole pc last night in the hope it would go away. When using qbittorrent with malwarebytes, at some point the computer becomes unusable (stutter/lag). I have to either close MWB or qbit for the problem to go away.
  12. Hi, Just created an account to reply to this thread. I've been experiencing the exact same thing. It first started with the "resolving host..." DNS issue that's also been referenced in another thread here. A few days ago, this started happening. I first noticed my mouse was acting sluggish and stuttering. Then I noticed my display driver failing, YouTube videos being unplayable and nothing except a reboot could fix it. Reading the thread about the resolving host issue, I also decided to disable Web Protection, and to my surprise it also fixed my stuttering issue. I've had a stable system for more than 24h now, previously I couldn't go more than 2h without the need to restart. Attaching logs as well. mbst-grab-results.zip
  13. I am having the exact same issue. I have tried everything - resolving host issues across browsers - Chrome, Firefox, Safari. Uninstalled browsers, cleared cache, ran MalwareBytes, changed DNS to Google DNS (which worked until I rebooted). Rebooting helps. It’s been happening for a month or 2. Has this been resolved?
  14. I think that I have a malware that makes the internet of my pc go way slower than usual, i've tried everything, anti-viruses, anti-malware but it keeps with the same mbps (locked at 200 mbps when in my phone it is 654) if someone knows how to solve this please tell me
  15. Hello, So I just bought malwarebytes premium recently and I think it may have taken over my admin rights (I've always been the admin and now I am told I dont have access) and be slowing down my computer. It also will not open on the PC. It just says it is already running. I also cannot open any other windows or the search bar. Any help would be appreciated! Thank you! Best, Shek
  16. I have brand new DELL computer. I've been using Google Chrome without a problem. Malwarebytes keeps popping up notification that free update should be installed. After I did it, Google Chrome is running very slow. And when I tried opening a PDF file, it would not open. And I keep getting this error message now (see attachment). I tried Microsoft Edge browser and that is working very quickly. I'm not a technical guy but can someone help me?
  17. Little preface here, I am currently using Brave Browser, not Chrome - posting here since it also uses the Chrome extensions. I've had similar issues on Opera before but seemingly not on Firefox. I understand if you are going to say that unless i'm using Chrome or Firefox you can't guarantee anything, but I'd like to put this out there so that future performance can improve on alternative browsers like Brave, Vivaldi, Opera etc. Issue: Extreme slow loading of websites that haven't at least been cached/visited recently. For example, clicking the link to take me to the Browser Guard section of the Malwarebytes forums took 79 seconds to load. Ok, I was counting in my head, not with a timer but when the loading time is +1 minute, a couple seconds either side don't really matter. With the Browser Guard disabled all loads quickly. Occasionally Brave will inform me that Browser Guard has stopped working or ran into an issue, and I can opt to restart it. On fiber optic internet here and while not the fastest in the world, it does a reasonable job. Any other information I can provide that would help you identify issues?
  18. Since the new update my computer have come slower than usual. Before update and restart. I programmed in Visual Studio Version 16.5.0 Preview 2.0. Now when I start the tool it take like 1 minute, then later when I code everything freeze and crash. This wasn't before this new update.
  19. This is a follow up to the thread in the Windows Support Forum (please see link embedded below). I can not get to the Malwarebytes Gui, so I do not have a threat log to attach and we were not able to get a log file (mbst-grab-results.zip) from the support tool. FRST has been run and I have the FRST.txt and Addition.txt files attached. Please note that FRST locks up at the "Scanning Other Areas..." Step My at Addition.txt FRST.txt
  20. Hello, I'm working on my parent's computer. Thought I could do a couple of scans to help them. Laptop was running slow, had .dll error popups all the time, computer/printer both had trouble with going offline, found privacy settings all messed up. I'm infected - What do I do now? By AdvancedSetup, January 9, 2009 in Windows Malware Removal Help & Support So, I just read the post (above) which states to not use file cleaners with .dll issues. Hope I haven't made this too complicated. Here is what I've done today: Ran CC Cleaner, Avast anti-virus, Malwarebytes, AdwCleaner and Farbar recovery tool. That's when I searched for help on the .dll popups that are still showing. Results from the Farbar recover tool are below. You help is very appreciated!! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019 Ran by RogerandCarolyn (administrator) on LAPTOP (SAMSUNG ELECTRONICS CO., LTD. 300E4C/300E5C/300E7C) (05-01-2020 17:39:47) Running from C:\Users\RogerandCarolyn\Downloads Loaded Profiles: UpdatusUser & RogerandCarolyn & Administrator (Available Profiles: UpdatusUser & RogerandCarolyn & Administrator) Platform: Windows 10 Home Version 1903 18362.535 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe (Creative Home) [File not signed] C:\Program Files (x86)\Creative Home\Hallmark Print Studio\Planner\PLNRnote.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe (Hewlett Packard -> HP Inc.) C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\RogerandCarolyn\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601928 2018-12-15] (Oracle America, Inc. -> Oracle Corporation) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION HKU\S-1-5-21-915191271-1565821320-4066514102-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [HP ENVY 4510 series (NET)] => C:\Program Files\HP\HP ENVY 4510 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-06] (Hewlett Packard -> HP Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-01-15] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switches-begin --flag-switches-end - (the data entry has 102 more characters). HKU\S-1-5-21-915191271-1565821320-4066514102-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [807936 2019-03-18] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-915191271-1565821320-4066514102-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-18] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-18] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-06-09] ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-05-29] ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk [2017-09-09] ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Print Studio\Planner\PLNRnote.exe (Creative Home) [File not signed] FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0229FE54-7F8A-4BC6-8537-3DA5534C0EE6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-19] (AVAST Software s.r.o. -> AVAST Software) Task: {09F2290E-D290-4D75-968A-A01D57EC7484} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor Corp -> Realtek Semiconductor) Task: {169A8CEA-644B-4105-8DC0-8912C1B116B9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1444144 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {20AC35B9-11EA-4A35-84C2-513D4DE19148} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {2F3E51CA-AC61-4F19-B47B-8B6BD8E9007E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {54674A86-B0C3-46F4-A94E-8F34D4E18DDB} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe Task: {54F80910-2D15-44F1-B969-89D3021B16C1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd) Task: {62FEA6D2-E391-48D0-B4FB-8C8B131ECBB8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation) Task: {73FDB1F2-1D92-442C-BB66-78A83C324646} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {7706032A-1383-4805-A3AE-E982C4F0FDED} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [1390472 2019-10-23] (AVAST Software s.r.o. -> AVAST Software) Task: {77442580-C398-4990-9B8C-2C290E12D2A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation) Task: {82094149-3D9B-4666-BAB6-9CECBAEF5B92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.) Task: {8D7F7842-6FD8-4608-9824-A15C770F3697} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd) Task: {A3DE6797-CD46-4EDB-94F5-D8639455F33E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {BF96A4F6-DAB9-4E14-9069-1049D93CF99E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {C009E4B1-C0A2-4E49-BF0F-9FFDFCE44373} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe [1659000 2019-07-25] (AVAST Software s.r.o. -> AVAST Software) Task: {D4511157-15F2-40FF-AF0E-F0CDD3D20B9E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems) Task: {D60D7324-82FF-4B34-B28F-FCED0F591001} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) Task: {E69ECF15-7D26-4E30-945F-D56A5A286DF7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-15] (Microsoft Corporation -> Microsoft Corporation) Task: {E8D9ACB5-F922-4BB3-9DBC-BA142B750476} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-02-11] (Google Inc -> Google Inc.) Task: {FCBBCA1C-EFA4-4C13-9F73-2042BB2B1042} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-02-11] (Google Inc -> Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{66474192-536a-496c-b883-07f40842719c}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{bffff08d-c055-465c-aa62-134bdd9f70fe}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-915191271-1565821320-4066514102-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-915191271-1565821320-4066514102-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://inebraska.com/ HKU\S-1-5-21-915191271-1565821320-4066514102-500\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-915191271-1565821320-4066514102-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-03-12] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2017-02-27] (Adobe Systems, Inc.) [File not signed] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-06] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-15] (Google LLC -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxps://outlook.live.com/owa/?path=/mail/inbox/rp","hxxps://www.facebook.com/","hxxps://www.facebook.com/melissa.dorpinghaus.1/media_set?set=a.10205317837064033.1073741840.1791145513&type=3" CHR DefaultSearchURL: Default -> hxxps://www.searchsecurepro.co/search.php?type=search&id=MTI4NzU&q={searchTerms} CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://auto.searchsecurepro.co/autocomplete.js?omni=true&appId=MTI4NzU&q={searchTerms} CHR Notifications: Default -> hxxps://justforchill.com; hxxps://search.hgetrecipes.com; hxxps://www.facebook.com; hxxps://www.yumrecipefinder.com CHR Profile: C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default [2020-01-05] CHR Extension: (Slides) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Web) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhckedkghbciendefbknenmokkgcnfa [2019-11-28] CHR Extension: (Docs) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-11] CHR Extension: (YouTube) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-11] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-10-22] CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-12-25] CHR Extension: (Sheets) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21] CHR Extension: (Avast Online Security) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-12-21] CHR Extension: (CouponViewer Add-On) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpabcakadbfmhiinljgodpkdeolfchlo [2019-10-01] CHR Extension: (Classic Blue) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdifmgkofhcnndinbbdbaplplnmdalnc [2019-08-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04] CHR Extension: (Gmail) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01] CHR Extension: (Chrome Media Router) - C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-13] CHR Profile: C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-01-05] CHR Profile: C:\Users\RogerandCarolyn\AppData\Local\Google\Chrome\User Data\System Profile [2020-01-05] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-20] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [417536 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [10287216 2019-07-25] (AVAST Software s.r.o. -> AVAST Software) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-11-28] (Microsoft Corporation -> Microsoft Corporation) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2020-01-05] (Malwarebytes Inc -> Malwarebytes) R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [6828424 2019-10-23] (AVAST Software s.r.o. -> AVAST Software) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-23] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-23] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-03] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-05] (AVAST Software s.r.o. -> AVAST Software) R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552848 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-04] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-04] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2018-01-20] (AVAST Software s.r.o. -> The OpenVPN Project) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-03] (AVAST Software s.r.o. -> AVAST Software) R3 athr; C:\WINDOWS\System32\drivers\athwnx.sys [4233728 2019-03-18] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.) R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [216544 2020-01-05] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2020-01-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [278344 2020-01-05] (Malwarebytes Inc -> Malwarebytes) R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Samsung Electronics CO., LTD. -> Windows (R) Win 7 DDK provider) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek ) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-23] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-23] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-05 17:29 - 2020-01-05 17:29 - 002272256 _____ (Farbar) C:\Users\RogerandCarolyn\Downloads\FRST64 (1).exe 2020-01-05 17:26 - 2020-01-05 17:26 - 000000000 ___HD C:\OneDriveTemp 2020-01-05 17:22 - 2020-01-05 17:22 - 000278344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2020-01-05 17:22 - 2020-01-05 17:22 - 000216544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2020-01-05 17:02 - 2020-01-05 17:04 - 008237744 _____ (Malwarebytes) C:\Users\RogerandCarolyn\Downloads\adwcleaner_8.0.1.exe 2020-01-05 16:53 - 2020-01-05 16:53 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\cache 2020-01-05 16:48 - 2020-01-05 16:48 - 001883976 _____ (Malwarebytes) C:\Users\RogerandCarolyn\Downloads\MBSetup.exe 2020-01-04 08:26 - 2020-01-04 08:26 - 000080475 _____ C:\Users\RogerandCarolyn\Documents\Merry Christmas and Happy 2020.pdf 2019-12-16 05:24 - 2019-12-16 05:24 - 000093629 _____ C:\Users\RogerandCarolyn\Downloads\Pics.zip 2019-12-15 17:16 - 2019-12-15 17:16 - 025443840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 005914112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 002494432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 001098928 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2019-12-15 17:16 - 2019-12-15 17:16 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 009927992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 007754240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 006516648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 006083832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 005943296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 002762296 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 002698768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 002082208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001743888 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001664904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001647072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001413840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001399312 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 001261464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 001054864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000842552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000822416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 000797112 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000774456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 000674280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 000673456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2019-12-15 17:15 - 2019-12-15 17:15 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000593128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000511000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000406480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 000210744 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000097080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000032056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2019-12-15 17:15 - 2019-12-15 17:15 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2019-12-15 17:15 - 2019-12-15 17:15 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 007905000 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 007278592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 007263992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 002284544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 001757304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2019-12-15 17:14 - 2019-12-15 17:14 - 001748480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 001656600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 001512528 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 001366128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2019-12-15 17:14 - 2019-12-15 17:14 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 001149712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 001066496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 001006904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000986936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000598016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000530944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000524264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000422712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys 2019-12-15 17:14 - 2019-12-15 17:14 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000127272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe 2019-12-15 17:14 - 2019-12-15 17:14 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000067112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevQueryBroker.dll 2019-12-15 17:14 - 2019-12-15 17:14 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-05 17:41 - 2019-10-28 11:54 - 000026134 _____ C:\Users\RogerandCarolyn\Downloads\FRST.txt 2020-01-05 17:40 - 2019-10-28 11:53 - 000000000 ____D C:\FRST 2020-01-05 17:33 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-01-05 17:27 - 2018-06-27 12:01 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\AVAST Software 2020-01-05 17:26 - 2016-02-06 15:02 - 000000000 ___RD C:\Users\RogerandCarolyn\OneDrive 2020-01-05 17:24 - 2019-11-11 06:57 - 000000000 ____D C:\Users\UpdatusUser 2020-01-05 17:24 - 2019-11-11 06:57 - 000000000 ____D C:\Users\Administrator 2020-01-05 17:22 - 2019-11-11 07:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2020-01-05 17:21 - 2019-03-18 22:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2020-01-05 17:19 - 2015-03-29 17:30 - 000000000 ____D C:\Users\RogerandCarolyn\Desktop\PC Fixes (Julie) 2020-01-05 17:07 - 2014-10-16 18:41 - 000000000 ____D C:\AdwCleaner 2020-01-05 17:01 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-01-05 16:51 - 2019-08-04 16:15 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-01-05 16:51 - 2019-08-04 16:15 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2020-01-05 16:50 - 2019-08-04 16:15 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2020-01-05 16:50 - 2019-08-04 16:15 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2020-01-05 16:48 - 2018-01-30 07:50 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\Packages 2020-01-05 16:09 - 2019-08-04 17:24 - 000000000 ____D C:\Users\RogerandCarolyn\Documents\Computer Maintenance 2020-01-05 16:08 - 2019-03-18 22:50 - 000000000 ____D C:\WINDOWS\INF 2020-01-05 15:56 - 2019-03-18 22:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-01-04 08:30 - 2018-08-04 12:54 - 000000000 ____D C:\Users\RogerandCarolyn\Documents\Outlook Files 2019-12-31 06:08 - 2019-11-11 07:25 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2019-12-29 09:51 - 2019-11-11 07:26 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-915191271-1565821320-4066514102-1002 2019-12-29 09:51 - 2019-11-11 07:25 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2019-12-29 09:51 - 2019-11-11 07:25 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2019-12-29 09:51 - 2019-11-11 07:25 - 000003194 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2019-12-29 09:51 - 2019-11-11 07:25 - 000003124 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2019-12-29 09:51 - 2019-11-11 07:25 - 000002236 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC 2019-12-29 09:51 - 2019-11-11 07:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software 2019-12-29 09:39 - 2019-11-11 06:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2019-12-23 06:17 - 2017-04-05 13:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-12-23 06:13 - 2018-04-04 03:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2019-12-21 05:42 - 2019-11-11 06:57 - 000000000 ____D C:\Users\RogerandCarolyn 2019-12-18 06:53 - 2017-02-11 12:01 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-12-17 09:41 - 2018-08-04 12:54 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\F8CC88CE-444A-405B-B5DC-FF6B9FD95DFF.aplzod 2019-12-17 07:50 - 2017-03-26 01:09 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\ElevatedDiagnostics 2019-12-17 07:12 - 2018-02-10 14:05 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\PlaceholderTileLogoFolder 2019-12-15 17:41 - 2019-10-28 11:44 - 000000000 ___DC C:\WINDOWS\Panther 2019-12-15 17:41 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2019-12-15 17:41 - 2018-06-27 13:34 - 000000000 ____D C:\Users\RogerandCarolyn\AppData\Local\CrashDumps 2019-12-15 17:39 - 2019-11-11 07:09 - 000840852 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2019-12-15 17:36 - 2013-01-16 19:24 - 000000000 __RHD C:\Users\Public\AccountPictures 2019-12-15 17:35 - 2016-03-18 08:43 - 000000000 ___RD C:\Users\RogerandCarolyn\3D Objects 2019-12-15 17:32 - 2019-11-11 06:47 - 000537440 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2019-12-15 17:29 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\SystemResources 2019-12-15 17:29 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\ShellExperiences 2019-12-15 17:29 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\bcastdvr 2019-12-15 17:28 - 2017-04-05 16:08 - 000000000 ____D C:\WINDOWS\system32\MRT 2019-12-15 17:24 - 2017-04-05 16:07 - 129221664 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2019-12-15 17:23 - 2019-03-18 22:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2019-12-15 16:14 - 2019-03-18 22:52 - 000000000 ____D C:\WINDOWS\system32\NDF 2019-12-15 16:07 - 2017-02-11 14:22 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2019-12-15 15:20 - 2019-11-11 07:25 - 000004294 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update ==================== Files in the root of some directories ======== 2018-06-27 13:06 - 2018-06-27 13:06 - 000007628 _____ () C:\Users\RogerandCarolyn\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== ------------------------------------------------------------------------------------------------------------------------------------------------------ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019 Ran by RogerandCarolyn (05-01-2020 17:43:32) Running from C:\Users\RogerandCarolyn\Downloads Windows 10 Home Version 1903 18362.535 (X64) (2019-11-11 13:27:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-915191271-1565821320-4066514102-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-915191271-1565821320-4066514102-503 - Limited - Disabled) Guest (S-1-5-21-915191271-1565821320-4066514102-501 - Limited - Disabled) RogerandCarolyn (S-1-5-21-915191271-1565821320-4066514102-1002 - Administrator - Enabled) => C:\Users\RogerandCarolyn UpdatusUser (S-1-5-21-915191271-1565821320-4066514102-1001 - Limited - Enabled) => C:\Users\UpdatusUser WDAGUtilityAccount (S-1-5-21-915191271-1565821320-4066514102-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\{52B66F1A-E977-41EE-8359-3C4040BE72F5}) (Version: 12.2.8.198 - Adobe Systems, Inc) Apple Application Support (32-bit) (HKLM-x32\...\{5A659BE5-849B-484E-A83B-DCB78407F3A4}) (Version: 7.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{F8060941-C0AB-4BCE-88AC-F2FDA2E9F286}) (Version: 7.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 19.1.7734 - AVAST Software) Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software) Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.2.429 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform) ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden Hallmark Print Studio (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.1.10 - Creative Home) HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP) HP ENVY 4510 series Basic Device Software (HKLM\...\{2B054C3F-C753-47D8-A5CA-D92AC5D455EB}) (Version: 40.11.1122.1796 - HP Inc.) HP ENVY 4510 series Help (HKLM-x32\...\{CB5C9CB2-B471-42CC-93E6-D0E15021D5C2}) (Version: 36.0.0 - Hewlett Packard) HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP) iCloud (HKLM\...\{05D97028-FD26-4A3D-BADC-D1CA2E9F1214}) (Version: 7.10.0.9 - Apple Inc.) Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation) Java 8 Update 201 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180201F0}) (Version: 8.0.2010.9 - Oracle Corporation) Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-915191271-1565821320-4066514102-1002\...\OneDriveSetup.exe) (Version: 19.192.0926.0012 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden Packages: ========= Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.18.0_neutral__d55gg7py3s0m0 [2019-10-23] (eyeo GmbH) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-18] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-06] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-06] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad] Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-12-16] (Microsoft Corporation) Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-22] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-01-15] (Apple Inc. -> Apple Inc.) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-03] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\RogerandCarolyn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d7a253f58d8885b1\Adblock Plus - free ad blocker.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=cfhdojbkjhnklbpkdaibdccddilifddb ==================== Loaded Modules (Whitelisted) ============= 2018-06-09 11:07 - 2016-09-12 14:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll 2019-03-24 06:24 - 2018-09-05 20:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-02-03 19:25 - 2019-01-04 12:06 - 000000833 _____ C:\WINDOWS\system32\drivers\etc\hosts 2017-11-24 07:57 - 2017-11-24 08:02 - 000000436 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\ HKU\S-1-5-21-915191271-1565821320-4066514102-1001\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-915191271-1565821320-4066514102-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\RogerandCarolyn\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win7 ltblue 1920x1200.jpg HKU\S-1-5-21-915191271-1565821320-4066514102-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B85FB4F1-652C-4F51-BC88-906444C1B106}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2FC7D647-01ED-459A-99CD-232F4B8092B4}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software) FirewallRules: [{0E52EBE8-CF58-4ECB-96EA-BF3FB3C8B2CA}] => (Allow) C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe (AVAST Software s.r.o. -> AVAST Software) FirewallRules: [{A74FB5AF-1697-42E8-A9B4-72FAF368CC69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F39B3152-559E-41A2-A457-7D30288BE67C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{32B9E7A8-A7D4-4694-9261-43B1291FAFC2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{5CDCF021-BE3C-40E3-AF16-5122300471E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C1268FE7-A3B6-41FF-8D8D-124CBFBE9A8C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DC9ABA8A-8F06-4868-8519-4C114298CCE7}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{40D6534E-5B8C-4E5B-87D0-65840E8C371E}] => (Allow) LPort=5357 FirewallRules: [{D26D81C3-C41C-40CA-B327-8281965DC3B2}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.) FirewallRules: [{EAB14282-B89B-4BFD-9BCF-96B0DDCCDE8A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 13-12-2019 09:32:41 Scheduled Checkpoint 15-12-2019 16:46:43 Removed HP Dropbox Plugin 23-12-2019 07:38:11 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (01/05/2020 05:43:36 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (3504,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/05/2020 05:27:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AUDIODG.EXE, version: 10.0.18362.449, time stamp: 0xd42474b6 Faulting module name: RltkAPO64.dll, version: 11.0.6000.434, time stamp: 0x5588e2ea Exception code: 0xc0000005 Fault offset: 0x000000000019f64b Faulting process id: 0xaf0 Faulting application start time: 0x01d5c41f03424ae8 Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE Faulting module path: C:\WINDOWS\system32\RltkAPO64.dll Report Id: 28891c56-6d86-4ebd-9068-7f20283dbe3d Faulting package full name: Faulting package-relative application ID: Error: (01/05/2020 05:10:19 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (5172,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/05/2020 05:01:11 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (8912,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. Error: (01/05/2020 04:25:31 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY) Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 28144 and the required size was 33408. Error: (01/05/2020 04:00:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.18362.1, time stamp: 0xceb8cbe1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000409 Fault offset: 0x0000000000000204 Faulting process id: 0x23a4 Faulting application start time: 0x01d5c4137559b351 Faulting application path: C:\Windows\System32\MicrosoftEdgeCP.exe Faulting module path: unknown Report Id: cbf7c28b-843a-460d-83f9-418cab5a1f61 Faulting package full name: Microsoft.MicrosoftEdge_44.18362.449.0_neutral__8wekyb3d8bbwe Faulting package-relative application ID: MicrosoftEdge Error: (01/05/2020 03:41:51 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname Laptop.local already in use; will try Laptop-2.local instead Error: (01/05/2020 03:41:51 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 Laptop.local. AAAA FE80:0000:0000:0000:6C2D:A807:C972:C9D0 System errors: ============= Error: (01/05/2020 05:28:24 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240017: Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.307.1778.0). Error: (01/05/2020 05:21:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/05/2020 05:21:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/05/2020 05:21:19 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (01/05/2020 05:21:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Update Orchestrator Service service hung on starting. Error: (01/05/2020 05:21:02 PM) (Source: DCOM) (EventID: 10010) (User: Laptop) Description: The server {8ED5875F-5DC0-11E4-B843-005056C00008} did not register with DCOM within the required timeout. Error: (01/05/2020 05:21:02 PM) (Source: DCOM) (EventID: 10010) (User: Laptop) Description: The server {8ED58760-5DC0-11E4-8336-005056C00008} did not register with DCOM within the required timeout. Error: (01/05/2020 05:12:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CleanupPSvc service. Windows Defender: =================================== Date: 2020-01-02 08:22:42.325 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {7F0F726A-B4E5-46A6-AA8E-B02A0F6B94FA} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-12-29 07:25:15.491 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.307.1352.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16600.7 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2020-01-05 17:39:00.384 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:39:00.378 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:38:57.249 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:38:57.235 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:33:39.132 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:33:39.061 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:33:37.417 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements. Date: 2020-01-05 17:33:37.410 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Phoenix Technologies Ltd. P09RAP 11/01/2013 Motherboard: SAMSUNG ELECTRONICS CO., LTD. NP300E5C-A06US Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz Percentage of memory in use: 64% Total physical RAM: 3795.54 MB Available physical RAM: 1333.53 MB Total Virtual: 5011.54 MB Available Virtual: 2547.33 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:272.54 GB) (Free:227.84 GB) NTFS \\?\Volume{d56f1b01-047a-4f3c-9a45-8a1882843cc6}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS \\?\Volume{8e1dffc5-821a-4ebc-bcc5-4ba3091fc763}\ () (Fixed) (Total:0.49 GB) (Free:0.03 GB) NTFS \\?\Volume{51cb7d1c-3d4c-4c1b-b9f0-972755c35fe9}\ (SAMSUNG_REC2) (Fixed) (Total:23.15 GB) (Free:1.1 GB) NTFS \\?\Volume{347b6fb9-62bc-4bd7-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.27 GB) FAT32 \\?\Volume{d68c5adc-790b-48a8-8648-2585bfbbb17e}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.24 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 467FC636) Partition: GPT. ==================== End of Addition.txt =======================
  21. Running Malwarebytes Premium 4.04 on Windows 10 Pro (64 bit - 10.0.17763.914) and I can not get the Malwarebytes GUI to display. The trayicon is present and selecting "open Malwarebytes" does not open the GUI but the trayicon option changes to "Hide Malwarebytes". In addition to not being able to open the GUI, everything is incredibly slow (can take minutes to load a webpage that normally takes less than a second).
  22. I experienced a dramatic slow down of my Windows 10 PC about 5 months ago, and I did everything I could think of to figure out what the problem was - deleted all extraneous programs, etc., etc. I would hate to know the hours I wasted, and I admit that I'm far from a techie. My computer was running at about 5% of its normal speed, and it was so dramatic that I was looking at new machines. Then Malwarebytes made an update about 11-25-19, and magically my problem disappeared. I was very happy, but also a little angry that Malwarebytes let this bug go on for so long. I am running Malwarebytes Premium, and it will be the first thing I disable the next time if the problem ever recurs. I couldn't have been the only one living with this conflict, and I think Malwarebytes owes it to it customers to avoid such extended problems in the future. 😖
  23. Hi, I installed the Malwarebytes Browser Extension into the Brave Browser (Chrome-based) as an alternative to the Kaspersky extension as the latter only supports Chrome and Firefox. Yours is an excellent product that more than fills the gap so well done! That said, it often runs really, really slowly in Brave and the difference in page load time is 10-30 seconds depending on whether or not the extension is disabled (turning it off in its own settings page makes no difference): - On 17 July, I ran a ping test and it initially doubled ping time, slowed downloads by 15% and uploads by 10%, compared to running the same test immediately after with the extension disabled. - On 31 July I did some online banking and enabled the extension but pages took 30 seconds to load with a message in the bottom corner saying that the browser was waiting for Malwarebytes. - Today it is adding 10 seconds to download times. In the attached video you can see me enable the extension and go to Sky.com - about a 10 second delay. I then disable the extension and go to another national broadcaster (itv.com) and it connects almost instantly. I'd love you to get this fixed as it will give you a real advantage over Kaspersky and plug a security gap in the otherwise brilliant Brave browser. Brave Malwarebytes.mp4
  24. Hello, as described on the "I'm infected" topic (https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/) I did all the indications, I now need help to know what to do please. The laptop has been very slow for a long time but I want to clear everything now, basically when I make an analysis with malwarebytes or kaspersky antivirus or any softwares of this kind it doesn't find anything, but I see it: the pc is very very slow and isn't too old, on top of that it has great components (nvidia 740m, intel core i7 etc...) that's why after doing some research on the subject I think it's a rootkit. Using hitman pro too, on a random automatic daily analysis it has managed to found a threat, that I couldn't delete, that neither malwarebytes nor kaspersky found afterwards. Please help, the files asked for in the topic should be uploaded, thank you for your attention I hope the problem can be solved, thank you again. Addition.txt FRST.txt Malwarebytes.txt
  25. Hi comrades, My laptop is running real slow, occasionally shuts down like the power supply turned off, I tried running some virus/malware tools but a pop up came saying failed to update, or could not load! I used to try stream free sports on websites that probably infected my laptop. i'm a novice - please instruct what do i need to do to get help analyse my computer for virus, malware and processes slowing me down Thanks
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.