HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [AppMaster] => C:\Users\Dianna\AppData\Roaming\AppMaster\AppMaster.exe update force://update?from=startup
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\MountPoints2: {bf103378-4390-11e6-8254-806e6f6e6963} - "D:\start.exe" 
Task: {05DDB7F6-46B9-4976-8658-A8CE78BA34BB} - \WPD\SqmUpload_S-1-5-21-3029253240-1863324081-1530500289-1001 -> No File <==== ATTENTION
Task: {140EF7E4-254D-4E10-8B6A-B72A2A6B09D0} - \WPD\SqmUpload_S-1-5-21-3029253240-1863324081-1530500289-500 -> No File <==== ATTENTION
Task: {1BAFA537-9C00-43B3-94C6-B4AFD4DB08AE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {274AEE29-31B3-4F76-AA4D-3990D253A904} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3D051068-CD65-4877-A443-73C924B14323} - System32\Tasks\UpdatePrt => C:\Users\Dianna\AppData\Roaming\AppMaster\AppMaster.exe
Task: {4D121318-C0C1-4667-A907-51C28516DFFE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4D940280-5529-4F01-B516-8A5D4A312D0B} - System32\Tasks\PowerEngagePatch => msiexec /p "C:\Program Files (x86)\PowerENGAGE\patches\PowerENGAGE-3.2.13-3.2.16.msp" /norestart /qn /quiet
Task: {56F35C57-2EFD-418B-A56D-4088B974CF72} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [31232 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {5AC5C2DE-D5F6-4326-BD51-8A339DC711FF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5D860CDC-90E4-4186-A8DB-A989AEA1A4C4} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {754FB253-97C8-470F-B66F-AA18716C8BCD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8201FA23-6DF8-46F5-BFB6-681C1C492303} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8A632A8B-C403-4ADA-8742-B940BC3D081D} - System32\Tasks\Update_Deepteep => C:\Users\Dianna\AppData\Roaming\AppSync\AppSync.exe
Task: {8DEEA504-3CAF-4D4F-80FA-427719FF3C41} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1} /quiet /qn
Task: {8DEEA504-3CAF-4D4F-80FA-427719FF3C41} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run
Task: {9D1F39E4-1E66-4646-B029-F3DFD42C377E} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {9DE57031-8C2F-4774-8EB0-AF8700F02411} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A54C1A85-69B1-4412-BCC0-238660297826} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A7EA39BA-1BD6-4837-9281-335F489C889D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A9D654BA-FA11-4F28-A7FB-35988C567902} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AE53F9C6-A122-4AB5-91CE-9E2B7EF5CE61} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B60E3BB2-DF0F-412C-977D-23422DD699F3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CB69F5EB-EE64-4E10-B28C-5716E9931534} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D147B2CC-27B1-45D0-803A-D35E184AB7DB} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {E31462E7-72EC-4DCA-9A91-AF2BE4676C7B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
R3 lxremotepcudehost; C:\WINDOWS\System32\Drivers\remotepcudehost.sys [41352 2019-06-26] (Pro Softnet Corp (IDrive, Inc.) -> Windows ® Win 7 DDK provider)
R3 RemotePCUDE; C:\WINDOWS\System32\drivers\RemotePCUDE.sys [37096 2019-06-26] (Microsoft Windows Hardware Compatibility Publisher -> )
C:\Users\Dianna\AppData\Roaming\AppMaster
C:\Users\Dianna\AppData\Roaming\AppSync
FirewallRules: [{7BE74942-9913-4F57-B7D4-F18FE1518EF7}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCService.exe No File
FirewallRules: [{C1A15B77-54BB-4A6C-9407-7C150CCBD290}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCService.exe No File
FirewallRules: [{16A2983E-1432-44D1-8139-D90BA2D4AF05}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCDesktop.exe No File
FirewallRules: [{27058CC9-CDD3-4603-9E68-3A4455B45C8E}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCDesktop.exe No File
FirewallRules: [{DFE635B2-9E58-4D39-879A-811E41E9F140}] => (Allow) C:\Program Files (x86)\RemotePC\RPCCoreViewer.exe No File
FirewallRules: [{E89E4C9B-6329-4D6B-874E-BFDCA8D96391}] => (Allow) C:\Program Files (x86)\RemotePC\RPCCoreViewer.exe No File
FirewallRules: [{C6EA247A-6D64-4625-AA0D-AC638F81D0C5}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCUI.exe No File
FirewallRules: [{CEE88332-824A-4CD0-AD22-B72B88A5650A}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCUI.exe No File
FirewallRules: [TCP Query User{42A899BF-A689-449D-8856-F59E92EB7714}C:\users\dianna\downloads\anydesk.exe] => (Allow) C:\users\dianna\downloads\anydesk.exe No File
FirewallRules: [UDP Query User{2683C70B-C46A-46ED-B3D9-402886A1987B}C:\users\dianna\downloads\anydesk.exe] => (Allow) C:\users\dianna\downloads\anydesk.exe No File
FirewallRules: [{3A9AC763-57F5-4027-B2F6-343DC1E0129D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{36DD1142-4271-42AB-8E83-41733D6553BF}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{F6325FC4-F537-4283-B9F8-F2AA973F4AD5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{ED22E650-9A44-4C1B-A5DA-073EB81666D7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{B972BC1D-9BB7-45C0-8347-CF85FB3BA177}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{A00546BB-C5A1-4250-8FDE-5B5304F44F52}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
CMD: Esentutl /r \Users\Dianna\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb 
CMD: Esentutl /p \Users\Dianna\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb 
CMD: Esentutl /r \Users\Dianna\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb
CMD: Esentutl /p \Users\Dianna\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb 
PowerENGAGE (HKLM-x32\...\{BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1}) (Version: 3.2.13 - Aviata, Inc.) Hidden
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: