Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Randsomware email with Subject showing my password - I deleted it. [So

Started by Beetrix , Jun 27 2019 12:15 PM

This topic is locked

#1
Beetrix

Posted 27 June 2019 - 12:15 PM

Member

Member
133 posts

Hi,

I received an email from a John Doe and in the Subject was my password from a clothing site. I blocked and deleted it without opening it. I am concerned that it has infected my computer. It may have infected my One-Drive and Pictures Folder.

I ran Farber Recovery Tool and saved the results to my desktop. I didn't run the Fix it tool. Any help would be appreciated.

Thank you in advance.

Edited by Beetrix, 27 June 2019 - 12:34 PM.

#2
iMacg3

Posted 28 June 2019 - 04:23 PM

GeekU PowerPC G3

GeekU Moderator
1,921 posts

This type of email is a scam, and it's likely that your computer isn't infected.
However, your password has most likely been obtained from a password dump/data breach, so ensure that your online account passwords are changed as soon as possible.

---------------------------------------------------------

If you would like to have your computer checked for malware, copy and paste the contents of FRST.txt and Addition.txt to your reply.

#3
Beetrix

Posted 28 June 2019 - 07:27 PM

Member

Topic Starter
Member
133 posts

Thank you for responding. I have been changing all of my account passwords. Yes, I would like my computer checked.
Thank you again. Beetrix

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2019
Ran by beetr (administrator) on DESKTOP-VP49FA2 (Dell Inc. Inspiron 3847) (27-06-2019 10:16:18)
Running from C:\Users\beetr\Desktop
Loaded Profiles: beetr (Available Profiles: beetr & Shawn)
Platform: Windows 10 Home Version 1809 17763.557 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2016-12-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2016-12-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-07-29] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-20] (Waves Inc -> Waves Audio Ltd.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-18] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BF2210C-EE84-4A21-BBDA-341689D75436} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-[removed] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-07-29] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {0F13BD06-E594-4048-B784-5F2F56F56A4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-10-12] (Google Inc -> Google Inc.)
Task: {1569ABC1-8DE8-4218-8D67-FBE0D9AA9BA6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {2B80C090-24B3-4BC4-AABB-898E56BB04E7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-11] (Adobe Inc. -> Adobe)
Task: {44A567AB-2671-4750-A493-DA2FA7A55950} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\WINDOWS\TEMP\DeleteFolderTask.exe <==== ATTENTION
Task: {4EAC32A5-0E55-4ACA-9E9D-F7D22B33541E} - System32\Tasks\Avast Driver Updater Startup => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe [30244056 2019-04-10] (Avast Software s.r.o. -> AVAST Software)
Task: {555C06ED-E49F-4292-8DFA-A1B2780EEF2B} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2016-12-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {7EEFA615-B32F-4ED2-99D8-256A07278376} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-11] (Adobe Inc. -> Adobe)
Task: {8AB0D4F9-7111-4E6B-9C92-6D6CB83EB786} - System32\Tasks\AdwCleaner_onReboot => C:\Users\beetr\Downloads\adwcleaner_7.3.exe
Task: {8FD94B8B-190D-4677-B22B-4009BB741AB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-10-12] (Google Inc -> Google Inc.)
Task: {9B179E36-69AA-4C45-9B5E-B06FBDD99B4D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
Task: {A325B602-B846-4895-A702-784B6F35795B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [505200 2015-05-29] (Dropbox, Inc -> )
Task: {AD32A3B5-A008-4538-8DFC-0E7A5368D26D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E10B5214-0D8C-423C-9FF6-964686766DB9} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Avast Driver Updater Startup.job => C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd c sc start Dell Help SupportWORKGROUP DESKTOP VP49FA2
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{3ddef6b6-4ef9-4f79-9f6e-d3d2a4476ccc}: [DhcpNameServer] 10.0.1.1
Internet Explorer:
==================
HKU\S-1-5-21-580075409-585060859-2864072408-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.charter.net/
HKU\S-1-5-21-580075409-585060859-2864072408-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-580075409-585060859-2864072408-1001 -> DefaultScope {7BB7CAAF-CFB3-4DB8-ABF4-59ABEEC7A420} URL =
SearchScopes: HKU\S-1-5-21-580075409-585060859-2864072408-1001 -> {7BB7CAAF-CFB3-4DB8-ABF4-59ABEEC7A420} URL =
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH -> Eyeo GmbH)
Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.15.0_neutral__d55gg7py3s0m0 [2019-04-30]
Edge Extension: (Pin It Button) -> EdgeExtension_PinterestPinItButton_xnkra2w3aecd0 => C:\Program Files\WindowsApps\Pinterest.PinItButton_1.39.5.0_neutral__xnkra2w3aecd0 [2019-03-09]
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-11] (Adobe Inc. -> )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\beetr\AppData\Local\Google\Chrome\User Data\Default [2019-06-26]
CHR Extension: (Slides) - C:\Users\beetr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-09]
CHR Extension: (Docs) - C:\Users\beetr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-09]
CHR Extension: (Google Drive) - C:\Users\beetr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-12]
CHR Extension: (YouTube) - C:\Users\beetr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-12]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\beetr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-05-24]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\beetr\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-26]
CHR Extension: (Sheets) - C:\Users\beetr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\beetr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\beetr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-19]
CHR Extension: (Gmail) - C:\Users\beetr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-24]
CHR Extension: (Chrome Media Router) - C:\Users\beetr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-26]
CHR HKU\S-1-5-21-580075409-585060859-2864072408-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-12-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [38048 2019-03-15] (Dell Inc -> )
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [35976 2018-11-12] (Dell Inc -> )
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-13] (Intel® pGFX -> Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2016-12-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-12] (Microsoft Corporation -> Microsoft Corporation)
S3 AvastSecureBrowserElevationService; "C:\Program Files (x86)\AVAST Software\Browser\Application\71.0.1037.98\elevation_service.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37320 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [209256 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [263224 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206056 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61688 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-08] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279336 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42504 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [169112 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030992 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477288 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225816 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [387392 2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Techporch Incorporated -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2017-12-14] (Techporch Incorporated -> Dell Computer Corporation)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2016-12-26] (Hewlett-Packard Company -> Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2016-12-26] (Hewlett-Packard Company -> Windows ® Win 7 DDK provider)
S3 dot4usb; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [49056 2016-12-26] (Hewlett-Packard Company -> Microsoft Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation -> Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2016-12-26] (Realtek Semiconductor Corp -> Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-06-10] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2019-06-27] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46680 2019-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [330936 2019-02-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-12] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-06-27 10:16 - 2019-06-27 10:17 - 000020482 _____ C:\Users\beetr\Desktop\FRST.txt
2019-06-27 10:16 - 2019-06-27 10:16 - 000000000 ____D C:\FRST
2019-06-27 10:15 - 2019-06-27 10:15 - 002418688 _____ (Farbar) C:\Users\beetr\Desktop\FRST64.exe
2019-06-27 09:54 - 2019-06-27 09:55 - 000165376 _____ C:\Users\beetr\Desktop\SystemLook_x64.exe
2019-06-26 09:42 - 2019-06-26 09:42 - 000225816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-06-26 09:42 - 2019-06-26 09:42 - 000169112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-06-26 09:42 - 2019-06-26 09:41 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-06-24 08:33 - 2019-01-05 08:24 - 000408913 _____ C:\Users\beetr\Documents\Denis Woosley and son Entry way Wood Patio Cover Estimate 1-3-2019.pdf
2019-06-20 12:51 - 2019-06-25 16:06 - 000002344 _____ C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot
2019-06-20 12:46 - 2019-06-20 12:46 - 000000000 ____D C:\Users\beetr\AppData\Local\mbam
2019-06-20 12:45 - 2019-06-20 12:45 - 000000000 ____D C:\Users\beetr\AppData\Local\mbamtray
2019-06-20 12:41 - 2019-06-20 14:47 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
2019-06-20 12:41 - 2019-06-20 12:42 - 000000000 ____D C:\Users\beetr\AppData\Local\BraveSoftware
2019-06-19 09:45 - 2019-06-19 09:54 - 000000000 ____D C:\Users\beetr\Documents\Investments E-Trade Info
2019-06-18 08:25 - 2019-06-18 08:30 - 000000000 ____D C:\Users\beetr\Documents\Computer Email Support
2019-06-12 13:09 - 2019-06-12 13:09 - 026808320 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 023438336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 018999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 012869120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 012162048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 007875072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 007724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 006547144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 006441472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 006309256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 006068224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 005764608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 005588184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 005210904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 005112792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 004883968 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 004661760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 004627456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 003906560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 003743744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 003426816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 002276192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 002096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-12 13:09 - 2019-06-12 13:09 - 002017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-12 13:09 - 2019-06-12 13:09 - 001761280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 001750016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 001618944 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuin.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 001466496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 001387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 001260048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-12 13:09 - 2019-06-12 13:09 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 001072640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000553664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000540720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000451104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000427688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-12 13:09 - 2019-06-12 13:09 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000351744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-12 13:09 - 2019-06-12 13:09 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapibase.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000287912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-12 13:09 - 2019-06-12 13:09 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-12 13:09 - 2019-06-12 13:09 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000122680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000087864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AssignedAccessRuntime.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-12 13:09 - 2019-06-12 13:09 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 022114960 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 017484800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 015221248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 009682744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 007884288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 007687576 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 006926336 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 005297152 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 004997096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 003983872 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 003637248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 003385344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 003344896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 003270144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 003091968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 002999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 002928640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 002926096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 002777736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 002707968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 002690048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 002653696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 002638336 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 002627600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 002422272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 002189312 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 002085168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001929216 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001903616 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001899160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001860608 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001860096 ____R (The ICU Project) C:\WINDOWS\system32\icuin.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001701888 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001700312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-12 13:08 - 2019-06-12 13:08 - 001670840 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001644544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001616384 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001605120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001483872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 001462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001342904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-12 13:08 - 2019-06-12 13:08 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001298952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001256448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001254912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 001229824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 001219424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001180184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001054712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 001048592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000887808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000758688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000752144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000749568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000730592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000699392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000676048 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000651576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 000651064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000615440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000604344 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000586040 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000555232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000515152 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000513904 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000506192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000474936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-06-12 13:08 - 2019-06-12 13:08 - 000462136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000430904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000419368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000404792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000398208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingASDS.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000386576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000375544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000292664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000282424 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000262160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000247608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpnServiceDS.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000196920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSrv.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000152896 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000152400 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000137056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000125528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000114648 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000101176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingFilterDS.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000091424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000090424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000080400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-12 13:08 - 2019-06-12 13:08 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 000069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AssignedAccessRuntime.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-12 13:08 - 2019-06-12 13:08 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-12 13:08 - 2019-06-12 13:08 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-06-12 13:08 - 2019-06-12 13:08 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-06-12 13:08 - 2019-06-12 13:08 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-06-12 13:08 - 2019-06-12 13:08 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-06-12 13:08 - 2019-06-12 13:08 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-06-12 13:08 - 2019-06-12 13:08 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-06-12 13:08 - 2019-06-12 13:08 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-06-12 13:08 - 2019-06-12 13:08 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-06-11 15:11 - 2019-06-11 15:11 - 001993528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-06-27 09:43 - 2018-09-15 00:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-27 04:50 - 2019-04-06 04:24 - 000000514 _____ C:\WINDOWS\Tasks\Avast Driver Updater Startup.job
2019-06-27 04:50 - 2019-02-19 06:32 - 000025608 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2019-06-27 04:50 - 2018-06-15 04:23 - 000000000 ____D C:\Users\beetr\AppData\Local\AVAST Software
2019-06-27 04:49 - 2017-08-14 07:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-06-27 04:49 - 2016-12-26 07:50 - 000000000 __SHD C:\Users\beetr\IntelGraphicsProfiles
2019-06-26 17:57 - 2019-02-11 14:53 - 000000000 ____D C:\Users\beetr
2019-06-26 16:00 - 2019-02-11 14:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-26 15:19 - 2017-01-12 16:33 - 000000000 ___RD C:\Users\Shawn\OneDrive
2019-06-26 15:19 - 2017-01-12 16:31 - 000000000 __SHD C:\Users\Shawn\IntelGraphicsProfiles
2019-06-26 13:13 - 2019-04-12 04:38 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2019-06-26 13:06 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-06-26 13:00 - 2019-02-11 15:05 - 000842664 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-26 13:00 - 2018-09-15 00:31 - 000000000 ____D C:\WINDOWS\INF
2019-06-26 12:59 - 2019-02-11 15:13 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-06-26 12:58 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\Registration
2019-06-26 12:55 - 2019-02-11 15:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-26 10:25 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-26 10:24 - 2018-09-15 00:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-26 10:07 - 2018-09-14 23:09 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-06-26 09:42 - 2018-10-22 18:15 - 000042504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-06-26 09:42 - 2018-09-15 00:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-06-26 09:42 - 2018-05-19 08:05 - 000477288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-06-26 09:42 - 2018-05-19 08:05 - 000387392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-06-26 09:42 - 2018-05-19 08:05 - 000112520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-06-26 09:42 - 2018-05-19 08:05 - 000088160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-06-26 09:41 - 2019-02-13 06:02 - 000279336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-06-26 09:41 - 2019-01-14 08:39 - 000263224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-06-26 09:41 - 2019-01-08 04:00 - 000206056 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-06-26 09:41 - 2019-01-08 04:00 - 000061688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-06-26 09:41 - 2019-01-08 04:00 - 000037320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-06-26 09:41 - 2018-05-19 08:05 - 001030992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-06-26 09:41 - 2018-05-19 08:05 - 000209256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-06-26 07:48 - 2016-12-26 13:00 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-25 16:06 - 2019-02-19 06:16 - 000003748 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-06-25 16:06 - 2019-02-19 06:16 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-06-25 16:06 - 2019-02-11 15:13 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-06-25 16:06 - 2019-02-11 15:13 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-06-25 16:06 - 2019-02-11 15:13 - 000002854 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-580075409-585060859-2864072408-1004
2019-06-25 16:06 - 2019-02-11 15:13 - 000002854 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-580075409-585060859-2864072408-1001
2019-06-25 16:06 - 2019-02-11 15:13 - 000002304 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2019-06-25 16:06 - 2019-02-11 15:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-06-25 09:08 - 2018-09-15 00:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-25 08:46 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-06-24 13:42 - 2017-01-07 15:06 - 000000000 ____D C:\Users\beetr\AppData\Local\Adobe
2019-06-21 09:25 - 2018-07-18 15:19 - 000000000 ____D C:\Users\beetr\AppData\Local\CrashDumps
2019-06-20 14:04 - 2017-01-12 04:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-06-20 12:26 - 2017-04-13 08:45 - 000001141 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-06-19 08:56 - 2017-07-07 10:57 - 000000000 ____D C:\Program Files\UNP
2019-06-18 13:22 - 2017-10-12 07:04 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-18 13:22 - 2017-10-12 07:04 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-06-17 10:13 - 2019-02-11 14:53 - 000002412 _____ C:\Users\beetr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-17 10:13 - 2016-12-26 07:53 - 000000000 ___RD C:\Users\beetr\OneDrive
2019-06-14 10:04 - 2017-10-27 13:06 - 000000000 ___RD C:\Users\beetr\3D Objects
2019-06-14 10:04 - 2015-10-07 11:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-13 15:22 - 2019-02-11 14:53 - 000002412 _____ C:\Users\Shawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-12 14:28 - 2017-10-27 16:12 - 000000000 ___RD C:\Users\Shawn\3D Objects
