Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Nero Backitup Agent - virus? Can't open my Seagate hard drive.

Nero Backitup Seagate not opening

  • Please log in to reply

#1
IndyBlue

IndyBlue

    Member

  • Member
  • PipPip
  • 95 posts

Hi! I've noticed recently (over the last couple of weeks) that, when I shut down my computer, it says that "Nero Backitup Agent" is still running. I don't know anything about Nero, and I certainly didn't download it. Cursory research shows that this is a virus (?). Also, when I tried to open my Seagate dashboard, it just hangs--I can never get to the dashboard. The interesting thing is that when I get the Nero Backitup 'still running' message, it has the Seagate icon next to it. 

Additional info: I use the free Avast virus protection program. I used to pay for HitmanPro, but I stopped my subscription. I occasionally scan with the free version of MalwareBytes, but I have a feeling I should stop being so cheap and pay for something comprehensive that will protect my computer. The problem is that I don't really know which virus protection program to go with. I've always liked Avast (and I think it has worked well for the most part), but HitmanPro (in retrospect) was perhaps adding an extra layer of protection.

I have a Dell Optiplex desktop, 64bit system. I'm also not at all knowledgeable about fixing computer issues, which is why I turn to Geeks to Go. I have not done anything to try and correct the problems yet--I wanted to get your expert advise first.

Questions:

 

(1) Is Nero a virus? Could you please advise on how to get rid of it and clean my computer?

(2) Going forward, should I be using additional (paid) virus protection, and if so, could you please recommend the best programs?

Below is my Farbar data.

Thanks in advance for all your help!

SIncerely,

IndyBlue

******
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 3-07-2019
Ran by indre (administrator) on DESKTOP-EL88UDV (Dell Inc. OptiPlex 7440 AIO) (06-07-2019 09:55:31)
Running from C:\Users\indre\Downloads
Loaded Profiles: indre (Available Profiles: indre)
Platform: Windows 10 Pro Version 1803 17134.829 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1905.28.0_x64__8wekyb3d8bbwe\Calculator.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc -> CREDANT Technologies, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.Agent.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DCF.Loader.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc -> Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.LocalServer.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc. -> Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(FabulaTech -> ) C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(FabulaTech -> ) C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(FabulaTech -> VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Intel Network Drivers -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\IntelCpHeciSvc.exe
(Intel® Wireless Display -> Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\DSAPI.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\pcdrwi.exe
(Plex, Inc -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Seagate Technology LLC -> ) E:\Start_Here_Win.exe
(Seagate Technology LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Seagate Technology LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe
(Seagate Technology LLC -> Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8853248 2016-04-14] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-14] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-29] (Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70080 2015-11-04] (FabulaTech -> )
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [302904 2019-05-07] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1562304 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1176208 2017-11-09] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1593158232-969496310-2340663774-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [142568 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
HKU\S-1-5-21-1593158232-969496310-2340663774-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-1593158232-969496310-2340663774-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1593158232-969496310-2340663774-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [23081448 2019-04-04] (Plex, Inc -> Plex, Inc.)
HKU\S-1-5-21-1593158232-969496310-2340663774-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [2186704 2019-05-22] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-18\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Drivers32-x32: [vidc.pDAD] => prodad-codec.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-20] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03DFFC2C-FC22-4010-99E9-4F38D03C4728} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113200 2019-07-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {05E39B49-EC8E-4991-9D71-943F1C76578E} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [491832 2019-06-13] (Bitdefender SRL -> Bitdefender)
Task: {06D92E0E-08B8-441B-94A2-7B231EE6DCE1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {08E2F16C-4C59-4C34-A03C-C83EEEDEBBDE} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-17] (Intel® Software Asset Manager -> Intel Corporation)
Task: {0C0614F0-18B6-495C-99F1-B61633EE7B2A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {0EBA0793-94A7-49CE-AB2C-1FEF6BA70765} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26804232 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {0FE0644F-58F4-43E8-A63F-AA62CD169246} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {134E84BB-F244-45B9-850C-CB132B12BCCC} - System32\Tasks\indre Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [1812160 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {15A95BFE-20CA-4CBB-9809-486A81348553} - System32\Tasks\indre2 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [1812160 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {1D566C7D-1CD5-4E77-826C-E0DF557F6BFA} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe)
Task: {1E20F289-46AA-4529-B808-962BFEF268A3} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-04-14] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {1E4AE78B-2D84-403D-9CD3-0703770FF0B5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [113200 2019-07-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {27CEA27E-1BF2-4A16-B5AE-DCA79020DF0D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-10-11] (Intel® Trust Services -> Intel® Corporation)
Task: {2BE02930-09E5-4DB5-86B2-C883307D310D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_207_pepper.exe [1452600 2019-06-12] (Adobe Inc. -> Adobe)
Task: {39820E81-9B7D-411F-A870-C6BEBCB2BF30} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [1698000 2015-06-05] (Intel® Software -> Intel Corporation)
Task: {4DF09A94-B680-4D73-A2BA-B28905CCA70D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39920 2018-10-24] (Garmin International, Inc. -> )
Task: {52187049-A19C-4B23-AFFC-5089227DB2E9} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [1952448 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {5EF9065E-7942-4205-9A7E-625FDF39B32F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.)
Task: {6D0AA64B-75B4-49CF-9C53-3BF5D9356A9D} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-17] (Intel® Software Asset Manager -> Intel Corporation)
Task: {7453A444-BEB4-4FEE-BBCD-A1C4C7F9DA24} - System32\Tasks\indre => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [1812160 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {7D6BCB81-3C59-4A2C-9EA3-7CB3CC74BE75} - System32\Tasks\indre2 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [1812160 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {82F39D33-C846-4F84-8898-8F68198ADD97} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [340440 2015-01-28] (CyberLink Corp. -> CyberLink Corp.)
Task: {88C9DD1C-453F-4C7D-A154-BA1FD271908E} - System32\Tasks\indre DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1562304 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
Task: {8B3F29DA-404A-4CB9-8309-9D94ECAA8D3F} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [110008 2016-04-27] (CyberLink Corp. -> CyberLink)
Task: {8D960D58-2C65-4690-A008-63A3B9664FD6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-05] (HP Inc. -> HP Inc.)
Task: {A5585A2F-2224-44F3-B48A-C02AA6E9CD5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-11] (Google Inc -> Google Inc.)
Task: {AD7C3050-8C01-411A-AAEB-54D2522EE740} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {BC446646-76E6-445A-9E76-FF7A9BCD7357} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {BE8068C1-2DB9-4BBE-9031-9E917FD77777} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448296 2019-07-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {BEEC0D34-AA7B-4933-B79B-EE5F2DA284E3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe)
Task: {C9DAB848-B95A-4118-8DAB-0AA8CAE862C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {D31AD53B-7549-49C2-8D4E-273E8786E8FC} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {DCF36F4E-53FF-403E-B92A-CAFE9380489C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {DD6E66AE-D0AA-4C99-8D5F-5BA39CA6FC45} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448296 2019-07-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {F219FE43-71D7-4843-8134-11FF7BD69ACF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1512920 2019-05-24] (Dell Inc. -> Dell Inc.)
Task: {F932D694-A1C8-4A80-9BEA-DAAFEF0B6FE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-09-11] (Google Inc -> Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6fbafdae-3f34-452d-bbc1-3182c4eed1fc}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{df5feca7-b365-4e54-a128-6afee4fc4200}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{eb569711-9ed4-49b4-a209-84f1068bb002}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1593158232-969496310-2340663774-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-1593158232-969496310-2340663774-1001 -> DefaultScope {97FF47F7-FF6D-4CCE-B19F-284086150FBF} URL = 
SearchScopes: HKU\S-1-5-21-1593158232-969496310-2340663774-1001 -> {97FF47F7-FF6D-4CCE-B19F-284086150FBF} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: CutePDF Form Filler Helper -> {D41289F2-69C6-417B-897E-C653D677CBAF} -> C:\Program Files (x86)\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll [2014-03-27] (Acro Software Inc. -> Acro Software Inc.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://meetny.webex.com/client/WBXclient-T30L10NSP6EP6-20000/webex/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-02] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: 1cu7vqt4.default-1534000050440
FF ProfilePath: C:\Users\indre\AppData\Roaming\Mozilla\Firefox\Profiles\1cu7vqt4.default-1534000050440 [2019-07-04]
FF Homepage: Mozilla\Firefox\Profiles\1cu7vqt4.default-1534000050440 -> hxxps://www.google.com/
FF Extension: (ETP Search Volume Study) - C:\Users\indre\AppData\Roaming\Mozilla\Firefox\Profiles\1cu7vqt4.default-1534000050440\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-26]
FF Extension: (Notifier for Gmail™) - C:\Users\indre\AppData\Roaming\Mozilla\Firefox\Profiles\1cu7vqt4.default-1534000050440\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2019-03-31]
FF Extension: (Honey) - C:\Users\indre\AppData\Roaming\Mozilla\Firefox\Profiles\1cu7vqt4.default-1534000050440\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2019-05-18]
FF Extension: (Avast Online Security) - C:\Users\indre\AppData\Roaming\Mozilla\Firefox\Profiles\1cu7vqt4.default-1534000050440\Extensions\wrc@avast.com.xpi [2019-06-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1593158232-969496310-2340663774-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\indre\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-04-06] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default [2019-07-06]
CHR Extension: (Slides) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-11]
CHR Extension: (YouTube) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-11]
CHR Extension: (Honey) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2019-06-15]
CHR Extension: (Notifier for Gmail™) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2019-03-25]
CHR Extension: (Adobe Acrobat) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-11]
CHR Extension: (Sheets) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-22]
CHR Extension: (Avast Online Security) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-01]
CHR Extension: (F.B.(FluffBusting)Purity) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmkinhboiljjkhaknpaeaicmdjhagpep [2019-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-07]
CHR Extension: (Gmail) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-03-26]
CHR Extension: (Chrome Media Router) - C:\Users\indre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2019-04-29] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6844776 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11413600 2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
S4 dcu-oobe; C:\Program Files (x86)\Dell\CommandUpdate\OobeService.exe [84408 2016-06-07] (Dell Inc. -> Dell Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2019-02-28] (Dell Inc -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3363824 2019-02-28] (Dell Inc -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2019-02-28] (Dell Inc -> Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7033.2285\DSAPI.exe [1050952 2019-06-02] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [151552 2015-06-29] () [File not signed]
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.Agent.exe [22280 2016-07-13] (Dell Inc -> CREDANT Technologies, Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DCF.Loader.exe [35080 2016-07-13] (Dell Inc -> Dell Inc.)
R3 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityFramework.LocalServer.exe [52488 2016-07-13] (Dell Inc -> Dell, Inc.)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [233920 2015-11-04] (FabulaTech -> )
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [6363792 2015-07-31] (FabulaTech -> )
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [356728 2019-06-12] (HP Inc. -> HP Inc.)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413752 2017-08-18] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-10-15] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel® Trust Services -> Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Trust Services -> Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-17] (Intel® Software Asset Manager -> Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel® Wireless Display -> Intel)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2019-01-23] (Intel Corporation -> )
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [217040 2019-05-22] (TEFINCOM S.A. -> )
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1140200 2019-04-04] (Plex, Inc -> Plex, Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1294448 2019-05-14] (Bitdefender SRL -> Bitdefender)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink Corp. -> CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-04-14] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16120 2017-03-27] (Seagate Technology LLC -> Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143560 2017-09-16] (Seagate Technology LLC -> Seagate Technology LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39896 2019-05-24] (Dell Inc. -> Dell Inc.)
S2 tcsd_win32.exe; C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (Security Innovation, Inc.) [File not signed]
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1158984 2016-02-23] (VMware, Inc. -> VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (FabulaTech -> VMware)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [541400 2016-03-25] (VMware, Inc. -> VMware, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4107360 2019-01-23] (Intel Corporation -> Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [207448 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [262496 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279120 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [168104 2019-06-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477584 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225600 2019-06-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385880 2019-05-30] (AVAST Software s.r.o. -> AVAST Software)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [40824 2019-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-05-08] (Techporch Incorporated -> Dell Computer Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70664 2017-08-18] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [732416 2016-10-15] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R3 IntcAzAudAddService; C:\WINDOWS\system32\drivers\RTDVHD64.sys [2677504 2016-04-14] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-07-04] (Malwarebytes Corporation -> Malwarebytes)
S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-11] (Microsoft Windows -> Intel Corporation)
R3 Netwtw06; C:\WINDOWS\system32\DRIVERS\Netwtw06.sys [8833952 2019-01-28] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [779232 2016-08-04] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R0 SEDFilter; C:\WINDOWS\System32\DRIVERS\SEDFilter.sys [197808 2016-07-13] (Dell Inc -> Dell Inc.)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2016-09-11] (SlimWare Utilities Inc. -> )
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Intel® Wireless Display -> Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-07-06 09:55 - 2019-07-06 09:58 - 000039644 _____ C:\Users\indre\Downloads\FRST.txt
2019-07-06 09:54 - 2019-07-06 09:55 - 000000000 ____D C:\FRST
2019-07-06 09:53 - 2019-07-06 09:53 - 002420224 _____ (Farbar) C:\Users\indre\Downloads\FRST64.exe
2019-07-06 00:10 - 2019-07-06 00:10 - 000056604 _____ C:\Users\indre\Desktop\ui.jpg_large
2019-07-04 10:24 - 2019-07-04 10:24 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-07-01 19:18 - 2019-07-01 19:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-06-29 23:56 - 2019-06-29 23:56 - 011069444 _____ C:\Users\indre\Downloads\thecourtshipofeddiesfather-1st (1).mpg
2019-06-29 23:55 - 2019-06-29 23:55 - 011069444 _____ C:\Users\indre\Downloads\thecourtshipofeddiesfather-1st.mpg
2019-06-29 11:29 - 2019-06-29 11:29 - 000074636 _____ C:\ProgramData\agent.update.1561822169.bdinstall.v2.bin
2019-06-27 20:31 - 2019-06-27 20:31 - 022709477 _____ C:\Users\indre\Downloads\20190627_202829_19399014677980 (1).mp4
2019-06-27 20:30 - 2019-06-27 20:30 - 022709477 _____ C:\Users\indre\Downloads\20190627_202829_19399014677980.mp4
2019-06-27 19:53 - 2019-06-27 19:53 - 000000054 ____C C:\Users\indre\Desktop\cryptic stacey 062719.txt
2019-06-24 00:13 - 2019-06-27 18:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-06-23 23:58 - 2019-06-23 23:58 - 000068279 _____ C:\Users\indre\Downloads\Iulo_Susan_References_2019.pdf
2019-06-23 14:04 - 2019-06-23 14:04 - 000128245 _____ C:\Users\indre\Downloads\Iulo_Susan_-_Resume_2019.pdf
2019-06-21 20:51 - 2019-06-21 20:51 - 000128344 _____ C:\Users\indre\Downloads\Iulo_Susan_-_resume_June_2019_FIRST DRAFT (2).pdf
2019-06-21 20:28 - 2019-06-21 20:28 - 000128344 _____ C:\Users\indre\Downloads\Iulo_Susan_-_resume_June_2019_FIRST DRAFT (1).pdf
2019-06-21 20:25 - 2019-06-21 20:25 - 000128344 _____ C:\Users\indre\Downloads\Iulo_Susan_-_resume_June_2019_FIRST DRAFT.pdf
2019-06-20 12:13 - 2019-06-20 12:13 - 000004919 _____ C:\Users\indre\Downloads\imp8A93.pdf
2019-06-20 12:13 - 2019-06-20 12:13 - 000004919 _____ C:\Users\indre\Downloads\imp8A93 (1).pdf
2019-06-18 21:05 - 2019-06-18 21:05 - 000039557 _____ C:\Users\indre\Downloads\Letters_2019_06_14_12_42_30_156.pdf
2019-06-18 02:30 - 2019-06-18 02:30 - 000363078 _____ C:\Users\indre\Downloads\Preprinted UPS label for Treasury to Farmingdale 010918.pdf
2019-06-17 14:37 - 2019-06-17 14:37 - 000350164 _____ C:\Users\indre\Downloads\Statement_062019_8810.pdf
2019-06-13 20:33 - 2019-06-13 20:33 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2019-06-13 20:32 - 2019-06-13 20:32 - 000000000 ____D C:\Program Files\Common Files\Intel
2019-06-13 18:57 - 2019-06-13 18:57 - 000042697 _____ C:\Users\indre\Downloads\Vet papers on baby panthers.pdf
2019-06-13 18:56 - 2019-06-13 18:56 - 000115738 _____ C:\Users\indre\Downloads\Indre adoption contract.pdf
2019-06-12 20:53 - 2019-06-07 07:04 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-12 20:53 - 2019-06-07 07:04 - 001633136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-12 20:53 - 2019-06-07 06:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-06-12 20:53 - 2019-06-07 06:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-12 20:53 - 2019-06-07 06:45 - 012756480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-12 20:53 - 2019-06-07 06:42 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-12 20:53 - 2019-06-07 06:41 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-12 20:53 - 2019-06-07 06:40 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-12 20:53 - 2019-06-07 06:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-12 20:53 - 2019-06-07 06:23 - 001453920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-12 20:53 - 2019-06-07 06:19 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-12 20:53 - 2019-06-07 06:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-12 20:53 - 2019-06-07 06:07 - 011942400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-12 20:53 - 2019-06-07 06:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-12 20:53 - 2019-06-07 06:04 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-12 20:53 - 2019-06-07 06:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-12 20:53 - 2019-06-07 02:07 - 000707384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-12 20:53 - 2019-06-07 02:01 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-12 20:53 - 2019-06-07 01:58 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-12 20:53 - 2019-06-07 01:58 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-12 20:53 - 2019-06-07 01:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-12 20:53 - 2019-06-07 01:58 - 000422416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-12 20:53 - 2019-06-07 01:58 - 000135176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-12 20:53 - 2019-06-07 01:58 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-12 20:53 - 2019-06-07 01:57 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-12 20:53 - 2019-06-07 01:57 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-12 20:53 - 2019-06-07 01:57 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-12 20:53 - 2019-06-07 01:57 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-12 20:53 - 2019-06-07 01:57 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-12 20:53 - 2019-06-07 01:57 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-12 20:53 - 2019-06-07 01:57 - 000792888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-12 20:53 - 2019-06-07 01:57 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-12 20:53 - 2019-06-07 01:57 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-12 20:53 - 2019-06-07 01:57 - 000494304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-12 20:53 - 2019-06-07 01:57 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-12 20:53 - 2019-06-07 01:57 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-06-12 20:53 - 2019-06-07 01:57 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-06-12 20:53 - 2019-06-07 01:57 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-12 20:53 - 2019-06-07 01:57 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-06-12 20:53 - 2019-06-07 01:57 - 000148280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-12 20:53 - 2019-06-07 01:57 - 000137448 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-06-12 20:53 - 2019-06-07 01:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-12 20:53 - 2019-06-07 01:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-06-12 20:53 - 2019-06-07 01:47 - 000380432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-12 20:53 - 2019-06-07 01:47 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-06-12 20:53 - 2019-06-07 01:46 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-12 20:53 - 2019-06-07 01:46 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-12 20:53 - 2019-06-07 01:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-12 20:53 - 2019-06-07 01:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-12 20:53 - 2019-06-07 01:46 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-06-12 20:53 - 2019-06-07 01:46 - 000357072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-12 20:53 - 2019-06-07 01:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-12 20:53 - 2019-06-07 01:38 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-12 20:53 - 2019-06-07 01:37 - 022019584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-12 20:53 - 2019-06-07 01:31 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-12 20:53 - 2019-06-07 01:27 - 022718976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-12 20:53 - 2019-06-07 01:24 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-12 20:53 - 2019-06-07 01:24 - 003400704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-12 20:53 - 2019-06-07 01:24 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-06-12 20:53 - 2019-06-07 01:23 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-12 20:53 - 2019-06-07 01:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-06-12 20:53 - 2019-06-07 01:23 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-06-12 20:53 - 2019-06-07 01:22 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-06-12 20:53 - 2019-06-07 01:22 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-12 20:53 - 2019-06-07 01:22 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-12 20:53 - 2019-06-07 01:22 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-12 20:53 - 2019-06-07 01:22 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-12 20:53 - 2019-06-07 01:21 - 007588864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-12 20:53 - 2019-06-07 01:21 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-12 20:53 - 2019-06-07 01:21 - 001778688 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-12 20:53 - 2019-06-07 01:21 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-12 20:53 - 2019-06-07 01:21 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-12 20:53 - 2019-06-07 01:21 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-12 20:53 - 2019-06-07 01:20 - 002610688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-12 20:53 - 2019-06-07 01:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-06-12 20:53 - 2019-06-07 01:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-12 20:53 - 2019-06-07 01:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-06-12 20:53 - 2019-06-07 01:19 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-12 20:53 - 2019-06-07 01:19 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-12 20:53 - 2019-06-07 01:19 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-12 20:53 - 2019-06-07 01:19 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-12 20:53 - 2019-06-07 01:19 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-12 20:53 - 2019-06-07 01:19 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-12 20:53 - 2019-06-07 01:18 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-12 20:53 - 2019-06-07 01:18 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-12 20:53 - 2019-06-07 01:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-12 20:53 - 2019-06-07 01:17 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-12 20:53 - 2019-06-07 01:17 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-12 20:53 - 2019-06-07 01:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-12 20:53 - 2019-06-07 01:16 - 001102336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-06-12 20:53 - 2019-06-07 01:16 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-12 20:53 - 2019-06-07 01:16 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-12 20:53 - 2019-06-07 01:16 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-12 20:53 - 2019-06-07 00:00 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2019-06-12 20:53 - 2019-05-18 18:12 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-12 20:53 - 2019-05-18 18:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-12 20:53 - 2019-05-18 18:12 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-12 20:53 - 2019-05-18 18:12 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-12 20:53 - 2019-05-17 08:44 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-12 20:53 - 2019-05-17 08:40 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-06-12 20:53 - 2019-05-17 08:40 - 000280888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-12 20:53 - 2019-05-17 08:27 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-12 20:53 - 2019-05-17 08:26 - 004393984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-06-12 20:53 - 2019-05-17 08:25 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-06-12 20:53 - 2019-05-17 08:25 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-06-12 20:53 - 2019-05-17 08:25 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-06-12 20:53 - 2019-05-17 08:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-06-12 20:53 - 2019-05-17 08:23 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDist.dll
2019-06-12 20:53 - 2019-05-17 08:23 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistWSDDiscoProv.dll
2019-06-12 20:53 - 2019-05-17 08:23 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-12 20:53 - 2019-05-17 08:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-12 20:53 - 2019-05-17 08:22 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-12 20:53 - 2019-05-17 08:21 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-06-12 20:53 - 2019-05-17 08:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-06-12 20:53 - 2019-05-17 08:21 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-06-12 20:53 - 2019-05-17 08:21 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2019-06-12 20:53 - 2019-05-17 08:21 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-12 20:53 - 2019-05-17 08:20 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-12 20:53 - 2019-05-17 08:20 - 001970688 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2019-06-12 20:53 - 2019-05-17 08:20 - 000725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCacheProvider.dll
2019-06-12 20:53 - 2019-05-17 08:20 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSh.dll
2019-06-12 20:53 - 2019-05-17 08:20 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistCleaner.dll
2019-06-12 20:53 - 2019-05-17 08:19 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-12 20:53 - 2019-05-17 08:07 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-06-12 20:53 - 2019-05-17 08:00 - 005658112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-12 20:53 - 2019-05-17 07:58 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-06-12 20:53 - 2019-05-17 07:58 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDist.dll
2019-06-12 20:53 - 2019-05-17 07:56 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-12 20:53 - 2019-05-17 07:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2019-06-12 20:53 - 2019-05-17 07:55 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-06-12 20:53 - 2019-05-17 07:55 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-12 20:53 - 2019-05-17 07:55 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-06-12 20:53 - 2019-05-17 07:55 - 000352256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PeerDistSh.dll
2019-06-12 20:53 - 2019-05-17 07:54 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-12 20:53 - 2019-05-17 07:54 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-06-12 20:53 - 2019-05-17 05:33 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-06-12 20:53 - 2019-05-17 04:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-06-12 20:53 - 2019-05-17 03:07 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-06-12 20:53 - 2019-05-17 02:44 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-06-12 20:53 - 2019-05-17 02:44 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-06-12 20:53 - 2019-05-17 02:43 - 000297688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-06-12 20:53 - 2019-05-17 02:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-06-12 20:53 - 2019-05-17 02:42 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-06-12 20:53 - 2019-05-17 02:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-12 20:53 - 2019-05-17 02:42 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-06-12 20:53 - 2019-05-17 02:42 - 001980256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-06-12 20:53 - 2019-05-17 02:42 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-06-12 20:53 - 2019-05-17 02:42 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-06-12 20:53 - 2019-05-17 02:42 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-06-12 20:53 - 2019-05-17 02:42 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-06-12 20:53 - 2019-05-17 02:42 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-12 20:53 - 2019-05-17 02:30 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-12 20:53 - 2019-05-17 02:26 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-12 20:53 - 2019-05-17 02:23 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-06-12 20:53 - 2019-05-17 02:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-12 20:53 - 2019-05-17 02:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-12 20:53 - 2019-05-17 02:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-06-12 20:53 - 2019-05-17 02:22 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-12 20:53 - 2019-05-17 02:21 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-06-12 20:53 - 2019-05-17 02:21 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-12 20:53 - 2019-05-17 02:21 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-12 20:53 - 2019-05-17 02:20 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-12 20:53 - 2019-05-17 02:20 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-06-12 20:53 - 2019-05-17 02:19 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-12 20:53 - 2019-05-17 02:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-12 20:53 - 2019-05-17 02:19 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-06-12 20:53 - 2019-05-17 02:19 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-12 20:53 - 2019-05-17 02:19 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2019-06-12 20:53 - 2019-05-17 02:19 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-12 20:53 - 2019-05-17 02:18 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-12 20:53 - 2019-05-17 02:18 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-12 20:53 - 2019-05-17 02:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-06-12 20:53 - 2019-05-17 02:08 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-12 20:53 - 2019-05-17 02:08 - 000723432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-12 20:53 - 2019-05-17 02:08 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-12 20:53 - 2019-05-17 02:08 - 000401328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-06-12 20:53 - 2019-05-17 02:07 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-06-12 20:53 - 2019-05-17 02:07 - 002768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-12 20:53 - 2019-05-17 02:07 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-06-12 20:53 - 2019-05-17 02:07 - 002467320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-06-12 20:53 - 2019-05-17 02:07 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-12 20:53 - 2019-05-17 02:07 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-06-12 20:53 - 2019-05-17 02:07 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-12 20:53 - 2019-05-17 02:07 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-06-12 20:53 - 2019-05-17 02:07 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-12 20:53 - 2019-05-17 02:07 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-06-12 20:53 - 2019-05-17 02:06 - 001943136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-06-12 20:53 - 2019-05-17 02:06 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-06-12 20:53 - 2019-05-17 02:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-06-12 20:53 - 2019-05-17 02:06 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-12 20:53 - 2019-05-17 02:06 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-06-12 20:53 - 2019-05-17 02:06 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-12 20:53 - 2019-05-17 02:06 - 000151888 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-12 20:53 - 2019-05-17 02:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-06-12 20:53 - 2019-05-17 02:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-06-12 20:53 - 2019-05-17 01:44 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-12 20:53 - 2019-05-17 01:38 - 004709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-12 20:53 - 2019-05-17 01:37 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-12 20:53 - 2019-05-17 01:37 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-12 20:53 - 2019-05-17 01:37 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-06-12 20:53 - 2019-05-17 01:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-12 20:53 - 2019-05-17 01:36 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-06-12 20:53 - 2019-05-17 01:36 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-12 20:53 - 2019-05-17 01:36 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-12 20:53 - 2019-05-17 01:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-12 20:53 - 2019-05-17 01:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-12 20:53 - 2019-05-17 01:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-12 20:53 - 2019-05-17 01:35 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-06-12 20:53 - 2019-05-17 01:35 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-12 20:53 - 2019-05-17 01:35 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-06-12 20:53 - 2019-05-17 01:34 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-12 20:53 - 2019-05-17 01:34 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-12 20:53 - 2019-05-17 01:34 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-12 20:53 - 2019-05-17 01:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-12 20:53 - 2019-05-17 01:34 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-12 20:53 - 2019-05-17 01:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-06-12 20:53 - 2019-05-17 01:34 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-06-12 20:53 - 2019-05-17 01:34 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2019-06-12 20:53 - 2019-05-17 01:33 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-06-12 20:53 - 2019-05-17 01:33 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-12 20:53 - 2019-05-17 01:33 - 002370560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-12 20:53 - 2019-05-17 01:33 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-06-12 20:53 - 2019-05-17 01:33 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-12 20:53 - 2019-05-17 01:33 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-06-12 20:53 - 2019-05-17 01:33 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-12 20:53 - 2019-05-17 01:32 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-06-12 20:53 - 2019-05-17 01:32 - 000815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-12 20:53 - 2019-05-17 01:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-12 20:53 - 2019-05-17 01:31 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-12 20:53 - 2019-05-17 01:31 - 003293184 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-12 20:53 - 2019-05-17 01:31 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-06-12 20:53 - 2019-05-17 01:31 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-12 20:53 - 2019-05-17 01:31 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-12 20:53 - 2019-05-17 01:31 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-12 20:53 - 2019-05-17 01:31 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-12 20:53 - 2019-05-17 01:31 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-12 20:53 - 2019-05-17 01:31 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-12 20:53 - 2019-05-17 01:31 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-12 20:53 - 2019-05-17 01:30 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-12 20:53 - 2019-05-17 01:30 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-06-12 20:53 - 2019-05-17 01:30 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-09 16:10 - 2019-06-09 16:10 - 000015819 _____ C:\Users\indre\Downloads\JILL July-2019.xlsx
2019-06-09 16:09 - 2019-06-09 16:09 - 000016442 _____ C:\Users\indre\Downloads\JILL June-2019 (1).xlsx
2019-06-09 15:59 - 2019-06-09 15:59 - 000016442 _____ C:\Users\indre\Downloads\JILL June-2019.xlsx
2019-06-09 15:55 - 2019-06-09 15:55 - 000015819 _____ C:\Users\indre\Desktop\JILL July-2019.xlsx
2019-06-09 15:40 - 2019-06-09 15:53 - 000015856 _____ C:\Users\indre\Downloads\July-2019-Calendar.xlsx
2019-06-09 15:31 - 2019-06-09 15:54 - 000016442 _____ C:\Users\indre\Desktop\JILL June-2019.xlsx
2019-06-09 15:31 - 2019-06-09 15:31 - 000017115 _____ C:\Users\indre\Downloads\June-2019-Calendar.xlsx
2019-06-09 15:30 - 2019-06-09 15:30 - 000089088 _____ C:\Users\indre\Downloads\2019-excel-calendar-planner-12.xls
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-07-06 09:46 - 2018-05-23 14:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-07-06 09:38 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-06 08:01 - 2018-05-23 14:44 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{71AF15CB-04B4-4B18-8047-5E35B9C7421E}
2019-07-06 07:58 - 2016-09-11 19:32 - 000000000 ___RD C:\Users\indre\OneDrive
2019-07-06 07:58 - 2016-09-11 19:30 - 000000000 __SHD C:\Users\indre\IntelGraphicsProfiles
2019-07-06 01:15 - 2018-06-20 22:44 - 000002365 ____C C:\Users\indre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-07-06 01:15 - 2018-05-23 14:44 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1593158232-969496310-2340663774-1001
2019-07-06 00:04 - 2016-09-17 01:09 - 000000000 ___DC C:\Users\indre\Documents\Letters
2019-07-05 22:08 - 2016-09-18 09:35 - 000000000 ___DC C:\Users\indre\AppData\Local\CrashDumps
2019-07-04 21:08 - 2019-02-24 19:35 - 000003802 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2019-07-04 12:01 - 2019-05-23 22:07 - 000003000 _____ C:\WINDOWS\System32\Tasks\indre Merge
2019-07-04 12:01 - 2019-05-23 22:07 - 000002972 _____ C:\WINDOWS\System32\Tasks\indre
2019-07-04 12:01 - 2019-02-24 19:48 - 000003004 _____ C:\WINDOWS\System32\Tasks\indre2 Merge
2019-07-04 12:01 - 2019-02-24 19:48 - 000002976 _____ C:\WINDOWS\System32\Tasks\indre2
2019-07-04 12:01 - 2018-05-23 14:44 - 000003762 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-07-04 12:01 - 2018-05-23 14:44 - 000003750 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-07-04 12:01 - 2018-05-23 14:44 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-07-04 12:01 - 2018-05-23 14:44 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-04 12:01 - 2018-05-23 14:44 - 000003298 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2019-07-04 12:01 - 2018-05-23 14:44 - 000003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2019-07-04 12:01 - 2018-05-23 14:44 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-04 12:01 - 2018-05-23 14:44 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-07-04 12:01 - 2018-05-23 14:44 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-07-04 12:01 - 2018-05-23 14:44 - 000003040 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec
2019-07-04 12:01 - 2018-05-23 14:44 - 000002806 _____ C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
2019-07-04 12:01 - 2018-05-23 14:44 - 000002784 _____ C:\WINDOWS\System32\Tasks\indre DBAgent 2 0
2019-07-04 12:01 - 2018-05-23 14:44 - 000002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2019-07-04 12:01 - 2018-05-23 14:44 - 000002674 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon
2019-07-04 12:01 - 2018-05-23 14:44 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2019-07-04 12:01 - 2018-05-23 14:44 - 000002528 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2019-07-04 12:01 - 2018-05-23 14:44 - 000002304 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2019-07-04 12:01 - 2016-11-18 22:39 - 000000000 ___DC C:\Users\indre\AppData\LocalLow\Mozilla
2019-07-04 11:13 - 2018-05-23 14:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-07-04 10:28 - 2018-05-23 14:43 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-07-04 10:28 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2019-07-04 10:23 - 2018-05-23 14:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-07-04 03:20 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-07-01 19:18 - 2019-05-14 13:15 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-07-01 19:18 - 2019-05-14 13:15 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-07-01 19:18 - 2019-05-14 13:15 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-07-01 19:18 - 2019-05-14 13:15 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-07-01 19:18 - 2019-05-14 13:15 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2019-07-01 19:18 - 2016-08-09 19:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-07-01 19:12 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-30 12:36 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-29 23:58 - 2017-10-14 21:56 - 000000000 ___DC C:\Users\indre\AppData\Roaming\vlc
2019-06-29 23:56 - 2017-10-14 21:56 - 000001141 _____ C:\Users\Public\Desktop\VLC media player.lnk
2019-06-29 11:29 - 2019-02-24 19:33 - 000000000 ____D C:\Program Files\Bitdefender Agent
2019-06-28 08:30 - 2016-09-16 13:57 - 000000000 ___DC C:\Users\indre\AppData\Roaming\VMware
2019-06-27 18:32 - 2016-09-11 19:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-06-27 00:47 - 2017-07-15 20:02 - 000014706 ____C C:\Users\indre\Documents\Indy's Finances.xlsx
2019-06-26 22:10 - 2016-09-11 19:59 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-06-24 23:23 - 2017-11-15 23:37 - 000000000 ___DC C:\Users\indre\AppData\Local\Packages
2019-06-22 03:02 - 2016-09-17 01:49 - 000000000 ___DC C:\Users\indre\Documents\Funny stuff
2019-06-21 21:34 - 2016-09-17 01:09 - 000000000 ___DC C:\Users\indre\Documents\Resumes etc
2019-06-21 16:50 - 2016-09-17 01:09 - 000000000 ___DC C:\Users\indre\Documents\Recipes
2019-06-20 20:08 - 2016-09-11 19:57 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-20 20:08 - 2016-09-11 19:57 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-06-20 20:03 - 2018-11-16 12:19 - 000000000 ____D C:\Program Files\rempl
2019-06-20 08:58 - 2017-05-09 21:49 - 000000000 ____D C:\Program Files\UNP
2019-06-20 08:51 - 2017-11-15 23:19 - 000168104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-06-18 05:52 - 2016-09-17 01:38 - 000000000 ___DC C:\Users\indre\Documents\Akiko stuff
2019-06-17 09:54 - 2017-11-15 23:19 - 000225600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-06-13 20:33 - 2016-08-09 19:33 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-13 20:33 - 2016-08-09 19:33 - 000000000 ____D C:\ProgramData\Intel
2019-06-13 20:33 - 2015-10-30 02:28 - 000000000 ____D C:\Users\Default.migrated
2019-06-13 20:32 - 2017-05-21 14:10 - 000000000 ____D C:\Program Files (x86)\Intel
2019-06-13 20:31 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2019-06-13 20:31 - 2017-05-21 14:10 - 000000000 ____D C:\Program Files\Intel
2019-06-13 18:45 - 2016-09-16 22:23 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-06-13 18:32 - 2017-11-15 23:45 - 000000000 ___RD C:\Users\indre\3D Objects
2019-06-13 18:32 - 2016-08-09 19:48 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-13 18:23 - 2018-06-09 20:55 - 000406920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-13 18:22 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-06-13 18:22 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-06-13 18:22 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-06-13 18:22 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-06-13 18:22 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-12 20:55 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-12 20:53 - 2016-09-12 20:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-12 20:50 - 2016-09-12 20:20 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-12 01:37 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2019-06-12 01:37 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
 
==================== Files in the root of some directories ================
 
2018-11-19 21:23 - 2018-11-19 21:23 - 000000017 ____C () C:\Users\indre\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 3-07-2019
Ran by indre (06-07-2019 09:58:29)
Running from C:\Users\indre\Downloads
Windows 10 Pro Version 1803 17134.829 (X64) (2018-05-23 18:44:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1593158232-969496310-2340663774-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1593158232-969496310-2340663774-503 - Limited - Disabled)
Guest (S-1-5-21-1593158232-969496310-2340663774-501 - Limited - Disabled)
indre (S-1-5-21-1593158232-969496310-2340663774-1001 - Administrator - Enabled) => C:\Users\indre
WDAGUtilityAccount (S-1-5-21-1593158232-969496310-2340663774-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Across Lite (HKLM-x32\...\{5F5C7350-9731-420F-97CC-8CAFEE7DA7A3}) (Version: 2.4.2451.1 - Literate Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.207 - Adobe)
Angry Birds (HKLM-x32\...\{2F7D5734-056F-4A0A-A1C7-CA1AAE5BB1EB}) (Version: 1.6.3.1 - Rovio)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{C1BCFECF-6EC2-4750-9072-5E2489423F8F}) (Version: 7.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B202C7F5-7DE3-4FBF-B259-E70E625F56FC}) (Version: 7.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B5A46811-3612-4DA5-8A5A-E6DED5D7C523}) (Version: 12.2.1.12 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CmgMasterPrerequisites (HKLM\...\{EE34FA4E-715A-46FA-9CAF-06E26AE4217D}) (Version: 1.10.0.34 - Dell, Inc.) Hidden
CutePDF Form Filler 3.6 (Evaluation) (HKLM-x32\...\CutePDF Form Filler (Evaluation)_is1) (Version:  - Acro Software Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.2.0 - Dell Inc.)
Dell Data Protection | Client Security Framework (HKLM\...\{FAE38E46-ECB2-44EA-A52B-6955AA6B1B3A}) (Version: 8.10.0.39 - Dell, Inc.)
Dell Data Protection | Security Tools (HKLM-x32\...\{812AA6D3-5BEB-4577-88B1-00998B91AB41}) (Version: 1.10.0.34 - Dell, Inc.) Hidden
Dell Data Protection | Security Tools (HKLM-x32\...\InstallShield_{812AA6D3-5BEB-4577-88B1-00998B91AB41}) (Version: 1.10.0.34 - Dell, Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\{806422F1-FC4E-4D7C-8855-05748AEFC031}) (Version: 3.2.2.119 - Dell Inc.)
DELLOSD (HKLM-x32\...\{BED3193A-897B-47F6-AEDC-45D147122957}) (Version: 1.0.0.0 - DELL)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
FileZilla Client 3.25.1 (HKLM-x32\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.11.24.11 - HP Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Network Connections 20.3.300.1 (HKLM\...\PROSetDX) (Version: 20.3.300.1 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.9.1053 - Intel Corporation)
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® WiDi (HKLM\...\{C7CD6D54-26AF-4D93-B06F-D81ACE8624CB}) (Version: 6.0.40.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{5B5CD20C-29F0-4857-A4FA-A4F4C716B019}) (Version: 1.1.347 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f430aa46-62c4-47a0-8a03-42e7fff664b7}) (Version: 20.120.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{A8AF3EF8-5010-4A92-BCCA-90F62A7D62B8}) (Version: 12.9.5.7 - Apple Inc.)
LaserJet 1020 series (HKLM-x32\...\HP-LaserJet 1020 series) (Version:  - )
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft Office Famille et Petite Entreprise 2016 - fr-fr (HKLM\...\HomeBusinessRetail - fr-fr) (Version: 16.0.11727.20230 - Microsoft Corporation)
Microsoft Office Hogar y Empresas 2016 - es-es (HKLM\...\HomeBusinessRetail - es-es) (Version: 16.0.11727.20230 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.11727.20230 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1593158232-969496310-2340663774-1001\...\OneDriveSetup.exe) (Version: 19.103.0527.0003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Mozilla Firefox 67.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 67.0.4 (x64 en-US)) (Version: 67.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NordVPN (HKLM-x32\...\{F4325B30-A8A0-4D09-B0DE-7CBB485A52D8}) (Version: 6.22.6 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.22.6) (Version: 6.22.6 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11727.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11727.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11727.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.11727.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.11727.20230 - Microsoft Corporation) Hidden
Plex Media Server (HKLM-x32\...\{72238E55-A877-4785-A5E9-0C35EAFB0746}) (Version: 1.15.876 - Plex, Inc.) Hidden
Plex Media Server (HKLM-x32\...\{9203fc01-57c0-4cc8-858d-92911b5142de}) (Version: 1.15.3.876 - Plex, Inc.)
Pretty Good Solitaire version 12.4.0 (HKLM-x32\...\Pretty Good Solitaire_is1) (Version: 12.4.0 - Goodsol Development Inc.)
proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6105 - Realtek Semiconductor Corp.)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.9.2.0 - Seagate)
Security Innovation TSS (HKLM\...\{0C11FE22-53F2-4C9B-9E79-824B10D0976E}) (Version: 2.1.42 - Security Innovation) Hidden
Spotify (HKU\S-1-5-21-1593158232-969496310-2340663774-1001\...\Spotify) (Version: 1.0.96.181.gf6bc1b6b - Spotify AB)
Stopping Plex (HKLM-x32\...\{3C6D43CB-1211-4C3F-8F3C-2B4F90C5BB95}) (Version: 1.15.876 - Plex, Inc.) Hidden
TextPad 8 (HKLM\...\{861AB1C1-1967-4C4A-BF86-C255E2D2B8FD}) (Version: 8.0.2 - Helios)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
VMware Horizon Client (HKLM\...\{93CEC220-0D24-41C0-8647-BA1C62A3EE89}) (Version: 4.0.1.781 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Intel Corporation (iaStorA) HDC  (08/10/2017 15.7.5.1025) (HKLM\...\FF1B55CEF8D39B696D1F5DF141ACFA7A5D1F2743) (Version: 08/10/2017 15.7.5.1025 - Intel Corporation)
Windows Driver Package - Intel Corporation (iaStorA) SCSIAdapter  (08/10/2017 15.7.5.1025) (HKLM\...\6D773A6E21B2A480569157737F58E8FF7DC6608A) (Version: 08/10/2017 15.7.5.1025 - Intel Corporation)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Zoom (HKU\S-1-5-21-1593158232-969496310-2340663774-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
 
Packages:
=========
CyberLink Media Suite Essentials -> C:\Program Files\WindowsApps\DB6EA5DB.CyberLinkMediaSuiteEssentials_1.0.10.0_x86__mcezb6ze687jp [2018-03-13] (CYBERLINK CORPORATION.)
Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.2.5.0_x64__htrsf667h5kn2 [2019-05-29] (Dell Inc)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2018-09-22] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad]
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_1.8.1812.301_x86__8wekyb3d8bbwe [2019-03-14] (Microsoft Studios) [MS Ad]
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_3.9.4100.0_x64__8wekyb3d8bbwe [2019-04-18] (Microsoft Studios) [MS Ad]
Microsoft Minesweeper -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMinesweeper_2.7.4300.0_x86__8wekyb3d8bbwe [2019-02-18] (Microsoft Studios) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.31.11723.0_x64__8wekyb3d8bbwe [2019-06-26] (Microsoft Corporation) [MS Ad]
Microsoft Phone -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-08] (Microsoft Corporation)
Microsoft Phone Companion -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-12] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-17] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.29.10701.0_x64__8wekyb3d8bbwe [2019-03-22] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.28.3242.0_x64__8wekyb3d8bbwe [2018-12-15] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
PAC-MAN Battle -> C:\Program Files\WindowsApps\50867PocketKingGames.PAC-MANBattle_1.1.0.0_x64__m8bdd0rdw5vr0 [2018-12-15] (Pocket King Games) [MS Ad]
The Backgammon -> C:\Program Files\WindowsApps\6918E89D.TheBackgammon_1.2.0.0_x64__66n08swfvvka0 [2018-12-15] (UNBALANCE corp.) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1593158232-969496310-2340663774-1001_Classes\CLSID\{5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9}\InprocServer32 -> C:\Program Files\TextPad 8\System\ShellExt64.dll (Helios Software Solutions Ltd -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127171.inf_amd64_368f8c7337214025\igfxDTCM.dll [2018-03-22] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers1_S-1-5-21-1593158232-969496310-2340663774-1001: [TextPad8] -> {5A9E21A2-851A-4BEB-B16F-DBBE7D648AF9} => C:\Program Files\TextPad 8\System\ShellExt64.dll [2016-02-28] (Helios Software Solutions Ltd -> )
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-08-09 19:32 - 2015-06-29 20:13 - 000151552 _____ () [File not signed] C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
2019-01-21 07:55 - 2019-01-21 07:55 - 000251392 _____ () [File not signed] C:\Program Files (x86)\NordVPN\x86\Liberation.Native.Firewall.dll
2015-05-19 12:11 - 2015-05-19 12:11 - 000335872 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
2016-03-25 23:50 - 2016-03-25 23:50 - 001491968 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\LIBEAY32.dll
2016-03-25 23:50 - 2016-03-25 23:50 - 000298496 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\SSLEAY32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1593158232-969496310-2340663774-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1593158232-969496310-2340663774-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2019-01-10 23:55 - 000002507 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Dell\Dell Data Protection\Drivers\TSS\bin\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-1593158232-969496310-2340663774-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\indre\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F26FF42A-FABC-4237-AF27-9A74BAD6E0C7}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{B71B19F6-E012-4D87-BC64-170CDB9AE748}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{FF6FAF1B-3C9B-4453-9D51-82A62172D810}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6A551C3A-B926-43D8-9A75-06A3CEEB5AAF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AD297B5D-2C9A-4E26-9193-5DEFE2B8D5DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6CC73312-41C6-4002-A0B0-4F73A84DBE2F}] => (Allow) LPort=8888
FirewallRules: [{277A97E1-8E11-4C68-985D-B7CC9AFC4A42}] => (Allow) LPort=8888
FirewallRules: [{B768845C-68FA-4F5D-8CB0-8915F5518FBE}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel® Wireless Display -> Intel)
FirewallRules: [TCP Query User{3696DD75-4C0C-490B-A914-59C0D82CE209}C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe] => (Allow) C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [UDP Query User{881A5D70-E076-4553-AFB1-5DCEB88E106E}C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe] => (Allow) C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [TCP Query User{56C4283E-A791-4CBC-9F68-AC60C8E0C7B4}C:\users\indre\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\indre\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{1DC4DC8A-7F42-44CE-9FE4-78B806402CE0}C:\users\indre\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\indre\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3E499D19-4DBA-4DEF-8CF8-19DA405CDB89}] => (Block) C:\users\indre\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{69A76876-400F-4C97-9AC9-188D74D4DEA6}] => (Block) C:\users\indre\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5F21DD4B-F8C9-49D7-A5C4-9E6B89EFE625}] => (Allow) LPort=8889
FirewallRules: [{FE7FEA92-FE61-4E07-AB28-B07698433507}] => (Allow) LPort=8889
FirewallRules: [TCP Query User{5BEC10D3-14A2-4D91-86E2-3FF9AC49678E}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe (Seagate Technology LLC -> Seagate Technology LLC)
FirewallRules: [UDP Query User{DC37BDA6-DFD4-4AE9-A106-AF2D1149CAC6}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe (Seagate Technology LLC -> Seagate Technology LLC)
FirewallRules: [{2F7C3E13-8189-49BC-AD54-293606BAB75F}] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe (Seagate Technology LLC -> Seagate Technology LLC)
FirewallRules: [{2A5D3459-4437-4C54-AAC4-9E96FEE61614}] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe (Seagate Technology LLC -> Seagate Technology LLC)
FirewallRules: [{DED84BE3-3BD6-4E0D-A420-B30E49FC626F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{56381F91-7873-4CEA-8ABE-E10213107A2E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{835008C9-6A51-4365-AFEC-F24E67C44C2E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc -> Plex, Inc.)
FirewallRules: [{B9F683A9-6869-4425-ACDF-4BBE734023A1}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc -> Python Software Foundation)
FirewallRules: [{73C29C77-9A88-433D-8F93-2CEF6E260A57}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc -> Plex, Inc.)
FirewallRules: [{FCB7161E-863C-4365-A934-94FC0E83A38E}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc -> )
FirewallRules: [{F52C8ACB-334D-404D-AC77-F60981439024}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{35F1740E-5C7F-48A0-9424-553F25A67238}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4D93D1F7-7788-460E-AB49-CA919F927793}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{F29C6F66-709F-4614-A9A3-B60FCED2E26A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
12-06-2019 20:50:45 Windows Update
20-06-2019 20:03:03 Windows Update
29-06-2019 20:49:28 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/06/2019 08:19:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.17134.677 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 4d20
 
Start Time: 01d533f222cd6188
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: 35cc073a-c89c-4ede-978c-c0ef19ac3a39
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/06/2019 08:17:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Dashboard.exe version 4.9.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 43f4
 
Start Time: 01d533f4a729cf15
 
Termination Time: 7
 
Application Path: C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
 
Report Id: 9272933d-abf9-4f27-8629-e2a0f68730cb
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/06/2019 01:49:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Dashboard.exe version 4.9.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 33f8
 
Start Time: 01d533be2fe3f3a1
 
Termination Time: 3
 
Application Path: C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
 
Report Id: 245b2ac8-4b78-4d40-b66d-bd08ba356179
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/05/2019 10:08:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.17134.1, time stamp: 0x96e0391b
Faulting module name: windows.storage.dll, version: 10.0.17134.829, time stamp: 0xc1a194df
Exception code: 0xc0000005
Fault offset: 0x0000000000036326
Faulting process id: 0x3fc
Faulting application start time: 0x01d5339f9d7d2b71
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\System32\windows.storage.dll
Report Id: 03812979-0202-40ff-8b54-9597e07eaed1
Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1
 
Error: (07/04/2019 10:26:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.9.1053, time stamp: 0x5718affa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x052d006d
Faulting process id: 0x2db0
Faulting application start time: 0x01d5327475378210
Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 8baf5517-f9da-440b-bd51-e2633297b930
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/04/2019 10:26:29 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (07/03/2019 10:43:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5
Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228
Exception code: 0xc000027b
Fault offset: 0x000000000009cad5
Faulting process id: 0x1cbc
Faulting application start time: 0x01d532123ab1d86c
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 63e6ab70-7c3a-4fff-b9d9-06a74a786957
Faulting package full name: DellInc.DellSupportAssistforPCs_3.2.5.0_x64__htrsf667h5kn2
Faulting package-relative application ID: App
 
Error: (07/03/2019 10:13:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.9.1053, time stamp: 0x5718affa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0610006d
Faulting process id: 0x2d64
Faulting application start time: 0x01d5320dfdb18c6c
Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 2c041501-2685-4d73-91c7-8b0fa0a6a6f1
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (07/06/2019 09:59:05 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
Error: (07/06/2019 09:59:01 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
Error: (07/06/2019 09:58:58 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
Error: (07/06/2019 09:58:54 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
Error: (07/06/2019 09:58:50 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
Error: (07/06/2019 09:58:46 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
Error: (07/06/2019 09:58:42 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
Error: (07/06/2019 09:58:39 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
 
CodeIntegrity:
===================================
 
Date: 2019-03-03 22:00:58.068
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-02-18 01:38:19.272
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\ashShell.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.8.6 12/12/2017
Motherboard: Dell Inc. 0X2MKR
Processor: Intel® Core™ i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 56%
Total physical RAM: 8048.94 MB
Available physical RAM: 3524.75 MB
Total Virtual: 9968.94 MB
Available Virtual: 4728.88 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:224.73 GB) (Free:105.97 GB) NTFS
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:1863.02 GB) (Free:1373.09 GB) NTFS
 
\\?\Volume{a8007518-d8a3-4a74-92ee-2363fddb05a7}\ (WINRETOOLS) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{616afac5-ee60-493d-8f6b-5152f9f29468}\ (Image) (Fixed) (Total:12.69 GB) (Free:0.63 GB) NTFS
\\?\Volume{dbd7410f-196c-49b5-bb90-bbf877a175c2}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.44 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 4FCEFFCB)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,737 posts
  • MVP
Error: (07/06/2019 09:59:05 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

 

 

Suspect this is your E: drive.  See if you can run a check disk on it:

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)

chkdsk  /f  e:

(It may need to reboot in order to run the check.  Let it.

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.



 

 




 


  • 0

#3
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

Dear RKinner,

First off, thank you SO much for your detailed reply! Before I begin, I need to ask one more bit of advice. I went ahead and bought Kaspersky's Total Protection for my computer and installed it. At this moment, it's doing a full scan of my computer (which is going to take hours). I can still use the computer, though. (At the moment, it's working on my the E Drive.)

 

What should I do? Should I stop the scan and follow your instructions? Or should I allow the scan to continue and follow your instructions? Will the Kaspersky program interfere with any of your above instructions?

Sorry, I just got so paranoid about not having serious protection that I went ahead and ordered the Kaspersky.

Note: I also use NordVPN, but I don't have it connected at this very moment.

I appreciate your help so much--thanks again!

IndyBlue


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,737 posts
  • MVP

Kaspersky won't interfere.  Might as well let it finish its scan first.


  • 0

#5
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

Will do. Note: the scan is taking HOURS. So, I may have to respond tomorrow. THANK YOU AGAIN for everything. I'll be in touch as soon as the scan is finished!


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,737 posts
  • MVP

No hurry.   Have to watch TV with the wife now anyway. 


  • 0

#7
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

:D


  • 0

#8
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

Hi, RKinner!

 

The Kaspersky scan took over 24 hours but then stopped. I decided to go ahead with your suggested fix, and then I'll start the Kaspersky scan over later.

 

My computer is acting strangely this morning. It's showing that the Internet is disconnected, but I'm still connected. And Chrome won't open, even though Firefox and IE are working fine. I'm going to attempt your fix now, and then try to clean up the rest of the mess.

 

I'll be in touch with my results. Thanks again!

 

IndyBlue


  • 0

#9
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

OK, here are my results:

 

1) After the first two steps, I got this: Windows did not find any integrity violations (a good thing)

 

2) Vino's System Log:
 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 08/07/2019 10:43:09 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/07/2019 2:43:29 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:43:24 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:43:19 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:43:13 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:43:07 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:43:02 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:42:56 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:42:51 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:42:46 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:42:41 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:42:35 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:42:30 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:42:25 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:42:19 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:42:14 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:42:09 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:42:04 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:41:59 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:41:54 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
Log: 'System' Date/Time: 08/07/2019 2:41:48 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk1\DR1, has a bad block.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/07/2019 2:19:32 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 08/07/2019 1:20:31 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ksn-cinfo-geo.kaspersky-labs.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/07/2019 1:20:24 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/07/2019 1:20:22 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/07/2019 1:29:11 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/07/2019 1:28:34 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 08/07/2019 1:04:27 AM
Type: Warning Category: 0
Event: 153 Source: Disk
The IO operation at logical block address 0x368dd6c0 for Disk 1 (PDO name: \Device\0000004a) was retried.
 
Log: 'System' Date/Time: 08/07/2019 1:04:27 AM
Type: Warning Category: 0
Event: 129 Source: UASPStor
Reset to device, \Device\RaidPort1, was issued.
 
Log: 'System' Date/Time: 08/07/2019 1:01:51 AM
Type: Warning Category: 0
Event: 6105 Source: Netwtw06
6105 - deauth after EAPOL key exchange sequence
 
Log: 'System' Date/Time: 07/07/2019 8:16:01 PM
Type: Warning Category: 0
Event: 1073 Source: User32
The attempt by user DESKTOP-EL88UDV\indre to restart/shutdown computer DESKTOP-EL88UDV failed
 
Log: 'System' Date/Time: 06/07/2019 4:57:02 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\WINDOWS\System32\IWMSSvc.dll 
 
Log: 'System' Date/Time: 06/07/2019 1:47:19 PM
Type: Warning Category: 0
Event: 1073 Source: User32
The attempt by user DESKTOP-EL88UDV\indre to restart/shutdown computer DESKTOP-EL88UDV failed
 
Log: 'System' Date/Time: 06/07/2019 11:59:04 AM
Type: Warning Category: 0
Event: 6105 Source: Netwtw06
6105 - deauth after EAPOL key exchange sequence
 
Log: 'System' Date/Time: 06/07/2019 5:45:58 AM
Type: Warning Category: 0
Event: 1073 Source: User32
The attempt by user DESKTOP-EL88UDV\indre to restart/shutdown computer DESKTOP-EL88UDV failed
 
Log: 'System' Date/Time: 06/07/2019 5:45:21 AM
Type: Warning Category: 0
Event: 1073 Source: User32
The attempt by user DESKTOP-EL88UDV\indre to restart/shutdown computer DESKTOP-EL88UDV failed
 
Log: 'System' Date/Time: 06/07/2019 2:08:13 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 06/07/2019 2:08:12 AM
Type: Warning Category: 0
Event: 6105 Source: Netwtw06
6105 - deauth after EAPOL key exchange sequence
 
Log: 'System' Date/Time: 06/07/2019 2:08:07 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name emupdate.avcdn.net timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 06/07/2019 2:08:06 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name geo-prod.do.dsp.mp.microsoft.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 06/07/2019 2:08:04 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.bing.com timed out after none of the configured DNS servers responded.

3) Vino's Application Log:

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 08/07/2019 10:46:31 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/07/2019 2:22:49 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.9.1053, time stamp: 0x5718affa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x049f0475 Faulting process id: 0x2958 Faulting application start time: 0x01d5359898516219 Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe Faulting module path: unknown Report Id: ccc2262e-854c-474e-9ade-1d1196224674 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 08/07/2019 2:22:49 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 
 
Log: 'Application' Date/Time: 06/07/2019 5:04:37 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 06/07/2019 5:00:28 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.9.1053, time stamp: 0x5718affa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x05a0006d Faulting process id: 0x19b4 Faulting application start time: 0x01d5341c45f00090 Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe Faulting module path: unknown Report Id: 43c4f7fa-7c44-4205-8dd3-b9e38a6a289f Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 06/07/2019 5:00:27 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 
 
Log: 'Application' Date/Time: 06/07/2019 12:19:32 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program explorer.exe version 10.0.17134.677 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 4d20  Start Time: 01d533f222cd6188  Termination Time: 0  Application Path: C:\Windows\explorer.exe  Report Id: 35cc073a-c89c-4ede-978c-c0ef19ac3a39  Faulting package full name:   Faulting package-relative application ID:  
 
Log: 'Application' Date/Time: 06/07/2019 12:17:33 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Dashboard.exe version 4.9.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 43f4  Start Time: 01d533f4a729cf15  Termination Time: 7  Application Path: C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe  Report Id: 9272933d-abf9-4f27-8629-e2a0f68730cb  Faulting package full name:   Faulting package-relative application ID:  
 
Log: 'Application' Date/Time: 06/07/2019 5:49:43 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Dashboard.exe version 4.9.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.  Process ID: 33f8  Start Time: 01d533be2fe3f3a1  Termination Time: 3  Application Path: C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe  Report Id: 245b2ac8-4b78-4d40-b66d-bd08ba356179  Faulting package full name:   Faulting package-relative application ID:  
 
Log: 'Application' Date/Time: 06/07/2019 2:08:11 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: RuntimeBroker.exe, version: 10.0.17134.1, time stamp: 0x96e0391b Faulting module name: windows.storage.dll, version: 10.0.17134.829, time stamp: 0xc1a194df Exception code: 0xc0000005 Fault offset: 0x0000000000036326 Faulting process id: 0x3fc Faulting application start time: 0x01d5339f9d7d2b71 Faulting application path: C:\Windows\System32\RuntimeBroker.exe Faulting module path: C:\WINDOWS\System32\windows.storage.dll Report Id: 03812979-0202-40ff-8b54-9597e07eaed1 Faulting package full name: Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: runtimebroker07f4358a809ac99a64a67c1
 
Log: 'Application' Date/Time: 04/07/2019 2:26:29 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.9.1053, time stamp: 0x5718affa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x052d006d Faulting process id: 0x2db0 Faulting application start time: 0x01d5327475378210 Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe Faulting module path: unknown Report Id: 8baf5517-f9da-440b-bd51-e2633297b930 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 04/07/2019 2:26:29 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 
 
Log: 'Application' Date/Time: 04/07/2019 2:43:15 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: backgroundTaskHost.exe, version: 10.0.17134.1, time stamp: 0xcb43d9c5 Faulting module name: twinapi.appcore.dll, version: 10.0.17134.137, time stamp: 0xb5d50228 Exception code: 0xc000027b Fault offset: 0x000000000009cad5 Faulting process id: 0x1cbc Faulting application start time: 0x01d532123ab1d86c Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report Id: 63e6ab70-7c3a-4fff-b9d9-06a74a786957 Faulting package full name: DellInc.DellSupportAssistforPCs_3.2.5.0_x64__htrsf667h5kn2 Faulting package-relative application ID: App
 
Log: 'Application' Date/Time: 04/07/2019 2:13:00 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.9.1053, time stamp: 0x5718affa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0610006d Faulting process id: 0x2d64 Faulting application start time: 0x01d5320dfdb18c6c Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe Faulting module path: unknown Report Id: 2c041501-2685-4d73-91c7-8b0fa0a6a6f1 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 04/07/2019 2:12:59 AM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 
 
Log: 'Application' Date/Time: 03/07/2019 12:24:05 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.9.1053, time stamp: 0x5718affa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x04f10475 Faulting process id: 0x12f4 Faulting application start time: 0x01d531359c5cbcd3 Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe Faulting module path: unknown Report Id: 7e61e707-3148-4f1d-8979-bc6ce03c7295 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 03/07/2019 12:24:05 AM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 
 
Log: 'Application' Date/Time: 01/07/2019 11:14:47 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.9.1053, time stamp: 0x5718affa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x064fa7dd Faulting process id: 0x10ec Faulting application start time: 0x01d53062c34ee5c2 Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe Faulting module path: unknown Report Id: 75869a81-f94c-48fc-ac35-ce032b1e80d0 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 01/07/2019 11:14:47 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 
 
Log: 'Application' Date/Time: 30/06/2019 4:29:27 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: IAStorDataMgrSvc.exe, version: 14.8.9.1053, time stamp: 0x5718affa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x0627a565 Faulting process id: 0x3e04 Faulting application start time: 0x01d52f60f8e8c730 Faulting application path: C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe Faulting module path: unknown Report Id: f0cd0418-e5be-4a95-b8e9-f7167e3c1e20 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 30/06/2019 4:29:27 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/07/2019 2:20:20 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 08/07/2019 1:39:24 PM
Type: Warning Category: 1
Event: 636 Source: ESENT
DllHost (25716,D,35) Internet_NOEDP_LEGACY_IDB: Flush map file "C:\Users\indre\AppData\Local\Microsoft\Internet Explorer\Indexed DB\Internet.jfm" will be deleted. Reason: ReadHdrFailed.
 
Log: 'Application' Date/Time: 08/07/2019 1:39:24 PM
Type: Warning Category: 1
Event: 640 Source: ESENT
DllHost (25716,D,35) Internet_NOEDP_LEGACY_IDB: Error -1919 validating header page on flush map file "C:\Users\indre\AppData\Local\Microsoft\Internet Explorer\Indexed DB\Internet.jfm". The flush map file will be invalidated.  Additional information: [SignDbHdrFromDb:Create time:00/00/1900 00:00:00.000 Rand:0 Computer:] [SignFmHdrFromDb:Create time:00/00/1900 00:00:00.000 Rand:0 Computer:] [SignDbHdrFromFm:Create time:05/23/2019 19:59:34.353 Rand:2783080637 Computer:] [SignFmHdrFromFm:Create time:05/23/2019 20:04:34.392 Rand:2601860742 Computer:]
 
Log: 'Application' Date/Time: 08/07/2019 1:01:52 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 07/07/2019 8:57:46 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 07/07/2019 12:57:46 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 06/07/2019 4:57:46 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 06/07/2019 2:24:10 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 06/07/2019 11:58:36 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 06/07/2019 2:07:52 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 05/07/2019 6:24:10 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 05/07/2019 1:06:15 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 04/07/2019 2:24:16 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 04/07/2019 2:10:47 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 03/07/2019 12:21:52 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 01/07/2019 11:12:34 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 01/07/2019 12:27:11 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 30/06/2019 4:27:14 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 30/06/2019 4:47:41 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
Log: 'Application' Date/Time: 29/06/2019 8:47:41 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint d5 ae 17 12 0d 3a fb 5c 33 91 f7 01 1c 17 7c 60 b1 7e 14 3d is about to expire or already expired.
 
4) Data from Process Explorer:

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 96.70 52 K 8 K 0
procexp (1)64.exe 1.33 61,720 K 82,968 K 12452 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 0.35 60,952 K 42,984 K 1356 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
nordvpn-service.exe 0.34 26,524 K 29,884 K 5208 nordvpn-service (Verified) TEFINCOM S.A.
Interrupts 0.23 0 K 0 K n/a Hardware Interrupts and DPCs
NordVPN.exe 0.21 162,468 K 161,568 K 14996 NordVPN NordVPN (Verified) TEFINCOM S.A.
csrss.exe 0.17 2,880 K 5,056 K 948 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
pcdrwi.exe 0.15 118,524 K 66,928 K 15252 PC-Doctor Communications Manager PC-Doctor, Inc. (Verified) PC-Doctor, Inc.
System 0.11 204 K 5,400 K 4
UoipService.exe 0.05 2,768 K 6,248 K 7116 UoipService Intel (Verified) Intel® Wireless Display
MBAMService.exe 0.05 179,120 K 118,860 K 4668 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
MediaButtons.exe 0.04 1,624 K 7,236 K 8800 DELL Application (No signature was present in the subject)
chrome.exe 0.04 63,308 K 89,296 K 17196 Google Chrome Google LLC (Verified) Google LLC
PlexScriptHost.exe 0.03 27,944 K 10,456 K 3448 Python Python Software Foundation (Verified) Plex, Inc
IAStorIcon.exe 0.02 29,760 K 33,912 K 15560 IAStorIcon Intel Corporation (Verified) Intel® Rapid Storage Technology
chrome.exe 0.02 106,856 K 139,316 K 7832 Google Chrome Google LLC (Verified) Google LLC
avp.exe 0.02 270,384 K 149,924 K 4856 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab
RAVBg64.exe 0.02 17,784 K 4,716 K 16220 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
SupportAssistAgent.exe 0.02 587,168 K 92,896 K 8708 Service Dell Inc. (Verified) Dell Inc.
chrome.exe 0.01 26,056 K 36,284 K 3132 Google Chrome Google LLC (Verified) Google LLC
explorer.exe 0.01 77,776 K 122,616 K 6936 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
ftnlsv.exe 0.01 2,136 K 4,704 K 4984 NetLink supervisor (Verified) FabulaTech
avpui.exe 0.01 76,560 K 4,148 K 12440 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab
iPodService.exe < 0.01 2,240 K 6,620 K 16036 iPod Service Apple Inc. (Verified) Apple Inc.
vmwsprrdpwks.exe < 0.01 3,780 K 6,720 K 5532 Serial Com Redirection Client service VMware (Verified) FabulaTech
ftscanmgr.exe < 0.01 6,252 K 8,896 K 5024 Scanner Redirection manager (Client) (Verified) FabulaTech
CLMLSvc_P2G8.exe < 0.01 3,660 K 2,512 K 3800 CyberLink MediaLibrary Service CyberLink (Verified) CyberLink Corp.
svchost.exe < 0.01 4,592 K 13,980 K 9692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 22,016 K 31,436 K 8064 Google Chrome Google LLC (Verified) Google LLC
chrome.exe < 0.01 31,508 K 46,492 K 7160 Google Chrome Google LLC (Verified) Google LLC
svchost.exe < 0.01 12,568 K 20,404 K 3084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
DSAPI.exe < 0.01 48,108 K 48,968 K 18052 PC-Doctor Dell SupportAssist API PC-Doctor, Inc. (Verified) PC-Doctor, Inc.
MobileService.exe < 0.01 29,160 K 27,328 K 5344 Seagate Dashboard Seagate Technology LLC (Verified) Seagate Technology LLC
Plex Media Server.exe < 0.01 28,316 K 27,860 K 15856 Plex Media Server Plex, Inc. (Verified) Plex, Inc
ksde.exe < 0.01 27,292 K 5,960 K 12448 Kaspersky Secure Connection AO Kaspersky Lab (Verified) Kaspersky Lab
svchost.exe < 0.01 17,408 K 17,420 K 1636 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WavesSvc64.exe < 0.01 1,368 K 5,168 K 15604 Waves MaxxAudio Service Application Waves Audio Ltd. (Verified) Waves Inc
AppleMobileDeviceService.exe < 0.01 3,320 K 9,444 K 4740 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 9,420 K 15,556 K 1240 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
OfficeClickToRun.exe < 0.01 30,584 K 38,528 K 4812 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
DellOSDService.exe < 0.01 2,148 K 7,032 K 4836 DellOSDService for BF (No signature was present in the subject)
svchost.exe < 0.01 2,456 K 11,256 K 2076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 12,748 K 25,316 K 1136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
NBCore.exe < 0.01 19,188 K 4,036 K 16636 Seagate Dashboard Seagate Technology LLC (Verified) Seagate Technology LLC
vmware-usbarbitrator64.exe < 0.01 2,456 K 7,916 K 5516 VMware USB Arbitration Service VMware, Inc. (Verified) VMware, Inc.
svchost.exe < 0.01 2,696 K 6,900 K 2300 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
vmware-view-usbd.exe < 0.01 2,644 K 8,044 K 6856 VMware Horizon View client USB service (32-bit) VMware, Inc. (Verified) VMware, Inc.
csrss.exe < 0.01 2,008 K 4,924 K 828 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
OneDrive.exe < 0.01 18,296 K 40,672 K 15664 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
iTunesHelper.exe < 0.01 3,996 K 11,572 K 16260 iTunesHelper Apple Inc. (Verified) Apple Inc.
chrome.exe < 0.01 38,680 K 38,552 K 16056 Google Chrome Google LLC (Verified) Google LLC
svchost.exe < 0.01 3,528 K 10,268 K 7076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WmiPrvSE.exe < 0.01 6,516 K 9,960 K 18004 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
ZeroConfigService.exe 4,280 K 12,676 K 5616 Intel® PROSet/Wireless Zero Configure Service Intel® Corporation (Verified) Intel Corporation
WUDFHost.exe 2,008 K 6,432 K 2180 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wsnm.exe 3,148 K 10,608 K 5548 VMware Horizon View Framework Node Manager VMware, Inc. (Verified) VMware, Inc.
WmiPrvSE.exe 12,468 K 20,324 K 7636 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,664 K 8,380 K 15680 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 12,076 K 20,864 K 4608 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 4,704 K 9,556 K 10640 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 4,544 K 9,572 K 14516 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 5,940 K 12,916 K 3400 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,640 K 8,712 K 708 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,344 K 5,160 K 940 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
WavesSysSvc64.exe 1,924 K 5,068 K 5556 WavesSysSvc Service Application Waves Audio Ltd. (Verified) Waves Inc
Video.UI.exe Suspended 21,344 K 30,160 K 13624 (No signature was present in the subject)
unsecapp.exe 1,672 K 5,872 K 9016 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,500 K 5,508 K 4436 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 14,080 K 21,580 K 4480 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 8,776 K 13,460 K 1632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,020 K 22,544 K 3728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,256 K 6,268 K 5852 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,636 K 13,488 K 1588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,096 K 29,112 K 9228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,836 K 14,028 K 12464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,276 K 19,744 K 5540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,388 K 13,172 K 8788 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,044 K 14,704 K 4764 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,132 K 10,588 K 1648 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 11,320 K 34,560 K 3840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 17,676 K 22,952 K 4900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,416 K 6,004 K 6108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,404 K 9,472 K 2164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,964 K 6,676 K 1924 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,268 K 6,220 K 1032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,052 K 6,492 K 2836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,828 K 6,924 K 2260 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,956 K 5,664 K 3148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,672 K 6,816 K 1288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,360 K 4,724 K 2088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,532 K 8,220 K 1816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,284 K 11,756 K 7288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,764 K 9,400 K 1576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,432 K 8,524 K 2524 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 14,304 K 23,560 K 4888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,188 K 13,136 K 3268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,568 K 16,496 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,672 K 10,096 K 3156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,840 K 7,504 K 13308 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,752 K 16,608 K 2468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,468 K 7,736 K 4824 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,404 K 11,016 K 2896 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,116 K 7,572 K 6560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,280 K 9,492 K 10420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,128 K 6,768 K 4132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,252 K 8,524 K 1568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,952 K 6,652 K 2096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,016 K 3,252 K 1092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,648 K 4,816 K 1804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,676 K 5,856 K 2372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,920 K 6,856 K 2400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,000 K 6,292 K 2632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,852 K 6,848 K 2640 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,176 K 8,032 K 2936 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,140 K 7,648 K 2944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,896 K 12,136 K 3376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,420 K 4,972 K 3604 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,784 K 5,588 K 4696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,588 K 5,868 K 4712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,432 K 5,100 K 3880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,312 K 9,452 K 3520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,636 K 5,288 K 5272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,436 K 5,012 K 5336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,340 K 4,668 K 5484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,812 K 6,568 K 5644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,652 K 4,916 K 6780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,080 K 6,712 K 7320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,816 K 4,976 K 15356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,196 K 10,344 K 8056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,324 K 16,648 K 18400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,228 K 21,332 K 11112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,108 K 7,320 K 17948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 5,904 K 10,696 K 3540 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 492 K 932 K 616 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 15,508 K 28,524 K 4084 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
SkypeBridge.exe 36,572 K 50,572 K 2148 SkypeBridge Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SkypeBackgroundHost.exe Suspended 2,120 K 10,712 K 13392 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
SkypeApp.exe Suspended 197,116 K 197,868 K 13648 SkypeApp Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
sihost.exe 7,880 K 30,544 K 3676 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe 34,492 K 75,608 K 4376 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 2,676 K 4,452 K 18020 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SettingSyncHost.exe 12,936 K 26,840 K 10900 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe 6,304 K 9,564 K 1020 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
sedsvc.exe 5,308 K 11,068 K 13024 sedsvc Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 4,084 K 13,300 K 5376 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 53,748 K 66,844 K 9860 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 30,268 K 32,232 K 10952 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
Seagate.Dashboard.Uploader.exe 28,188 K 38,932 K 9380 Seagate Dashboard Seagate Technology LLC (Verified) Seagate Technology LLC
Seagate.Dashboard.DASWindowsService.exe 29,200 K 28,036 K 5320 Seagate Dashboard Seagate Technology LLC (Verified) Seagate Technology LLC
RuntimeBroker.exe 7,004 K 19,568 K 10260 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 7,164 K 26,996 K 12624 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 8,964 K 26,420 K 12156 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 7,720 K 23,072 K 14628 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1,988 K 6,676 K 8688 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,744 K 20,556 K 10308 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 2,120 K 8,008 K 4172 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe 4,932 K 10,720 K 14184 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe 1,720 K 5,492 K 3036 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RichVideo.exe 1,944 K 6,096 K 17812 CyberLink RichVideo Module CyberLink (Verified) CyberLink Corp.
RemindersServer.exe Suspended 8,096 K 16,108 K 11300 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
RegSrvc.exe 1,972 K 7,056 K 5328 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation
Registry 12,864 K 49,384 K 120
RAVBg64.exe 4,236 K 7,584 K 4092 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 4,728 K 9,476 K 4260 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 10,260 K 10,028 K 15196 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 6,320 K 9,856 K 4180 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
ProductAgentService.exe 6,524 K 12,840 K 5256 Bitdefender Agent Bitdefender (Verified) Bitdefender SRL
procexp (1).exe 3,708 K 11,200 K 7544 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PrivacyIconClient.exe 29,908 K 17,872 K 15192 Intel® Management and Security Status Intel Corporation (Verified) Intel® Embedded Subsystems and IP Blocks Group
PresentationFontCache.exe 31,864 K 17,316 K 3812 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
Plex Update Service.exe 1,996 K 7,372 K 5240 Plex Update Service Plex, Inc. (Verified) Plex, Inc
Plex Tuner Service.exe 5,424 K 11,492 K 9012 (Verified) Plex, Inc
Plex DLNA Server.exe 8,108 K 12,172 K 16400 Plex Media Server DLNA Service Plex, Inc. (Verified) Plex, Inc
MSASCuiL.exe 2,116 K 7,780 K 2240 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
Memory Compression 812 K 310,652 K 2308
mDNSResponder.exe 1,736 K 4,964 K 4756 Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamtray.exe 20,804 K 25,964 K 12268 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
lsass.exe 11,400 K 24,032 K 84
LockApp.exe Suspended 14,108 K 39,376 K 11340 LockApp.exe Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 7,928 K 13,956 K 2820 Intel® Local Management Service Intel Corporation (Verified) Intel® Embedded Subsystems and IP Blocks Group
ksdeui.exe 6,652 K 3,780 K 17840 Kaspersky Secure Connection AO Kaspersky Lab (Verified) Kaspersky Lab
kpm_service.exe 6,796 K 17,924 K 820 Kaspersky Password Manager Service AO Kaspersky Lab (Verified) Kaspersky Lab
kpm.exe 77,292 K 76,764 K 10424 Kaspersky Password Manager AO Kaspersky Lab (Verified) Kaspersky Lab
jhi_service.exe 1,804 K 5,604 K 10568 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel® Embedded Subsystems and IP Blocks Group
isa.exe 10,364 K 13,652 K 16152 Intel® Security Assist Intel Corporation (No signature was present in the subject) Intel Corporation
IPROSetMonitor.exe 1,488 K 5,944 K 2724 Intel® PROSet Monitoring Service Intel Corporation (Verified) Intel® Intel Network Drivers
IntelCpHeciSvc.exe 1,404 K 5,344 K 7356 IntelCpHeciSvc Executable Intel Corporation (Verified) Intel® pGFX
IntelCpHDCPSvc.exe 1,424 K 5,472 K 4748 Intel HD Graphics Drivers for Windows® Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 3,836 K 10,704 K 4948 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 1,868 K 6,672 K 2512 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
ibtsiva.exe 1,028 K 3,280 K 5064 Intel® Wireless Bluetooth® iBtSiva Service Intel Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
HPSupportSolutionsFrameworkService.exe 30,352 K 22,592 K 10112 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
GoogleCrashHandler64.exe 1,656 K 856 K 13272 Google Crash Handler Google LLC (Verified) Google Inc
GoogleCrashHandler.exe 2,164 K 1,044 K 12664 Google Crash Handler Google LLC (Verified) Google Inc
fontdrvhost.exe 2,628 K 6,368 K 1116 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 1,760 K 3,228 K 1124 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
EvtEng.exe 5,008 K 10,768 K 4964 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation
dllhost.exe 4,456 K 21,320 K 9236 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 3,828 K 9,428 K 12504 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,180 K 9,888 K 11836 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
DeviceAgent.exe 36,984 K 27,380 K 10836 Seagate Dashboard Seagate Technology LLC (Verified) Seagate Technology LLC
Dell.SecurityFramework.LocalServer.exe 31,224 K 30,188 K 8156 Dell Client Framework Local Server Dell, Inc. (Verified) Dell Inc
Dell.SecurityFramework.Agent.exe 36,504 K 33,408 K 4872 Dell.Client.SecurityFramework.Agent CREDANT Technologies, Inc. (Verified) Dell Inc
DeliveryService.exe 32,812 K 28,024 K 14672 Dell Digital Delivery Windows Service Dell Products, LP. (Verified) Dell Inc.
DDVRulesProcessor.exe 17,620 K 9,816 K 10484 Dell Data Vault Rules Processor Dell Inc. (Verified) Dell Inc
DDVDataCollector.exe 19,020 K 16,032 K 784 Dell Data Vault Data Collector Service Dell Inc. (Verified) Dell Inc
DDVCollectorSvcApi.exe 1,556 K 5,944 K 8284 Dell Data Vault Data Collector Service API Dell Inc. (Verified) Dell Inc
DCF.Loader.exe 856 K 2,944 K 4880 Dell Agent Loader Dell Inc. (Verified) Dell Inc
DBAgent.exe 5,968 K 19,668 K 16696 Seagate Dashboard Seagate Technology LLC (Verified) Seagate Technology LLC
dasHost.exe 3,308 K 7,948 K 3788 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe 5,284 K 13,812 K 6372 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 5,332 K 4,412 K 3432 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 5,660 K 7,852 K 15836 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 5,428 K 4,804 K 10616 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 5,364 K 5,168 K 15532 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 109,424 K 95,644 K 8856 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 42,816 K 58,408 K 16004 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 13,416 K 23,656 K 15668 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 21,720 K 30,076 K 15544 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 23,824 K 30,752 K 17596 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 2,064 K 6,316 K 7460 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 1,972 K 6,992 K 2224 Google Chrome Google LLC (Verified) Google LLC
audiodg.exe 15,348 K 19,456 K 8004 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,348 K 5,380 K 4796 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
ApplicationFrameHost.exe 5,768 K 23,012 K 5032 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
 
5) Date from Tasklist:

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                       120 N/A                                         
smss.exe                       616 N/A                                         
csrss.exe                      828 N/A                                         
wininit.exe                    940 N/A                                         
csrss.exe                      948 N/A                                         
services.exe                  1020 N/A                                         
lsass.exe                       84 KeyIso, SamSs, VaultSvc                     
winlogon.exe                   708 N/A                                         
svchost.exe                   1092 PlugPlay                                    
fontdrvhost.exe               1116 N/A                                         
fontdrvhost.exe               1124 N/A                                         
svchost.exe                   1136 BrokerInfrastructure, DcomLaunch, Power,    
                                   SystemEventsBroker                          
svchost.exe                   1240 RpcEptMapper, RpcSs                         
svchost.exe                   1288 LSM                                         
dwm.exe                       1356 N/A                                         
svchost.exe                   1568 NcbService                                  
svchost.exe                   1576 ProfSvc                                     
svchost.exe                   1588 Schedule                                    
svchost.exe                   1636 EventLog                                    
svchost.exe                   1632 BFE, CoreMessagingRegistrar, mpssvc         
svchost.exe                   1648 TimeBrokerSvc                               
svchost.exe                   1804 hidserv                                     
svchost.exe                   1816 UserManager                                 
svchost.exe                   1924 nsi                                         
svchost.exe                   1032 Dhcp                                        
svchost.exe                   1016 lfsvc                                       
svchost.exe                   2076 SysMain                                     
svchost.exe                   2088 Themes                                      
svchost.exe                   2096 EventSystem                                 
svchost.exe                   2164 NlaSvc                                      
WUDFHost.exe                  2180 N/A                                         
svchost.exe                   2260 camsvc                                      
svchost.exe                   2300 Dnscache                                    
Memory Compression            2308 N/A                                         
svchost.exe                   2372 lmhosts                                     
svchost.exe                   2400 SENS                                        
igfxCUIService.exe            2512 igfxCUIService2.0.0.0                       
svchost.exe                   2524 netprofm                                    
svchost.exe                   2632 AudioEndpointBuilder                        
svchost.exe                   2640 FontCache                                   
svchost.exe                   2836 WinHttpAutoProxySvc                         
svchost.exe                   2896 Audiosrv                                    
svchost.exe                   2936 SEMgrSvc                                    
svchost.exe                   2944 NcdAutoSetup                                
RtkAudioService64.exe         3036 RtkAudioService                             
svchost.exe                   2468 StateRepository                             
svchost.exe                   3084 Winmgmt                                     
svchost.exe                   3148 DusmSvc                                     
svchost.exe                   3156 Wcmsvc                                      
svchost.exe                   3268 WlanSvc                                     
svchost.exe                   3376 ShellHWDetection                            
wlanext.exe                   3400 N/A                                         
conhost.exe                   3432 N/A                                         
spoolsv.exe                   3540 Spooler                                     
svchost.exe                   3604 DeviceAssociationService                    
sihost.exe                    3676 N/A                                         
svchost.exe                   3728 CDPUserSvc_2698d                            
dasHost.exe                   3788 N/A                                         
PresentationFontCache.exe     3812 FontCache3.0.0.0                            
svchost.exe                   3840 WpnUserService_2698d                        
RAVBg64.exe                   4092 N/A                                         
svchost.exe                   4132 LanmanWorkstation                           
rundll32.exe                  4172 N/A                                         
RAVBg64.exe                   4180 N/A                                         
RAVBg64.exe                   4260 N/A                                         
unsecapp.exe                  4436 N/A                                         
taskhostw.exe                 4480 N/A                                         
WmiPrvSE.exe                  4608 N/A                                         
svchost.exe                   4696 PolicyAgent                                 
svchost.exe                   4712 IKEEXT                                      
AppleMobileDeviceService.     4740 Apple Mobile Device Service                 
IntelCpHDCPSvc.exe            4748 cplspcon                                    
mDNSResponder.exe             4756 Bonjour Service                             
svchost.exe                   4764 CryptSvc                                    
armsvc.exe                    4796 AdobeARMservice                             
OfficeClickToRun.exe          4812 ClickToRunSvc                               
svchost.exe                   4824 LanmanServer                                
DellOSDService.exe            4836 Dell WMI Service                            
avp.exe                       4856 AVP19.0.0                                   
Dell.SecurityFramework.Ag     4872 DellMgmtAgent                               
DCF.Loader.exe                4880 DellMgmtLoader                              
svchost.exe                   4888 DiagTrack                                   
svchost.exe                   4900 DPS                                         
igfxEM.exe                    4948 N/A                                         
EvtEng.exe                    4964 EvtEng                                      
ftnlsv.exe                    4984 ftnlsv3hv                                   
ftscanmgr.exe                 5024 ftscanmgr                                   
ibtsiva.exe                   5064 ibtsiva                                     
IPROSetMonitor.exe            2724 Intel® PROSet Monitoring Service          
svchost.exe                   3880 TermService                                 
svchost.exe                   3520 iphlpsvc                                    
kpm_service.exe                820 kpm_launch_service                          
MBAMService.exe               4668 MBAMService                                 
nordvpn-service.exe           5208 nordvpn-service                             
Plex Update Service.exe       5240 PlexUpdateService                           
ProductAgentService.exe       5256 ProductAgentService                         
svchost.exe                   5272 SstpSvc                                     
Seagate.Dashboard.DASWind     5320 Seagate Dashboard Services                  
RegSrvc.exe                   5328 RegSrvc                                     
svchost.exe                   5336 SCPolicySvc                                 
MobileService.exe             5344 Seagate MobileBackup Service                
SecurityHealthService.exe     5376 SecurityHealthService                       
svchost.exe                   5484 TrkWks                                      
vmware-usbarbitrator64.ex     5516 VMUSBArbService                             
vmwsprrdpwks.exe              5532 vmwsprrdpwks                                
svchost.exe                   5540 WpnService                                  
wsnm.exe                      5548 wsnm                                        
WavesSysSvc64.exe             5556 WavesSysSvc                                 
ZeroConfigService.exe         5616 ZeroConfigService                           
svchost.exe                   5644 TabletInputService                          
svchost.exe                   5852 SSDPSRV                                     
svchost.exe                   6108 TapiSrv                                     
svchost.exe                   6780 WdiServiceHost                              
vmware-view-usbd.exe          6856 vmware-view-usbd                            
explorer.exe                  6936 N/A                                         
svchost.exe                   7076 RasMan                                      
UoipService.exe               7116 IntelUSBoverIP                              
ctfmon.exe                    6372 N/A                                         
svchost.exe                   7320 stisvc                                      
IntelCpHeciSvc.exe            7356 cphs                                        
WmiPrvSE.exe                  7636 N/A                                         
audiodg.exe                   8004 N/A                                         
svchost.exe                   8788 TokenBroker                                 
MediaButtons.exe              8800 N/A                                         
unsecapp.exe                  9016 N/A                                         
ShellExperienceHost.exe       4376 N/A                                         
svchost.exe                   9228 OneSyncSvc_2698d,                           
                                   PimIndexMaintenanceSvc_2698d,               
                                   UnistoreSvc_2698d, UserDataSvc_2698d        
dllhost.exe                   9236 N/A                                         
SearchUI.exe                  9860 N/A                                         
RuntimeBroker.exe            10260 N/A                                         
RuntimeBroker.exe            10308 N/A                                         
SettingSyncHost.exe          10900 N/A                                         
SearchIndexer.exe            10952 WSearch                                     
svchost.exe                   7288 LicenseManager                              
RemindersServer.exe          11300 N/A                                         
LockApp.exe                  11340 N/A                                         
RuntimeBroker.exe            12156 N/A                                         
mbamtray.exe                 12268 N/A                                         
avpui.exe                    12440 N/A                                         
svchost.exe                  12464 CDPSvc                                      
dllhost.exe                  12504 N/A                                         
GoogleCrashHandler.exe       12664 N/A                                         
GoogleCrashHandler64.exe     13272 N/A                                         
RuntimeBroker.exe            12624 N/A                                         
MSASCuiL.exe                  2240 N/A                                         
SkypeBackgroundHost.exe      13392 N/A                                         
Video.UI.exe                 13624 N/A                                         
SkypeApp.exe                 13648 N/A                                         
RtkNGUI64.exe                14184 N/A                                         
RuntimeBroker.exe            14628 N/A                                         
RAVBg64.exe                  15196 N/A                                         
svchost.exe                  15356 WdiSystemHost                               
svchost.exe                  13308 PcaSvc                                      
RuntimeBroker.exe             8688 N/A                                         
WavesSvc64.exe               15604 N/A                                         
iTunesHelper.exe             16260 N/A                                         
OneDrive.exe                 15664 N/A                                         
iPodService.exe              16036 iPod Service                                
Seagate.Dashboard.Uploade     9380 N/A                                         
Plex Media Server.exe        15856 N/A                                         
PlexScriptHost.exe            3448 N/A                                         
conhost.exe                  15836 N/A                                         
RAVBg64.exe                  16220 N/A                                         
NordVPN.exe                  14996 N/A                                         
svchost.exe                   8056 Appinfo                                     
SkypeBridge.exe               2148 N/A                                         
Dell.SecurityFramework.Lo     8156 DellMgmtServer                              
Plex DLNA Server.exe         16400 N/A                                         
Plex Tuner Service.exe        9012 N/A                                         
conhost.exe                  10616 N/A                                         
kpm.exe                      10424 N/A                                         
DBAgent.exe                  16696 N/A                                         
NBCore.exe                   16636 N/A                                         
DeviceAgent.exe              10836 N/A                                         
svchost.exe                  18400 BITS                                        
CLMLSvc_P2G8.exe              3800 N/A                                         
chrome.exe                    7832 N/A                                         
chrome.exe                    7460 N/A                                         
chrome.exe                    2224 N/A                                         
chrome.exe                    8856 N/A                                         
chrome.exe                    8064 N/A                                         
chrome.exe                    3132 N/A                                         
chrome.exe                   16056 N/A                                         
chrome.exe                   16004 N/A                                         
chrome.exe                   17596 N/A                                         
IAStorIcon.exe               15560 N/A                                         
chrome.exe                   17196 N/A                                         
chrome.exe                    7160 N/A                                         
chrome.exe                   15544 N/A                                         
svchost.exe                  10420 wscsvc                                      
DDVRulesProcessor.exe        10484 DDVRulesProcessor                           
DSAPI.exe                    18052 Dell Hardware Support                       
pcdrwi.exe                   15252 N/A                                         
conhost.exe                  15532 N/A                                         
DeliveryService.exe          14672 DellDigitalDelivery                         
svchost.exe                  11112 UsoSvc                                      
svchost.exe                   9692 DoSvc                                       
HPSupportSolutionsFramewo    10112 HPSupportSolutionsFrameworkService          
svchost.exe                  17948 StorSvc                                     
jhi_service.exe              10568 jhi_service                                 
ksde.exe                     12448 KSDE3.0.0                                   
LMS.exe                       2820 LMS                                         
RichVideo.exe                17812 RichVideo                                   
sedsvc.exe                   13024 sedsvc                                      
SgrmBroker.exe               18020 SgrmBroker                                  
SupportAssistAgent.exe        8708 SupportAssistAgent                          
DDVDataCollector.exe           784 DDVDataCollector                            
DDVCollectorSvcApi.exe        8284 DDVCollectorSvcApi                          
ksdeui.exe                   17840 N/A                                         
WmiPrvSE.exe                 18004 N/A                                         
PrivacyIconClient.exe        15192 N/A                                         
dllhost.exe                  11836 N/A                                         
WmiPrvSE.exe                 10640 N/A                                         
WmiPrvSE.exe                 14516 N/A                                         
ApplicationFrameHost.exe      5032 N/A                                         
smartscreen.exe               4084 N/A                                         
WmiPrvSE.exe                 15680 N/A                                         
isa.exe                      16152 Intel® Security Assist                    
chrome.exe                   15668 N/A                                         
svchost.exe                   6560 AppXSvc                                     
SearchFilterHost.exe          1664 N/A                                         
notepad.exe                  11656 N/A                                         
SearchProtocolHost.exe       17048 N/A                                         
svchost.exe                  17532 wlidsvc                                     
dllhost.exe                  15756 N/A                                         
dllhost.exe                  13920 N/A                                         
cmd.exe                      13672 N/A                                         
conhost.exe                  13296 N/A                                         
tasklist.exe                 12068 N/A                                         
 
6) Speccy text file (called DESKTOP-EL88UDV.txt) attached per your instructions.
 
I will await your next instructions!

Thanks again so much for all your help!

IndyBlue

 


  • 0

#10
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

Did the Speccy file attach? Sending again, just in case.

Attached Files


  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,737 posts
  • MVP

The check disk didn't help.  You have a Seagate Hard drive - known for poor reliability - and it is on its way out.  You need to clone it immediately.

 

Following are critical excerpts from the S.M.A.R.T section in Speccy:

 

 

S.M.A.R.T
                            Status    Warning
...
05
                                            Attribute name    Reallocated Sectors Count
                                            Real value    40
                                            Current    100
                                            Worst    100
                                            Threshold    36
                                            Raw Value    0000000028
                                            Status    Good
...
BC
                                            Attribute name    Command Timeout
                                            Real value    34,360,328,226
                                            Current    100
                                            Worst    94
                                            Threshold    0
                                            Raw Value    0000090022
                                            Status    Good
...

                                        C2
                                            Attribute name    Temperature
                                            Real value    51 °C
                                            Current    51
                                            Worst    54
                                            Threshold    0
                                            Raw Value    0000000033
                                            Status    Good
                                        C5
                                            Attribute name    Current Pending Sector Count
                                            Real value    64
                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000000040
                                            Status    Good
                                        C6
                                            Attribute name    Uncorrectable Sector Count
                                            Real value    64
                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000000040
                                            Status    Good
                                        
...

 

40 sectors have been changed out for spare another 40 are pending and 64 are dead.  Also it's running hot (and the PC is not) and it is getting a lot of command timeouts.  Get another drive of the same or larger size.  Avoid Seagate.  Best regular SATA drives are Western Digital Black but usually 50% more money.  Western Digital Blue are OK as are Toshiba and Hitachi.  Clone it using Macrium Reflect 7 Free Edition

 

https://www.macrium.com/reflectfree

 

(Blue Home Use button)

 

Come back once you get it changed  (with a new FRST scan and speccy log) and we will see what else needs doing.


  • 0

#12
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

That's interesting. When I did research on hard drives, everyone was recommending the Seagate model that I bought. Why was it at the top of everyone's list as the best hard drive to buy?

 

I didn't really understand what this meant (I'm not knowledgeable about computer stuff): "40 sectors have been changed out for spare another 40 are pending and 64 are dead.  Also it's running hot (and the PC is not) and it is getting a lot of command timeouts."

 

I will look into the the Western Digital Black right now.

 

In the meantime, any answers as to what's up with the Nero Backitup Agent on my computer?

 

Thanks for all your help!


  • 0

#13
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

Are you talking about something like this? https://www.amazon.c...1896883498&th=1
 

I think 2TB is what I have now. is there any reason I would need a bigger one? (I have no idea.)


  • 0

#14
IndyBlue

IndyBlue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

Or is this one better? https://www.amazon.c...nics,135&sr=1-3

 

I really have no idea and could use the advice!


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,737 posts
  • MVP

Not sure who told you Seagates were good but they were wrong. 

 

Hard drives are divided into many thousands of sectors.  When one sector fails it is possible to use a spare sector in its place but data gets lost when this happens.  There are usually about 240 spare sectors but that varies from drive to drive.  A few bad sectors are not a big problem but you have too many.  The fact that it runs hot is a bad sign since usually they run under 50 unless something is going bad.  The command retries means that the CPU tried to read or write and it didn't work so after the time out period it has to retry.  This really slows things down.

 

You can put

nero

 

in the FRST search box and hit Search Registry then post the results but I don't think it's evil.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP