Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Running cleanup, desktop crashed, lost most photos & docs, no luck

Started by kristi10 , Apr 07 2019 11:28 AM

Please log in to reply

#1
kristi10

Posted 07 April 2019 - 11:28 AM

Member

Member
117 posts

Greetings. I was running cleanup due to slow computer and deleted an old/unused program (ventrillo) and my desktop crashed and everything on it disappeared. No known infection. Restart didn't help. System restore returned icons to desktop but most photos(!!), docs, spreadsheets etc. in computer are gone. Kind of panicking over the photos. Assistance very much appreciated! Thanks, Kristi

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.03.2019
Ran by kristi1013 (administrator) on WEST-ASUSTWO (07-04-2019 13:13:06)
Running from C:\Users\kristi1013\Desktop
Loaded Profiles: kristi1013 (Available Profiles: kristi1013)
Platform: Windows 10 Home Version 1803 17134.648 (X64) Language: English (United States)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Third Party Application Component -> Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [GLSystray] => C:\Program Files (x86)\GLPCCamera\monitorpad.exe [69632 2010-04-27] () [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3941528 2016-05-20] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9209856 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1484288 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2015-03-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe [63272 2015-12-24] (ASUS Cloud Corporation -> )
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [260488 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2984122176-3770092282-1499748007-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8893360 2018-10-31] (Support.com, Inc. -> SUPERAntiSpyware)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\72.0.1174.121\Installer\chrmstp.exe [2019-03-09] (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2015-09-07]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast Cleanup Premium.lnk [2018-03-15]
ShortcutTarget: Avast Cleanup Premium.lnk -> C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\Users\kristi1013\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-09-23]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61 192.168.1.1
Tcpip\..\Interfaces\{c90ac31d-d84a-476b-9539-c6d15a87caf9}: [DhcpNameServer] 209.18.47.62 209.18.47.61 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2984122176-3770092282-1499748007-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.protopage.com/kristiwest
HKU\S-1-5-21-2984122176-3770092282-1499748007-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-2984122176-3770092282-1499748007-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2984122176-3770092282-1499748007-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxps://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2984122176-3770092282-1499748007-1002 -> hxxp://www.protopage.com/kristiwest

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-12] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-12] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-12] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-12] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-04-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2019-03-17] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2019-03-17] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-11-06] (ASUSTeK Computer Inc. -> )
S4 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6570352 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-17] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [360440 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-17] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\72.0.1174.121\elevation_service.exe [1070600 2019-03-06] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R2 CleanupPSvc; C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe [9874528 2019-01-19] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11082312 2019-03-28] (Microsoft Corporation -> Microsoft Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2159424 2018-03-05] (Electronic Arts, Inc. -> Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3028808 2018-03-05] (Electronic Arts, Inc. -> Electronic Arts)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [272360 1999-12-31] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [84504 1999-12-31] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R0 amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [24600 1999-12-31] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] (ASUSTeK Computer Inc. -> )
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] (ASUSTeK Computer Inc. -> )
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37320 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205608 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [254408 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [196304 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblog.sys [320904 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [58168 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-05] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [249152 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42496 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [169104 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88152 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1034640 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [476256 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [220632 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [380160 2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2019-03-31] (Malwarebytes Corporation -> Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c5dc31c3a136544a\nvlddmkm.sys [20746632 2019-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 1999-12-31] (Realtek Semiconductor Corp. -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [756680 1999-12-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [8009040 2017-12-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 usbfilter; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [65072 1999-12-31] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-07 13:13 - 2019-04-07 13:14 - 000020179 _____ C:\Users\kristi1013\Desktop\FRST.txt
2019-04-07 13:12 - 2019-04-07 13:13 - 000000000 ____D C:\FRST
2019-04-07 13:11 - 2019-04-07 13:11 - 002434048 _____ (Farbar) C:\Users\kristi1013\Desktop\FRST64.exe
2019-04-07 12:24 - 2019-03-17 21:30 - 000362888 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-04-07 12:22 - 2019-04-07 12:22 - 000508016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-03-31 16:56 - 2019-03-31 16:56 - 000002113 _____ C:\Users\Public\Desktop\H&R Block 2018.lnk
2019-03-31 16:55 - 2019-03-31 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2018
2019-03-31 16:55 - 2019-03-31 16:55 - 000000000 ____D C:\Program Files (x86)\HRBlock2018
2019-03-31 16:52 - 2019-03-31 16:53 - 049167576 _____ (HRB Technology, LLC.) C:\Users\kristi1013\Desktop\HRBlock_Deluxe+State.exe
2019-03-31 16:10 - 2019-03-17 02:42 - 000133616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2019-03-31 16:07 - 2019-04-07 12:18 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-03-31 16:04 - 2019-03-18 15:48 - 010320928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2019-03-31 16:04 - 2019-03-18 15:48 - 008786128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2019-03-31 16:04 - 2019-03-18 15:48 - 001168936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2019-03-31 16:04 - 2019-03-18 15:48 - 000914912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2019-03-31 16:04 - 2019-03-18 15:48 - 000794632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2019-03-31 16:04 - 2019-03-18 15:48 - 000638176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2019-03-31 16:04 - 2019-03-18 15:47 - 020107592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2019-03-31 16:04 - 2019-03-18 15:47 - 017433176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2019-03-31 16:04 - 2019-03-18 15:47 - 004303072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2019-03-31 16:04 - 2019-03-18 15:47 - 001462024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2019-03-31 16:04 - 2019-03-18 15:47 - 001145720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2019-03-31 16:04 - 2019-03-18 12:51 - 001007008 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2019-03-31 16:04 - 2019-03-18 12:51 - 001007008 _____ C:\WINDOWS\system32\vulkan-1.dll
2019-03-31 16:04 - 2019-03-18 12:51 - 000870304 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2019-03-31 16:04 - 2019-03-18 12:51 - 000870304 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2019-03-31 16:04 - 2019-03-18 12:51 - 000551896 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2019-03-31 16:04 - 2019-03-18 12:51 - 000456872 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2019-03-31 16:04 - 2019-03-18 12:51 - 000286624 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2019-03-31 16:04 - 2019-03-18 12:51 - 000286624 _____ C:\WINDOWS\system32\vulkaninfo.exe
2019-03-31 16:04 - 2019-03-18 12:51 - 000260512 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-03-31 16:04 - 2019-03-18 12:51 - 000260512 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2019-03-31 16:04 - 2019-03-18 12:50 - 005274560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2019-03-31 16:04 - 2019-03-18 12:50 - 002033032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2019-03-31 16:04 - 2019-03-18 12:50 - 001734536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441967.dll
2019-03-31 16:04 - 2019-03-18 12:50 - 001535744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2019-03-31 16:04 - 2019-03-18 12:50 - 001467648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441967.dll
2019-03-31 16:04 - 2019-03-18 12:50 - 001464712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2019-03-31 16:04 - 2019-03-18 12:50 - 001130376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2019-03-31 16:04 - 2019-03-18 12:50 - 000752336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2019-03-31 16:04 - 2019-03-18 12:50 - 000668456 _____ C:\WINDOWS\system32\nvofapi64.dll
2019-03-31 16:04 - 2019-03-18 12:50 - 000631040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2019-03-31 16:04 - 2019-03-18 12:50 - 000611720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2019-03-31 16:04 - 2019-03-18 12:50 - 000534728 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2019-03-31 16:04 - 2019-03-18 12:50 - 000522120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2019-03-31 16:04 - 2019-03-18 12:49 - 040421280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2019-03-31 16:04 - 2019-03-18 12:49 - 035268720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2019-03-31 16:04 - 2019-03-18 12:49 - 004625616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2019-03-31 15:40 - 2019-03-31 15:40 - 000253664 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-12 22:12 - 2019-03-03 12:54 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-12 22:12 - 2019-03-03 12:54 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-03-12 20:53 - 2019-03-06 11:37 - 001616608 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-03-12 20:53 - 2019-03-06 11:17 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-03-12 20:53 - 2019-03-06 05:06 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-03-12 20:53 - 2019-03-06 05:03 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-03-12 20:53 - 2019-03-06 04:44 - 025856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-03-12 20:53 - 2019-03-06 04:36 - 022716928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-03-12 20:53 - 2019-03-06 04:32 - 003399168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-03-12 20:53 - 2019-03-06 04:31 - 007598592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-03-12 20:53 - 2019-03-06 04:28 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-03-12 20:53 - 2019-03-06 02:14 - 006568528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-03-12 20:53 - 2019-03-06 02:05 - 022018048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-03-12 20:53 - 2019-03-06 01:56 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-03-12 20:53 - 2019-03-06 01:52 - 005790720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-03-12 20:53 - 2019-03-06 01:49 - 004516352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-03-12 20:53 - 2019-02-16 08:34 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-03-12 20:53 - 2019-02-16 06:24 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-03-12 20:53 - 2019-02-16 06:22 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-03-12 20:53 - 2019-02-16 04:03 - 007901392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2019-03-12 20:53 - 2019-02-16 04:03 - 005625360 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-03-12 20:53 - 2019-02-16 03:36 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2019-03-12 20:53 - 2019-02-16 03:35 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-03-12 20:53 - 2019-02-16 03:33 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-03-12 20:52 - 2019-03-06 11:39 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-03-12 20:52 - 2019-03-06 11:36 - 001047352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-03-12 20:52 - 2019-03-06 11:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-03-12 20:52 - 2019-03-06 11:19 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-03-12 20:52 - 2019-03-06 11:17 - 000810496 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-03-12 20:52 - 2019-03-06 11:17 - 000116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2019-03-12 20:52 - 2019-03-06 11:14 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-03-12 20:52 - 2019-03-06 11:14 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2019-03-12 20:52 - 2019-03-06 11:14 - 000488448 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-03-12 20:52 - 2019-03-06 11:13 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-03-12 20:52 - 2019-03-06 11:13 - 001856512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2019-03-12 20:52 - 2019-03-06 11:13 - 001662976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-03-12 20:52 - 2019-03-06 11:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-03-12 20:52 - 2019-03-06 11:12 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-03-12 20:52 - 2019-03-06 08:18 - 000918032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-03-12 20:52 - 2019-03-06 08:18 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-03-12 20:52 - 2019-03-06 08:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-03-12 20:52 - 2019-03-06 08:09 - 011919360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-03-12 20:52 - 2019-03-06 08:06 - 000425472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-03-12 20:52 - 2019-03-06 08:05 - 004054016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-03-12 20:52 - 2019-03-06 08:05 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2019-03-12 20:52 - 2019-03-06 08:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-03-12 20:52 - 2019-03-06 08:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2019-03-12 20:52 - 2019-03-06 07:59 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-03-12 20:52 - 2019-03-06 05:29 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-03-12 20:52 - 2019-03-06 05:16 - 002822456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-03-12 20:52 - 2019-03-06 05:16 - 001457032 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-03-12 20:52 - 2019-03-06 05:16 - 001188000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2019-03-12 20:52 - 2019-03-06 05:16 - 000776792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-03-12 20:52 - 2019-03-06 05:16 - 000722744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-03-12 20:52 - 2019-03-06 05:16 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-03-12 20:52 - 2019-03-06 05:16 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-03-12 20:52 - 2019-03-06 05:11 - 000493880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-03-12 20:52 - 2019-03-06 05:10 - 000248880 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2019-03-12 20:52 - 2019-03-06 05:07 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-03-12 20:52 - 2019-03-06 05:07 - 001023800 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-03-12 20:52 - 2019-03-06 05:07 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-03-12 20:52 - 2019-03-06 05:06 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-03-12 20:52 - 2019-03-06 05:06 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-03-12 20:52 - 2019-03-06 05:05 - 000439224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-03-12 20:52 - 2019-03-06 05:05 - 000436240 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-03-12 20:52 - 2019-03-06 05:05 - 000159864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-03-12 20:52 - 2019-03-06 05:04 - 002765856 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-03-12 20:52 - 2019-03-06 05:04 - 000945464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-03-12 20:52 - 2019-03-06 05:04 - 000628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2019-03-12 20:52 - 2019-03-06 05:03 - 002719544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-03-12 20:52 - 2019-03-06 05:03 - 002465784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-03-12 20:52 - 2019-03-06 05:03 - 001921848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-03-12 20:52 - 2019-03-06 05:03 - 000793400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-03-12 20:52 - 2019-03-06 05:03 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-03-12 20:52 - 2019-03-06 05:03 - 000375608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2019-03-12 20:52 - 2019-03-06 05:02 - 002421048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-03-12 20:52 - 2019-03-06 05:02 - 001257672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-03-12 20:52 - 2019-03-06 05:02 - 001140480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-03-12 20:52 - 2019-03-06 05:02 - 000982912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-03-12 20:52 - 2019-03-06 05:02 - 000626488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2019-03-12 20:52 - 2019-03-06 04:36 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-03-12 20:52 - 2019-03-06 04:34 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-03-12 20:52 - 2019-03-06 04:33 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-03-12 20:52 - 2019-03-06 04:32 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-03-12 20:52 - 2019-03-06 04:32 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-03-12 20:52 - 2019-03-06 04:31 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-03-12 20:52 - 2019-03-06 04:31 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-03-12 20:52 - 2019-03-06 04:31 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-03-12 20:52 - 2019-03-06 04:31 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-03-12 20:52 - 2019-03-06 04:31 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-03-12 20:52 - 2019-03-06 04:31 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2019-03-12 20:52 - 2019-03-06 04:31 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2019-03-12 20:52 - 2019-03-06 04:31 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-03-12 20:52 - 2019-03-06 04:31 - 000279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2019-03-12 20:52 - 2019-03-06 04:31 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-03-12 20:52 - 2019-03-06 04:31 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-03-12 20:52 - 2019-03-06 04:29 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2019-03-12 20:52 - 2019-03-06 04:29 - 002174976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-03-12 20:52 - 2019-03-06 04:29 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-03-12 20:52 - 2019-03-06 04:29 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-03-12 20:52 - 2019-03-06 04:28 - 001803776 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-03-12 20:52 - 2019-03-06 04:27 - 002224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-03-12 20:52 - 2019-03-06 04:27 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-03-12 20:52 - 2019-03-06 04:27 - 000542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-03-12 20:52 - 2019-03-06 04:27 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-03-12 20:52 - 2019-03-06 04:26 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-03-12 20:52 - 2019-03-06 04:26 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-03-12 20:52 - 2019-03-06 04:26 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-03-12 20:52 - 2019-03-06 04:25 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-03-12 20:52 - 2019-03-06 03:08 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2019-03-12 20:52 - 2019-03-06 02:17 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-03-12 20:52 - 2019-03-06 02:17 - 000146712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-03-12 20:52 - 2019-03-06 02:15 - 002253488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-03-12 20:52 - 2019-03-06 02:15 - 000434488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-03-12 20:52 - 2019-03-06 02:14 - 000785568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2019-03-12 20:52 - 2019-03-06 02:14 - 000665224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-03-12 20:52 - 2019-03-06 02:14 - 000450872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2019-03-12 20:52 - 2019-03-06 02:14 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-03-12 20:52 - 2019-03-06 02:13 - 000607248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-03-12 20:52 - 2019-03-06 01:53 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-03-12 20:52 - 2019-03-06 01:53 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-03-12 20:52 - 2019-03-06 01:52 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-03-12 20:52 - 2019-03-06 01:52 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2019-03-12 20:52 - 2019-03-06 01:51 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-03-12 20:52 - 2019-03-06 01:51 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-03-12 20:52 - 2019-03-06 01:51 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-03-12 20:52 - 2019-03-06 01:50 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-03-12 20:52 - 2019-03-06 01:50 - 001347584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2019-03-12 20:52 - 2019-03-06 01:50 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-03-12 20:52 - 2019-03-06 01:49 - 000318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2019-03-12 20:52 - 2019-03-06 01:49 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-03-12 20:52 - 2019-03-06 01:48 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-03-12 20:52 - 2019-03-06 01:48 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-03-12 20:52 - 2019-02-20 23:26 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-03-12 20:52 - 2019-02-16 09:02 - 002871304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-03-12 20:52 - 2019-02-16 09:02 - 001644040 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-03-12 20:52 - 2019-02-16 09:02 - 000808456 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-03-12 20:52 - 2019-02-16 09:02 - 000735752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-03-12 20:52 - 2019-02-16 09:02 - 000620040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-03-12 20:52 - 2019-02-16 09:02 - 000460296 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-03-12 20:52 - 2019-02-16 09:02 - 000322568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-03-12 20:52 - 2019-02-16 09:02 - 000147464 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-03-12 20:52 - 2019-02-16 09:02 - 000071176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-03-12 20:52 - 2019-02-16 08:57 - 001048472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-03-12 20:52 - 2019-02-16 08:57 - 000506088 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-03-12 20:52 - 2019-02-16 08:56 - 000549520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-03-12 20:52 - 2019-02-16 08:56 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-03-12 20:52 - 2019-02-16 08:53 - 001516416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-03-12 20:52 - 2019-02-16 08:36 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-03-12 20:52 - 2019-02-16 08:34 - 001725952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-03-12 20:52 - 2019-02-16 08:34 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2019-03-12 20:52 - 2019-02-16 08:33 - 001786880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2019-03-12 20:52 - 2019-02-16 08:32 - 003646976 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-03-12 20:52 - 2019-02-16 08:32 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2019-03-12 20:52 - 2019-02-16 08:31 - 001271808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2019-03-12 20:52 - 2019-02-16 08:31 - 001003520 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2019-03-12 20:52 - 2019-02-16 08:31 - 000861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2019-03-12 20:52 - 2019-02-16 08:31 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2019-03-12 20:52 - 2019-02-16 08:30 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-03-12 20:52 - 2019-02-16 08:30 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2019-03-12 20:52 - 2019-02-16 08:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2019-03-12 20:52 - 2019-02-16 08:29 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2019-03-12 20:52 - 2019-02-16 08:24 - 000444176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-03-12 20:52 - 2019-02-16 08:22 - 001322176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-03-12 20:52 - 2019-02-16 08:08 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2019-03-12 20:52 - 2019-02-16 08:07 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2019-03-12 20:52 - 2019-02-16 08:07 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2019-03-12 20:52 - 2019-02-16 08:06 - 002890752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-03-12 20:52 - 2019-02-16 08:06 - 001530880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-03-12 20:52 - 2019-02-16 08:06 - 001451520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2019-03-12 20:52 - 2019-02-16 08:06 - 000774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2019-03-12 20:52 - 2019-02-16 08:06 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2019-03-12 20:52 - 2019-02-16 08:04 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2019-03-12 20:52 - 2019-02-16 04:16 - 000511800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-03-12 20:52 - 2019-02-16 04:15 - 000505656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-03-12 20:52 - 2019-02-16 04:15 - 000035640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-03-12 20:52 - 2019-02-16 04:05 - 000087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostw.exe
2019-03-12 20:52 - 2019-02-16 04:04 - 000193032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-03-12 20:52 - 2019-02-16 04:03 - 000510288 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-03-12 20:52 - 2019-02-16 04:02 - 005821440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2019-03-12 20:52 - 2019-02-16 04:02 - 003291632 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-03-12 20:52 - 2019-02-16 04:02 - 001934800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-03-12 20:52 - 2019-02-16 04:02 - 001792712 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2019-03-12 20:52 - 2019-02-16 04:02 - 000705848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-03-12 20:52 - 2019-02-16 04:02 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-03-12 20:52 - 2019-02-16 04:02 - 000413712 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-03-12 20:52 - 2019-02-16 04:01 - 001285424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-03-12 20:52 - 2019-02-16 04:01 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-03-12 20:52 - 2019-02-16 04:01 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-03-12 20:52 - 2019-02-16 04:01 - 001028920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2019-03-12 20:52 - 2019-02-16 04:01 - 001014344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2019-03-12 20:52 - 2019-02-16 04:01 - 000735464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-03-12 20:52 - 2019-02-16 04:01 - 000641984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2019-03-12 20:52 - 2019-02-16 04:01 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-03-12 20:52 - 2019-02-16 04:01 - 000527160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-03-12 20:52 - 2019-02-16 04:01 - 000480840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2019-03-12 20:52 - 2019-02-16 04:01 - 000335672 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2019-03-12 20:52 - 2019-02-16 04:01 - 000161664 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2019-03-12 20:52 - 2019-02-16 03:57 - 000383288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-03-12 20:52 - 2019-02-16 03:53 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-03-12 20:52 - 2019-02-16 03:51 - 002479168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-03-12 20:52 - 2019-02-16 03:51 - 001584536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2019-03-12 20:52 - 2019-02-16 03:51 - 000170952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2019-03-12 20:52 - 2019-02-16 03:50 - 001805648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-03-12 20:52 - 2019-02-16 03:50 - 001171336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2019-03-12 20:52 - 2019-02-16 03:50 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-03-12 20:52 - 2019-02-16 03:50 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-03-12 20:52 - 2019-02-16 03:50 - 000560384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-03-12 20:52 - 2019-02-16 03:50 - 000504072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2019-03-12 20:52 - 2019-02-16 03:37 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2019-03-12 20:52 - 2019-02-16 03:36 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\fcon.dll
2019-03-12 20:52 - 2019-02-16 03:35 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-03-12 20:52 - 2019-02-16 03:34 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2019-03-12 20:52 - 2019-02-16 03:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2019-03-12 20:52 - 2019-02-16 03:34 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-03-12 20:52 - 2019-02-16 03:33 - 006646784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2019-03-12 20:52 - 2019-02-16 03:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2019-03-12 20:52 - 2019-02-16 03:33 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2019-03-12 20:52 - 2019-02-16 03:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2019-03-12 20:52 - 2019-02-16 03:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-03-12 20:52 - 2019-02-16 03:32 - 002969088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-03-12 20:52 - 2019-02-16 03:32 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2019-03-12 20:52 - 2019-02-16 03:31 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2019-03-12 20:52 - 2019-02-16 03:31 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2019-03-12 20:52 - 2019-02-16 03:31 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2019-03-12 20:52 - 2019-02-16 03:31 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-03-12 20:52 - 2019-02-16 03:30 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2019-03-12 20:52 - 2019-02-16 03:30 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2019-03-12 20:52 - 2019-02-16 03:30 - 001124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2019-03-12 20:52 - 2019-02-16 03:30 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2019-03-12 20:52 - 2019-02-16 03:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2019-03-12 20:52 - 2019-02-16 03:30 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2019-03-12 20:52 - 2019-02-16 03:30 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-03-12 20:52 - 2019-02-16 03:29 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-03-12 20:52 - 2019-02-16 03:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2019-03-12 20:52 - 2019-02-16 03:28 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2019-03-12 20:52 - 2019-02-16 03:28 - 002585600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-03-12 20:52 - 2019-02-16 03:28 - 001668096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2019-03-12 20:52 - 2019-02-16 03:28 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2019-03-12 20:52 - 2019-02-16 03:28 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2019-03-12 20:52 - 2019-02-16 03:28 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-03-12 20:52 - 2019-02-16 03:27 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2019-03-12 20:52 - 2019-02-16 03:27 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2019-03-12 20:52 - 2019-02-16 03:27 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-03-12 20:52 - 2019-02-16 03:26 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2019-03-12 20:52 - 2019-02-16 03:26 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2019-03-12 20:52 - 2019-02-16 03:26 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2019-03-12 20:52 - 2019-02-16 03:26 - 000935424 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2019-03-12 20:52 - 2019-02-16 03:26 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2019-03-12 20:52 - 2019-02-16 03:25 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2019-03-12 20:52 - 2019-02-16 03:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-03-09 11:25 - 2019-03-01 18:30 - 001734344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441935.dll
2019-03-09 11:25 - 2019-03-01 18:30 - 001467832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441935.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-07 13:01 - 2015-09-23 19:07 - 000000000 ____D C:\Users\kristi1013\Documents\Outlook Files
2019-04-07 12:52 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-04-07 12:50 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-04-07 12:50 - 2015-09-07 21:03 - 000000000 ____D C:\ProgramData\Package Cache
2019-04-07 12:48 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-04-07 12:48 - 2017-05-26 01:24 - 000000000 ____D C:\ProgramData\NVIDIA
2019-04-07 12:47 - 2018-05-22 16:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-04-07 12:35 - 2015-03-28 13:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-04-07 12:25 - 2018-05-22 17:11 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-04-07 12:25 - 2017-03-22 13:31 - 000002095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2019-04-07 12:25 - 2017-03-22 13:31 - 000002083 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2019-04-07 12:24 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-04-07 12:23 - 2018-05-22 16:46 - 000000000 ____D C:\Users\kristi1013
2019-04-07 12:22 - 2018-05-22 17:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-04-07 12:21 - 2018-12-22 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater
2019-04-07 12:21 - 2015-09-17 16:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2019-04-07 12:18 - 2018-05-22 17:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2019-04-07 12:18 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\security
2019-04-07 12:18 - 2016-04-18 19:04 - 000000000 ____D C:\ProgramData\pdf995
2019-04-07 12:18 - 2015-09-08 16:29 - 000000000 ____D C:\Users\kristi1013\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2019-04-07 12:18 - 2015-09-07 23:22 - 000000000 ____D C:\Users\kristi1013\AppData\Roaming\Battle.net
2019-04-07 12:18 - 2015-09-07 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2019-04-07 12:17 - 2018-11-16 17:47 - 000000000 ____D C:\Program Files\rempl
2019-04-07 12:17 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-04-07 12:17 - 2017-12-06 10:29 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2019-04-07 12:17 - 2015-09-08 20:57 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2019-04-07 12:17 - 2015-09-08 16:29 - 000000000 ____D C:\Program Files\Ventrilo
2019-04-07 12:17 - 2015-09-07 23:22 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-04-07 12:17 - 2015-09-07 22:12 - 000000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2019-04-07 11:36 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2019-04-07 11:24 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\registration
2019-04-07 11:23 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2019-04-07 11:23 - 2017-04-01 10:31 - 000000000 ____D C:\Users\kristi1013\AppData\Roaming\Curse Client
2019-04-07 11:23 - 2015-09-17 16:53 - 000000000 __RHD C:\MSOCache
2019-04-07 11:23 - 2015-09-07 23:23 - 000000000 ____D C:\Program Files (x86)\World of Warcraft
2019-04-07 11:23 - 2015-09-07 17:55 - 000000000 ____D C:\ProgramData\AVAST Software
2019-04-07 10:47 - 2015-12-24 09:33 - 000000000 ____D C:\Users\kristi1013\AppData\Local\CrashDumps
2019-04-05 13:46 - 2018-05-28 12:39 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-05 13:46 - 2018-05-28 12:39 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-05 13:46 - 2018-05-28 12:39 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-05 13:46 - 2018-05-28 12:39 - 000003016 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-05 13:46 - 2018-05-22 17:11 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-05 13:46 - 2018-05-22 17:11 - 000002862 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2984122176-3770092282-1499748007-1002
2019-04-05 13:46 - 2018-05-22 17:11 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-05 13:46 - 2018-05-22 17:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-04-03 05:54 - 2018-06-23 14:04 - 000002389 _____ C:\Users\kristi1013\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-03 05:54 - 2015-09-07 21:36 - 000000000 ___RD C:\Users\kristi1013\OneDrive
2019-03-31 17:23 - 2018-05-22 17:11 - 000003542 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-03-31 16:59 - 2016-04-15 09:11 - 000000000 ____D C:\Users\kristi1013\Documents\HRBlock
2019-03-31 16:54 - 2016-04-15 09:09 - 000000000 ____D C:\ProgramData\TaxCut
2019-03-31 16:22 - 2018-05-28 12:39 - 000003256 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-31 16:22 - 2018-05-28 12:39 - 000003212 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-31 16:22 - 2018-05-28 12:39 - 000002974 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-31 16:22 - 2018-05-22 17:11 - 000003044 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-31 16:22 - 2018-05-22 17:11 - 000002804 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-03-31 16:11 - 2017-05-26 01:24 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-03-31 16:11 - 2015-09-11 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2019-03-31 16:10 - 2017-05-26 01:24 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-03-30 17:53 - 2015-09-07 23:22 - 000000000 ____D C:\Users\kristi1013\AppData\Local\Battle.net
2019-03-30 17:43 - 2015-09-08 16:56 - 000000000 ____D C:\Program Files (x86)\Heroes of the Storm
2019-03-30 17:42 - 2015-09-08 13:03 - 000000000 ____D C:\Program Files (x86)\Diablo III
2019-03-25 05:08 - 2018-04-11 17:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-03-25 05:04 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-03-24 05:31 - 2018-06-28 09:10 - 000000000 ____D C:\Program Files (x86)\Avast Driver Updater
2019-03-18 15:47 - 2018-05-17 12:22 - 005044688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2019-03-18 10:31 - 2017-04-07 11:22 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2019-03-17 21:30 - 2019-02-13 03:39 - 000249152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-03-17 21:30 - 2019-02-13 03:39 - 000249152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw40e85c57adba5957.tmp
2019-03-17 21:30 - 2018-10-11 00:01 - 000042496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-03-17 21:30 - 2018-10-11 00:01 - 000042496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2c08367e504035cf.tmp
2019-03-17 21:30 - 2015-09-07 17:57 - 000476256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-03-17 21:30 - 2015-09-07 17:57 - 000476256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw47136b720b5f33c5.tmp
2019-03-17 21:30 - 2015-09-07 17:57 - 000380160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-03-17 21:30 - 2015-09-07 17:57 - 000380160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw8c4ff5177f1d66e9.tmp
2019-03-17 21:30 - 2015-09-07 17:57 - 000220632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-03-17 21:30 - 2015-09-07 17:57 - 000220632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5ab88792e87c5b96.tmp
2019-03-17 21:30 - 2015-09-07 17:57 - 000169104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-03-17 21:30 - 2015-09-07 17:57 - 000169104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw792bf007f6a4f787.tmp
2019-03-17 21:30 - 2015-09-07 17:57 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-03-17 21:30 - 2015-09-07 17:57 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswb37a08924e87e72a.tmp
2019-03-17 21:30 - 2015-09-07 17:57 - 000088152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-03-17 21:30 - 2015-09-07 17:57 - 000088152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd5f3149b44a2e422.tmp
2019-03-17 21:29 - 2019-01-14 14:21 - 000254408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-03-17 21:29 - 2019-01-14 14:21 - 000254408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw23363b52c77caef8.tmp
2019-03-17 21:29 - 2019-01-05 13:20 - 000320904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblog.sys
2019-03-17 21:29 - 2019-01-05 13:20 - 000320904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw1d63ead137ac7df8.tmp
2019-03-17 21:29 - 2019-01-05 13:20 - 000196304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-03-17 21:29 - 2019-01-05 13:20 - 000196304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswac915fef5da49f32.tmp
2019-03-17 21:29 - 2019-01-05 13:20 - 000058168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-03-17 21:29 - 2019-01-05 13:20 - 000058168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw74c8c816534a9072.tmp
2019-03-17 21:29 - 2019-01-05 13:20 - 000037320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-03-17 21:29 - 2019-01-05 13:20 - 000037320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6c700e6597b80c27.tmp
2019-03-17 21:29 - 2017-11-10 09:17 - 000205608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswf0daaae8dacc3c77.tmp
2019-03-17 21:29 - 2017-11-10 09:17 - 000205608 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-03-17 21:29 - 2015-09-07 17:57 - 001034640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-03-17 21:29 - 2015-09-07 17:57 - 001034640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswc66e3f5d7633dd22.tmp
2019-03-17 09:50 - 2018-05-17 12:22 - 000049930 _____ C:\WINDOWS\system32\nvinfo.pb
2019-03-17 02:48 - 2017-05-26 01:24 - 005365232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2019-03-17 02:48 - 2017-05-26 01:24 - 002624368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2019-03-17 02:48 - 2017-05-26 01:24 - 001767464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2019-03-17 02:48 - 2017-05-26 01:24 - 000650608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2019-03-17 02:48 - 2017-05-26 01:24 - 000450872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2019-03-17 02:48 - 2017-05-26 01:24 - 000124784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2019-03-17 02:48 - 2017-05-26 01:24 - 000083440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2019-03-17 02:33 - 2017-05-26 01:24 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2019-03-16 12:59 - 2017-04-17 22:35 - 000000000 ____D C:\Users\kristi1013\AppData\Roaming\HpUpdate
2019-03-12 22:18 - 2018-05-22 17:01 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-12 22:08 - 2018-04-11 19:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2019-03-12 22:08 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-03-12 22:08 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-03-12 22:08 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-03-12 22:08 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-03-12 22:08 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-03-12 22:08 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-03-12 22:08 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-03-12 21:04 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-12 20:51 - 2015-09-07 23:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-12 20:47 - 2015-09-07 23:12 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-12 20:42 - 2018-05-22 16:46 - 000000000 ____D C:\Users\kristi1013\AppData\Local\Microsoft Help
2019-03-12 01:17 - 2017-05-26 01:24 - 008526362 _____ C:\WINDOWS\system32\nvcoproc.bin
2019-03-09 10:55 - 2018-05-17 12:27 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk

==================== Files in the root of some directories =======

2015-09-07 17:02 - 2015-09-07 20:18 - 000005968 _____ () C:\Users\kristi1013\AppData\Local\BTServer.log

Some files in TEMP:
====================
2019-03-09 11:32 - 2019-03-01 03:14 - 000641336 ____H (NVIDIA Corporation) C:\Users\kristi1013\AppData\Local\Temp\nvSCPAPI.dll
2019-03-31 16:05 - 2019-03-01 03:14 - 000399160 _____ (NVIDIA Corporation) C:\Users\kristi1013\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-22 16:39

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by kristi1013 (07-04-2019 13:14:45)
Running from C:\Users\kristi1013\Desktop
Windows 10 Home Version 1803 17134.648 (X64) (2018-05-22 21:12:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2984122176-3770092282-1499748007-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2984122176-3770092282-1499748007-503 - Limited - Disabled)
Guest (S-1-5-21-2984122176-3770092282-1499748007-501 - Limited - Disabled)
kristi1013 (S-1-5-21-2984122176-3770092282-1499748007-1002 - Administrator - Enabled) => C:\Users\kristi1013
WDAGUtilityAccount (S-1-5-21-2984122176-3770092282-1499748007-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\{F24F876B-7D71-4BD6-88E9-614D3B000145}) (Version: 1.7.45.1 - Alcor Micro Corp.) Hidden
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.45.1 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{261ED3C4-356F-4810-80B9-EDD0992ED5AA}) (Version: 20.3.44.03963 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{B40D20A3-3CA3-4151-A0AC-F71AEE04F884}) (Version: 20.10.301.4101 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{261ED3C4-356F-4810-80B9-EDD0992ED5AA}) (Version: 20.3.44.03963 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{B40D20A3-3CA3-4151-A0AC-F71AEE04F884}) (Version: 20.10.301.4101 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{9D569A6E-C9DF-490E-93E0-7AFD28D1F9BB}) (Version: 20.23.401.14519 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{9D569A6E-C9DF-490E-93E0-7AFD28D1F9BB}) (Version: 20.23.401.14519 - Alcor Micro Corp.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.12.1 - Advanced Micro Devices, Inc.)
ASUS App Box (HKLM-x32\...\{F0CE6060-50B1-401E-8357-B6E24DB98D21}) (Version: 1.00.04 - ASUSTeK Computer Inc.)
ASUS Manager - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.15 - ASUSTeK Computer Inc.)
ASUS Manager - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.00.13 - ASUSTeK Computer Inc.)
ASUS Manager - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.12 - ASUSTeK Computer Inc.)
ASUS Manager - Family Safety (HKLM-x32\...\{016AFF97-4E18-4560-B8E5-B684BB124E32}) (Version: 2.00.06 - ASUSTeK Computer Inc.)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.12 - ASUSTeK Computer Inc.)
ASUS Manager - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.05 - ASUSTeK Computer Inc.)
ASUS Manager - SyncUp (HKLM-x32\...\{C2294792-457D-4DF7-9486-B630754C73D0}) (Version: 2.00.07 - ASUSTeK Computer Inc.)
ASUS Manager - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.09.05 - ASUSTeK Computer Inc.)
Avast Cleanup Premium (HKLM-x32\...\{075CC190-59EE-499F-828B-0B5C098C8C15}_is1) (Version: 18.3.6507 - AVAST Software)
Avast Driver Updater (HKLM-x32\...\{8804140C-3144-4075-9526-1C662E26CA17}) (Version: 2.5.5 - AVAST Software) Hidden
Avast Driver Updater (HKLM-x32\...\Avast Driver Updater) (Version: 2.5.5 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.3.2369 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 72.0.1174.121 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.67 - NVIDIA Corporation) Hidden
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.01.00 - ASUSTeK Computer Inc.)
Foxit PhantomPDF (HKLM-x32\...\{D1C2E038-0E67-44CD-80B6-03B34D4CC413}) (Version: 7.0.56.1225 - Foxit Software Inc.)
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (HKLM-x32\...\{439B34FF-F74E-4807-B5E2-4B758551DA6B}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GL USB2.0 UVC Camera Device (HKLM-x32\...\{9897BBD8-013A-49F3-928E-866A59B6E00C}) (Version: 1.0.0.0 - Genesys Logic)
Guild Wars (HKLM-x32\...\Guild Wars) (Version: - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
H&R Block Deluxe + Efile + State 2015 (HKLM-x32\...\{E7BFC29A-9459-4534-9E35-BF1D66A18BAA}) (Version: 15.05.8101 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2016 (HKLM-x32\...\{E7065AD9-D2DB-423B-B853-8310038D7D42}) (Version: 16.05.6401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2017 (HKLM-x32\...\{191D85BA-E6EA-4F97-8D2A-76A220043D87}) (Version: 17.05.8401 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2018 (HKLM-x32\...\{87F75E61-4B61-431D-875D-0ACB48DD3285}) (Version: 18.05.8301 - HRB Technology, LLC.)
H&R Block Kentucky 2015 (HKLM-x32\...\{D315A1FA-2D26-4BC1-8560-DCB411954C8C}) (Version: 1.15.2401 - HRB Technology, LLC.)
H&R Block Kentucky 2016 (HKLM-x32\...\{31180461-C319-447F-8816-E303C038F537}) (Version: 1.16.2901 - HRB Technology, LLC.)
H&R Block Kentucky 2017 (HKLM-x32\...\{CF1F9C93-7957-49A8-B406-EB7B3A606BB7}) (Version: 1.17.3601 - H&R Block, Inc.)
H&R Block Kentucky 2018 (HKLM-x32\...\{AA326A07-3D46-43A6-A536-598EADD77DFB}) (Version: 1.18.3601 - H&R Block, Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP ENVY 4510 series Basic Device Software (HKLM\...\{E9FE2E2C-FF62-4C23-B816-62B6EEA1A772}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP ENVY 4510 series Help (HKLM-x32\...\{CB5C9CB2-B471-42CC-93E6-D0E15021D5C2}) (Version: 36.0.0 - Hewlett Packard)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2984122176-3770092282-1499748007-1002\...\OneDriveSetup.exe) (Version: 19.033.0218.0011 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.11425.20202 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{21764A96-6748-4B83-89E7-7A5063BF156C}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 419.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 419.67 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 419.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 419.67 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.13 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 344.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{D9559CE2-9C58-F414-43EA-F908FEA13BB8}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11425.20202 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.14.38647 - Electronic Arts, Inc.)
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: 15.0s - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.838.833.120114 - REALTEK Semiconductor Corp.)
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.5.1010.180301 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8098 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0247 - REALTEK Semiconductor Corp.)
SafeZone Stable 1.48.2066.114 (HKLM-x32\...\SafeZone 1.48.2066.114) (Version: 1.48.2066.114 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
Twitch (HKU\S-1-5-21-2984122176-3770092282-1499748007-1002\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.6.547 - ASUS Cloud Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2984122176-3770092282-1499748007-1002_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-2984122176-3770092282-1499748007-1002_Classes\CLSID\{5788731c-6c28-4601-9932-4230875ea700}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.) [File not signed]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-11-18] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSContextMenu.dll [2015-12-24] (ASUS Cloud Corporation -> ASUS Cloud Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-07-06] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-03-17] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-03-17] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes Corporation -> Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01689D9E-91CB-4F8B-8C14-20E015B5A54C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {016EABCF-79C9-4D55-AC54-E21A3376A34E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {01DBB78A-A268-4EC0-B357-32B17D04563F} - System32\Tasks\ASUS\SyncUp => C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {088E34C0-315A-48A9-AB87-A619AAC7F3AD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1214A665-5800-45F5-BAF2-D0D6E252FC1A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {16EC6B5A-5C26-4D0A-8D05-47AD76C43885} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe (ASUSTeK Computer Inc. -> ASUSTeK)
Task: {177BCD82-851F-4C58-BD5A-DB2E03D5BA2D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {18C70C47-F2B9-4A04-AB1E-6AC280E473BF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {2383E413-B1E8-46A5-8D23-DC42C09C91B4} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2E87A0DA-E779-49CD-9002-044B1F17EA14} - System32\Tasks\Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Task: {320FD2C6-663F-4BEC-9EA6-D10A2DB6254E} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3D4A7F9D-60CF-4CCA-B41D-71166A6392A2} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe (ASUSTeK Computer Inc. -> )
Task: {40DCB07B-884B-4BE0-BDA2-ACA63CDBDDCC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {442583B5-C306-411F-953C-47D44E9948C9} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4B88888B-2365-4C43-9DC3-424A0C862BCA} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4E440B04-0E53-4FC8-8D11-4918CCFA8770} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {604C95C3-A451-40F8-97E3-5A24EA8B1F0C} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) <==== ATTENTION
Task: {6471AABD-1057-435D-AD73-7157B4F164D4} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe (ASUSTeK Computer Inc. -> )
Task: {69A60AAC-A4F5-4853-9615-A2195D0C8295} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6B8941DC-EB66-40A3-A8BF-05B0893A07AD} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6BDA5017-2D13-4F5F-A2FD-C2BD9083582E} - \WPD\SqmUpload_S-1-5-21-2984122176-3770092282-1499748007-1002 -> No File <==== ATTENTION
Task: {6F156544-CE00-4D3E-BEE4-EA3627963D59} - System32\Tasks\ASUS\Power_Manager_background => C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe (ASUSTeK Computer Inc. -> ASUSTeK)
Task: {737F57ED-F7F0-4E67-AC5F-C7D5108C20DB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {77B8141D-74EA-4B78-AEDB-6779935005E5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {80ADDDC2-5049-42CC-834B-D3D32C1D8284} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8943D22E-8DBD-4526-AFA1-FC5EF6403A10} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8E0F3D6A-13FC-46E1-A476-DDB28158A8EE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe (Microsoft Corporation -> Microsoft)
Task: {8FEB0BC0-EFD6-4C11-BFAD-9665D7C01180} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {93B247D2-3B1A-4F33-ADCD-360D9E34E9D3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A0885E6F-9A6E-4128-8DB0-CBBFB04B4D65} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A7184ACD-7524-4117-BAB1-314BFB442A5D} - System32\Tasks\Avast TUNEUP Update => C:\Program Files (x86)\AVAST Software\Avast Cleanup\TUNEUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {A90553C5-B19A-42DC-8689-77AE397D0E62} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AB925E28-4096-4942-8724-BCE15441892E} - System32\Tasks\avast! Windows 10 Start Menu helper => c:\program files\avast software\avast\asww10mon.exe
Task: {BB9C360F-C489-4670-9CD1-241F46C2EAB5} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
Task: {BF546DF8-A18E-437B-9559-7DC1E35FE165} - System32\Tasks\SafeZone scheduled Autoupdate 1452872088 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {C1859FBF-3E5D-4CB7-9CF4-C64AFD22C86F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C1DE78D8-874F-4070-AD1E-60F91629A962} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C444A064-A89A-4079-8146-B1CB97E131BD} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe (ASUSTeK Computer Inc. -> ) [File not signed]
Task: {CA74B879-07D1-44D8-8241-2EF60268F93C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CDBC8A63-A1FC-448D-9C1E-58B8782B1A52} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {CE4F9255-9FEE-4370-B956-A53A690B2B66} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D51BB589-F8FA-4C1D-990F-8617BE0B75C9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D8609B79-032C-4C22-9406-CBC5AD664EEA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DBC06490-788C-42D9-96F9-A345665F9AF9} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DFEC17E4-3228-4F00-AA81-D0FF3176E219} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E2724087-0DB7-43FF-AF1F-BDE19C37DF25} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe (ASUSTeK Computer Inc. -> )
Task: {F0CF36AA-5B64-4D5B-8915-8F38DEE6937E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {FBD982BE-F135-4968-8194-F9D00D91F3C8} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {FC8C4408-BED9-4A15-8D47-08649A700558} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-18 10:30 - 2007-12-07 03:08 - 000108032 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\E_ILMEQA.DLL
2016-04-18 19:04 - 2014-03-05 10:18 - 000040448 _____ () [File not signed] C:\WINDOWS\System32\pdf995mon64.dll
2015-04-22 09:59 - 2015-04-22 09:59 - 001489920 _____ (ASUS Cloud Corporation.) [File not signed] C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll
2015-05-25 01:27 - 2014-03-12 18:51 - 000907776 _____ () [File not signed] C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandler.dll
2015-05-25 01:26 - 2019-04-07 12:24 - 000026624 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-05-25 01:26 - 2010-06-28 22:58 - 000104448 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2018-03-15 10:54 - 2016-09-12 14:53 - 048936448 _____ () [File not signed] C:\Program Files (x86)\AVAST Software\Avast Cleanup\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2019-01-04 05:50 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2984122176-3770092282-1499748007-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\kristi1013\Desktop\My Documents\West Family Photo's\.facebook_1531021629708-20180707-234720356-20180707-234720520.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "GLSystray"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-2984122176-3770092282-1499748007-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-2984122176-3770092282-1499748007-1002\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2984122176-3770092282-1499748007-1002\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-2984122176-3770092282-1499748007-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2984122176-3770092282-1499748007-1002\...\StartupApproved\Run: => "EPSON WorkForce 500"
HKU\S-1-5-21-2984122176-3770092282-1499748007-1002\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2984122176-3770092282-1499748007-1002\...\StartupApproved\Run: => "EPSON WorkForce 500 Series"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{7401878C-C7AF-46F6-9246-06D54A250F4F}C:\programdata\battle.net\agent\agent.6160\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6160\agent.exe No File
FirewallRules: [TCP Query User{379E1685-0EAD-4823-88BC-815198086EC7}C:\programdata\battle.net\agent\agent.6160\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6160\agent.exe No File
FirewallRules: [UDP Query User{947CF9BA-E17F-4209-94AF-DB08DE321AA3}C:\programdata\battle.net\agent\agent.6082\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6082\agent.exe No File
FirewallRules: [TCP Query User{CEBC5C1B-9501-438D-8498-A60BA783F8B3}C:\programdata\battle.net\agent\agent.6082\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.6082\agent.exe No File
FirewallRules: [{EB24D050-8EB4-4205-90DE-EBBE6B7987A3}] => (Allow) C:\Users\kristi1013\AppData\Local\Temp\7zS7476\HP.EasyStart.exe No File
FirewallRules: [{7197B3E0-BEE3-458D-9C28-C40B800EE5E3}] => (Allow) C:\Users\kristi1013\AppData\Local\Temp\7zS737A\HP.EasyStart.exe No File
FirewallRules: [{7356061D-B50E-4147-8BD9-9548FABE0DAB}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{2ACD77BE-4AC6-463A-83EE-4BEAF8AF67F9}] => (Allow) LPort=5357
FirewallRules: [{6064F572-8C41-4852-92DD-F2B4351D3C60}] => (Allow) C:\Program Files\HP\HP ENVY 4510 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{5D28F082-680B-49B0-AC32-225C45B76FC3}] => (Allow) C:\Users\kristi1013\AppData\Local\Temp\7zS7BB8\HP.EasyStart.exe No File
FirewallRules: [{957FCE1C-D4A5-467D-A8A1-547587246537}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{95F5DBDF-64AE-4D01-AC12-196E5F9E4CC0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2AA81155-20E9-4C03-ACEB-7D79DB554DED}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe No File
FirewallRules: [{67B5B6DA-CFF6-4E30-ABAB-11B1CB3C82EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EFA5764C-8A0F-4464-A1F5-B5DC89C7347F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{C6FA9F4A-14EF-4B10-B0D8-BCA9E6A99898}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{CBC92ADA-96B8-4B7C-BFF6-BDCBDC79C955}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{42FE7718-1F54-4D19-9131-15D445AF4A35}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{849EA10C-ADD8-42EE-A19B-DF04EE95E61A}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{119CE848-41EC-45BD-B699-E5596CB18649}C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe No File
FirewallRules: [TCP Query User{81905251-E86D-427F-9BB5-8956E4E4C554}C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37569\heroesofthestorm_x64.exe No File
FirewallRules: [{A29396BC-C74F-467B-ADDD-32A366752E40}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe (Electronic Arts -> BioWare)
FirewallRules: [{27CA2107-087A-4487-9F44-4BBB0A1A0A11}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe (Electronic Arts -> BioWare)
FirewallRules: [{A37B6FEB-3667-4E51-9023-55A6D8A5CA84}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe (Flagship Industries, Inc.) [File not signed]
FirewallRules: [{B2E74D39-BE31-4AC1-BBE3-4DBB33E638D1}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe (Flagship Industries, Inc.) [File not signed]
FirewallRules: [{6C0924E0-B09D-47F6-87E4-6039874F600F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{EE0D8F5F-F687-45A7-83F1-8687A864F22C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{C3896507-76BB-48BD-8646-039A2BB9873B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe No File
FirewallRules: [{FE35C52F-3545-4313-AEC2-877F83E80ED3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7EA0B6F5-900B-446C-A05E-E64EE1266AAA}] => (Allow) LPort=2869
FirewallRules: [{7AD47CD9-FCAE-48E1-98AD-BA1B0635F0E0}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{9865D5A7-4048-4F03-BDA6-27B9C4600530}C:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{1D139576-32D7-4F4A-9068-4AE57A5D61F9}C:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base44468\heroesofthestorm_x64.exe No File
FirewallRules: [{CFD50B5B-F917-43E5-B66A-D71C80E966E4}] => (Allow) C:\Users\kristi1013\AppData\Local\Temp\7zS22CF\HP.EasyStart.exe No File
FirewallRules: [TCP Query User{2D3E836A-74DC-4493-B9EE-24EC8F7BA1E8}C:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe No File
FirewallRules: [UDP Query User{16C47385-6620-4F2B-87AE-06B76A737AB7}C:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe No File
FirewallRules: [{6B60EFAC-129E-4C22-91DF-F89F4EFFADC1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7CBB8A06-B3DA-4795-AD46-63A35E5D502A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{F985E328-2A5D-431D-943F-C3EF4BE80577}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe No File
FirewallRules: [UDP Query User{6F119E3D-B7BA-40D6-8CB5-A95F9032C951}C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\utils\wowvoiceproxy.exe No File
FirewallRules: [TCP Query User{1152EAAC-BF6F-45E1-A748-EC62394D4BD3}C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{EAD1DCAC-7369-47B7-9CE7-68E7F97FF216}C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe] => (Allow) C:\program files (x86)\world of warcraft\_retail_\utils\wowvoiceproxy.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{46F7B6F5-4542-4704-B279-66916E9F6414}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B8D5DA57-35A4-4633-A161-4E3FF901AB2F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B087F781-1142-4BAA-AF6C-627A10BC9BC6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E908CF7C-C8A7-4FDE-B14A-506AD42CA897}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{AB98AEBB-F84C-41E6-96E5-E514AFC3BE23}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{3094806B-3879-4BA7-94C5-71554D652FDF}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{817B2D6F-94F3-445D-8AC6-EE4E88F77111}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\Server\SyncUp Server.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{A40BFB37-65D0-4723-9B37-C941E0BC9222}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\ASUSDMS.exe No File
FirewallRules: [{6182EF51-407A-4B0C-AEA3-4FC4E6693256}] => (Allow) C:\Program Files (x86)\ASUS\ASUS Manager\SyncUp\ASUSDMS.exe No File

==================== Restore Points =========================

06-04-2019 03:34:24 Windows Update
07-04-2019 11:15:40 Restore Operation

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2019 12:50:10 PM) (Source: MsiInstaller) (EventID: 10005) (User: WEST-ASUSTWO)
Description: Product: Foxit PhantomPDF -- You cannot upgrade Foxit PhantomPDF for ASUS with other brand of Foxit product. Please get the latest version of Foxit PhantomPDF for ASUS from http://www.foxitsoft...oad.php?id=asus.

Error: (04/07/2019 12:22:14 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4080,R,98) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU05C06.log.

Error: (04/07/2019 11:14:57 AM) (Source: MsiInstaller) (EventID: 10005) (User: WEST-ASUSTWO)
Description: Product: Foxit PhantomPDF -- You cannot upgrade Foxit PhantomPDF for ASUS with other brand of Foxit product. Please get the latest version of Foxit PhantomPDF for ASUS from http://www.foxitsoft...oad.php?id=asus.

Error: (04/07/2019 11:04:22 AM) (Source: MsiInstaller) (EventID: 10005) (User: WEST-ASUSTWO)
Description: Product: Foxit PhantomPDF -- You cannot upgrade Foxit PhantomPDF for ASUS with other brand of Foxit product. Please get the latest version of Foxit PhantomPDF for ASUS from http://www.foxitsoft...oad.php?id=asus.

Error: (04/07/2019 11:01:45 AM) (Source: MsiInstaller) (EventID: 10005) (User: WEST-ASUSTWO)
Description: Product: Foxit PhantomPDF -- You cannot upgrade Foxit PhantomPDF for ASUS with other brand of Foxit product. Please get the latest version of Foxit PhantomPDF for ASUS from http://www.foxitsoft...oad.php?id=asus.

Error: (04/07/2019 10:47:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.556, time stamp: 0xf23cada5
Faulting module name: NotificationController.dll, version: 10.0.17134.165, time stamp: 0xe0385185
Exception code: 0xc0000005
Fault offset: 0x000000000007c686
Faulting process id: 0x2c7c
Faulting application start time: 0x01d4ebd77d00d910
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report Id: df5a1ccb-6906-4ee7-adf2-04149810f790
Faulting package full name:
Faulting package-relative application ID:

Error: (04/07/2019 10:46:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (04/07/2019 10:44:24 AM) (Source: MsiInstaller) (EventID: 10005) (User: WEST-ASUSTWO)
Description: Product: Foxit PhantomPDF -- You cannot upgrade Foxit PhantomPDF for ASUS with other brand of Foxit product. Please get the latest version of Foxit PhantomPDF for ASUS from http://www.foxitsoft...oad.php?id=asus.

System errors:
=============
Error: (04/07/2019 01:03:53 PM) (Source: DCOM) (EventID: 10016) (User: WEST-ASUSTWO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user West-AsusTwo\kristi1013 SID (S-1-5-21-2984122176-3770092282-1499748007-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2019 12:48:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/07/2019 12:41:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (04/07/2019 12:28:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Remediation Service service hung on starting.

Error: (04/07/2019 11:19:51 AM) (Source: DCOM) (EventID: 10010) (User: WEST-ASUSTWO)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (04/07/2019 11:19:51 AM) (Source: DCOM) (EventID: 10010) (User: WEST-ASUSTWO)
Description: The server Microsoft.Windows.Photos_2019.19021.18010.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (04/07/2019 11:14:59 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.

Windows Defender:
===================================
Date: 2019-03-24 05:29:34.924
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...49&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Severity: High
Category: Potentially Unwanted Software
Path: file:_C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe; file:_C:\WINDOWS\System32\Tasks\Avast Driver Updater Startup; file:_C:\WINDOWS\Tasks\Avast Driver Updater Startup.job; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7494A163-5C4A-43B5-BB14-227A1C758A3E}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Driver Updater Startup; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Avast Driver Updater; taskscheduler:_C:\WINDOWS\System32\Tasks\Avast Driver Updater Startup; taskscheduler:_C:\WINDOWS\Tasks\Avast Driver Updater Startup.job; uninstall:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Avast Driver Updater
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.291.159.0, AS: 1.291.159.0, NIS: 1.291.159.0
Engine Version: AM: 1.1.15800.1, NIS: 1.1.15800.1

Date: 2019-03-16 15:18:02.167
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4E9C6559-04DD-4689-B839-D5F664D2EA4A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-16 14:47:04.300
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BBD0A67B-E651-45F3-A720-3E4D4CE6AA40}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-16 14:00:38.964
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D29800F5-4A8A-405A-B8D2-9B7349139EA8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-09 11:03:07.055
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F711224D-F899-4F48-81ED-E9841F2EE3C8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-03-25 05:09:22.013
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80508023
Error description: The program could not find the malware and other potentially unwanted software on this device.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2019-02-26 17:26:36.271
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.287.659.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15700.8
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2018-11-25 03:54:27.462
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.281.718.0
Previous Signature Version: 1.281.622.0
Update Source: User
Signature Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.15400.5
Previous Engine Version: 1.1.15400.5
Error code: 0x8050a001
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.

Date: 2018-11-25 03:54:27.462
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 1.281.718.0
Previous Signature Version: 1.281.622.0
Update Source: User
Signature Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.15400.5
Previous Engine Version: 1.1.15400.5
Error code: 0x8050a001
Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-04-07 12:27:27.387
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-07 12:26:34.405
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-07 11:19:59.217
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-07 11:11:06.283
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-07 11:11:02.489
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-07 11:09:30.688
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-07 10:50:45.961
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-04-07 10:49:48.186
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\wsc_proxy.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G
Percentage of memory in use: 41%
Total physical RAM: 8137.64 MB
Available physical RAM: 4779.95 MB
Total Virtual: 9417.64 MB
Available Virtual: 5651.68 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:916.25 GB) (Free:678.5 GB) NTFS
Drive e: (New) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS

\\?\Volume{1e14dc45-7ae2-4b7b-9ad6-1609aba24871}\ (Windows RE tools) (Fixed) (Total:0.78 GB) (Free:0.54 GB) NTFS
\\?\Volume{71e47ba6-7d80-48f7-b9ea-e7288e2d7109}\ (Recovery image) (Fixed) (Total:14.1 GB) (Free:3.71 GB) NTFS
\\?\Volume{4cfa5ace-5db8-4039-a5d7-b7eb724043c5}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 535FF928)

Partition: GPT.

==================== End of Addition.txt ============================

#2
zep516

Posted 07 April 2019 - 02:18 PM

Trusted Helper

Malware Removal
8,090 posts

Hello kristi10,

Panicking over the photos! understandable.

Download the free version of Recuva run it and see what all it's able to get back for you.

https://www.ccleaner.com/recuva

#3
kristi10

Posted 07 April 2019 - 08:56 PM

Member

Topic Starter
Member
117 posts

Hi Zep516. Thank you for the suggestion! I've had some success with recuva, but lots of frustration as well. I've had reasonable success with the photos, thank goodness. Some are corrupted, but very few are overall.

In addition to the photos, all Microsoft docs and pdf's also disappeared. I have no idea what originally caused this. Most of the excel, word, and pdf's say they are corrupt. It seems I have a shadow drive. I'm able to look for the missing docs there, but again many are corrupt. A full recuva deep scan tells me it will take 13 hours and then there's going through them all, restoring, reorganizing.... Am I better off restoring from the shadow drive somehow? Is that possible? If so, I am probably over my head.

Greatly appreciate your assistance and guidance! Kristi

#4
zep516

Posted 08 April 2019 - 05:39 AM

Trusted Helper

Malware Removal
8,090 posts

I know it's frustrating But I'd keep using Recuva before starting another exercise like Shadow copy, I'm also unfamiliar with the exact process.

zep

#5
kristi10

Posted 09 April 2019 - 06:00 PM

Member

Topic Starter
Member
117 posts

Hi Zep,

I followed your advice and continued to work with Recuva last evening, but the results are disappointing. I've recovered photos from past years, but not for 2016-2019. I do find the 2016-2019 ones when I run Recuva on the shadow drive, but they are almost all corrupt/damaged and cannot be recovered. Some of the photos from the older years are corrupt or damaged as well, but it's more sporadic.

I've also recovered some word docs, excel spreadsheets and the like, but they're not working. The word docs say they have corrupt content in them. The excel docs say they are in an unreadable format.

Digging a bit into what happened on Sunday, I thought I recalled the computer asking to install an update and I clicked yes, shortly before everything disappeared. I looked at my Windows update history, and it did install update KB4023057 that day. I googled that update and see that it's been released before and caused other people to lose all of their photos and files, just like me. Last October, Microsoft pulled the release of that update due to the widespread problems. I guess they decided to release it again and with it's history, it seems likely to be the culprit in my case.

I'm going to try to call Microsoft, although talk on the internet suggests they weren't much help when the problems happened last October.

Any suggestions as to next steps would be greatly appreciated! Thanks, Kristi

#6
zep516

Posted 10 April 2019 - 05:00 AM

Trusted Helper

Malware Removal
8,090 posts

Lets see if Microsoft offers any help.

zep

#7
kristi10

Posted 11 April 2019 - 05:28 PM

Member

Topic Starter
Member
117 posts

Hi Zep,

I've not had a lot of time to devote to this, due to work, but I haven't had any luck contacting a live help person at Microsoft. Can't say I'm surprised. I did contact Avast and they told me to go to the rescue option in their program and undo anything recent. I did, but nothing changed. I have recovered things with Recuva but 75% if it is corrupt. I did look over the Farbar logs in my original post above and see that there were many errors around the time everything disappeared on Sunday, April 7th. Are you able to tell from the logs if those errors had anything to do with Malware? And if not Malware related, should I post on another one of the forums? I guess I'm hoping there is still a way to fix this mess if we can determine what the errors were all about. But perhaps the why won't change the outcome?

Thanks, Kristi

#8
zep516

Posted 11 April 2019 - 07:00 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

I have recovered things with Recuva but 75% if it is corrupt.

Any file recovery program has no guarantees. Always back up files and photos should be saved to other media or the web.

Are you able to tell from the logs if those errors had anything to do with Malware?

There's no malware it's the first thing I checked. The rest are normal windows errors that constantly get reported..

I guess I'm hoping there is still a way to fix this mess

Data recovery service is all I can think of. Or the shadow copy thing could be beneficial but I doubt it

What clean up tool did you use ? I'm just curious

#9
kristi10

Posted 11 April 2019 - 07:52 PM

Member

Topic Starter
Member
117 posts

Yep, I know this is on me for not keeping my backups current. I do have a USB with some of the photos, but none of the past couple of years. We moved and so now I have to find that USB. But at least I will have some of them.

I figured you had checked the logs for malware, since you're a malware guru and all. But I felt compelled to ask just to be sure. I started using Avast antivirus several years ago, I'm pretty certain at the suggestion of someone here, and have been virus free since (knock on wood). I've really been happy with it, which leads to the answer about the clean up tool. It was Avast Cleanup Premium. I was tired of the sluggish computer, I like Avast, and they were offering a deal price. I've been using it for just over a year with no issues.

Avast had me do the rescue option to undo the recent cleanup changes, but they didn't say whether or not to restart afterward. I have a Microsoft update waiting to run if I restart, so I'm scared to restart and maybe make things worse? Waiting to hear from them again. They also had me run their log program and send it, but it was in a format I couldn't open to see what it said. Lol.

#10
zep516

Posted 11 April 2019 - 08:19 PM

Trusted Helper

Malware Removal
8,090 posts

Note: Not all Avast Cleanup Premium actions can be reversed.

Interested to see what they say let me know.

Off to sleep now....

Zep

#11
kristi10

Posted 27 April 2019 - 09:35 AM

Member

Topic Starter
Member
117 posts

Hiya Zep. Sadly, Avast has very little to say except they can't help me. It takes days for them to reply each time. Their bottom line is if my Download folder is empty (it is), then there is nothing they can do, as they only have access to delete files in the downloads folder. But my downloads folder was empty before this mess happened and their cleanup program was running and well, "cleaning up", when everything was deleted. They did have me run a diagnostic file, which I have in notepad but it's pretty long. They never commented on anything in the contents of that file. Not sure if it's helpful to see? Thanks, Kristi

Edited by kristi10, 27 April 2019 - 09:36 AM.