2019-06-12 14:24 - 2019-02-11 14:49 - 000540984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-12 13:18 - 2018-09-15 00:33 - 000000000 ___RD C:\Program Files\Windows Defender
2019-06-12 13:18 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\system32\migwiz
2019-06-12 13:18 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-11 16:02 - 2019-05-14 05:09 - 006234168 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-06-11 16:02 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-06-11 16:02 - 2018-09-15 00:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-06-11 15:13 - 2018-09-15 00:36 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-06-11 15:13 - 2018-09-15 00:36 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-06-11 15:13 - 2016-12-26 13:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-05 15:29 - 2018-09-01 14:44 - 000000000 ____D C:\Users\Shawn\AppData\Local\CrashDumps
2019-05-28 17:20 - 2018-06-27 17:35 - 000000000 ____D C:\ProgramData\Packages
==================== Files in the root of some directories ================
2017-03-21 06:56 - 2017-03-21 06:56 - 000001456 _____ () C:\Users\beetr\AppData\Local\Adobe Save for Web 13.0 Prefs
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by beetr (27-06-2019 10:17:52)
Running from C:\Users\beetr\Desktop
Windows 10 Home Version 1809 17763.557 (X64) (2019-02-11 22:14:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-580075409-585060859-2864072408-500 - Administrator - Disabled)
beetr (S-1-5-21-580075409-585060859-2864072408-1001 - Administrator - Enabled) => C:\Users\beetr
DefaultAccount (S-1-5-21-580075409-585060859-2864072408-503 - Limited - Disabled)
Guest (S-1-5-21-580075409-585060859-2864072408-501 - Limited - Disabled)
Shawn (S-1-5-21-580075409-585060859-2864072408-1004 - Limited - Enabled) => C:\Users\Shawn
WDAGUtilityAccount (S-1-5-21-580075409-585060859-2864072408-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.1 - Adobe Systems Incorporated)
Avast Driver Updater (HKLM-x32\...\{630C3D8E-2BEE-465F-9E59-BB069ED10761}) (Version: 2.5.6 - AVAST Software) Hidden
Avast Driver Updater (HKLM-x32\...\Avast Driver Updater) (Version: 2.5.6 - AVAST Software)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Dell Digital Delivery Services (HKLM-x32\...\{4E63542A-F61E-4A6C-9732-13F3425C1758}) (Version: 4.0.34.0 - Dell Inc.)
Dell Update - SupportAssist Update Plugin (HKLM\...\{6DE68941-66DE-48DE-9C80-FE60C9DE0AD4}) (Version: 4.0.1.5857 - Dell Inc.) Hidden
Dell Update - SupportAssist Update Plugin (HKLM-x32\...\{1dbe752f-b00e-4567-9276-141812b20d28}) (Version: 4.0.1.5857 - Dell Inc.)
Dell Update (HKLM-x32\...\{5EBBC1DA-975F-44A0-B438-F325BCD45577}) (Version: 3.0.1 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
LibreOffice 5.4.3.2 (HKLM\...\{5FFD3D4F-8AA0-4C6F-8B3C-AB0D8CD297C9}) (Version: 5.4.3.2 - The Document Foundation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 1.6.5073.107 - Waves Audio Ltd.) Hidden
Microsoft OneDrive (HKU\S-1-5-21-580075409-585060859-2864072408-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Packages:
=========
Adblock Plus -> C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.15.0_neutral__d55gg7py3s0m0 [2019-04-30] (eyeo GmbH)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-28] (Autodesk Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.142.300.0_x86__kgqvnymyfvs32 [2019-06-26] (king.com)
Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.2.5.0_x64__htrsf667h5kn2 [2019-05-31] (Dell Inc)
Drawboard PDF -> C:\Program Files\WindowsApps\Drawboard.DrawboardPDF_5.8.230.0_x64__gqbn7fs4pywxm [2019-06-18] (Drawboard)
Expert PDF Reader -> C:\Program Files\WindowsApps\32581DocumentManagement.ExpertPDFReader_1.88.0.0_neutral__bxxb0jeh05ret [2017-04-06] (Document Management)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt [2018-12-09] (Instagram)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-14] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2018-12-15] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-03-12] (Microsoft Corporation)
Pin It Button -> C:\Program Files\WindowsApps\Pinterest.PinItButton_1.39.5.0_neutral__xnkra2w3aecd0 [2019-03-09] (Pinterest)
Resize Crop Share -> C:\Program Files\WindowsApps\6291Lachlan.ResizeCropShare_1.1.10.0_x64__kqhy9awb13v5j [2017-04-18] (Lachlan)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-26] (AVAST Software s.r.o. -> AVAST Software)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2019-03-15 15:51 - 2019-03-15 15:51 - 000018432 _____ () [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.HSA.Server.dll
2015-06-07 19:42 - 2015-06-07 19:42 - 000323152 _____ (Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 04:04 - 2019-02-20 05:42 - 000000826 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-580075409-585060859-2864072408-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\beetr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKU\S-1-5-21-580075409-585060859-2864072408-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9042E6B1-A22A-4564-9388-1CDFBBF5FC9E}] => (Allow) LPort=5353
FirewallRules: [{1CC4AF28-B516-4812-AEAA-1309AB50272D}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE No File
FirewallRules: [{25D49AEE-E968-46DA-A097-9976411C59A4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
11-06-2019 15:11:09 Windows Update
20-06-2019 15:59:15 Scheduled Checkpoint
25-06-2019 09:06:59 Windows Update
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (06/23/2019 08:51:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ServiceShell.exe, version: 1.1.0.46, time stamp: 0x5be9f49a
Faulting module name: KERNELBASE.dll, version: 10.0.17763.475, time stamp: 0x69a188f0
Exception code: 0xe0434352
Fault offset: 0x0000000000039129
Faulting process id: 0x760
Faulting application start time: 0x01d52849fa258c40
Faulting application path: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 13683ef8-74aa-4c36-b8d5-406706627bcf
Faulting package full name:
Faulting package-relative application ID:
Error: (06/23/2019 08:51:30 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ServiceShell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.MissingMemberException
   at Dell.Asimov.UpdateTelemetry.Platinum.PlatinumProvider+<Send>d__10.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
Error: (06/21/2019 09:25:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinUAPEntry.exe, version: 0.0.0.0, time stamp: 0x5b48186f
Faulting module name: KERNELBASE.dll, version: 10.0.17763.475, time stamp: 0x9877ee8b
Exception code: 0xc0000025
Fault offset: 0x0011c762
Faulting process id: 0x260c
Faulting application start time: 0x01d5284d9110bbd5
Faulting application path: C:\Program Files\WindowsApps\Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt\WinUAPEntry.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 8b0bca8a-0747-46a2-985b-c4631556b7c5
Faulting package full name: Facebook.InstagramBeta_41.1788.50991.0_x86__8xx8rvfyw5nnt
Faulting package-relative application ID: App
Error: (06/15/2019 11:22:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.17763.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1a4c
Start Time: 01d5240bd42542fd
Termination Time: 7
Application Path: C:\Windows\System32\MicrosoftEdgeCP.exe
Report Id: 3db80273-0d06-44ff-9f93-804f932e364d
Faulting package full name: Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
Hang type: Cross-thread
Error: (06/14/2019 10:04:31 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, PID: 2724, ProfSvc PID: 1548.
Error: (06/14/2019 10:04:31 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, PID: 2724, ProfSvc PID: 1548.
Error: (06/14/2019 10:04:31 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, PID: 2724, ProfSvc PID: 1548.
Error: (06/14/2019 10:04:31 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: User hive is loaded by another process (Registry Lock) Process name: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, PID: 2724, ProfSvc PID: 1548.

System errors:
=============
Error: (06/27/2019 07:27:51 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-VP49FA2)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.11.5.17763_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppXjxtspbn4351hrtx8tc95e89kaz3h2f1f.mca as Unavailable/Unavailable. The error:
"0"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
Error: (06/26/2019 12:55:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:47:53 PM on ‎6/‎26/‎2019 was unexpected.
Error: (06/26/2019 10:24:09 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-VP49FA2)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-VP49FA2\beetr SID (S-1-5-21-580075409-585060859-2864072408-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/26/2019 10:07:07 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{2D15188C-D298-4E10-83B2-64666CCBEBBD}
Error: (06/25/2019 03:42:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:36:05 PM on ‎6/‎25/‎2019 was unexpected.
Error: (06/25/2019 03:35:11 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{2D15188C-D298-4E10-83B2-64666CCBEBBD}
Error: (06/25/2019 03:27:30 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server:
{2D15188C-D298-4E10-83B2-64666CCBEBBD}
Error: (06/25/2019 03:20:48 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-VP49FA2)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.17763.1_neutral_neutral_cw5n1h2txyewy!App.AppXx4zfy1ffv3wctgdz2vypnybzjkh27jhw.mca did not register with DCOM within the required timeout.

Windows Defender:
===================================
Date: 2019-02-11 14:14:35.797
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80070003
Error description: The system cannot find the path specified.
Signature version: 0.0.0.0;0.0.0.0
Engine version: 0.0.0.0
CodeIntegrity:
===================================
Date: 2019-06-26 12:56:19.090
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-06-26 12:56:19.087
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-06-26 12:56:19.073
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-06-26 12:56:19.069
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-06-26 10:23:46.894
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-26 06:01:23.867
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.
Date: 2019-06-25 15:42:26.307
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-06-25 15:42:26.305
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: Dell Inc. A09 01/25/2018
Motherboard: Dell Inc. 088DT1
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 37%
Total physical RAM: 12204.93 MB
Available physical RAM: 7586.5 MB
Total Virtual: 14060.93 MB
Available Virtual: 9343.03 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1849.94 GB) (Free:1794.45 GB) NTFS
\\?\Volume{fa394900-9185-4ce2-920e-277f82f452ed}\ (WINRETOOLS) (Fixed) (Total:0.83 GB) (Free:0.43 GB) NTFS
\\?\Volume{0f48433f-ab14-4acb-9d4c-e3f78e5883b0}\ (Image) (Fixed) (Total:11.62 GB) (Free:0.38 GB) NTFS
\\?\Volume{7dc41b6b-15a1-4148-9bab-6ecb916a8424}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: CCEEF37B)
Partition: GPT.
==================== End of Addition.txt ============================

Edited by iMacg3, 29 June 2019 - 07:25 AM.
removed email address from log

#4
iMacg3

Posted 29 June 2019 - 07:34 AM

GeekU PowerPC G3

GeekU Moderator
1,921 posts

Hi Beetrix,

If you don't use Avast Driver Updater, I recommend you uninstall it:

---------------------------------------------------
Uninstall a Program

Press the Windows Key + R.
Type appwiz.cpl in the Run box and click OK.
The Add/Remove Programs list will open. Locate the following programs on the list:
```
Avast Driver Updater
```
Select each program and click Uninstall.
Restart the computer if prompted.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

Highlight the contents of the below code box and press Ctrl + C on your keyboard:

Start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {AD32A3B5-A008-4538-8DFC-0E7A5368D26D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-580075409-585060859-2864072408-1001 -> DefaultScope {7BB7CAAF-CFB3-4DB8-ABF4-59ABEEC7A420} URL =
SearchScopes: HKU\S-1-5-21-580075409-585060859-2864072408-1001 -> {7BB7CAAF-CFB3-4DB8-ABF4-59ABEEC7A420} URL =
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2019-06-27] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
2019-06-27 04:50 - 2019-02-19 06:32 - 000025608 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [{1CC4AF28-B516-4812-AEAA-1309AB50272D}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE No File
VirusTotal: C:\WINDOWS\TEMP\DeleteFolderTask.exe
CMD: Bitsadmin /Reset /Allusers
End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Double-click FRST.exe/FRST64.exe to run it.
Press the Fix button just once and wait.
Restart the computer if prompted.
When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
Please copy and paste its contents into your reply.

---------------------------------------------------

In your next reply, please include:

Fixlog.txt

#5
Beetrix

Posted 29 June 2019 - 01:10 PM

Member

Topic Starter
Member
133 posts

I followed your instructions. Here are the results of the Fixlog.txt

Thank you, Beetrix.

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by beetr (29-06-2019 11:56:44) Run:1
Running from C:\Users\beetr\Desktop
Loaded Profiles: beetr (Available Profiles: beetr & Shawn)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {AD32A3B5-A008-4538-8DFC-0E7A5368D26D} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
SearchScopes: HKU\S-1-5-21-580075409-585060859-2864072408-1001 -> DefaultScope {7BB7CAAF-CFB3-4DB8-ABF4-59ABEEC7A420} URL =
SearchScopes: HKU\S-1-5-21-580075409-585060859-2864072408-1001 -> {7BB7CAAF-CFB3-4DB8-ABF4-59ABEEC7A420} URL =
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2019-06-27] (AVG Technologies CZ, s.r.o. -> SlimWare Utilities, Inc.)
2019-06-27 04:50 - 2019-02-19 06:32 - 000025608 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{1CC4AF28-B516-4812-AEAA-1309AB50272D}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE No File
VirusTotal: C:\WINDOWS\TEMP\DeleteFolderTask.exe
CMD: Bitsadmin /Reset /Allusers

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD32A3B5-A008-4538-8DFC-0E7A5368D26D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD32A3B5-A008-4538-8DFC-0E7A5368D26D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKU\S-1-5-21-580075409-585060859-2864072408-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-580075409-585060859-2864072408-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7BB7CAAF-CFB3-4DB8-ABF4-59ABEEC7A420} => removed successfully
HKLM\Software\Classes\CLSID\{7BB7CAAF-CFB3-4DB8-ABF4-59ABEEC7A420} => not found
SWDUMon => service not found.
"C:\WINDOWS\system32\Drivers\SWDUMon.sys" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1CC4AF28-B516-4812-AEAA-1309AB50272D}" => removed successfully
"VirusTotal: C:\WINDOWS\TEMP\DeleteFolderTask.exe" => not found

========= Bitsadmin /Reset /Allusers =========

BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.

Unable to cancel {D632EAC4-419C-435F-85AD-45EBEDE47D18}.
{C06DAA66-B433-429D-B35D-E1E1B40C3444} canceled.
1 out of 2 jobs canceled.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 239974088 B
Java, Flash, Steam htmlcache => 1124 B
Windows/system/drivers => 16456 B
Edge => 224970638 B
Chrome => 441414060 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 45440 B
LocalService => 0 B
NetworkService => 5786 B
NetworkService => 0 B
beetr => 42043346 B
Shawn => 6397253 B

RecycleBin => 0 B
EmptyTemp: => 920.9 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 11:59:36 ====

#6
iMacg3

Posted 30 June 2019 - 08:01 PM

GeekU PowerPC G3

GeekU Moderator
1,921 posts

Hi Beetrix,

---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
When the tool opens, click Get Started.
Read and accept the license agreement.
At the Welcome to ESET Online Scanner window, click Get Started.
Select whether you would like to send anonymous data to ESET.
Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
Click on the Full Scan option.
Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
ESET will now begin scanning your computer. This may take some time.
When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------------------------------

In your next reply, please include:

ESET log (eset.txt)

#7
Beetrix

Posted 01 July 2019 - 03:55 PM

Member

Topic Starter
Member
133 posts

Hi,

I ran the Eset scanner. I selected not to send anonymous data, however, Windows.com (stopcode) stopped the scan and said it had to gather information and restart.

So, it re-started and installed another Eset Scanner App. I ran it again an here are the results.

Thank you again, Beetrix

7/1/2019 14:35:20 PM
Files scanned: 334364
Infected files: 3
Cleaned threats: 1
Total scan time 01:08:12
Scan status: Finished
C:\Program Files\AVAST Software\Avast\setup\aswOfferTool.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Program Files\AVAST Software\Avast\setup\offertool_x64_ais-94f.vpx Win32/Bundled.Toolbar.Google.D potentially unsafe application error while deleting (Access denied)

C:\Users\beetr\AppData\Local\AVAST Software\Avast Driver Updater\Updates\hdd.exe a variant of Win32/Slimware.A potentially unwanted application cleaned by deleting

Edited by Beetrix, 01 July 2019 - 03:56 PM.

#8
iMacg3

Posted 02 July 2019 - 11:33 AM

GeekU PowerPC G3

GeekU Moderator
1,921 posts

Hi,

If all is well:

Uninstall FRST

Right-click on Frst.exe/Frst64.exe and select Rename
Rename the file to Uninstall.exe
Double-click on Uninstall.exe to uninstall FRST

Delete any other tools we used in the cleanup process.
----------------------------------------------------
Reset System Restore Points

Press the Windows key + R
Type cleanmgr and press Enter.
Disk Cleanup will open. Click Clean up system files.
Click the More Options tab.
Under System Restore and Shadow Copies click Clean Up.
Confirm by clicking Delete.

----------------------------------------------------
Some tips to keep your computer safe on the Internet

Make sure to use strong passwords. There are password managers (for example, Bitwarden) that can help you use secure passwords, and keep track of them.

How to create a strong password
----------------------------------------------------
Keeping software up-to-date is important as well. Programs such as UCheck, Heimdal Free, or PatchMyPC can help keep software on your computer up-to-date.

To keep your operating system up-to-date, make sure that Windows Update is enabled on your computer.
----------------------------------------------------
Here are some articles about how to keep your computer safe on the internet -

Simple and easy ways to keep your computer safe and secure on the Internet - by Lawrence Abrams

Answers to common security questions - Best Practices - by quietman7

COMPUTER SECURITY - a short guide to staying safer online - Malware Removal

PC Safety and Security - What Do I Need? - Tech Support Forum
----------------------------------------------------

Safe surfing

#9
Beetrix

Posted 02 July 2019 - 01:57 PM

Member

Topic Starter
Member
133 posts

I really appreciate all of your help!

I read "How to create a strong password" and will try it!

Thank you for many years of great service! Beetrix

#10
iMacg3

Posted 02 July 2019 - 03:48 PM

GeekU PowerPC G3

GeekU Moderator
1,921 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.