Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

windows 10 computer running really slow


  • Please log in to reply

#1
emufix

emufix

    Member

  • Member
  • PipPip
  • 90 posts

My computer is running really slow and I'm not sure if it is malware on a dying hard drive.  Google chrome is unusable.  I have to use firefox.  Start up takes a long time and sometime the log in screen doesn't appear.  I also got a "Restart to repair drive errors" yesterday.  Window defender say "intel dynamic platform and thermal framework manager has a driver problem"

 

Here are the FRST scan reports as requested:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 3-07-2019
Ran by Emurock (administrator) on STEVE (Hewlett-Packard HP Pavilion Notebook) (04-07-2019 22:38:30)
Running from C:\Users\Emurock\Desktop
Loaded Profiles: Emurock (Available Profiles: Emurock & defaultuser1)
Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
() [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Cyberlink\YouCam\YouCamService.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\75.4.141\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\75.4.141\QtWebEngineProcess.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Wireless Display -> Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Emurock\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Softex Incorporated -> Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.17.3.50\nsWscSvc.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(WildTangent Inc -> WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\Windscribe.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\wsappcontrol.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8459480 2015-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-28] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5580608 2019-06-24] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-384623095-3799959169-1529214809-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3148576 2019-06-18] (Valve -> Valve Corporation)
HKU\S-1-5-21-384623095-3799959169-1529214809-1001\...\Run: [GoogleChromeAutoLaunch_DAC040A48BAD94831ACF1B46AFDBF9B9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1555952 2019-06-18] (Google LLC -> Google LLC)
HKU\S-1-5-21-384623095-3799959169-1529214809-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10106544 2019-01-19] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-384623095-3799959169-1529214809-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3114256 2019-06-29] (Electronic Arts, Inc. -> Electronic Arts)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-20] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{538C240D-3DEE-4032-AB4C-08A3A6EB0861}] -> c:\Program Files (x86)\CyberLink\YouCam\CLCredProv\x64\CLCredProv.dll [2015-02-11] (CyberLink Corp. -> CyberLink)
HKLM\Software\...\Authentication\Credential Providers: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2015-03-05] (Softex Inc..) [File not signed]
HKLM\Software\...\Authentication\Credential Provider Filters: [{F3F1B0FA-4775-41d8-8578-436772D93FB4}] -> C:\Program Files\Hewlett-Packard\SimplePass\OmniPassCredProv.dll [2015-03-05] (Softex Inc..) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-06-19]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {006656F5-539A-4985-9CE7-F70D3DD0DC43} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {02296781-EA85-4A69-9063-15245A917544} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.17.3.50\WSCStub.exe [2225296 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {070314DB-04F0-4955-8123-6317BA1CAF27} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0CA7691D-91C5-414B-9813-A6ED5F78167C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {17C2033B-5FE9-467E-8AEF-1C068A0C9F53} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-05] (HP Inc. -> HP Inc.)
Task: {1E2C9A91-8CD4-40AB-AA5D-E5711BAD4FB9} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {213CCE96-786B-4EBD-AA98-8F7953826195} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {21F1A020-3F0E-4E3E-B0A3-D2328F4F01FE} - System32\Tasks\HPCeeScheduleForEmurock => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-15] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {22FDED36-949D-48C1-A991-77E6C99B16A5} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {2F30DABE-4C66-4F00-8C1A-838EB155FFA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-05] (HP Inc. -> HP Inc.)
Task: {32BD4982-A9EF-4364-9FD3-67A1E8B23826} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {32D5CD2E-CD3A-4761-97EA-759CD399C5FD} - System32\Tasks\{99130FBC-3E52-4890-B3EB-5B7AAEB49639} => C:\WINDOWS\system32\pcalua.exe -a E:\DIAG.EXE -d E:\
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3E6D89C9-DFF4-4363-BE33-7DC44760B494} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {3EE30319-A82D-4F2A-B2F2-6D03344004D0} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [3438680 2016-05-23] (AVAST Software a.s. -> AVAST Software)
Task: {503065E3-7EE7-4005-82E7-B5C93F021EC5} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [4716280 2015-01-30] (Softex Incorporated -> Hewlett-Packard)
Task: {5A3B3E10-DE02-45EF-A508-99C7AB29467D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-01] (Dropbox, Inc -> Dropbox, Inc.)
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [33280 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
Task: {5E617D5B-B9E3-44CB-BB49-31F8D7DA0B08} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_pepper.exe [1452600 2019-06-22] (Adobe Inc. -> Adobe)
Task: {5EAD179F-F389-4C87-BE8F-243222585F98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {694B11D5-A9A7-480C-9F91-56C377411DB6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-01] (Dropbox, Inc -> Dropbox, Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {6EA2547C-38DC-4472-9A16-0B9E002F9B3B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [484208 2015-01-15] (Dropbox, Inc -> )
Task: {744E26B2-9DA2-4035-A55E-13845A13D489} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {79A5D302-8E02-4046-A728-28806829F06F} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.17.3.50\SymErr.exe [101392 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {851A9F3A-0BD2-4CBE-9FA7-9F1CDFCB2EA6} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1354552 2014-05-19] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {87BAD914-AA99-420A-BF8C-586E2AFF89F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {9EB382F1-AD2D-4FC8-AA2A-C88DEEB5BD30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.)
Task: {9FC69B07-293A-4EE4-AABB-FD9C673A1EDC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A25D2A3B-2DD7-48E0-8821-08AC49FDD321} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [506104 2015-01-30] (Softex Incorporated -> Hewlett-Packard)
Task: {ADE23AFD-C6D0-4378-877B-1E3B02EA7FA2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AE8BC2BE-D645-41F8-AB95-ECC80B769EA1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-22] (Adobe Inc. -> Adobe)
Task: {B40A21EB-5F27-4BD8-ABD6-DEA3B63978C6} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe [1392008 2019-07-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {B84DFBD3-661F-47D2-8249-FB3B5936BDCB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B93190D5-0D49-4851-9CA2-1801366B4B93} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe)
Task: {BEB15D4D-D81A-4936-81EC-57CFA1166CF3} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {C3A25075-45BD-4D13-BA12-C0312CE91811} - System32\Tasks\YCMServiceAgent => c:\Program Files (x86)\Cyberlink\YouCam\YouCamService.exe [267224 2015-02-11] (CyberLink Corp. -> CyberLink Corp.)
Task: {C60D3706-5323-4D2D-9C99-FE035A04EA03} - \WPD\SqmUpload_S-1-5-21-384623095-3799959169-1529214809-1001 -> No File <==== ATTENTION
Task: {C8F18A6B-9D2B-43D3-8731-C2CC92ECE7C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {CB045B7C-325D-40D0-A13D-EC403B96253E} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [506104 2015-01-30] (Softex Incorporated -> Hewlett-Packard)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {DB7AF872-8607-4E32-B539-AE0F47C354E8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E9CDF3F3-0C96-415F-8EAB-2FFDD2FB35E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.)
Task: {EA2103F6-D6BB-4A89-850D-63876BEB494C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2225296 2019-06-20] (Symantec Corporation -> Symantec Corporation)
Task: {FA489C1A-5C5E-4D78-A311-B3D3976DFC9C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.)
Task: {FFDF8C5B-00D9-48FB-9EA3-088A44DFE837} - \Optimize Start Menu Cache Files-S-1-5-21-384623095-3799959169-1529214809-1001 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForEmurock.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 185.236.200.18 us-west-005.whiskergalaxy.com   #added by Windscribe, do not modify.
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{2c2de15d-2473-4845-adc7-41fec9a21a81}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{4c81a756-2bac-4f75-9f9c-47b9f71dd20f}: [DhcpNameServer] 172.18.10.1
Tcpip\..\Interfaces\{567ce079-df58-4fcd-822b-e3ee610d7ebd}: [DhcpNameServer] 172.18.13.1
Tcpip\..\Interfaces\{bc97a955-b5f8-437a-95c2-55fb45c065a4}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{bc97a955-b5f8-437a-95c2-55fb45c065a4}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{bd65d49a-262e-4287-b6a4-2a18dd115926}: [DhcpNameServer] 172.18.11.1
Tcpip\..\Interfaces\{c232652c-40d5-40cd-97df-143c0c50445b}: [DhcpNameServer] 172.18.12.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-384623095-3799959169-1529214809-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com/
HKU\S-1-5-21-384623095-3799959169-1529214809-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
SearchScopes: HKLM-x32 -> {565494A1-0719-4E63-B309-89EC5A876116} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-384623095-3799959169-1529214809-1001 -> {565494A1-0719-4E63-B309-89EC5A876116} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-384623095-3799959169-1529214809-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=GB&ver=22.16.2.22&locale=en_GB&guid=7391C005-C5F8-4042-8199-6E3E75DA9C94&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (EVERNOTE CORPORATION -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.17.3.50\coIEPlg.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)

FireFox:
========
FF DefaultProfile: a6goelee.default-1499629060257
FF ProfilePath: C:\Users\Emurock\AppData\Roaming\Mozilla\Firefox\Profiles\a6goelee.default-1499629060257 [2019-07-04]
FF Extension: (ETP Search Volume Study) - C:\Users\Emurock\AppData\Roaming\Mozilla\Firefox\Profiles\a6goelee.default-1499629060257\Extensions\[email protected] [2019-07-02]
FF Extension: (AdBlock) - C:\Users\Emurock\AppData\Roaming\Mozilla\Firefox\Profiles\a6goelee.default-1499629060257\Extensions\[email protected] [2019-06-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-04-29] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] (WildTangent Inc -> )
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Emurock\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-04-05] (Adobe Systems Incorporated -> )
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Emurock\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-04-05] (Hola) [File not signed]
FF Plugin HKU\S-1-5-21-384623095-3799959169-1529214809-1001: @hola.org/FlashPlayer -> C:\Users\Emurock\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2016-04-05] (Adobe Systems Incorporated -> )
FF Plugin HKU\S-1-5-21-384623095-3799959169-1529214809-1001: @hola.org/vlc -> C:\Users\Emurock\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2016-04-05] (Hola) [File not signed]

Chrome:
=======
CHR Profile: C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default [2019-07-04]
CHR Extension: (Slides) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Norton Password Manager) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2019-06-18]
CHR Extension: (Docs) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-30]
CHR Extension: (YouTube) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Sheets) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Norton Safe Web) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2019-06-13]
CHR Extension: (Google Docs Offline) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-29]
CHR Extension: (AdBlock) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-05-31]
CHR Extension: (Windscribe - Free VPN and Ad Blocker) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2018-11-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (TunnelBear VPN) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2019-04-04]
CHR Extension: (Gmail) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-20]
CHR Profile: C:\Users\Emurock\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-31]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-01] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-01] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-06-24] (Dropbox, Inc -> Dropbox, Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2015-03-04] (Intel® Software -> Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-09] (WildTangent Inc -> WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [356728 2019-06-12] (HP Inc. -> HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-03-09] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-01-13] (Intel® pGFX -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Trusted Connect Service -> Intel® Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [395744 2015-01-14] (Intel® Wireless Display -> Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.17.3.50\NortonSecurity.exe [225608 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.17.3.50\nsWscSvc.exe [933200 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [103424 2015-01-30] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2329392 2019-06-29] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3203888 2019-06-29] (Electronic Arts, Inc. -> Electronic Arts)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [293080 2015-03-04] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [7343496 2019-07-03] (AVAST Software s.r.o. -> AVAST Software)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11814232 2019-06-05] (TeamViewer GmbH -> TeamViewer GmbH)
S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [120440 2018-09-11] (TunnelBear -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [55696 2018-08-31] (HP Inc. -> HP)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.17.1.50\Definitions\BASHDefs\20190702.004\BHDrvx64.sys [1935880 2019-06-19] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\ccSetx64.sys [192704 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [38720 2015-03-04] (Intel® Software -> Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515592 2019-06-06] (Symantec Corporation -> Symantec Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [33448 2016-12-07] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R3 EraserUtilDrv11822; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11822.sys [153096 2019-07-04] (Symantec Corporation -> Symantec Corporation)
S3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [216360 2015-03-04] (Intel® Software -> Intel Corporation)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [42384 2018-08-31] (HP Inc. -> HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.17.1.50\Definitions\IPSDefs\20190703.061\IDSvia64.sys [1441800 2019-05-10] (Symantec Corporation -> Symantec Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [79528 2014-12-22] (Intel® Software -> Intel Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3595472 2018-10-12] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-02-13] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SRTSP64.SYS [864776 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SRTSPX64.SYS [49672 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SYMEFASI64.SYS [1998552 2019-06-20] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\SymELAM.sys [25744 2019-06-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99848 2019-05-10] (Symantec Corporation -> Symantec Corporation)
S4 SymEvnt; C:\Program Files\Norton Security\NortonData\22.17.1.50\SymPlatform\SymEvnt.sys [712200 2019-06-07] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\Ironx64.SYS [315912 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\symnets.sys [573448 2019-06-20] (Symantec Corporation -> Symantec Corporation)
R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2016-09-21] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-01-14] (Intel® Wireless Display -> Windows ® Win 7 DDK provider)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1611030.032\wpCtrlDrv.sys [1012120 2019-06-20] (Symantec Corporation -> Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-04 22:38 - 2019-07-04 22:42 - 000044070 _____ C:\Users\Emurock\Desktop\FRST.txt
2019-07-04 22:37 - 2019-07-04 22:38 - 000000000 ____D C:\FRST
2019-07-04 22:33 - 2019-07-04 22:34 - 002420224 _____ (Farbar) C:\Users\Emurock\Desktop\FRST64.exe
2019-07-04 21:02 - 2019-07-04 21:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2019-07-04 02:52 - 2019-07-04 02:52 - 000000000 _____ C:\WINDOWS\system32\Drivers\etc\hosts.tmp
2019-07-04 01:50 - 2019-07-04 01:51 - 001398296 _____ C:\Users\Emurock\Documents\bookmarks_04_07_2019.html
2019-07-03 23:57 - 2019-07-03 23:57 - 000000000 ____D C:\Users\Emurock\AppData\Roaming\Google
2019-07-03 23:47 - 2019-07-03 23:47 - 000000000 __SHD C:\found.000
2019-07-03 01:04 - 2019-07-03 01:04 - 000000000 ___HD C:\OneDriveTemp
2019-07-02 22:18 - 2019-07-02 22:18 - 000000080 ___SH C:\bootTel.dat
2019-07-02 04:07 - 2019-07-04 20:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2019-07-02 03:51 - 2019-07-02 03:51 - 000003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2019-07-02 03:50 - 2019-07-02 04:09 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2019-07-01 23:26 - 2019-07-01 23:26 - 000000000 ____D C:\Users\Emurock\AppData\Local\2K
2019-06-30 00:15 - 2019-06-30 00:16 - 000000000 ____D C:\Users\Emurock\Downloads\Chernobyl
2019-06-29 23:52 - 2019-06-30 00:20 - 000000000 ____D C:\Users\Emurock\Downloads\other stuff
2019-06-29 23:06 - 2019-06-29 23:06 - 000090237 _____ C:\Users\Emurock\Documents\CAANZ - Payment_PMTAU645732[5907] Jun 2019.pdf
2019-06-24 22:01 - 2019-06-24 22:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-06-24 13:12 - 2019-06-24 13:12 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-06-24 13:12 - 2019-06-24 13:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-06-24 13:12 - 2019-06-24 13:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-06-24 13:12 - 2019-06-24 13:12 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-06-22 01:10 - 2019-06-29 22:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-06-19 22:10 - 2019-06-19 22:10 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2019-06-18 20:04 - 2019-07-04 00:12 - 000004294 _____ C:\WINDOWS\System32\Tasks\Avast SecureLine VPN Update
2019-06-17 23:08 - 2019-06-17 23:08 - 000131396 _____ C:\Users\Emurock\Documents\Bethesda Softworks LLC. Online Store - Order Completed - Fallout76.pdf
2019-06-17 01:56 - 2019-06-17 01:56 - 004982794 _____ C:\Users\Emurock\Downloads\belgrade.pdf
2019-06-13 21:12 - 2019-06-13 21:12 - 000000021 _____ C:\Users\Emurock\Downloads\Bean_Counters.ocdf
2019-06-13 21:12 - 2019-06-13 21:12 - 000000000 ____D C:\ProgramData\IsolatedStorage
2019-06-13 21:10 - 2019-06-13 21:12 - 000000000 ____D C:\Users\Emurock\Documents\Media
2019-06-13 21:10 - 2019-06-13 21:10 - 000002805 _____ C:\Users\Public\Desktop\RBDigital Media Manager.lnk
2019-06-13 21:10 - 2019-06-13 21:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recorded Books
2019-06-13 21:10 - 2019-06-13 21:10 - 000000000 ____D C:\Program Files (x86)\OneClickDigital
2019-06-13 21:07 - 2019-06-13 21:07 - 009858408 _____ (Recorded Books) C:\Users\Emurock\Downloads\OneClickdigital Media Manager Installer.exe
2019-06-13 00:26 - 2019-06-07 12:04 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-13 00:26 - 2019-06-07 06:57 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-13 00:26 - 2019-06-07 06:46 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-13 00:26 - 2019-06-07 06:38 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-13 00:26 - 2019-06-07 06:37 - 022019584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-13 00:26 - 2019-06-07 06:27 - 022718976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-13 00:26 - 2019-05-17 07:19 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-13 00:26 - 2019-05-17 06:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-13 00:25 - 2019-06-07 11:45 - 012756480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-13 00:25 - 2019-06-07 11:42 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-13 00:25 - 2019-06-07 11:19 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-13 00:25 - 2019-06-07 11:07 - 011942400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-13 00:25 - 2019-06-07 11:04 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-13 00:25 - 2019-06-07 07:01 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-13 00:25 - 2019-06-07 06:58 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-13 00:25 - 2019-06-07 06:58 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-13 00:25 - 2019-06-07 06:57 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-13 00:25 - 2019-06-07 06:57 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-13 00:25 - 2019-06-07 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-13 00:25 - 2019-06-07 06:46 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-13 00:25 - 2019-06-07 06:31 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-13 00:25 - 2019-06-07 06:24 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-13 00:25 - 2019-06-07 06:24 - 003400704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-13 00:25 - 2019-06-07 06:22 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-13 00:25 - 2019-06-07 06:21 - 007588864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-13 00:25 - 2019-06-07 06:21 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-13 00:25 - 2019-06-07 06:21 - 001778688 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-13 00:25 - 2019-06-07 06:19 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-13 00:25 - 2019-06-07 06:18 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-13 00:25 - 2019-05-17 13:27 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-13 00:25 - 2019-05-17 13:26 - 004393984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-06-13 00:25 - 2019-05-17 13:25 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-06-13 00:25 - 2019-05-17 13:25 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-06-13 00:25 - 2019-05-17 13:00 - 005658112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-13 00:25 - 2019-05-17 07:42 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-06-13 00:25 - 2019-05-17 07:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-13 00:25 - 2019-05-17 07:42 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-06-13 00:25 - 2019-05-17 07:42 - 001980256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-06-13 00:25 - 2019-05-17 07:42 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-06-13 00:25 - 2019-05-17 07:30 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-13 00:25 - 2019-05-17 07:26 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-13 00:25 - 2019-05-17 07:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-13 00:25 - 2019-05-17 07:07 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-06-13 00:25 - 2019-05-17 07:07 - 002768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-13 00:25 - 2019-05-17 07:07 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-06-13 00:25 - 2019-05-17 07:07 - 002467320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-06-13 00:25 - 2019-05-17 06:44 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-13 00:25 - 2019-05-17 06:38 - 004709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-13 00:25 - 2019-05-17 06:37 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-13 00:25 - 2019-05-17 06:34 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-13 00:25 - 2019-05-17 06:33 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-06-13 00:25 - 2019-05-17 06:33 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-13 00:25 - 2019-05-17 06:33 - 002370560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-13 00:25 - 2019-05-17 06:31 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-13 00:25 - 2019-05-17 06:31 - 003293184 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-13 00:25 - 2019-05-17 06:31 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-06-13 00:25 - 2019-05-17 06:31 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-13 00:25 - 2019-05-17 06:31 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-13 00:24 - 2019-06-07 12:04 - 001633136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-13 00:24 - 2019-06-07 11:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-13 00:24 - 2019-06-07 11:41 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-13 00:24 - 2019-06-07 11:40 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-13 00:24 - 2019-06-07 11:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-13 00:24 - 2019-06-07 11:23 - 001453920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-13 00:24 - 2019-06-07 11:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-13 00:24 - 2019-06-07 11:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-13 00:24 - 2019-06-07 11:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-13 00:24 - 2019-06-07 07:07 - 000707384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-13 00:24 - 2019-06-07 06:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-13 00:24 - 2019-06-07 06:58 - 000422416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-13 00:24 - 2019-06-07 06:58 - 000135176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-13 00:24 - 2019-06-07 06:58 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-13 00:24 - 2019-06-07 06:57 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-13 00:24 - 2019-06-07 06:57 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-13 00:24 - 2019-06-07 06:57 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-13 00:24 - 2019-06-07 06:57 - 000792888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-13 00:24 - 2019-06-07 06:57 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-13 00:24 - 2019-06-07 06:57 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-13 00:24 - 2019-06-07 06:57 - 000494304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-13 00:24 - 2019-06-07 06:57 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-13 00:24 - 2019-06-07 06:57 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-06-13 00:24 - 2019-06-07 06:57 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-06-13 00:24 - 2019-06-07 06:57 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-13 00:24 - 2019-06-07 06:57 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-06-13 00:24 - 2019-06-07 06:57 - 000148280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-13 00:24 - 2019-06-07 06:57 - 000137448 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-06-13 00:24 - 2019-06-07 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-06-13 00:24 - 2019-06-07 06:47 - 000380432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-13 00:24 - 2019-06-07 06:47 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-06-13 00:24 - 2019-06-07 06:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-13 00:24 - 2019-06-07 06:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-13 00:24 - 2019-06-07 06:46 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-06-13 00:24 - 2019-06-07 06:46 - 000357072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-13 00:24 - 2019-06-07 06:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-13 00:24 - 2019-06-07 06:23 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-13 00:24 - 2019-06-07 06:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-06-13 00:24 - 2019-06-07 06:22 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-06-13 00:24 - 2019-06-07 06:22 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-13 00:24 - 2019-06-07 06:21 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-13 00:24 - 2019-06-07 06:21 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-13 00:24 - 2019-06-07 06:20 - 002610688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-13 00:24 - 2019-06-07 06:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-06-13 00:24 - 2019-06-07 06:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-13 00:24 - 2019-06-07 06:19 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-13 00:24 - 2019-06-07 06:19 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-13 00:24 - 2019-06-07 06:19 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-13 00:24 - 2019-06-07 06:19 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-13 00:24 - 2019-06-07 06:19 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-13 00:24 - 2019-06-07 06:18 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-13 00:24 - 2019-06-07 06:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-13 00:24 - 2019-06-07 06:17 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-13 00:24 - 2019-06-07 06:17 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-13 00:24 - 2019-06-07 06:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-13 00:24 - 2019-06-07 06:16 - 001102336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-06-13 00:24 - 2019-06-07 06:16 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-13 00:24 - 2019-06-07 06:16 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-13 00:24 - 2019-06-07 06:16 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-13 00:24 - 2019-05-18 23:12 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-13 00:24 - 2019-05-18 23:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-13 00:24 - 2019-05-18 23:12 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-13 00:24 - 2019-05-17 13:44 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-13 00:24 - 2019-05-17 13:40 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-06-13 00:24 - 2019-05-17 13:40 - 000280888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-13 00:24 - 2019-05-17 13:24 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp6.sys
2019-06-13 00:24 - 2019-05-17 13:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-13 00:24 - 2019-05-17 13:22 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-13 00:24 - 2019-05-17 13:21 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-06-13 00:24 - 2019-05-17 13:21 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-06-13 00:24 - 2019-05-17 13:21 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2019-06-13 00:24 - 2019-05-17 13:21 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-13 00:24 - 2019-05-17 13:20 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-13 00:24 - 2019-05-17 13:19 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-13 00:24 - 2019-05-17 13:07 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-06-13 00:24 - 2019-05-17 12:58 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-06-13 00:24 - 2019-05-17 12:56 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-13 00:24 - 2019-05-17 12:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2019-06-13 00:24 - 2019-05-17 12:55 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-06-13 00:24 - 2019-05-17 12:55 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-13 00:24 - 2019-05-17 12:54 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-13 00:24 - 2019-05-17 10:33 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-06-13 00:24 - 2019-05-17 08:07 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-06-13 00:24 - 2019-05-17 07:44 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-06-13 00:24 - 2019-05-17 07:44 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-06-13 00:24 - 2019-05-17 07:43 - 000297688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-06-13 00:24 - 2019-05-17 07:42 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-06-13 00:24 - 2019-05-17 07:42 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-06-13 00:24 - 2019-05-17 07:42 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-06-13 00:24 - 2019-05-17 07:42 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-13 00:24 - 2019-05-17 07:21 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-06-13 00:24 - 2019-05-17 07:20 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-13 00:24 - 2019-05-17 07:19 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-06-13 00:24 - 2019-05-17 07:19 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2019-06-13 00:24 - 2019-05-17 07:19 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-13 00:24 - 2019-05-17 07:18 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-13 00:24 - 2019-05-17 07:18 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-13 00:24 - 2019-05-17 07:08 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-13 00:24 - 2019-05-17 07:08 - 000723432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-13 00:24 - 2019-05-17 07:08 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-13 00:24 - 2019-05-17 07:08 - 000401328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-06-13 00:24 - 2019-05-17 07:07 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-13 00:24 - 2019-05-17 07:07 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-06-13 00:24 - 2019-05-17 07:07 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-13 00:24 - 2019-05-17 07:07 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-06-13 00:24 - 2019-05-17 07:07 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-13 00:24 - 2019-05-17 07:07 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-06-13 00:24 - 2019-05-17 07:06 - 001943136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-06-13 00:24 - 2019-05-17 07:06 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-06-13 00:24 - 2019-05-17 07:06 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-13 00:24 - 2019-05-17 07:06 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-06-13 00:24 - 2019-05-17 07:06 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-13 00:24 - 2019-05-17 07:06 - 000151888 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-13 00:24 - 2019-05-17 06:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-13 00:24 - 2019-05-17 06:36 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-13 00:24 - 2019-05-17 06:35 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-06-13 00:24 - 2019-05-17 06:35 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-13 00:24 - 2019-05-17 06:35 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-06-13 00:24 - 2019-05-17 06:34 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-13 00:24 - 2019-05-17 06:34 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-13 00:24 - 2019-05-17 06:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-06-13 00:24 - 2019-05-17 06:34 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-06-13 00:24 - 2019-05-17 06:33 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-06-13 00:24 - 2019-05-17 06:33 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-13 00:24 - 2019-05-17 06:33 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-06-13 00:24 - 2019-05-17 06:32 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-06-13 00:24 - 2019-05-17 06:32 - 000815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-13 00:24 - 2019-05-17 06:31 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-13 00:24 - 2019-05-17 06:31 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-13 00:24 - 2019-05-17 06:31 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-13 00:24 - 2019-05-17 06:31 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-13 00:24 - 2019-05-17 06:31 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-13 00:24 - 2019-05-17 06:30 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-13 00:24 - 2019-05-17 06:30 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-06-13 00:24 - 2019-05-17 06:30 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-13 00:23 - 2019-06-07 11:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-06-13 00:23 - 2019-06-07 06:24 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-06-13 00:23 - 2019-06-07 06:23 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-06-13 00:23 - 2019-06-07 06:22 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-13 00:23 - 2019-06-07 06:22 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-13 00:23 - 2019-06-07 06:21 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-13 00:23 - 2019-06-07 06:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-06-13 00:23 - 2019-06-07 05:00 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2019-06-13 00:23 - 2019-05-18 23:12 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-13 00:23 - 2019-05-17 13:25 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-06-13 00:23 - 2019-05-17 13:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-06-13 00:23 - 2019-05-17 13:23 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-13 00:23 - 2019-05-17 13:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-06-13 00:23 - 2019-05-17 12:55 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-06-13 00:23 - 2019-05-17 12:54 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-06-13 00:23 - 2019-05-17 09:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-06-13 00:23 - 2019-05-17 07:23 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-06-13 00:23 - 2019-05-17 07:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-13 00:23 - 2019-05-17 07:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-13 00:23 - 2019-05-17 07:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-06-13 00:23 - 2019-05-17 07:22 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-13 00:23 - 2019-05-17 07:21 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-13 00:23 - 2019-05-17 07:21 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-13 00:23 - 2019-05-17 07:20 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-06-13 00:23 - 2019-05-17 07:19 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-13 00:23 - 2019-05-17 07:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-06-13 00:23 - 2019-05-17 06:37 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-13 00:23 - 2019-05-17 06:37 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-06-13 00:23 - 2019-05-17 06:36 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-06-13 00:23 - 2019-05-17 06:36 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-13 00:23 - 2019-05-17 06:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-13 00:23 - 2019-05-17 06:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-13 00:23 - 2019-05-17 06:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-13 00:23 - 2019-05-17 06:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-13 00:23 - 2019-05-17 06:34 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-13 00:23 - 2019-05-17 06:34 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2019-06-13 00:23 - 2019-05-17 06:33 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-12 03:13 - 2019-06-12 03:13 - 004650040 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2019-06-11 22:35 - 2019-06-11 22:36 - 000000000 ____D C:\Users\Emurock\AppData\Local\Fallout76
2019-06-11 22:22 - 2019-02-13 06:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-06-11 00:00 - 2019-07-01 19:50 - 000000000 ____D C:\Users\Emurock\AppData\Local\Bethesda.net Launcher
2019-06-10 23:58 - 2019-07-01 19:50 - 000000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2019-06-10 23:58 - 2019-06-10 23:58 - 000001228 _____ C:\Users\Public\Desktop\Bethesda.net Launcher.lnk
2019-06-10 23:58 - 2019-06-10 23:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
2019-06-10 23:57 - 2019-06-10 23:58 - 008797576 _____ (Bethesda Softworks ) C:\Users\Emurock\Downloads\BethesdaNetLauncher_Setup.exe
2019-06-06 21:48 - 2019-06-06 21:48 - 000000000 ____D C:\ProgramData\Apple Computer

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-04 21:04 - 2018-05-24 01:12 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-04 21:01 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-04 01:50 - 2018-05-24 01:32 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E5F7BF5C-130D-4F48-8A31-D7EC5140E3AC}
2019-07-04 00:32 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-07-04 00:32 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-07-04 00:23 - 2015-08-29 20:04 - 000000000 ____D C:\Users\Emurock\Documents\Youcam
2019-07-04 00:18 - 2015-08-29 20:04 - 000000000 ___RD C:\Users\Emurock\OneDrive
2019-07-04 00:08 - 2017-11-29 02:32 - 000000000 ____D C:\Users\Emurock\AppData\LocalLow\Mozilla
2019-07-04 00:07 - 2015-09-06 19:17 - 000000000 ____D C:\Program Files (x86)\Steam
2019-07-03 23:54 - 2015-09-06 03:43 - 000000000 ____D C:\ProgramData\Origin
2019-07-03 23:52 - 2017-05-10 04:37 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-07-03 23:52 - 2015-08-29 19:58 - 000000000 __SHD C:\Users\Emurock\IntelGraphicsProfiles
2019-07-03 23:51 - 2017-07-15 18:00 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-07-03 23:50 - 2019-05-19 23:39 - 000000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForEmurock.job
2019-07-03 23:50 - 2018-05-24 01:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-03 01:03 - 2018-05-24 01:31 - 000003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-384623095-3799959169-1529214809-1001
2019-07-03 01:03 - 2018-05-24 01:19 - 000002412 _____ C:\Users\Emurock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-02 22:45 - 2019-05-19 23:39 - 000003252 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForEmurock
2019-07-02 22:20 - 2018-05-24 01:19 - 000000000 ____D C:\Users\Emurock
2019-07-02 21:40 - 2015-08-29 20:11 - 000000000 ____D C:\Program Files\Common Files\AV
2019-07-02 21:22 - 2019-04-04 23:05 - 000000000 ____D C:\Users\Emurock\AppData\Roaming\Origin
2019-07-02 21:22 - 2015-09-06 03:47 - 000000000 ____D C:\Program Files (x86)\Origin Games
2019-07-02 04:09 - 2019-05-10 21:25 - 000002415 _____ C:\Users\Public\Desktop\Norton Security.lnk
2019-07-02 03:51 - 2019-05-10 21:23 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2019-07-02 03:50 - 2016-10-11 21:55 - 000000000 ____D C:\Program Files (x86)\TunnelBear
2019-07-02 03:46 - 2018-04-11 22:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-02 03:45 - 2015-07-09 16:15 - 000000000 ____D C:\ProgramData\AVAST Software
2019-07-01 00:36 - 2016-03-21 22:41 - 000000000 ____D C:\Users\Emurock\AppData\Local\ElevatedDiagnostics
2019-06-30 19:03 - 2019-04-04 23:08 - 000000000 ____D C:\Program Files (x86)\Origin
2019-06-30 17:50 - 2016-02-12 01:45 - 000000000 ____D C:\Users\Emurock\AppData\Local\Ubisoft Game Launcher
2019-06-30 02:49 - 2018-05-24 01:19 - 000000000 ____D C:\Users\defaultuser1
2019-06-30 00:25 - 2017-07-15 18:15 - 000000000 ____D C:\Users\Emurock\Downloads\Movie Store
2019-06-30 00:21 - 2016-05-01 06:21 - 000000000 ____D C:\Users\Emurock\AppData\Roaming\vlc
2019-06-30 00:15 - 2017-10-29 01:36 - 000000000 ____D C:\Users\Emurock\Downloads\TV
2019-06-29 22:07 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-06-29 22:00 - 2015-08-30 17:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-06-28 01:37 - 2015-08-30 13:07 - 000000000 ____D C:\Users\Emurock\AppData\Local\CrashDumps
2019-06-27 22:38 - 2016-02-09 21:33 - 000000000 ____D C:\Users\Emurock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-06-24 22:03 - 2015-07-09 16:07 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-06-24 01:19 - 2018-11-16 04:28 - 000000000 ____D C:\Program Files\rempl
2019-06-23 00:43 - 2015-08-30 17:39 - 000001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-06-22 01:01 - 2016-03-27 02:27 - 000000000 ____D C:\Users\Emurock\AppData\Local\Adobe
2019-06-22 01:00 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-06-22 01:00 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2019-06-20 20:03 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-06-20 00:12 - 2015-08-30 02:13 - 000002325 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-06-20 00:12 - 2015-08-30 02:13 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-19 23:27 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-06-19 22:17 - 2015-07-09 15:43 - 000000000 ____D C:\ProgramData\Intel
2019-06-19 22:17 - 2015-04-29 02:14 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-19 22:14 - 2018-05-24 01:18 - 000933368 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-19 22:14 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2019-06-19 22:13 - 2017-05-10 04:36 - 000000000 ____D C:\Program Files\Intel
2019-06-19 22:10 - 2015-07-09 15:38 - 000000000 ____D C:\Intel
2019-06-19 20:19 - 2017-05-08 22:01 - 000000000 ____D C:\Program Files\UNP
2019-06-13 20:49 - 2019-04-05 23:34 - 000000000 ____D C:\Users\Emurock\Documents\Holiday 2019
2019-06-13 03:23 - 2015-09-16 20:33 - 000000000 ___RD C:\Users\Emurock\3D Objects
2019-06-13 03:23 - 2015-08-29 18:50 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-13 03:20 - 2018-05-24 01:12 - 000298168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-13 03:16 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-06-13 03:16 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-06-13 03:16 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-06-13 03:16 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-13 02:10 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-13 00:59 - 2018-08-12 14:21 - 000000000 ____D C:\Users\Emurock\AppData\Local\D3DSCache
2019-06-12 03:13 - 2018-05-24 01:31 - 000004584 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-06-12 02:13 - 2018-05-24 01:31 - 000004572 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-06-12 01:57 - 2018-11-08 11:30 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
2019-06-12 01:57 - 2018-11-08 11:30 - 000001035 _____ C:\Users\Public\Desktop\TeamViewer 14.lnk
2019-06-12 01:13 - 2015-08-30 00:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-12 00:37 - 2015-08-30 00:24 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-11 22:35 - 2016-02-09 21:56 - 000000000 ____D C:\Users\Emurock\Documents\My Games
2019-06-11 00:56 - 2018-07-10 07:47 - 000000000 ____D C:\ProgramData\Packages
2019-06-11 00:56 - 2018-05-24 03:56 - 000000000 ____D C:\Users\Emurock\AppData\Local\PlaceholderTileLogoFolder
2019-06-11 00:56 - 2017-12-31 03:09 - 000000000 ____D C:\Users\Emurock\AppData\Local\Packages
2019-06-11 00:21 - 2016-10-11 22:39 - 000000000 ____D C:\Users\Emurock\AppData\Roaming\qBittorrent
2019-06-06 21:48 - 2015-07-09 15:55 - 000000000 ____D C:\ProgramData\Apple
2019-06-06 00:11 - 2018-09-24 02:31 - 000000000 ____D C:\Users\Emurock\AppData\Roaming\Telegram Desktop

==================== Files in the root of some directories ================

2016-02-07 23:33 - 2016-02-07 23:33 - 000000095 _____ () C:\Users\Emurock\AppData\Local\fusioncache.dat
2018-10-28 17:21 - 2018-10-28 17:21 - 000000001 _____ () C:\Users\Emurock\AppData\Local\llftool.4.40.agreement
2016-04-06 23:34 - 2016-04-06 23:34 - 000007599 _____ () C:\Users\Emurock\AppData\Local\Resmon.ResmonCfg
2015-10-26 10:06 - 2015-10-26 10:06 - 000000000 _____ () C:\Users\Emurock\AppData\Local\{BF589D7C-16AC-4D16-AF88-8CB3B13EFAC9}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by Emurock (04-07-2019 22:44:03)
Running from C:\Users\Emurock\Desktop
Windows 10 Home Version 1803 17134.829 (X64) (2018-05-24 00:55:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-384623095-3799959169-1529214809-500 - Administrator - Disabled)
ASPNET (S-1-5-21-384623095-3799959169-1529214809-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-384623095-3799959169-1529214809-503 - Limited - Disabled)
defaultuser1 (S-1-5-21-384623095-3799959169-1529214809-1006 - Limited - Enabled) => C:\Users\defaultuser1
Emurock (S-1-5-21-384623095-3799959169-1529214809-1001 - Administrator - Enabled) => C:\Users\Emurock
Guest (S-1-5-21-384623095-3799959169-1529214809-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-384623095-3799959169-1529214809-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-384623095-3799959169-1529214809-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Anno 1602 (HKLM-x32\...\Uplay Install 2990) (Version:  - Ubisoft)
Anno 1800 (HKLM-x32\...\Uplay Install 4553) (Version:  - Ubisoft)
Anno 2070 (HKLM-x32\...\Uplay Install 22) (Version:  - Ubisoft)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version:  - Ubisoft)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.220.2 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-6cc9e3bc-d557-4b25-822b-d657da54ba47) (Version: 3.0.2.59 - WildTangent) Hidden
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.47.11 - Bethesda Softworks)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (HKLM-x32\...\WTA-86c253ea-9232-43e1-97a6-922a1a93597f) (Version: 3.0.2.59 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-8cfff629-81d2-4a15-8d7c-ac660951f20e) (Version: 3.0.2.48 - WildTangent) Hidden
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert™ 3 (HKLM-x32\...\{296D8550-CB06-48E4-9A8B-E5034FB64715}) (Version: 1.12.0.0 - Electronic Arts)
Crazy Chicken Soccer (HKLM-x32\...\WTA-517f8fc4-058e-4c9a-aebb-462b1e0fe8da) (Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6303 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.4.6303 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-efa14f46-e50c-49c7-ab6b-9c18b0214f2e) (Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Doomsday (HKLM-x32\...\{69464949-AD9C-4C98-933F-C32FFC86F3C8}) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 75.4.141 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.3.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
EaseUS Partition Master 12.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entropia Universe (HKLM-x32\...\Entropia Universe) (Version: 15.7.5.133304 - MindArk PE AB)
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Fallout 76 (HKLM-x32\...\Fallout 76) (Version:  - Bethesda Softworks)
Foxit PhantomPDF (HKLM-x32\...\{4E32271C-B55A-4CDF-8DB7-88FD1C45927C}) (Version: 7.0.310.226 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{915AE95A-9009-41DB-9D9D-D57E17AAB48F}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.39 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.8.24.33 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.11.24.11 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.39 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.39 - Softex Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{e3d22965-5c2d-48c8-acec-c2ba2d50b275}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel® WiDi (HKLM\...\{AACB7B6F-5057-4612-B026-FE2A3D69F30B}) (Version: 5.1.28.0 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{4A95F6FA-1263-43D2-9926-5D6F7F359E92}) (Version: 17.1.1434.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Jade Empire (HKLM-x32\...\{EEAA7AC3-F651-4842-86E0-4C755181388B}) (Version: 1.0.1.2 - Electronic Arts)
Jewel Match 3 (HKLM-x32\...\WTA-eb0e6f16-266f-4e68-91b5-f545518f18a7) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.1005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-384623095-3799959169-1529214809-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 67.0.4 (x64 en-GB) (HKLM\...\Mozilla Firefox 67.0.4 (x64 en-GB)) (Version: 67.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 67.0.4.7109 - Mozilla)
Mozilla Thunderbird 52.5.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 52.5.0 (x86 en-GB)) (Version: 52.5.0 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.17.3.50 - Symantec Corporation)
OneClickdigital Media Manager (HKLM-x32\...\{D27E3096-E1C7-4BF1-923B-13E522646EBF}) (Version: 80.0.0.0 - Recorded Books)
Origin (HKLM-x32\...\Origin) (Version: 10.5.41.27263 - Electronic Arts, Inc.)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-7dcb96f3-d868-4737-9e51-57255b0097f9) (Version: 3.0.2.59 - WildTangent) Hidden
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The qBittorrent project)
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-29c11dfd-71b5-4d15-b84e-2f0ef1978ed4) (Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.68 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.37.1119.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7457 - Realtek Semiconductor Corp.)
Runefall (HKLM-x32\...\WTA-87623d03-6680-442b-bb46-204b297e2e19) (Version: 3.0.2.126 - WildTangent) Hidden
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.3.4730 - TeamViewer)
Telegram Desktop version 1.5.15 (HKU\S-1-5-21-384623095-3799959169-1529214809-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.5.15 - Telegram Messenger LLP)
THE SETTLERS - Heritage of Kings (HKLM-x32\...\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}) (Version: 1.00.0000 - Blue Byte)
Trinklit Supreme (HKLM-x32\...\WTA-f83c1e53-d6ab-44be-adc7-b8f13daafe30) (Version: 2.2.0.98 - WildTangent) Hidden
TunnelBear (HKLM-x32\...\{0d6e112b-ecd9-4b6a-92ed-6e708fb7de2f}) (Version: 3.6.3.0 - TunnelBear)
TunnelBear (HKLM-x32\...\{95EAEB10-FF80-47E1-BAF7-4B46C4D6A46C}) (Version: 3.6.3.0 - TunnelBear) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Updated Unofficial Fallout 3 Patch v2.3.2 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 2.3.2 - )
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
Wedding Dash (HKLM-x32\...\WTA-98e721b1-7634-44f3-a047-a9fc9cd15317) (Version: 2.2.0.95 - WildTangent) Hidden
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.14 - WildTangent) Hidden
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
Wizards & Warriors (HKLM-x32\...\Wizards & Warriors) (Version:  - )
World of Warships (HKU\S-1-5-21-384623095-3799959169-1529214809-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
Youda Jewel Shop (HKLM-x32\...\WTA-70462bb6-4383-4762-ab9d-4d4cea2fbffe) (Version: 3.0.2.51 - WildTangent) Hidden

Packages:
=========
- Games App - -> C:\Program Files\WindowsApps\WildTangentGames.-GamesApp-_1.0.3.28_x86__qt5r5pa5dyg8m [2015-08-29] (WildTangent Games)
Audiobooks from Audible -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2 [2019-06-25] (Audible Inc)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1541.3.0_x86__kgqvnymyfvs32 [2019-07-04] (king.com)
Getting Started with Windows 8 -> C:\Program Files\WindowsApps\AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6 [2015-08-29] (Hewlett-Packard Company)
HP Connected Music -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedMusic_1.5.0.253_x86__v10z8vjag6ke6 [2015-10-31] (Hewlett-Packard Company)
HP Registration -> C:\Program Files\WindowsApps\AD2F1837.HPRegistration_1.2.1.166_neutral__v10z8vjag6ke6 [2015-07-09] (Hewlett-Packard Company)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa [2019-06-06] (Apple Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
McAfee® Central for HP -> C:\Program Files\WindowsApps\2703103D.McAfeeCentral_5.0.177.1_x64__4ehj4w4frejdr [2018-04-02] (.-McAfee Inc-.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.4.0_x64__8wekyb3d8bbwe [2018-07-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.7.0_x64__8wekyb3d8bbwe [2018-07-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1807.9.0_x64__8wekyb3d8bbwe [2018-08-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-09-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.4100.0_x64__8wekyb3d8bbwe [2019-04-20] (Microsoft Studios) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11723.0_x64__8wekyb3d8bbwe [2019-06-27] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-12] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-29] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-29] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-03-21] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2018-12-14] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-29] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
mysms - Text from Computer, Messaging -> C:\Program Files\WindowsApps\UptoElevenDigitalSolution.mysms-Textanywhere_3.2.0.0_x64__c9d6r4qvva5x8 [2019-01-31] (Up to Eleven Digital Solutions GmbH)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.93.478.0_x64__mcm4njqhnhss8 [2019-06-27] (Netflix, Inc.)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.15.61.0_x64__kx24dqmazqk8j [2019-07-01] (Random Salad Games LLC) [MS Ad]
Snapfish -> C:\Program Files\WindowsApps\AD2F1837.HPConnectedPhotopoweredbySnapfish_6.1.736.0_x86__v10z8vjag6ke6 [2018-08-04] (Snapfish)
The Weather Channel for HP -> C:\Program Files\WindowsApps\Weather.TheWeatherChannelforHP_2015.1108.1.0_x64__t3yemqpq4kp7p [2015-11-09] (The Weather Channel.)
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.5.14.0_x64__8wekyb3d8bbwe [2019-07-03] (Microsoft Corporation)
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-12-01] (TripAdvisor LLC)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-384623095-3799959169-1529214809-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-384623095-3799959169-1529214809-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Emurock\Dropbox [2016-09-01 04:55]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-02-09] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-03-03] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-02-09] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-13] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.17.3.50\buShell.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.17.3.50\NavShExt.dll [2019-06-20] (Symantec Corporation -> Symantec Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --disk-cache-size=1000000000

==================== Loaded Modules (Whitelisted) ==============

2015-01-30 19:16 - 2015-01-30 19:16 - 000864768 _____ (%CFullName%) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OpBHO64.dll
2017-05-27 15:48 - 2014-02-13 15:27 - 000113166 _____ () [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\zlib1.dll
2019-01-12 20:05 - 2018-07-06 18:22 - 001603072 _____ () [File not signed] C:\Program Files (x86)\Windscribe\libGLESv2.dll
2019-01-12 20:05 - 2018-07-06 18:22 - 000071168 _____ () [File not signed] C:\Program Files (x86)\Windscribe\zlib1.dll
2015-01-30 19:07 - 2015-01-30 19:07 - 002169344 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2015-01-30 19:05 - 2015-01-30 19:05 - 000021504 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2015-01-30 19:09 - 2015-01-30 19:09 - 000065024 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-01-30 19:05 - 2015-01-30 19:05 - 000055296 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2015-01-30 19:05 - 2015-01-30 19:05 - 000035840 _____ () [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2019-06-25 23:06 - 2019-06-25 23:06 - 041113088 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.dll
2019-06-25 23:06 - 2019-06-25 23:06 - 000019968 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.exe
2019-06-22 00:15 - 2019-06-22 00:15 - 000052224 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2\AudibleSystemFileWrapperRT.dll
2019-02-20 10:12 - 2019-02-20 10:12 - 001123840 _____ () [File not signed] C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.54.0_x64__xns73kv1ymhp2\e_sqlite3.dll
2017-05-27 15:48 - 2014-02-13 15:27 - 000275528 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\libcurl.dll
2017-05-27 15:48 - 2014-02-13 15:27 - 000222792 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\traynet.dll
2017-05-27 15:48 - 2014-11-18 14:44 - 000255072 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe
2017-05-27 15:48 - 2014-02-13 15:27 - 000249928 _____ (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\uexper.dll
2015-01-30 19:06 - 2015-01-30 19:06 - 000715264 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\storeng.dll
2015-01-30 19:07 - 2015-01-30 19:07 - 001134080 _____ (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\userdata.dll
2010-11-18 21:08 - 2010-11-18 21:08 - 000086016 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-05-24 01:24 - 2018-05-24 01:24 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2018-05-24 01:24 - 2018-05-24 01:24 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2015-01-30 19:11 - 2015-01-30 19:11 - 000103424 _____ (Softex Inc.) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
2015-01-30 19:16 - 2015-01-30 19:16 - 000746064 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-01-30 19:16 - 2015-01-30 19:16 - 000431696 _____ (Softex Incorporated -> ) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2015-01-30 19:16 - 2015-01-30 19:16 - 000760912 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\hdddrv.dll
2015-01-30 19:16 - 2015-01-30 19:16 - 001384528 _____ (Softex Incorporated -> Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\SimplePass\Wbf.dll
2019-01-12 20:05 - 2018-07-06 18:22 - 000058368 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\cares.dll
2019-01-12 20:05 - 2018-09-14 00:56 - 000350208 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\libcurl.dll
2019-06-13 03:33 - 2019-06-29 22:09 - 000002560 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icudt58.dll
2019-06-13 03:33 - 2019-06-29 22:09 - 001252864 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icuuc58.dll
2019-06-13 03:34 - 2019-06-29 22:09 - 001277440 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\SSLEAY32.dll
2019-01-12 20:05 - 2018-07-06 18:22 - 001212928 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\LIBEAY32.dll
2019-01-12 20:05 - 2018-07-06 18:22 - 000276480 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\SSLEAY32.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 000709120 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Multimedia.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 000207360 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Positioning.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 000310272 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5PrintSupport.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 003513344 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Qml.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 003390976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Quick.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 000068096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5QuickWidgets.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 000045568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5TextToSpeech.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 000116224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebChannel.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 054064128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineCore.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 000211456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineWidgets.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2019-06-13 03:35 - 2019-06-29 22:09 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2019-02-28 10:34 - 2018-07-06 18:22 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qgif.dll
2019-02-28 10:34 - 2018-07-06 18:22 - 000025088 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qico.dll
2019-02-28 10:34 - 2018-07-06 18:22 - 000986624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\platforms\qwindows.dll
2019-01-12 20:05 - 2018-07-06 18:22 - 004694016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Core.dll
2019-01-12 20:05 - 2018-07-06 18:22 - 003677184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Gui.dll
2019-01-12 20:05 - 2018-07-06 18:22 - 000856064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Network.dll
2019-01-12 20:05 - 2018-07-06 18:22 - 004483072 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Widgets.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-384623095-3799959169-1529214809-1001\...\hola.org -> hxxp://hola.org

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-07-03 03:34 - 2019-07-04 02:52 - 000000911 _____ C:\WINDOWS\system32\drivers\etc\hosts

185.236.200.18 us-west-005.whiskergalaxy.com   #added by Windscribe, do not modify.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Hewlett-Packard\SimplePass\;c:\Program Files\Intel\WiFi\bin\;c:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-384623095-3799959169-1529214809-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine VPN.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EB489626-C593-407A-894A-509ECBE0D5BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{9BB3799B-4641-49EF-904B-DD2278006E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{3A4D0311-41B7-477B-ADEE-84CBA84C3464}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{B5F8388C-62BB-41E3-87F3-EDCA33153B7E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{C953CBC7-904F-4D60-8FB4-77111DE96D4C}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{49062E71-F935-4C83-A20C-95BCCE496307}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{0A1892D9-36AA-4EEF-B1DC-CF07C0434B6B}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{D7D80ADB-F211-4D98-AD65-F0D7DE74E72B}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{5FD21843-F87A-4047-886A-A04ED1C63AC0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{E644F4F4-B7E2-474C-B4E4-FCA6075D8BD6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{DE2DF5E8-9721-413D-A0CA-A14019599EBD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{AC4D2DCA-0230-4D89-96C3-1CD1ECE8A053}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C7471B1C-9F81-4EB5-82D8-10A7767A0E6D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C5677116-C350-4E5B-93C2-EC12D7A9AAF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7BFFA15B-9DDD-4DA6-8299-1C7C446545F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4A2B9C21-493A-451E-A697-35AC7E1B5A0A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B2B8D968-9FF4-4AAF-9917-ECCFBDAC3D8C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2BFAB72B-85B7-4CEC-A6E8-CB1B4163598E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{330BBDFD-AAAB-484C-A250-06EA41D117F1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe No File
FirewallRules: [{D40DAB77-11AC-4F4A-BD3A-C808D7912590}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
FirewallRules: [{C657C390-99A2-4496-A9A3-3B8D6A523F6F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe No File
FirewallRules: [{00F682F7-AF86-4F98-9F47-D84898715D48}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe No File
FirewallRules: [{3AAA5635-7D5E-4E36-9850-9C4C5AD0BB08}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel® Wireless Display -> Intel)
FirewallRules: [{21263E7A-9CB3-4AB5-B3FC-4D04022A1822}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{2C7798A8-65C3-4B70-966B-54CBD4B3C5B9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe No File
FirewallRules: [{D9757A0F-EF89-4ACA-9654-86D9B74D30B8}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{00E32EA4-FDC5-427E-9B31-9EB467BBEB1A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe No File
FirewallRules: [{CF70C960-E33A-49EB-BA23-354A7762970E}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{1A4A7B88-D791-4792-8E24-1D2F00911E5B}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{7CC51038-D028-4867-8068-87B531A6FA41}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File
FirewallRules: [{D37B3ECE-A449-4F0A-A8F0-38DC9AACF69C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV\Civilization4.exe (Firaxis Games) [File not signed]
FirewallRules: [{2A04753F-D755-446D-B693-9A2BEBADA3DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV\Civilization4.exe (Firaxis Games) [File not signed]
FirewallRules: [{A4C547DD-C1E1-4B1B-951F-E9C4DC11EE7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe (Firaxis Games) [File not signed]
FirewallRules: [{06D75616-8090-4B63-8025-C001597FE3FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe (Firaxis Games) [File not signed]
FirewallRules: [{41145BD3-2C44-4254-89B6-E86EDD997AA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe (Firaxis Games) [File not signed]
FirewallRules: [{4B839FC7-BC1D-447C-A952-99BC75F8284E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe (Firaxis Games) [File not signed]
FirewallRules: [{BFFC7706-8287-4223-9E57-39A1BD287FF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe (Firaxis Games) [File not signed]
FirewallRules: [{64CCC86C-9F78-40F0-8028-42575F9EB9EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe (Firaxis Games) [File not signed]
FirewallRules: [{DEEB8320-E560-4702-A1B3-60C77CCFCC54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games) [File not signed]
FirewallRules: [{DA855C52-5CD1-40C0-871A-BF6245BCBB10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Civilization IV Colonization\Colonization.exe (Firaxis Games) [File not signed]
FirewallRules: [{088EA805-0191-4EA3-8DDA-48D51B89D375}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander\bin\SupremeCommander.exe (Gas Powered Games) [File not signed]
FirewallRules: [{5B132D75-E20C-4625-91E7-82D1AB71C9C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supreme Commander\bin\SupremeCommander.exe (Gas Powered Games) [File not signed]
FirewallRules: [{4DFA03BD-92B6-43C2-9D97-439526BB2449}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetbase\Planetbase.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{31789E7F-4058-4E8F-97A0-A24A97636320}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Planetbase\Planetbase.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{4442DA36-6AB1-4DCE-8DA3-FA93E0E0D193}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe () [File not signed]
FirewallRules: [{C62883B6-D2A5-4C11-810E-388B9A467A45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Banished\Application-steam-x64.exe () [File not signed]
FirewallRules: [{7C40E190-E914-457E-86E1-BDED3D2A8B75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [{C1E162C6-ED52-40A2-96AB-0A8E2CA515F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe () [File not signed]
FirewallRules: [{A8B7C200-2F31-40B4-A922-9CB4FF0899CF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Anno 2070\Anno5.exe (Related Designs Software -> Related Designs) [File not signed]
FirewallRules: [{220F5376-5832-4886-8F48-FECDF3569A55}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Anno 2070\Anno5.exe (Related Designs Software -> Related Designs) [File not signed]
FirewallRules: [{FE4B42E1-77C7-4217-986D-D4111485E59D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{5E62761D-BBB2-4046-89C9-DDF53649797D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe (Firaxis Games) [File not signed]
FirewallRules: [{98435704-3BAC-4ABB-96A8-A2A8752FC8F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{CE135E49-4DA4-437B-9825-09848481A054}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Command and Conquer 3 Tiberium Wars\CNC3.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{DF214FEF-B954-4200-BC2B-D78519138B59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Twilight Struggle\TwilightStruggle.exe () [File not signed]
FirewallRules: [{F91D3A8D-18B1-47F8-AA5A-84B87AEB8CA8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Twilight Struggle\TwilightStruggle.exe () [File not signed]
FirewallRules: [{F1B95BC1-7AE7-4EB7-B283-6F31C56D5142}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Make America Great Again The Trump Presidency\MAGA.exe (Maverick Gaming) [File not signed]
FirewallRules: [{DF69DBB1-3FBB-4860-B244-72C0770309FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Make America Great Again The Trump Presidency\MAGA.exe (Maverick Gaming) [File not signed]
FirewallRules: [{BC2E6F45-94B9-430A-BA74-A6BA6F72833A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crisis in the Kremlin\Crisis_x64.exe No File
FirewallRules: [{D4164EC8-BBA3-4932-A0BC-2EB393938692}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crisis in the Kremlin\Crisis_x64.exe No File
FirewallRules: [{879C012B-90CD-4635-9C5E-B3A53825B859}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Buzz Aldrin's Space Program Manager\autorun.exe (Slitherine Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{8F798835-7BF5-427D-B687-67541996E552}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Buzz Aldrin's Space Program Manager\autorun.exe (Slitherine Ltd. -> Slitherine Publishing Ltd.)
FirewallRules: [{A729CEDC-286A-4B60-91B5-A6CD087D916C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe (Haemimont Games) [File not signed]
FirewallRules: [{C3F94545-5B59-432E-8C80-7FE9AA0D941A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tropico 5\Tropico5Steam.exe (Haemimont Games) [File not signed]
FirewallRules: [{612A7D8B-95E4-4718-8356-D039A7ACA3DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe No File
FirewallRules: [{388BB834-7308-4968-BECC-64CFEFCE570B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe No File
FirewallRules: [{66583D1F-26D3-4292-AF13-76A6962170DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> )
FirewallRules: [{B3DBA488-89BB-4BC5-B90F-3469F5C64EEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> )
FirewallRules: [{869B61F7-6BFA-43D5-BA7E-8CC2178EA4C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{E01F52DC-C580-443E-A739-03AADD5ABCBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{DBCE73F1-38CF-477B-9D87-06C9D0C0CA4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive) [File not signed]
FirewallRules: [{7AE445E6-B2F3-4D9F-95C5-EBADF04D46AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hearts of Iron IV\hoi4.exe (Paradox Interactive) [File not signed]
FirewallRules: [{094DB8E1-E918-4B3C-B16E-F4C24FEFE5C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe () [File not signed]
FirewallRules: [{DFE83D94-0C08-4BCB-9F23-85CB3601936D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe () [File not signed]
FirewallRules: [{0392DA78-D071-43A8-B6C6-43A4BD3983C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2 Remastered\Build\Final\Bioshock2HD.exe (Take-Two Interactive Software) [File not signed]
FirewallRules: [{8D3A3437-7880-42FA-8A5C-9E82215B5424}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock 2 Remastered\Build\Final\Bioshock2HD.exe (Take-Two Interactive Software) [File not signed]
FirewallRules: [{C5A010C4-6977-41DA-B910-3B92218265A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe (Valve Corp. -> Irrational Games)
FirewallRules: [{8D641C50-40CB-4E62-8AE4-01274184E3F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe (Valve Corp. -> Irrational Games)
FirewallRules: [{DF673934-054E-40CA-85B7-882510F255FB}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Anno 2205\Bin\Win64\Anno2205.exe (Blue Byte GmbH -> Ubisoft)
FirewallRules: [{A13D0025-9F62-4B5B-9E6B-12252DC1D6D5}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{AE9D34EB-DCFD-4417-9A6A-9CBB28AA2CA9}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{50FEA1A0-2BFD-4392-9028-05D81B9D9EB6}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{F9C4B477-048A-4A9C-93E9-70AE21B3B212}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{FDAC8EAD-9F1E-4C9D-B8C0-92129AB2440C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe (Valve Corp. -> Firaxis Games)
FirewallRules: [{983B13E0-96D7-4EB6-ACF6-0D23D5E2C939}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe (Valve Corp. -> Firaxis Games)
FirewallRules: [{A43B0E0D-7D02-47A4-B5F1-015FB74E6847}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe (Valve Corp. -> Firaxis Games)
FirewallRules: [{6476E584-A338-419A-BF45-52F3FE32D450}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe (Valve Corp. -> Firaxis Games)
FirewallRules: [{09F2590A-242A-46A0-B258-4DD97ADE216A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games) [File not signed]
FirewallRules: [{E1674ECC-4289-47A0-8D2A-DD5A98DADC24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe (Firaxis Games) [File not signed]
FirewallRules: [{D6C7AFEF-C02E-464B-81EB-6B91F113BF6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games) [File not signed]
FirewallRules: [{ED06D19B-D174-4500-B3CF-A9C95471638A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe (Firaxis Games) [File not signed]
FirewallRules: [{EE6E1FF4-A68B-4CAD-B0C8-758B3AFF2FB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe (Bethesda Softworks -> Bethesda Softworks, Obsidian Entertainment)
FirewallRules: [{45E056D7-67F4-4A09-BB9C-1E4C6C34EA8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe (Bethesda Softworks -> Bethesda Softworks, Obsidian Entertainment)
FirewallRules: [{6DE66C5B-1A33-4D44-81B6-0884AB5FD638}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{DEC9F99F-6CBA-4C48-9346-4296C949C122}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{BD82A567-E1B6-440E-977B-C6D0B2F62AE3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4E31F098-0C0D-4809-ADEB-8640E3E1370A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5BDC1E9E-0DCD-4977-9D80-1B212E2AC2E9}] => (Allow) C:\Program Files (x86)\Origin Games\Red Alert 3\RA3.exe (Electronic Arts -> Electronic Arts, Inc.)
FirewallRules: [{E2744AA3-8E14-4118-9B9E-758B55967D94}] => (Allow) C:\Program Files (x86)\Origin Games\Red Alert 3\RA3.exe (Electronic Arts -> Electronic Arts, Inc.)
FirewallRules: [{96C0A9A8-0D3A-4DB8-AED6-159A199A16F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crisis in the Kremlin\CrisisintheKremlin.exe () [File not signed]
FirewallRules: [{3B21D756-85E7-46CA-95A6-98C976919D3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crisis in the Kremlin\CrisisintheKremlin.exe () [File not signed]
FirewallRules: [{C122FCCE-195E-40EB-A63E-934C38CB8D59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{00C40C09-DAC3-403C-8D17-C0A70624BA2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [TCP Query User{2777AB1F-389F-4CB3-BAF4-A71DAD46D5B7}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{29655071-7187-4F72-9F47-46B13E943712}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [{A93CBDFB-C0FB-4A52-AFAF-B9E8420FCEF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{E5F170DE-D742-49B8-B6B3-123253FA6080}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{9A0CE1A3-1810-4950-AA42-2819CF9E6E32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Surviving Mars\MarsSteam.exe (Haemimont Games AD -> Haemimont Games)
FirewallRules: [{5AE317DA-B12F-4FCB-A40E-C678BC07C49C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Surviving Mars\MarsSteam.exe (Haemimont Games AD -> Haemimont Games)
FirewallRules: [{3DF7AA5C-9C11-4F20-8ECA-77DFC28AF355}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe (GSC Game World -> )
FirewallRules: [{052DBC4A-1719-4A50-BE87-9222D247153B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Clear Sky\bin\xrEngine.exe (GSC Game World -> )
FirewallRules: [{6E684C7C-2A3A-4C77-BBEE-29290EDCD9BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe (GSC Game World -> GSC Game World)
FirewallRules: [{B72C83D9-F4FD-4645-AACF-4CD235562A3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stalker Call of Pripyat\bin\xrEngine.exe (GSC Game World -> GSC Game World)
FirewallRules: [{63C4DEF6-7FA7-4F7F-98F2-6515ED0DD576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe (GSC Game World -> )
FirewallRules: [{0965CD69-27DE-488C-BD8C-F377241DD5A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe (GSC Game World -> )
FirewallRules: [{322C483D-D845-4540-A91B-72A581C315D2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7C5DFF50-0FE5-4123-A64D-938A9A15D657}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{914DBB8F-6B38-4CDF-83E4-A49470548C21}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2123863F-37F9-498E-9874-945772C7C8D2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EFD8567C-E790-4585-A57E-B924CF5216CC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2DED9DC5-395C-437E-B86B-C6599CFB9961}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{42073C62-7ECB-497B-8B3F-045E098A35D8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A1C3CED9-2193-48C9-AC73-E4E7C350454E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8825E2EA-8E7A-4478-ACC9-75A10C8A3B65}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D07DA6BC-78AD-4FC0-BCB5-166263C50690}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{C9C6AB4F-8D13-42AE-A2A7-22F3EE606492}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{5EACB6EB-BC5E-4875-9F76-FCD7D59968A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{FACBD7E7-8A8E-45EE-9EDC-DBD8E822DAFB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{19BDCB6E-7944-4144-81B0-38D202416266}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8B680AA5-CD7C-487A-B36A-5C0F131658F8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{197F44A6-EA6C-4752-AF6B-0225EEC37D5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SovietRepublic\SETUPAPPLICATION SOVIET.exe (3DIVISION) [File not signed]
FirewallRules: [{420D6E25-DB1D-49BD-A960-F10C27559102}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SovietRepublic\SETUPAPPLICATION SOVIET.exe (3DIVISION) [File not signed]
FirewallRules: [{97D02946-87C0-4F0F-8F4F-60DB44120296}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe () [File not signed]
FirewallRules: [{37294DA5-52F9-4054-AE35-48A7F01DD6B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe () [File not signed]

==================== Restore Points =========================

30-06-2019 01:23:36 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Intel® Dynamic Platform and Thermal Framework Manager
Description: Intel® Dynamic Platform and Thermal Framework Manager
Class Guid: {c3077fcd-9c3c-482f-9317-460712f23efd}
Manufacturer: Intel
Service: esif_lf
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2019 07:53:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HxOutlook.exe version 16.0.11629.20168 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 688

Start Time: 01d53299963f8c61

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe\HxOutlook.exe

Report Id: 74f2b239-29b8-46a3-b4d2-a51b4f584d8a

Faulting package full name: microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: microsoft.windowslive.mail

Error: (07/04/2019 02:52:45 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={FEC58892-B320-4345-83D9-0D8507B9242F}: The user SYSTEM dialed a connection named Windscribe IKEv2 which has failed. The error code returned on failure is 809.

Error: (07/04/2019 02:52:39 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: STEVE)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (07/04/2019 02:52:39 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: STEVE)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (07/04/2019 02:52:39 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: STEVE)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (07/04/2019 02:52:39 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: STEVE)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (07/04/2019 02:52:33 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={B5961A0D-95AB-4A33-9D6E-38EDD894F1B2}: The user SYSTEM dialed a connection named Windscribe IKEv2 which has failed. The error code returned on failure is 809.

Error: (07/04/2019 02:52:27 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: STEVE)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0


System errors:
=============
Error: (07/04/2019 10:48:17 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/04/2019 10:48:13 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/04/2019 10:48:08 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/04/2019 10:48:04 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/04/2019 10:48:00 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/04/2019 10:47:56 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/04/2019 10:47:52 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (07/04/2019 10:44:54 PM) (Source: DCOM) (EventID: 10001) (User: STEVE)
Description: Unable to start a DCOM Server: AD2F1837.HPFileViewer_4.4.32.190_x64__v10z8vjag6ke6!App.AppXvn8aca4b4h02834nb34mvr3bw63p95kb.mca as Unavailable/Unavailable. The error:
"5"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXme8jgcj6dvexvw9y7b5eaqqjt3njg6kr.mca


CodeIntegrity:
===================================

Date: 2019-06-28 02:01:37.726
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.2.47\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-28 02:01:37.687
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.2.47\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-28 02:01:37.497
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.17.2.47\BuShell.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-28 02:01:35.377
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-28 02:01:35.360
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-28 02:01:35.328
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-28 02:01:35.301
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll that did not meet the Microsoft signing level requirements.

Date: 2019-06-28 02:01:35.277
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Insyde F.21 06/05/2015
Motherboard: Hewlett-Packard 8093
Processor: Intel® Core™ i3-5010U CPU @ 2.10GHz
Percentage of memory in use: 87%
Total physical RAM: 8114.27 MB
Available physical RAM: 1054.77 MB
Total Virtual: 14258.27 MB
Available Virtual: 2883.98 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:906.87 GB) (Free:198.28 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.64 GB) (Free:2.54 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{2b606012-bf81-4d55-b768-3d1c58325c22}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.36 GB) NTFS
\\?\Volume{479ab04d-a223-4bc5-bf40-e6c1afd2c9ee}\ () (Fixed) (Total:0.99 GB) (Free:0.4 GB) NTFS
\\?\Volume{3988f7ad-b0b5-4da9-9a9d-346c2fea2f0f}\ () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2E78474F)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)

Type:

chkdsk  /f  c:

It should say:

 

"The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process.  Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N) "

 

Type:

 Y

It should say:

"This volume will be checked the next time the system restarts."

 

Reboot and it should start the disk check.  This will take

a while.

 

Once it completes:

 

Uninstall:

 

Avast SecureLine

 

TunnelBear

 

Get the McAfee Removal tool:

 

https://www.bleeping...s-removal-tool/

 

Download, Save, right click and Run As Admin.  Once it finishes:

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow

This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt

Hit Enter.  Then type::

 

notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:
 

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.



 


  • 0

#3
emufix

emufix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Completed all instructions.

After running "sfc  /scannow" I received the following: 
Windows did not find any integrity violations (a good thing)

 

Will proceed to post Output logs next few replies.

Event Viewer Tool by Vino Rosso:

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 08/07/2019 00:09:06

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/07/2019 22:47:54
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/07/2019 21:18:41
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/07/2019 19:37:13
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 01/07/2019 18:53:44
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 29/06/2019 20:59:49
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/06/2019 19:07:46
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/06/2019 19:07:05
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 31/01/2019 20:43:02
Type: Critical Category: 64
Event: 10116 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device MotoG3 (location Port_#0001.Hub_#0001) is offline due to a user-mode driver crash.  Windows will attempt to restart the device in the shared process 1 more times before moving the device in its own process.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 31/01/2019 20:43:02
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 08/01/2019 09:49:29
Type: Critical Category: 64
Event: 10116 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device MotoG3 (location Port_#0006.Hub_#0001) is offline due to a user-mode driver crash.  Windows will attempt to restart the device in the shared process 1 more times before moving the device in its own process.  Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 08/01/2019 09:49:29
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/07/2019 23:00:35
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 23:00:32
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 23:00:28
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 23:00:24
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 23:00:20
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 23:00:16
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 23:00:12
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 22:59:37
Type: Error Category: 0
Event: 10001 Source: Microsoft-Windows-DistributedCOM
Unable to start a DCOM Server: AD2F1837.HPFileViewer_4.4.32.190_x64__v10z8vjag6ke6!App.AppXvn8aca4b4h02834nb34mvr3bw63p95kb.mca as Unavailable/Unavailable. The error: "5" Happened while starting this command: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXme8jgcj6dvexvw9y7b5eaqqjt3njg6kr.mca

Log: 'System' Date/Time: 07/07/2019 22:57:57
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 22:57:53
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 22:57:49
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 22:57:46
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 22:57:42
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 22:57:38
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 22:57:34
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 22:54:52
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 22:54:48
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 22:54:44
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 22:54:40
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 07/07/2019 22:54:36
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/07/2019 23:04:05
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 07/07/2019 21:50:02
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 07/07/2019 21:48:56
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Log: 'System' Date/Time: 07/07/2019 20:25:29
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 07/07/2019 20:24:31
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Log: 'System' Date/Time: 07/07/2019 19:39:38
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 07/07/2019 19:29:40
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Log: 'System' Date/Time: 07/07/2019 17:19:06
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 07/07/2019 08:00:35
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name crl.pki.goog timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 07/07/2019 05:58:48
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 07/07/2019 04:48:50
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 07/07/2019 04:45:23
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 06/07/2019 22:06:59
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name api.twitter.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/07/2019 21:34:12
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name client.dropbox.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/07/2019 21:34:04
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name api.twitter.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/07/2019 19:11:23
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 06/07/2019 15:33:37
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name client.dropbox.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/07/2019 15:33:31
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 06/07/2019 06:07:45
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 06/07/2019 05:43:17
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

 


  • 0

#4
emufix

emufix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 08/07/2019 00:17:21

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/07/2019 22:36:58
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error.  Program: Host Process for Windows Services File: C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf  The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and     - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.     - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.  Additional Data Error value: C000009C Disk type: 3

Log: 'Application' Date/Time: 07/07/2019 22:36:58
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 10.0.17134.556, time stamp: 0xf23cada5 Faulting module name: sysmain.dll, version: 10.0.17134.191, time stamp: 0xd2f66a7b Exception code: 0xc0000006 Fault offset: 0x0000000000025434 Faulting process ID: 0x2ee8 Faulting application start time: 0x01d5351238e8ea1c Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report ID: a4a527c0-b852-4d3b-bf02-9106c08b04c2 Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 07/07/2019 22:13:37
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error.  Program: Host Process for Windows Services File: C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf  The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and     - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.     - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.  Additional Data Error value: C000009C Disk type: 3

Log: 'Application' Date/Time: 07/07/2019 22:13:37
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 10.0.17134.556, time stamp: 0xf23cada5 Faulting module name: sysmain.dll, version: 10.0.17134.191, time stamp: 0xd2f66a7b Exception code: 0xc0000006 Fault offset: 0x0000000000025434 Faulting process ID: 0x19b8 Faulting application start time: 0x01d53510b9484400 Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report ID: b34a66c9-3934-49c4-bb76-a619b8216552 Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 07/07/2019 22:09:23
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: vpnupdate.exe, version: 5.4.510.0, time stamp: 0x5d1c471f Faulting module name: vpnupdate.exe, version: 5.4.510.0, time stamp: 0x5d1c471f Exception code: 0xc0000409 Fault offset: 0x000df62d Faulting process ID: 0x4c Faulting application start time: 0x01d5350f1a603f5b Faulting application path: c:\program files\avast software\secureline\vpnupdate.exe Faulting module path: c:\program files\avast software\secureline\vpnupdate.exe Report ID: dfed988f-6565-4318-83ec-f0dec510f7c9 Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 07/07/2019 21:58:22
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error.  Program: Host Process for Windows Services File: C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf  The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and     - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.     - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.  Additional Data Error value: C000009C Disk type: 3

Log: 'Application' Date/Time: 07/07/2019 21:58:22
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 10.0.17134.556, time stamp: 0xf23cada5 Faulting module name: sysmain.dll, version: 10.0.17134.191, time stamp: 0xd2f66a7b Exception code: 0xc0000006 Fault offset: 0x0000000000025434 Faulting process ID: 0x84c Faulting application start time: 0x01d5350dfb8629b4 Faulting application path: c:\windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report ID: fb1cce75-ce8d-41ab-a62a-d561af0ad452 Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 07/07/2019 21:02:08
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program ShellExperienceHost.exe version 10.0.17134.753 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 1dd8  Start Time: 01d53503a90a9bed  Termination Time: 4294967295  Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe  Report Id: 12c19cda-53b1-4013-8d0c-74b5039194e3  Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy  Faulting package-relative application ID: App

Log: 'Application' Date/Time: 07/07/2019 20:57:31
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error.  Program: Host Process for Windows Services File: C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf  The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and     - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.     - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.  Additional Data Error value: C000009C Disk type: 3

Log: 'Application' Date/Time: 07/07/2019 20:57:31
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 10.0.17134.556, time stamp: 0xf23cada5 Faulting module name: sysmain.dll, version: 10.0.17134.191, time stamp: 0xd2f66a7b Exception code: 0xc0000006 Fault offset: 0x0000000000025434 Faulting process ID: 0x2014 Faulting application start time: 0x01d53506768a1e16 Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report ID: aa9648c9-4cbb-4a58-96ad-eec436de71bd Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 07/07/2019 20:48:34
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error.  Program: Host Process for Windows Services File: C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf  The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and     - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.     - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.  Additional Data Error value: C000009C Disk type: 3

Log: 'Application' Date/Time: 07/07/2019 20:48:34
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 10.0.17134.556, time stamp: 0xf23cada5 Faulting module name: sysmain.dll, version: 10.0.17134.191, time stamp: 0xd2f66a7b Exception code: 0xc0000006 Fault offset: 0x0000000000025434 Faulting process ID: 0x1f3c Faulting application start time: 0x01d535039d58d26c Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report ID: 1cc6a85c-6f35-41e6-b52e-b8a94d79e870 Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 07/07/2019 20:40:16
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Log: 'Application' Date/Time: 07/07/2019 20:35:06
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: vpnupdate.exe, version: 5.4.510.0, time stamp: 0x5d1c471f Faulting module name: vpnupdate.exe, version: 5.4.510.0, time stamp: 0x5d1c471f Exception code: 0xc0000409 Fault offset: 0x000df62d Faulting process ID: 0x7e4 Faulting application start time: 0x01d5350353dd0c3a Faulting application path: c:\program files\avast software\secureline\vpnupdate.exe Faulting module path: c:\program files\avast software\secureline\vpnupdate.exe Report ID: f6613e32-9006-4f39-8960-0f51b169e566 Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 07/07/2019 20:31:35
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error.  Program: Host Process for Windows Services File: C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf  The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and     - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.     - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.  Additional Data Error value: C000009C Disk type: 3

Log: 'Application' Date/Time: 07/07/2019 20:31:35
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 10.0.17134.556, time stamp: 0xf23cada5 Faulting module name: sysmain.dll, version: 10.0.17134.191, time stamp: 0xd2f66a7b Exception code: 0xc0000006 Fault offset: 0x0000000000025434 Faulting process ID: 0x880 Faulting application start time: 0x01d535022a25feb8 Faulting application path: c:\windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report ID: cc75885c-b7e6-4c81-aea9-2be034f6f6c2 Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 07/07/2019 20:15:36
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. .

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Log: 'Application' Date/Time: 07/07/2019 20:11:27
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error.  Program: Host Process for Windows Services File: C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf  The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and     - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.     - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.  Additional Data Error value: C000009C Disk type: 3

Log: 'Application' Date/Time: 07/07/2019 20:11:27
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 10.0.17134.556, time stamp: 0xf23cada5 Faulting module name: sysmain.dll, version: 10.0.17134.191, time stamp: 0xd2f66a7b Exception code: 0xc0000006 Fault offset: 0x0000000000025434 Faulting process ID: 0x2ec4 Faulting application start time: 0x01d534ffb6813367 Faulting application path: C:\WINDOWS\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report ID: f1bb2eeb-6e20-448f-9a0b-2e9bf178bc5b Faulting package full name:  Faulting package-relative application ID:

Log: 'Application' Date/Time: 07/07/2019 19:47:58
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error.  Program: Host Process for Windows Services File: C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf  The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and     - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted.     - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance.  Additional Data Error value: C000009C Disk type: 3

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/07/2019 22:37:52
Type: Warning Category: 7
Event: 508 Source: ESENT
svchost (9676,D,0) Unistore: A request to write to the file "C:\Users\Emurock\AppData\Local\Comms\UnistoreDB\store.vol" at offset 19210240 (0x0000000001252000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:02:40
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (9948,D,0) {D00C8816-A2FA-416A-8DFB-3EE31DC037A2}: A request to write to the file "C:\Users\Emurock\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb.log" at offset 49152 (0x000000000000c000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (18 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:11
Type: Warning Category: 7
Event: 510 Source: ESENT
SettingSyncHost (9948,T,97) {1490FED5-9C29-4D43-BC27-BB7BCB9375D1}: A request to write to the file "C:\Users\Emurock\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.chk" at offset 0 (0x0000000000000000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (16 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 1061 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:03
Type: Warning Category: 7
Event: 507 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 327680 (0x0000000000050000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (41 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 557056 (0x0000000000088000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 425984 (0x0000000000068000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 458752 (0x0000000000070000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 491520 (0x0000000000078000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 524288 (0x0000000000080000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 294912 (0x0000000000048000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 327680 (0x0000000000050000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 360448 (0x0000000000058000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 393216 (0x0000000000060000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 163840 (0x0000000000028000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 196608 (0x0000000000030000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 229376 (0x0000000000038000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 262144 (0x0000000000040000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 65536 (0x0000000000010000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 98304 (0x0000000000018000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 07/07/2019 21:01:01
Type: Warning Category: 1
Event: 532 Source: ESENT
DllHost (9728,D,0) Microsoft.Windows.Cortana_cw5n1h2txyewy_NOEDP_LEGACY_IDB: A request to read from the file "C:\Users\Emurock\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppData\Indexed DB\IndexedDB.edb" at offset 131072 (0x0000000000020000) for 32768 (0x00008000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 


  • 0

#5
emufix

emufix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    83.14    52 K    8 K    0            
procexp64.exe    4.58    32,564 K    66,980 K    8956    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
firefox.exe    2.48    188,464 K    253,716 K    7788    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dwm.exe    1.62    42,232 K    63,396 K    1104            
sihost.exe    1.51    6,352 K    24,484 K    6188    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    1.08    12,792 K    30,128 K    344    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
explorer.exe    0.84    49,364 K    115,976 K    2756    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.77    30,200 K    49,264 K    9664    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
svchost.exe    0.72    7,104 K    12,968 K    696    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
System    0.71    192 K    1,268 K    4            
Interrupts    0.62    0 K    0 K    n/a    Hardware Interrupts and DPCs        
firefox.exe    0.48    141,648 K    182,672 K    2120    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
Dropbox.exe    0.28    149,020 K    168,488 K    10876    Dropbox    Dropbox, Inc.    (Verified) Dropbox, Inc
NortonSecurity.exe    0.27    219,064 K    29,368 K    4020    Norton Security    Symantec Corporation    (Verified) Symantec Corporation
firefox.exe    0.27    258,476 K    287,900 K    2820    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
csrss.exe    0.16    2,508 K    5,848 K    708            
TeamViewer_Service.exe    0.13    8,172 K    22,716 K    3960    TeamViewer 14    TeamViewer GmbH    (Verified) TeamViewer GmbH
svchost.exe    0.06    2,208 K    11,504 K    1316    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
UoipService.exe    0.05    3,120 K    8,288 K    4188    UoipService    Intel    (Verified) Intel® Wireless Display
esif_assist.exe    0.04    1,560 K    5,576 K    11184            
lsass.exe    0.03    7,212 K    18,280 K    848    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
chrome.exe    0.03    149,644 K    190,568 K    9948    Google Chrome    Google LLC    (Verified) Google LLC
QtWebEngineProcess.exe    0.02    33,580 K    52,696 K    11920    Qt Qtwebengineprocess    The Qt Company Ltd.    (Verified) Dropbox, Inc
svchost.exe    0.01    2,528 K    9,200 K    1792    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
GamesAppIntegrationService.exe    0.01    1,648 K    7,564 K    10648    WildTangent Games App Integration Service    WildTangent    (Verified) WildTangent Inc
svchost.exe    0.01    30,452 K    40,924 K    3920    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
taskhostw.exe    0.01    6,408 K    16,020 K    6480    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
TeamViewer.exe    0.01    18,716 K    38,544 K    7220    TeamViewer 14    TeamViewer GmbH    (Verified) TeamViewer GmbH
AppleMobileDeviceProcess.exe    0.01    3,248 K    12,544 K    6604    MobileDeviceProcess    Apple Inc.    (Verified) Apple Inc.
csrss.exe    < 0.01    1,920 K    5,308 K    612            
SynTPEnh.exe    < 0.01    6,308 K    20,584 K    6888    Synaptics TouchPad 64-bit Enhancements    Synaptics Incorporated    (Verified) Synaptics Incorporated
TrayTipAgentE.exe    < 0.01    5,748 K    8,848 K    7372            (Certificate expired)
SearchIndexer.exe    < 0.01    33,652 K    36,820 K    7588    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe    < 0.01    11,224 K    30,500 K    5040    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
YouCamService.exe    < 0.01    4,560 K    3,652 K    7780    CyberLink YouCam Service    CyberLink Corp.    (Verified) CyberLink Corp.
QtWebEngineProcess.exe    < 0.01    28,864 K    47,160 K    4212    Qt Qtwebengineprocess    The Qt Company Ltd.    (Verified) Dropbox, Inc
Memory Compression    < 0.01    252 K    48,596 K    2248            
tv_w32.exe    < 0.01    1,488 K    7,452 K    7452            
tv_x64.exe    < 0.01    1,592 K    7,056 K    6040            
WmiPrvSE.exe    < 0.01    11,160 K    21,884 K    5240            
svchost.exe    < 0.01    9,620 K    25,948 K    3936    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    9,432 K    19,024 K    2536    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    2,104 K    7,772 K    2108    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
ZeroConfigService.exe        4,664 K    17,036 K    3888    Intel® PROSet/Wireless Zero Configure Service    Intel® Corporation    (Verified) Intel Corporation
WmiPrvSE.exe        2,704 K    8,120 K    9480            
wlanext.exe        4,920 K    16,752 K    3388            
winlogon.exe        2,348 K    10,228 K    804            
wininit.exe        1,480 K    6,512 K    700            
WindscribeService.exe        1,380 K    6,060 K    3996    Manages the firewall and controls the VPN tunnel    Windscribe Limited    (Verified) Windscribe Limited
Video.UI.exe    Suspended    23,468 K    37,800 K    9392            (No signature was present in the subject)
unsecapp.exe        1,540 K    6,644 K    4416            
SynTPHelper.exe        1,068 K    4,480 K    7616            
SynTPEnhService.exe        1,244 K    4,928 K    3880    64-bit Synaptics Pointing Enhance Service    Synaptics Incorporated    (Verified) Synaptics Incorporated
svchost.exe        2,872 K    8,220 K    596    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,804 K    19,700 K    7540    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        8,460 K    31,704 K    9676    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,348 K    13,148 K    288    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        8,792 K    27,216 K    6196    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,164 K    12,348 K    3976    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,636 K    11,960 K    3372    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,608 K    10,028 K    2452    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        14,800 K    18,484 K    1600    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,000 K    15,100 K    2836    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        9,964 K    20,364 K    1308    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,828 K    13,124 K    2696    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,092 K    8,032 K    3600    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,488 K    7,676 K    2148    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,396 K    8,916 K    4072    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,128 K    17,664 K    10132    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,788 K    7,540 K    3700    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,368 K    9,304 K    1988    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,632 K    16,504 K    3324    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,400 K    12,620 K    2304    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,228 K    7,380 K    3224    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,044 K    13,052 K    2336    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,072 K    14,836 K    3984    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        17,632 K    35,572 K    11172    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,412 K    8,604 K    1844    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,952 K    20,664 K    3904    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,084 K    6,812 K    1216    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,196 K    7,024 K    4316    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,172 K    10,644 K    3832    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,684 K    16,424 K    12012    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,324 K    10,244 K    7252    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        8,256 K    32,100 K    6332    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,528 K    5,576 K    8580    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,188 K    17,496 K    9140    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,048 K    15,712 K    1328    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,276 K    10,824 K    9708    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,800 K    8,348 K    8536    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,552 K    11,120 K    1276    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,392 K    14,232 K    7716    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,180 K    11,560 K    912    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,824 K    7,784 K    6688    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,732 K    12,724 K    5212    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,352 K    5,388 K    4952    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,988 K    7,864 K    3896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,468 K    6,104 K    4028    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,796 K    7,008 K    3708    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,308 K    5,584 K    3928    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,616 K    6,492 K    3952    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,176 K    8,244 K    2444    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,456 K    10,872 K    1432    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,304 K    9,356 K    2296    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,364 K    7,580 K    2764    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,764 K    7,156 K    2460    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,344 K    5,724 K    2132    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,812 K    7,968 K    1268    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,344 K    9,760 K    1300    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,648 K    6,856 K    1752    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,936 K    8,092 K    1696    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,184 K    10,132 K    1980    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,672 K    10,628 K    1440    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,624 K    5,920 K    1612    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,000 K    3,920 K    988    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,480 K    5,664 K    12964    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
spoolsv.exe        6,300 K    15,768 K    3484    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        520 K    1,172 K    424            
smartscreen.exe        13,580 K    26,472 K    7800    Windows Defender SmartScreen    Microsoft Corporation    (Verified) Microsoft Windows
SkypeBackgroundHost.exe    Suspended    1,980 K    11,684 K    7896    Microsoft Skype    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
SkypeApp.exe    Suspended    17,448 K    30,488 K    1780    SkypeApp    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
ShellExperienceHost.exe    Suspended    35,600 K    76,696 K    1416    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
SgrmBroker.exe        2,340 K    4,696 K    7520    System Guard Runtime Monitor Broker Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SettingSyncHost.exe        13,744 K    13,880 K    4144    Host Process for Setting Synchronization    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        5,408 K    10,108 K    812            
SecurityHealthService.exe        3,840 K    13,696 K    3944    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SearchUI.exe    Suspended    93,356 K    157,084 K    6796    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
SearchProtocolHost.exe        2,504 K    12,144 K    12512            
SearchFilterHost.exe        1,404 K    6,156 K    6508            
RuntimeBroker.exe        8,652 K    30,588 K    8204    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        11,884 K    32,212 K    8996    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        5,468 K    21,336 K    8464    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        2,044 K    8,700 K    8848    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        1,332 K    5,572 K    9408    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        4,604 K    19,400 K    9384    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RtkNGUI64.exe        8,196 K    17,676 K    9736    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe        2,240 K    8,964 K    2944    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp
RichVideo64.exe        1,568 K    6,884 K    4012    RichVideo Module        (Verified) CyberLink Corp.
RegSrvc.exe        2,008 K    9,036 K    3252    Intel® PROSet/Wireless Registry Service    Intel® Corporation    (Verified) Intel Corporation
Registry        3,800 K    18,180 K    96            
RAVBg64.exe        6,160 K    14,284 K    3056            
procexp.exe        3,160 K    10,652 K    5660    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PresentationFontCache.exe        26,920 K    21,712 K    6284    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Corporation
Origin.exe        9,372 K    22,940 K    10008    Origin    Electronic Arts    (Verified) Electronic Arts, Inc.
opvapp.exe        2,204 K    8,528 K    9308            
OPBHOBrokerDsktop.exe        2,628 K    10,248 K    8852    HP SimplePass BHO Broker    Hewlett-Packard    (Verified) Softex Incorporated
OPBHOBroker.exe        2,684 K    11,004 K    8528            
OneDrive.exe        16,852 K    52,140 K    9856    Microsoft OneDrive    Microsoft Corporation    (Verified) Microsoft Corporation
OmniServ.exe        3,504 K    12,376 K    1920     HP SimplePass Service    Softex Inc.    (No signature was present in the subject) Softex Inc.
nsWscSvc.exe        2,572 K    10,268 K    3240    Norton Security WSC Service    Symantec Corporation    (Verified) Symantec Corporation
notepad.exe        12,212 K    36,648 K    13112            
notepad.exe        2,860 K    15,040 K    7388    Notepad    Microsoft Corporation    (Verified) Microsoft Windows
NortonSecurity.exe        15,764 K    10,036 K    5944            
MSASCuiL.exe        2,016 K    9,252 K    9640    Windows Defender notification icon    Microsoft Corporation    (Verified) Microsoft Windows
Microsoft.Photos.exe    Suspended    45,748 K    76,236 K    3188            (No signature was present in the subject)
mDNSResponder.exe        1,912 K    6,652 K    2580    Bonjour Service    Apple Inc.    (Verified) Apple Inc.
LockApp.exe    Suspended    16,376 K    45,384 K    3868    LockApp.exe    Microsoft Corporation    (Verified) Microsoft Windows
LMS.exe        3,384 K    11,996 K    6212    Intel® Local Management Service    Intel Corporation    (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
jhi_service.exe        1,368 K    6,176 K    7120    Intel® Dynamic Application Loader Host Interface    Intel Corporation    (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
igfxTray.exe        3,192 K    11,316 K    1776            (Verified) Intel® pGFX
igfxHK.exe        2,400 K    9,012 K    636    igfxHK Module    Intel Corporation    (Verified) Intel® pGFX
igfxEM.exe        3,608 K    12,820 K    624    igfxEM Module    Intel Corporation    (Verified) Intel® pGFX
igfxCUIService.exe        2,044 K    8,764 K    2344    igfxCUIService Module    Intel Corporation    (Verified) Intel® pGFX
ibtsiva.exe        1,132 K    4,096 K    4080    Intel® Wireless Bluetooth® iBtSiva Service    Intel Corporation    (Verified) Intel Corporation-Wireless Connectivity Solutions
HPWMISVC.exe        1,832 K    8,252 K    8084    HP WMI Service    Hewlett-Packard Development Company, L.P.    (Verified) Hewlett-Packard Company
HPSupportSolutionsFrameworkService.exe        38,432 K    48,084 K    11136    HP Support Solutions Framework Service    HP Inc.    (Verified) HP Inc.
hpqwmiex.exe        2,064 K    9,476 K    9300    HP Software Framework WMI Service    Hewlett-Packard Company    (Verified) Hewlett-Packard Company
HPMSGSVC.exe        1,700 K    8,284 K    10844    HP Message Service    Hewlett-Packard Development Company, L.P.    (Verified) Hewlett-Packard Company
fontdrvhost.exe        7,752 K    11,088 K    996            
fontdrvhost.exe        1,668 K    3,808 K    1004            
firefox.exe        38,464 K    68,696 K    12808    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        24,788 K    46,928 K    12860    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
EvtEng.exe        5,024 K    14,296 K    4056    Intel® PROSet/Wireless Event Log Service    Intel® Corporation    (Verified) Intel Corporation
esif_uf.exe        2,180 K    7,412 K    4064    Intel® Dynamic Platform and Thermal Framework    Intel Corporation    (Verified) Intel® Software
Dropbox.exe        2,940 K    10,860 K    364    Dropbox    Dropbox, Inc.    (Verified) Dropbox, Inc
Dropbox.exe        2,020 K    8,068 K    1848    Dropbox    Dropbox, Inc.    (Verified) Dropbox, Inc
dllhost.exe        1,572 K    6,600 K    956    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        2,024 K    9,572 K    2396    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
DbxSvc.exe        2,608 K    6,440 K    4088    Dropbox Service    Dropbox, Inc.    (Verified) Dropbox, Inc
dasHost.exe        3,128 K    12,772 K    1840            
ctfmon.exe        4,572 K    14,856 K    6744            
CoolSense.exe        2,528 K    2,056 K    7132    HP CoolSense    Hewlett-Packard Development Company, L.P.    (Verified) Hewlett-Packard Company
conhost.exe        2,452 K    12,048 K    11872            
conhost.exe        5,392 K    8,112 K    3440            
cmd.exe        3,268 K    2,864 K    11904            
ClientCore.exe        4,224 K    5,688 K    6624    HP SimplePass Application    Hewlett-Packard    (Verified) Softex Incorporated
chrome.exe        30,736 K    32,948 K    7004    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        21,352 K    35,604 K    10256    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        9,724 K    23,964 K    9568    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        14,252 K    23,316 K    1680    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        58,304 K    73,064 K    10248    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        34,428 K    51,368 K    6136    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        129,676 K    142,220 K    4460    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        127,640 K    82,736 K    4436    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        3,452 K    8,880 K    10068    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        2,012 K    8,284 K    9268    Google Chrome    Google LLC    (Verified) Google LLC
AudibleRT.WindowsPhone.exe    Suspended    19,460 K    31,936 K    9332    AudibleRT.WindowsPhone        (No signature was present in the subject)

 


  • 0

#6
emufix

emufix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                        96 N/A                                         
smss.exe                       424 N/A                                         
csrss.exe                      612 N/A                                         
wininit.exe                    700 N/A                                         
csrss.exe                      708 N/A                                         
winlogon.exe                   804 N/A                                         
services.exe                   812 N/A                                         
lsass.exe                      848 KeyIso, SamSs, VaultSvc                     
svchost.exe                    988 PlugPlay                                    
fontdrvhost.exe                996 N/A                                         
fontdrvhost.exe               1004 N/A                                         
svchost.exe                    344 BrokerInfrastructure, DcomLaunch, Power,    
                                   SystemEventsBroker                          
svchost.exe                    696 RpcEptMapper, RpcSs                         
svchost.exe                    596 LSM                                         
dwm.exe                       1104 N/A                                         
svchost.exe                   1268 BthAvctpSvc                                 
svchost.exe                   1276 bthserv                                     
svchost.exe                   1300 NcbService                                  
svchost.exe                   1308 BFE, CoreMessagingRegistrar, mpssvc         
svchost.exe                   1316 TimeBrokerSvc                               
svchost.exe                   1328 Schedule                                    
svchost.exe                   1440 ProfSvc                                     
svchost.exe                   1600 EventLog                                    
svchost.exe                   1612 hidserv                                     
svchost.exe                   1696 BTAGService                                 
svchost.exe                   1752 DeviceAssociationService                    
svchost.exe                   1792 UserManager                                 
OmniServ.exe                  1920 omniserv                                    
svchost.exe                   1980 SEMgrSvc                                    
svchost.exe                   1988 nsi                                         
svchost.exe                   1432 PhoneSvc                                    
dasHost.exe                   1840 N/A                                         
svchost.exe                   2108 EventSystem                                 
svchost.exe                   2132 Themes                                      
svchost.exe                   2148 Dhcp                                        
Memory Compression            2248 N/A                                         
svchost.exe                   2296 SENS                                        
svchost.exe                   2304 NlaSvc                                      
igfxCUIService.exe            2344 igfxCUIService2.0.0.0                       
svchost.exe                   2444 AudioEndpointBuilder                        
svchost.exe                   2452 netprofm                                    
svchost.exe                   2460 FontCache                                   
svchost.exe                   2536 Winmgmt                                     
svchost.exe                   2696 Audiosrv                                    
svchost.exe                   2764 SSDPSRV                                     
svchost.exe                   2836 StateRepository                             
RtkAudioService64.exe         2944 RtkAudioService                             
RAVBg64.exe                   3056 N/A                                         
svchost.exe                   1216 DusmSvc                                     
svchost.exe                   1844 Dnscache                                    
svchost.exe                   2336 Wcmsvc                                      
svchost.exe                   3224 WinHttpAutoProxySvc                         
svchost.exe                   3324 WlanSvc                                     
svchost.exe                   3372 ShellHWDetection                            
wlanext.exe                   3388 N/A                                         
conhost.exe                   3440 N/A                                         
spoolsv.exe                   3484 Spooler                                     
svchost.exe                   3600 LanmanWorkstation                           
svchost.exe                   3700 IKEEXT                                      
svchost.exe                   3708 PolicyAgent                                 
svchost.exe                   3832 AppHostSvc                                  
SynTPEnhService.exe           3880 SynTPEnhService                             
ZeroConfigService.exe         3888 ZeroConfigService                           
svchost.exe                   3896 stisvc                                      
svchost.exe                   3904 WpnService                                  
svchost.exe                   3920 DPS                                         
svchost.exe                   3928 TrkWks                                      
svchost.exe                   3936 DiagTrack                                   
SecurityHealthService.exe     3944 SecurityHealthService                       
svchost.exe                   3952 SstpSvc                                     
TeamViewer_Service.exe        3960 TeamViewer                                  
svchost.exe                   3976 iphlpsvc                                    
svchost.exe                   3984 CryptSvc                                    
WindscribeService.exe         3996 WindscribeService                           
RichVideo64.exe               4012 RichVideo64                                 
NortonSecurity.exe            4020 NortonSecurity                              
svchost.exe                   4028 TermService                                 
EvtEng.exe                    4056 EvtEng                                      
esif_uf.exe                   4064 esifsvc                                     
svchost.exe                   4072 LanmanServer                                
ibtsiva.exe                   4080 ibtsiva                                     
DbxSvc.exe                    4088 DbxSvc                                      
mDNSResponder.exe             2580 Bonjour Service                             
nsWscSvc.exe                  3240 nsWscSvc                                    
RegSrvc.exe                   3252 RegSrvc                                     
svchost.exe                   4316 TapiSrv                                     
unsecapp.exe                  4416 N/A                                         
svchost.exe                   4952 WdiServiceHost                              
UoipService.exe               4188 IntelUSBoverIP                              
svchost.exe                   5212 RasMan                                      
WmiPrvSE.exe                  5240 N/A                                         
NortonSecurity.exe            5944 N/A                                         
sihost.exe                    6188 N/A                                         
svchost.exe                   6196 CDPUserSvc_61889                            
PresentationFontCache.exe     6284 FontCache3.0.0.0                            
svchost.exe                   6332 WpnUserService_61889                        
taskhostw.exe                 6480 N/A                                         
ClientCore.exe                6624 N/A                                         
svchost.exe                   6688 TabletInputService                          
ctfmon.exe                    6744 N/A                                         
SynTPEnh.exe                  6888 N/A                                         
svchost.exe                    288 WbioSrvc                                    
explorer.exe                  2756 N/A                                         
svchost.exe                    912 Appinfo                                     
TeamViewer.exe                7220 N/A                                         
svchost.exe                   7540 CDPSvc                                      
SynTPHelper.exe               7616 N/A                                         
svchost.exe                   7716 TokenBroker                                 
tv_w32.exe                    7452 N/A                                         
tv_x64.exe                    6040 N/A                                         
igfxEM.exe                     624 N/A                                         
igfxHK.exe                     636 N/A                                         
igfxTray.exe                  1776 N/A                                         
YouCamService.exe             7780 N/A                                         
CoolSense.exe                 7132 N/A                                         
LockApp.exe                   3868 N/A                                         
ShellExperienceHost.exe       1416 N/A                                         
dllhost.exe                    956 N/A                                         
SearchUI.exe                  6796 N/A                                         
RuntimeBroker.exe             8204 N/A                                         
RuntimeBroker.exe             8464 N/A                                         
OPBHOBroker.exe               8528 N/A                                         
svchost.exe                   8536 PcaSvc                                      
OPBHOBrokerDsktop.exe         8852 N/A                                         
RuntimeBroker.exe             8996 N/A                                         
svchost.exe                   9140 LicenseManager                              
SkypeApp.exe                  1780 N/A                                         
SettingSyncHost.exe           4144 N/A                                         
SkypeBackgroundHost.exe       7896 N/A                                         
opvapp.exe                    9308 N/A                                         
AudibleRT.WindowsPhone.ex     9332 N/A                                         
RuntimeBroker.exe             9384 N/A                                         
Video.UI.exe                  9392 N/A                                         
MSASCuiL.exe                  9640 N/A                                         
RtkNGUI64.exe                 9736 N/A                                         
OneDrive.exe                  9856 N/A                                         
chrome.exe                    9948 N/A                                         
Origin.exe                   10008 N/A                                         
chrome.exe                   10068 N/A                                         
svchost.exe                  10132 lfsvc                                       
AppleMobileDeviceProcess.     6604 N/A                                         
SearchIndexer.exe             7588 WSearch                                     
chrome.exe                    9268 N/A                                         
chrome.exe                    7004 N/A                                         
chrome.exe                    1680 N/A                                         
chrome.exe                    6136 N/A                                         
chrome.exe                    4436 N/A                                         
chrome.exe                    4460 N/A                                         
chrome.exe                   10248 N/A                                         
chrome.exe                   10256 N/A                                         
HPMSGSVC.exe                 10844 N/A                                         
Dropbox.exe                  10876 N/A                                         
TrayTipAgentE.exe             7372 N/A                                         
svchost.exe                   9676 OneSyncSvc_61889,                           
                                   PimIndexMaintenanceSvc_61889,               
                                   UnistoreSvc_61889, UserDataSvc_61889        
Dropbox.exe                   1848 N/A                                         
Dropbox.exe                    364 N/A                                         
GamesAppIntegrationServic    10648 GamesAppIntegrationService                  
RuntimeBroker.exe             9408 N/A                                         
RuntimeBroker.exe             8848 N/A                                         
jhi_service.exe               7120 jhi_service                                 
LMS.exe                       6212 LMS                                         
svchost.exe                  11172 UsoSvc                                      
SgrmBroker.exe                7520 SgrmBroker                                  
svchost.exe                   7252 StorSvc                                     
firefox.exe                   7788 N/A                                         
svchost.exe                   9708 wscsvc                                      
hpqwmiex.exe                  9300 hpqwmiex                                    
firefox.exe                   9664 N/A                                         
firefox.exe                   2120 N/A                                         
firefox.exe                   2820 N/A                                         
dllhost.exe                   2396 N/A                                         
svchost.exe                  12012 DoSvc                                       
cmd.exe                      11904 N/A                                         
conhost.exe                  11872 N/A                                         
QtWebEngineProcess.exe       11920 N/A                                         
QtWebEngineProcess.exe        4212 N/A                                         
HPSupportSolutionsFramewo    11136 HPSupportSolutionsFrameworkService          
Microsoft.Photos.exe          3188 N/A                                         
RuntimeBroker.exe             5040 N/A                                         
WmiPrvSE.exe                  9480 N/A                                         
chrome.exe                    9568 N/A                                         
HPWMISVC.exe                  8084 HPWMISVC                                    
firefox.exe                  12808 N/A                                         
svchost.exe                  12964 WdiSystemHost                               
notepad.exe                   7388 N/A                                         
svchost.exe                   8580 lmhosts                                     
notepad.exe                  13112 N/A                                         
firefox.exe                  12860 N/A                                         
smartscreen.exe               7800 N/A                                         
procexp.exe                   5660 N/A                                         
procexp64.exe                 8956 N/A                                         
esif_assist.exe               7348 N/A                                         
tasklist.exe                 11716 N/A                                         
WmiPrvSE.exe                  2128 N/A                                         
 


  • 0

#7
emufix

emufix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Speccy file

Attached Files


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Looks like the hard drive is dying:

 

HGST HTS541010A9E680
                    Manufacturer    Hitachi
                    Product Family    Unknown
                    Series Prefix    Standard
                    Model Capacity For This Specific Drive    S50GB
                    Heads    16
                    Cylinders    121,601
                    Tracks    31,008,255
                    Sectors    1,953,520,065
                    SATA type    SATA-III 6.0Gb/s
                    Device type    Fixed
                    ATA Standard    ACS2
                    Serial Number    JA1009CR2V1JXP
                    Firmware Version Number    JA0OA710
                    LBA Size    48-bit LBA
                    Power On Count    3536 times
                    Power On Time    595.5 days
                    Speed    5400 RPM
                    Features    S.M.A.R.T., APM, NCQ
                    Max. Transfer Mode    SATA III 6.0Gb/s
                    Used Transfer Mode    SATA III 6.0Gb/s
                    Interface    SATA
                    Capacity    931 GB
                    Real size    1,000,204,886,016 bytes
                    RAID Type    None
                        S.M.A.R.T
                            Status    Warning
                            ...
                                        05
                                            Attribute name    Reallocated Sectors Count
                                            Real value    458,816

                                            Current    100
                                            Worst    100
                                            Threshold    5
                                            Raw Value    0000070040
                                            Status    Good
                                        ...
                                        BB
                                            Attribute name    Reported Uncorrectable Errors
                                            Real value    21,058,224,986,504

                                            Current    44
                                            Worst    1
                                            Threshold    0
                                            Raw Value    0000051988
                                            Status    Good
                                        BC
                                            Attribute name    Command Timeout
                                            Real value    47,250,931,712

                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000600000
                                            Status    Good

...
                                 
                                        BF
                                            Attribute name    G-sense error rate
                                            Real value    3,900

                                            Current    85
                                            Worst    85
                                            Threshold    0
                                            Raw Value    0000000F3C
                                            Status    Good

                                     ...
                                        C4
                                            Attribute name    Reallocation Event Count
                                            Real value    8

                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000000008
                                            Status    Good
                                        C5
                                            Attribute name    Current Pending Sector Count
                                            Real value    40

                                            Current    100
                                            Worst    89
                                            Threshold    0
                                            Raw Value    0000000028
                                            Status    Good
                                  

 

 

Overall status is: WARNING

so it will probably fail very soon.  I have marked the really bad attributes in bold and deleted most of the others.  G-sense error rate is very high so I expect it has been dropped at least once.

 

This is a laptop so you will need a USB to SATA adapter in order to clone it which I would recommend doing as soon as possible.  You will need a new drive of the same or larger size.  Current drive is 950 GB so look for a 1 TB 2.5" (laptop) SATA-III  (6 Gb/s) drive.  I only use Western Digital Black drives (faster and last longer) 

 

Amazon: 
WD Black 1TB Performance Mobile Hard Disk Drive - 7200 RPM SATA 6 Gb/s 32MB Cache 9.5 MM 2.5 Inch - WD10JPLX
$84.95
but their Blues are OK. 

WD Blue 1TB Mobile Hard Disk Drive - 5400 RPM SATA 6 Gb/s 9.5 MM 2.5 Inch - WD10JPVX
$54.99

 

Toshiba and Hitachi are also OK but avoid Seagate drives.  They don't last.

 

and a USB to SATA adapter

Amazon has lots.  Here is one for $11


StarTech.com SATA to USB Cable - USB 3.0 to 2.5” SATA III Hard Drive Adapter - External Converter for SSD/HDD Data Transfer (USB3S2SAT3CB)
$10.99

 

(You can try the cheaper ones if you want but these have a good rep)

and clone the drive.  You can use the program from your new hard drive or you can use one of the free ones:

http://www.techrepub...-cloning-tools/

http://www.backup-ut...e-software.html

Some of them require you to boot from a CD or USB drive (it's faster that way but others like aomei can clone from within windows).  I've had good luck with Macrium 

https://www.macrium.com/reflectfree

and if that doesn't work I use Aomei
http://www.backup-ut...e-software.html

You plug the new drive into the usb-sata adapter and the adapter into your PC's USB jack.  Run the cloning software.  (Make sure you know the source drive is the old drive and the destination is the new.)

Once the cloning software finishes you shut it down, use a small Phillips screw driver to remove the 2 screws that hold the cover on the drive, remove the screws (may be 2 more screws).  Often the drive is in a carrier so you need to remove 4 more screws.  Keep the screws separate since they may be different sizes.  Remove the old drive, install the new.  Boot up and run speccy to make sure that the new drive is clean.  I would repeat the disk check, dism & sfc scans. 

 

If you are still having problems after the cloning (or if you have problems with the cloning) come back with a new FRST scan ( or tell me what went wrong with the cloning)
 


  • 0

#9
emufix

emufix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 90 posts

Many thanks for the help and advice.  I'll look at getting the hard drive replaced.

Can I ask, is there a problem with tunnelbear as software? 


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Just basic troubleshooting to remove all VPNs when a browser doesn't work.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP