Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer was Hacked.


  • Please log in to reply

#1
Panda10

Panda10

    Member

  • Member
  • PipPip
  • 39 posts

My friends computer was hacked. Her bank accounts were cleaned out. She works from home and needs this computer running. It is very slow and have had to restart a few times just to get in. Had to change windows password and it was changed. I believe they got in through AnyDesk app. It has been removed but we need to make sure that everything is gone. She had Avast Antivirus but it expired right before this happened. We will have to wait to get another program. 

 

Below is the Frst logs, I will not be able to work on this again until Monday. Please Help!!!

 

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-10-2019 02
Ran by Dianna (administrator) on NANAS-PC (Hewlett-Packard HP Compaq 6000 Pro SFF PC) (12-10-2019 15:50:45)
Running from C:\Users\Dianna\Desktop
Loaded Profiles: Dianna (Available Profiles: Dianna)
Platform: Windows 10 Pro Version 1809 17763.805 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Windows\SysWOW64\ANIWConnService.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\setup\instup.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\setup\instup.exe
(AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(AVG Technologies USA, Inc. -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.5.169.0\AVGBrowserCrashHandler.exe
(AVG Technologies USA, Inc. -> AVG Technologies) C:\Program Files (x86)\AVG\Browser\Update\1.5.169.0\AVGBrowserCrashHandler64.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(ConnectWise, Inc. -> ) C:\Users\Dianna\AppData\Local\Apps\2.0\ARZRD297.NN8\0P26OREG.M7T\scre..tion_454d59d2927f1136_0013.0002_12b0727a906c4960\ScreenConnect.ClientService.exe
(ConnectWise, Inc. -> ScreenConnect Software) C:\Users\Dianna\AppData\Local\Apps\2.0\ARZRD297.NN8\0P26OREG.M7T\scre..tion_454d59d2927f1136_0013.0002_12b0727a906c4960\ScreenConnect.WindowsClient.exe
(ConnectWise, Inc. -> ScreenConnect Software) C:\Users\Dianna\AppData\Local\Apps\2.0\ARZRD297.NN8\0P26OREG.M7T\scre..tion_454d59d2927f1136_0013.0002_12b0727a906c4960\ScreenConnect.WindowsClient.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19092.399.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19072.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(Tabatoo LTD -> ) C:\Users\Dianna\AppData\Roaming\AppMaster\AppMaster.exe
(WildTangent Inc -> ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [316336 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DigiDo] => C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe [1158088 2015-06-16] (Affinegy, Inc. -> Affinegy, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [I17B] => C:\WINDOWS\twain_32\Brimi17b\Common\TwDsUiLaunch.exe [85984 2018-03-08] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [File not signed]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35179920 2019-03-31] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [AppSync] => C:\Users\Dianna\AppData\Roaming\AppSync\AppSync.exe do://update?from=startup
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [AppMaster] => C:\Users\Dianna\AppData\Roaming\AppMaster\AppMaster.exe update force://update?from=startup
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\MountPoints2: {bf103378-4390-11e6-8254-806e6f6e6963} - "D:\start.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-24] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.1.1528.100\Installer\chrmstp.exe [2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files (x86)\AVG\Browser\Application\77.0.1790.77\Installer\chrmstp.exe [2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03A9B89E-389C-40BD-8931-FADE8CEDD38C} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1855808 2019-09-18] (AVG Technologies USA, Inc. -> AVG Technologies)
Task: {05DDB7F6-46B9-4976-8658-A8CE78BA34BB} - \WPD\SqmUpload_S-1-5-21-3029253240-1863324081-1530500289-1001 -> No File <==== ATTENTION
Task: {140EF7E4-254D-4E10-8B6A-B72A2A6B09D0} - \WPD\SqmUpload_S-1-5-21-3029253240-1863324081-1530500289-500 -> No File <==== ATTENTION
Task: {1BAFA537-9C00-43B3-94C6-B4AFD4DB08AE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1D5ACC9E-64CE-410D-BC3B-B0B0319DB0E9} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {274AEE29-31B3-4F76-AA4D-3990D253A904} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3655E0AD-F9E6-4F13-9A01-7D83817C177B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
Task: {3878A732-EA7E-4763-A503-DAB28154787A} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3981232 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {3D051068-CD65-4877-A443-73C924B14323} - System32\Tasks\UpdatePrt => C:\Users\Dianna\AppData\Roaming\AppMaster\AppMaster.exe [2141136 2019-03-24] (Tabatoo LTD -> )
Task: {423C945D-7678-4956-BF9B-FB77E1AE0FAA} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [210240 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies)
Task: {4290A518-760A-4C88-8857-7155DD474250} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1815792 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {4D121318-C0C1-4667-A907-51C28516DFFE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4D940280-5529-4F01-B516-8A5D4A312D0B} - System32\Tasks\PowerEngagePatch => msiexec /p "C:\Program Files (x86)\PowerENGAGE\patches\PowerENGAGE-3.2.13-3.2.16.msp" /norestart /qn /quiet
Task: {4F292DB2-BF86-4E60-8B6E-586A71678940} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [210240 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies)
Task: {55EB3FEF-0BC6-48D5-AFFF-B637FA1C89C6} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1815792 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {56F35C57-2EFD-418B-A56D-4088B974CF72} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [31232 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {5AC5C2DE-D5F6-4326-BD51-8A339DC711FF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {64C52717-91CA-4666-913F-0366B832CEA7} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {754FB253-97C8-470F-B66F-AA18716C8BCD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {761F6D4F-8347-4BE2-9556-E52CDDFF8BAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {8201FA23-6DF8-46F5-BFB6-681C1C492303} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {8595E039-E798-47D4-8491-3485ACCE3FB0} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {88E1F378-4659-4325-A983-9070E73B57B0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {8A632A8B-C403-4ADA-8742-B940BC3D081D} - System32\Tasks\Update_Deepteep => C:\Users\Dianna\AppData\Roaming\AppSync\AppSync.exe [4139984 2019-03-17] (Meme Video Ltd -> )
Task: {8DEEA504-3CAF-4D4F-80FA-427719FF3C41} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1} /quiet /qn
Task: {8DEEA504-3CAF-4D4F-80FA-427719FF3C41} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run
Task: {917BE8EA-3D83-4E0A-8AA4-A74D9902AC43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-11] (Google Inc -> Google Inc.)
Task: {92320EC3-57A1-4873-ACE8-CECB56118C8B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {94C7FD5A-A3D6-46C0-8553-958094E873A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {9A689321-6FA3-4958-AD5B-400762A5D832} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1905072 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
Task: {9D1F39E4-1E66-4646-B029-F3DFD42C377E} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {9DE57031-8C2F-4774-8EB0-AF8700F02411} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9F80C643-7A02-4618-A2ED-6F237568A4A0} - System32\Tasks\GoogleUpdateTaskMachineUA1d57d3e83562cef => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-11] (Google Inc -> Google Inc.)
Task: {A54C1A85-69B1-4412-BCC0-238660297826} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A7EA39BA-1BD6-4837-9281-335F489C889D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A9D654BA-FA11-4F28-A7FB-35988C567902} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AA0FBF09-E819-4E38-8F89-D44533C45015} - System32\Tasks\GoogleUpdateTaskMachineCore1d57d3e833e5569 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-11] (Google Inc -> Google Inc.)
Task: {AE53F9C6-A122-4AB5-91CE-9E2B7EF5CE61} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B60E3BB2-DF0F-412C-977D-23422DD699F3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B763E1E1-3F0C-4C57-A20F-0B488261E26D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-11] (Google Inc -> Google Inc.)
Task: {CB69F5EB-EE64-4E10-B28C-5716E9931534} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D147B2CC-27B1-45D0-803A-D35E184AB7DB} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {E31462E7-72EC-4DCA-9A91-AF2BE4676C7B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EA3A9CCE-3F05-4D29-BB07-33B19099DE70} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {ECAF4429-DDC9-413F-94C8-1FA53659BE12} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [1855808 2019-09-18] (AVG Technologies USA, Inc. -> AVG Technologies)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.63
Tcpip\..\Interfaces\{3776ae8d-984f-4c67-9f6f-42107f405b93}: [DhcpNameServer] 209.18.47.61 209.18.47.63
Tcpip\..\Interfaces\{7ae6d8d8-16bb-48b2-9a7b-a03da63762cd}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{d96daf68-31a2-4d36-aff4-3a0cc699b2f6}: [DhcpNameServer] 192.168.75.1
Tcpip\..\Interfaces\{dff4f626-718f-4b82-8e0d-d611ad810ee4}: [DhcpNameServer] 192.168.75.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.deepteep.com/?C33498D69305CE85375C9CE7FC090C96=H1xAXFBNX11ZVVQEEUleSAoRAjMIEFJfXlBLXVBDXV1dUUNdUkBeSA4MGwhcNikrKScwKidEX15aUURbIC4tKT0kNyInRF9cWFNGXVNAK1ZS
SearchScopes: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002 -> DefaultScope {072DD014-5342-4A90-B087-1EFF41118A26} URL = hxxp://go.deepteep.com/?2B3ADE0D3153AC126C68186B888F04A5=H1xAXFBNX11ZVVQNEQQwBw9cQ1lQTV5fXFNBWlFFXl1fUFQJDB0LUyknNy4nNikoW1FCXVFCWC8xIzU6JDEhKFtRQF9TQF5cXyVKVQ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002 -> {072DD014-5342-4A90-B087-1EFF41118A26} URL = hxxp://go.deepteep.com/?2B3ADE0D3153AC126C68186B888F04A5=H1xAXFBNX11ZVVQNEQQwBw9cQ1lQTV5fXFNBWlFFXl1fUFQJDB0LUyknNy4nNikoW1FCXVFCWC8xIzU6JDEhKFtRQF9TQF5cXyVKVQ&q={searchTerms}
 
Edge: 
======
DownloadDir: C:\Users\Dianna\Downloads
 
FireFox:
========
FF DefaultProfile: 1wzy29uh.default
FF ProfilePath: C:\Users\Dianna\AppData\Roaming\Mozilla\Firefox\Profiles\1wzy29uh.default [2019-08-30]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR NewTab: Default ->  Not-active:"chrome-extension://mphibbepggdcieoagimmngglahpjjdfd/ntp.html", Active:"chrome-extension://aplhpgiggefcecafdflbkmjoopdibfjn/newtab/quicktab.html", Active:"chrome-extension://dadfpfgcpjgddidkjlfpomlddomahkfn/newtab/quicktab.html", Active:"chrome-extension://joefmanjonhbphefnkjedpaalnajpjhg/newtab/quicktab.html", Active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/ntpnew.html", Not-active:"chrome-extension://aeadlcjifdmjnhgeleicpcdhepfcigfb/newtab/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://www.searchencrypt.com/encsearch?q={searchTerms}
CHR DefaultSearchKeyword: Default -> se
CHR Profile: C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default [2019-10-12]
CHR Extension: (Slides) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Map Beast) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeadlcjifdmjnhgeleicpcdhepfcigfb [2016-09-16]
CHR Extension: (Docs) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (Email Access Online) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aplhpgiggefcecafdflbkmjoopdibfjn [2018-04-12]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2019-07-07]
CHR Extension: (YouTube) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-12]
CHR Extension: (OnlineMapFinder) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd [2019-07-01]
CHR Extension: (Track Package) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadfpfgcpjgddidkjlfpomlddomahkfn [2018-04-25]
CHR Extension: (Search Encrypt) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\elcchnalodncjhbclfbfkmjlecpeiopg [2018-04-27]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-09-18]
CHR Extension: (Sheets) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (Avast Online Security) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-16]
CHR Extension: (Recipe Star) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefmanjonhbphefnkjedpaalnajpjhg [2018-04-12]
CHR Extension: (Ask Web Search) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfehfbnofiffladdncogfobimealokp [2019-10-08]
CHR Extension: (Search Encrypt) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\miccbchdddoellcffocmhaankbmiapll [2018-04-27]
CHR Extension: (EasyEmailSuite) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphibbepggdcieoagimmngglahpjjdfd [2019-06-26]
CHR Extension: (Yahoo Web) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\njajpefejmjnhcddhaleakkcehiilppa [2018-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (Gmail) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-25]
CHR Profile: C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-11]
CHR Profile: C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-10-09]
CHR Extension: (Slides) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-02]
CHR Extension: (Daily Mail Tab) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\amekmklmjkninjblenbhgcdlpjnehnke [2019-10-09]
CHR Extension: (Docs) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-02]
CHR Extension: (Google Drive) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-02]
CHR Extension: (YouTube) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-02]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-09-18]
CHR Extension: (Sheets) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-20]
CHR Extension: (Avast Online Security) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-23]
CHR Extension: (Free Live Radio) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jnidiclmddgggajofmnlfkbnidnljecl [2019-07-06]
CHR Extension: (ArcadeGala Advertising Offers) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfljkfcdekakneakneabhomcpmgfpbdc [2019-08-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (TheDocPDFConverter) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onkopdeihmdimjphfbmlefelnegjkefb [2019-10-09]
CHR Extension: (Gmail) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-24]
CHR Profile: C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-11]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AffinegyService; C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe [592840 2015-06-16] (Affinegy, Inc. -> Affinegy, Inc.)
R2 ANIWConnService; C:\WINDOWS\SysWOW64\ANIWConnService.exe [147456 2009-02-26] () [File not signed]
S4 ASCValidator; C:\ProgramData\ASCValidator\ASCValidatorService.exe [29184 2016-08-23] (AppVerifierService) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
S4 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-03] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [423288 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
S4 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-03] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.1.1528.100\elevation_service.exe [978720 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
S2 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [210240 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [996928 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6133752 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [210240 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies)
S3 AVGSecureBrowserElevationService; C:\Program Files (x86)\AVG\Browser\Application\77.0.1790.77\elevation_service.exe [984976 2019-09-18] (AVG Technologies USA, Inc. -> AVG Technologies)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [110560 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-03-23] (BattlEye Innovations e.K. -> )
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2018-11-21] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ScreenConnect Client (370f3eb2-c704-40f7-909f-fbf0b0b2aa99); C:\Users\Dianna\AppData\Local\Apps\2.0\ARZRD297.NN8\0P26OREG.M7T\scre..tion_454d59d2927f1136_0013.0002_12b0727a906c4960\ScreenConnect.ClientService.exe [90256 2019-10-09] (ConnectWise, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2019-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-05-17] (Microsoft) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3880120 2019-02-02] (Microsoft Corporation -> Microsoft Corporation)
R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1565488 2019-10-10] (WildTangent Inc -> )
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [114208 2019-02-02] (Microsoft Corporation -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-05-17] (Microsoft) [File not signed]
S3 ANIWZCSdService; C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [209256 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [263224 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206056 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61688 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-17] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42504 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [168896 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [549416 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112520 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88160 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-07-31] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477288 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225816 2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [387688 2019-08-05] (AVAST Software s.r.o. -> AVAST Software)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [37880 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [205600 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [275232 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [210328 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [65376 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [16520 2019-10-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
S3 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [43512 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [171784 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [111096 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [84560 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [848688 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [461216 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [236288 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [317304 2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-09-25] (Bluestack Systems, Inc. -> Bluestack System Inc. )
S3 dnetr28ux; C:\WINDOWS\system32\DRIVERS\Dnetr28ux.sys [2253664 2016-03-09] (MEDIATEK INC. -> MediaTek Inc.)
S3 DrvAgent64; C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [20872 2016-12-16] (eSupport.com, Inc -> Phoenix Technologies)
S3 lxremotepcudehost; C:\WINDOWS\System32\Drivers\remotepcudehost.sys [41352 2019-06-26] (Pro Softnet Corp (IDrive, Inc.) -> Windows ® Win 7 DDK provider)
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2018-09-15] (Microsoft Windows -> MediaTek Inc.)
R3 RemotePCUDE; C:\WINDOWS\System32\drivers\RemotePCUDE.sys [37096 2019-06-26] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46680 2019-02-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [330936 2019-02-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [62136 2019-02-02] (Microsoft Windows -> Microsoft Corporation)
U3 avgbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-10-12 15:50 - 2019-10-12 15:56 - 000037511 _____ C:\Users\Dianna\Desktop\FRST.txt
2019-10-12 15:35 - 2019-10-12 15:35 - 000003826 _____ C:\WINDOWS\system32\Tasks\AVG Secure Browser Heartbeat Task (Hourly)
2019-10-12 15:35 - 2019-10-12 15:35 - 000003242 _____ C:\WINDOWS\system32\Tasks\AVG Secure Browser Heartbeat Task (Logon)
2019-10-12 15:33 - 2019-10-12 15:33 - 001616384 _____ (Farbar) C:\Users\Dianna\Desktop\FRST64.exe
2019-10-12 14:55 - 2019-10-12 15:53 - 000000000 ____D C:\FRST
2019-10-12 14:55 - 2019-10-12 15:35 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk
2019-10-12 13:30 - 2019-10-12 13:30 - 000003412 _____ C:\WINDOWS\system32\Tasks\AVGUpdateTaskMachineUA
2019-10-12 13:30 - 2019-10-12 13:30 - 000003288 _____ C:\WINDOWS\system32\Tasks\AVGUpdateTaskMachineCore
2019-10-12 13:30 - 2019-10-12 13:30 - 000000000 ____D C:\Program Files (x86)\AVG
2019-10-12 13:24 - 2019-10-12 13:30 - 000000000 ____D C:\Users\Dianna\AppData\Local\AVG
2019-10-12 13:24 - 2019-10-12 13:24 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\AVG
2019-10-12 13:23 - 2019-10-12 13:23 - 000002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2019-10-12 13:21 - 2019-10-12 13:21 - 000848688 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2019-10-12 13:21 - 2019-10-12 13:21 - 000461216 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2019-10-12 13:21 - 2019-10-12 13:21 - 000003992 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2019-10-12 13:21 - 2019-10-12 13:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVG
2019-10-12 13:20 - 2019-10-12 13:20 - 000000000 ____D C:\Program Files\Common Files\AVG
2019-10-12 13:20 - 2019-10-12 13:19 - 000355760 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2019-10-12 13:20 - 2019-10-12 13:19 - 000317304 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2019-10-12 13:20 - 2019-10-12 13:19 - 000275232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2019-10-12 13:20 - 2019-10-12 13:19 - 000236288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2019-10-12 13:20 - 2019-10-12 13:19 - 000210328 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2019-10-12 13:20 - 2019-10-12 13:19 - 000205600 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2019-10-12 13:20 - 2019-10-12 13:19 - 000171784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2019-10-12 13:20 - 2019-10-12 13:19 - 000111096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2019-10-12 13:20 - 2019-10-12 13:19 - 000084560 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2019-10-12 13:20 - 2019-10-12 13:19 - 000065376 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2019-10-12 13:20 - 2019-10-12 13:19 - 000043512 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2019-10-12 13:20 - 2019-10-12 13:19 - 000037880 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2019-10-12 13:20 - 2019-10-12 13:19 - 000016520 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
2019-10-12 13:18 - 2019-10-12 13:18 - 000000000 ____D C:\Program Files\AVG
2019-10-12 13:17 - 2019-10-12 13:20 - 000000000 ____D C:\ProgramData\AVG
2019-10-11 11:50 - 2019-10-11 11:50 - 000028577 _____ C:\Users\Dianna\Downloads\CS Fairdale Payment Authorization 103181.pdf.pdf
2019-10-10 18:09 - 2019-10-10 18:09 - 000066080 _____ C:\Users\Dianna\Downloads\Untitled_Message.zip
2019-10-10 18:09 - 2019-10-10 18:09 - 000036968 _____ C:\Users\Dianna\Downloads\9.18.19 (1).CC
2019-10-10 18:08 - 2019-10-10 18:09 - 000036968 _____ C:\Users\Dianna\Downloads\9.18.19.CC
2019-10-10 16:16 - 2019-10-10 16:16 - 000002408 _____ C:\Users\Dianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-10-10 16:11 - 2019-10-10 16:11 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2019-10-10 13:34 - 2019-10-10 13:34 - 026806784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 024616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 023455744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 019284992 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 019014144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 012960768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 012259840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 008903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 007872000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 004873728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 003614720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 002429768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-10-10 13:34 - 2019-10-10 13:34 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 002160160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-10-10 13:34 - 2019-10-10 13:34 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 001291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 001289192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 001247560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-10-10 13:34 - 2019-10-10 13:34 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 001201136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 001024712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000843264 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000522104 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-10-10 13:34 - 2019-10-10 13:34 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe
2019-10-10 13:34 - 2019-10-10 13:34 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-10-10 13:34 - 2019-10-10 13:34 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-10-10 13:34 - 2019-10-10 13:34 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnscmmc.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxgraphics.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NAPCRYPT.DLL
2019-10-10 13:33 - 2019-10-10 13:33 - 017485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 015220224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 009680400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 004628992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 004057088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 003567104 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002699768 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002699264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002437344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-10-10 13:33 - 2019-10-10 13:33 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002110472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002072176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002015400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001918792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001751432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001701880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-10-10 13:33 - 2019-10-10 13:33 - 001677816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001666232 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001590072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001344960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-10-10 13:33 - 2019-10-10 13:33 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001056056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 001048888 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000895560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000860160 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-10-10 13:33 - 2019-10-10 13:33 - 000851272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2019-10-10 13:33 - 2019-10-10 13:33 - 000805296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000764216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000750592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000681720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000662024 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000605496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000508728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000462136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000453432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-10-10 13:33 - 2019-10-10 13:33 - 000449368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000444728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-10-10 13:33 - 2019-10-10 13:33 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000385336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000376568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000294512 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000282424 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000224568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2019-10-10 13:33 - 2019-10-10 13:33 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000213304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000201736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-10-10 13:33 - 2019-10-10 13:33 - 000193336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000163232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000147944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000104464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-10-10 13:33 - 2019-10-10 13:33 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000039304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000033056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-10-10 12:54 - 2019-10-10 12:54 - 000000000 ____D C:\WINDOWS\SysWOW64\%LOCALAPPDATA%
2019-10-09 18:08 - 2019-10-12 14:05 - 000000000 ____D C:\ProgramData\AnyDesk
2019-10-09 18:06 - 2019-10-12 14:05 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\AnyDesk
2019-10-09 18:00 - 2019-10-11 13:07 - 000000000 ____D C:\Users\Dianna\AppData\Local\Deployment
2019-10-09 18:00 - 2019-10-09 18:00 - 000000000 ____D C:\Users\Dianna\AppData\Local\Apps\2.0
2019-10-09 13:17 - 2019-02-21 11:58 - 018774248 _____ C:\WINDOWS\system32\gsdll64.dll
2019-10-09 13:16 - 2019-10-09 13:16 - 000001508 _____ C:\WINDOWS\SysWOW64\RemotePCService.txt
2019-10-09 13:16 - 2019-10-09 13:16 - 000000282 _____ C:\WINDOWS\system32\RPCPrinterDownloader.txt
2019-10-09 13:16 - 2019-10-09 13:16 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\RemotePC
2019-10-09 13:15 - 2019-10-10 16:11 - 000000000 ____D C:\Program Files (x86)\RemotePC
2019-10-09 13:15 - 2019-10-10 16:10 - 000000000 ____D C:\ProgramData\RemotePC
2019-10-09 13:15 - 2019-06-26 11:32 - 000041352 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\remotepcudehost.sys
2019-10-09 13:15 - 2019-06-26 11:32 - 000037096 _____ C:\WINDOWS\system32\Drivers\RemotePCUDE.sys
2019-10-09 13:13 - 2019-10-09 13:14 - 000000000 ____D C:\ProgramData\SupremoRemoteDesktop
2019-10-09 12:24 - 2019-10-09 12:24 - 000016384 _____ C:\Users\Dianna\Downloads\10.9.19.4.xls
2019-10-09 11:04 - 2019-10-09 11:04 - 000016384 _____ C:\Users\Dianna\Downloads\10.9.19.xls
2019-10-07 14:39 - 2019-10-07 14:39 - 000003450 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d57d3e83562cef
2019-10-07 14:39 - 2019-10-07 14:39 - 000003326 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d57d3e833e5569
2019-10-05 12:09 - 2019-10-05 12:09 - 000003934 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper
2019-10-05 12:05 - 2019-10-05 12:05 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2019-10-05 12:05 - 2019-10-05 12:05 - 000002081 _____ C:\Users\Public\Desktop\BlueStacks Multi-Instance Manager.lnk
2019-10-05 12:05 - 2019-10-05 12:05 - 000002081 _____ C:\ProgramData\Desktop\BlueStacks Multi-Instance Manager.lnk
2019-10-05 12:04 - 2019-10-05 12:04 - 000001786 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2019-10-05 12:04 - 2019-10-05 12:04 - 000001786 _____ C:\ProgramData\Desktop\BlueStacks.lnk
2019-10-05 12:04 - 2019-10-05 12:04 - 000001768 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk
2019-10-05 12:02 - 2019-10-05 12:05 - 000000000 ____D C:\ProgramData\BlueStacks
2019-10-05 12:02 - 2019-10-05 12:02 - 000000000 ____D C:\Program Files\BlueStacks
2019-10-05 11:59 - 2019-10-05 12:01 - 000000000 ____D C:\Users\Public\BlueStacks
2019-10-05 11:59 - 2019-10-05 12:01 - 000000000 ____D C:\Users\Dianna\AppData\Local\BlueStacks
2019-10-05 11:59 - 2019-10-05 12:00 - 000000000 ____D C:\Users\Dianna\AppData\Local\BlueStacksSetup
2019-10-04 23:04 - 2019-10-04 23:04 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\Happy Chef
2019-10-04 21:29 - 2019-10-04 21:29 - 000001500 _____ C:\Users\Dianna\Desktop\Roblox Player.lnk
2019-10-04 21:29 - 2019-10-04 21:29 - 000001303 _____ C:\Users\Dianna\Desktop\Roblox Studio.lnk
2019-10-04 10:02 - 2019-10-04 10:02 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2019-10-04 10:02 - 2019-10-04 10:02 - 000018002 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-10-04 09:57 - 2019-10-04 09:57 - 001155584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shellstyle.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 001155584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shellstyle.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2019-10-04 09:57 - 2019-10-04 09:57 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 000241976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-10-04 09:57 - 2019-10-04 09:57 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssecuser.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 005605560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 004344832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 002349056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 002279304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 002096640 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-10-04 09:56 - 2019-10-04 09:56 - 002018304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-10-04 09:56 - 2019-10-04 09:56 - 001924976 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplaySwitch.exe
2019-10-04 09:56 - 2019-10-04 09:56 - 001764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 001750528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 001506304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 001278808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2019-10-04 09:56 - 2019-10-04 09:56 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 001019392 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-10-04 09:56 - 2019-10-04 09:56 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000767800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DismApi.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-10-04 09:56 - 2019-10-04 09:56 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000452992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-10-04 09:56 - 2019-10-04 09:56 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000231224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Dism.exe
2019-10-04 09:56 - 2019-10-04 09:56 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2019-10-04 09:56 - 2019-10-04 09:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvsetup.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSTheme.exe
2019-10-04 09:56 - 2019-10-04 09:56 - 000030720 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shunimpl.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 022135584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 006928384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 006444544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 006316792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 005767168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 005309080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 004737536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 004303872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 003978240 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 003820976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 003634688 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 003428864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 002924344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 002848768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 002779784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 002118656 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001966392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 001864704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001484896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001390888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 001319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001272120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001170432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001059328 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2019-10-04 09:55 - 2019-10-04 09:55 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 001006392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DismApi.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000888120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-10-04 09:55 - 2019-10-04 09:55 - 000821048 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000801792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000791864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000661096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000598328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000589824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000588600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000515448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2019-10-04 09:55 - 2019-10-04 09:55 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000434952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000384272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000341392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2019-10-04 09:55 - 2019-10-04 09:55 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000290616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dism.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000256704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\spopk.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.OneCore.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000155968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spopk.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcl.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\regapi.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000093496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 000086840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regapi.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000065608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnppolicy.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000044912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000042296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 000038184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\shunimpl.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 007886848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 007698432 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 006058032 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 005573016 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 005299712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 004352472 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-10-04 09:54 - 2019-10-04 09:54 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 003198976 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 003000832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 002839040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 002706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 002415928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 002200376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001720120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001701176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001522488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001399608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001294272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2019-10-04 09:54 - 2019-10-04 09:54 - 001052984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000938296 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 000817464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000780408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000775216 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000770096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000741688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 000605368 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000505640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000439096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000278416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-10-04 09:54 - 2019-10-04 09:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.OneCore.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000193704 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2019-10-04 09:54 - 2019-10-04 09:54 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000156512 _____ (Microsoft Corporation) C:\WINDOWS\system32\devobj.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000135816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devobj.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 000079032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2019-10-04 09:54 - 2019-10-04 09:54 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-10-04 09:54 - 2019-10-04 09:54 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSTheme.exe
2019-10-04 09:53 - 2019-10-04 09:53 - 000608256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-10-04 09:53 - 2019-10-04 09:53 - 000234808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000138552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000131384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000057656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000052536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000042296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000018744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys
2019-10-02 10:56 - 2019-10-02 10:56 - 000016384 _____ C:\Users\Dianna\Downloads\10.2.19.xls
2019-10-01 10:58 - 2019-10-01 10:58 - 000018958 _____ C:\Users\Dianna\Downloads\9.18.19.ods
2019-09-29 16:34 - 2019-10-05 11:56 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\.minecraft
2019-09-29 16:34 - 2019-09-29 16:35 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2019-09-29 16:34 - 2019-09-29 16:34 - 000001121 _____ C:\Users\Public\Desktop\Minecraft Launcher.lnk
2019-09-29 16:34 - 2019-09-29 16:34 - 000001121 _____ C:\ProgramData\Desktop\Minecraft Launcher.lnk
2019-09-29 16:34 - 2019-09-29 16:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2019-09-27 13:42 - 2019-09-27 13:42 - 000029043 _____ C:\Users\Dianna\Downloads\Bob_Evans_Event_11_Sausage_&_Sides_Ad_Quotes_ (1).zip
2019-09-27 13:41 - 2019-09-27 13:41 - 000071680 _____ C:\Users\Dianna\Downloads\Bob Evans_ Sausage items _Event 11_2019_ Quotes (1).xls
2019-09-25 15:07 - 2019-09-25 15:07 - 000002586 _____ C:\Users\Dianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iplay Games Notifier.lnk
2019-09-25 15:07 - 2019-09-25 15:07 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\Iplay Games Notifier
2019-09-25 11:36 - 2019-09-25 11:36 - 000017396 _____ C:\Users\Dianna\Downloads\9.23.19 (4).A
2019-09-25 11:27 - 2019-09-25 11:27 - 000017396 _____ C:\Users\Dianna\Downloads\9.23.19.A
2019-09-25 11:27 - 2019-09-25 11:27 - 000017396 _____ C:\Users\Dianna\Downloads\9.23.19 (3).A
2019-09-25 11:27 - 2019-09-25 11:27 - 000017396 _____ C:\Users\Dianna\Downloads\9.23.19 (2).A
2019-09-25 11:27 - 2019-09-25 11:27 - 000017396 _____ C:\Users\Dianna\Downloads\9.23.19 (1).A
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-10-12 16:00 - 2018-10-11 19:56 - 000000000 ____D C:\Users\Dianna\Desktop\New folder
2019-10-12 15:55 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-12 15:54 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-12 15:51 - 2016-07-12 20:24 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-10-12 15:50 - 2018-06-03 14:41 - 000000000 ____D C:\Users\Dianna\AppData\Local\AVAST Software
2019-10-12 15:39 - 2019-02-02 02:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-10-12 15:39 - 2019-02-02 02:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-10-12 14:25 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
2019-10-12 14:24 - 2015-11-11 06:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-10-12 14:08 - 2018-01-24 18:39 - 000000000 ____D C:\Users\Dianna\AppData\Local\Packages
2019-10-12 13:58 - 2019-02-02 02:25 - 000000000 ____D C:\Users\Dianna
2019-10-12 13:20 - 2018-09-15 03:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-10-12 13:06 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-11 15:41 - 2019-09-06 21:40 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE
2019-10-11 11:56 - 2019-09-06 21:25 - 000008051 _____ C:\WINDOWS\BRRBCOM.INI
2019-10-10 19:26 - 2018-10-12 10:44 - 000000022 _____ C:\Users\Dianna\Downloads\archive (23).zip
2019-10-10 19:24 - 2018-06-13 10:33 - 000000022 _____ C:\Users\Dianna\Downloads\archive (4).zip
2019-10-10 19:20 - 2018-06-13 10:33 - 000000022 _____ C:\Users\Dianna\Downloads\archive (3).zip
2019-10-10 19:19 - 2018-06-04 10:47 - 000000022 _____ C:\Users\Dianna\Downloads\Round_2.zip
2019-10-10 19:07 - 2018-06-04 10:00 - 000000022 _____ C:\Users\Dianna\Downloads\archive.zip
2019-10-10 18:38 - 2019-08-05 12:00 - 000000022 _____ C:\Users\Dianna\Downloads\archive (72).zip
2019-10-10 18:36 - 2019-07-09 13:37 - 000000022 _____ C:\Users\Dianna\Downloads\archive (65).zip
2019-10-10 18:34 - 2019-08-23 12:28 - 000000022 _____ C:\Users\Dianna\Downloads\archive (75).zip
2019-10-10 18:33 - 2019-08-23 12:12 - 000000022 _____ C:\Users\Dianna\Downloads\archive (74).zip
2019-10-10 18:30 - 2019-09-08 20:48 - 000000022 _____ C:\Users\Dianna\Downloads\archive (77).zip
2019-10-10 18:29 - 2019-08-28 12:08 - 000000022 _____ C:\Users\Dianna\Downloads\archive (76).zip
2019-10-10 16:30 - 2016-07-19 18:16 - 000000000 ____D C:\ProgramData\AVAST Software
2019-10-10 16:16 - 2016-07-12 19:50 - 000000000 ___RD C:\Users\Dianna\OneDrive
2019-10-10 15:51 - 2019-02-02 02:37 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-10-10 15:44 - 2018-09-15 02:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-10-10 15:41 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-10-10 15:41 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-10-10 15:41 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-10-10 15:41 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-10-10 15:41 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-10-10 15:41 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-10-10 15:41 - 2018-09-15 02:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-10-10 13:40 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-10-10 12:34 - 2018-01-25 11:52 - 000000000 ___RD C:\Users\Dianna\3D Objects
2019-10-10 12:34 - 2016-04-27 02:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-10-10 12:25 - 2019-02-02 02:20 - 000290272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-10-09 19:16 - 2018-09-15 05:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-10-09 19:16 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-10-09 14:16 - 2018-10-29 16:55 - 000000000 ____D C:\Users\Dianna\AppData\Local\D3DSCache
2019-10-09 13:24 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ServiceState
2019-10-09 09:38 - 2016-07-13 00:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-10-09 09:34 - 2016-07-13 00:59 - 127230528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-10-07 20:44 - 2017-09-12 22:11 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\ControlCenter4
2019-10-07 20:44 - 2017-09-12 22:06 - 000000000 ____D C:\ProgramData\ControlCenter4
2019-10-07 14:39 - 2015-11-11 06:34 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-05 11:57 - 2018-07-20 20:02 - 000000000 ____D C:\Users\Dianna\AppData\Local\CrashDumps
2019-10-04 23:02 - 2017-03-31 20:27 - 000000000 ____D C:\Users\Dianna\AppData\Local\GamesManager_iWin_Iplay
2019-10-04 21:29 - 2017-04-01 13:05 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2019-10-01 14:23 - 2016-07-13 15:52 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2019-09-27 21:55 - 2017-04-01 13:05 - 000000252 _____ C:\Users\Dianna\AppData\LocalLow\rbxcsettings.rbx
2019-09-25 15:07 - 2017-03-31 20:27 - 000002371 _____ C:\Users\Dianna\Desktop\Iplay Games.lnk
2019-09-24 22:05 - 2016-07-12 22:34 - 000000000 ____D C:\Users\Dianna\AppData\Local\VirtualStore
2019-09-24 18:41 - 2015-11-11 06:35 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-24 18:41 - 2015-11-11 06:35 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-09-24 18:41 - 2015-11-11 06:35 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-09-16 10:03 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-09-13 11:24 - 2016-07-13 15:52 - 000000000 ____D C:\ProgramData\WildTangent
 
==================== Files in the root of some directories ================
 
2017-09-17 22:27 - 2018-05-04 21:08 - 000000253 _____ () C:\Users\Dianna\AppData\Roaming\ANICONFIG_{250B47EB-9548-417C-8B15-A2AF8E13625E}.ini
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ============================
 
 
 
Addition Log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02
Ran by Dianna (12-10-2019 16:01:42)
Running from C:\Users\Dianna\Desktop
Windows 10 Pro Version 1809 17763.805 (X64) (2019-02-02 06:49:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3029253240-1863324081-1530500289-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3029253240-1863324081-1530500289-503 - Limited - Disabled)
Dianna (S-1-5-21-3029253240-1863324081-1530500289-1002 - Administrator - Enabled) => C:\Users\Dianna
Guest (S-1-5-21-3029253240-1863324081-1530500289-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3029253240-1863324081-1530500289-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3029253240-1863324081-1530500289-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 75.1.1528.100 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.8.3108 - AVG Technologies)
AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 77.0.1790.77 - AVG Technologies)
Belkin USB Wireless Adapter (HKLM-x32\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Blasterball 2: Remix (HKLM-x32\...\WTA-955be546-7244-4c80-b826-e351ea6c6dfe) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WTA-d4580b05-e4ea-4f5d-b132-693c44546886) (Version: 3.0.2.59 - WildTangent) Hidden
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.130.10.1003 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{613ce488-8460-4831-ad3a-dd0b4c39fdaf}) (Version: 4.3.2.0 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{A7B27ABE-950F-48B4-B74F-F3F87C9E9BCD}) (Version: 4.3.2.0 - Brother Industries, Ltd.) Hidden
Brother MFL-Pro Suite MFC-J430W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{3CE8B8E8-B33B-453C-BB7A-821ED6E18A24}) (Version: 1.0.27 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{E2FFD9C0-F6F4-445F-8B82-B5AE3925E431}) (Version: 3.0.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{DE927463-3897-456D-BBAC-47882CAC8AD9}) (Version: 1.0.26.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{D0F69DE9-EE0B-4A7A-8248-6D5EC97D171C}) (Version: 1.0.23.0 - Brother Industries Ltd.) Hidden
ControlCenter4 (HKLM-x32\...\{41EAC89B-B9AF-4C0C-813E-E5813548A8E4}) (Version: 4.6.17.1 - Brother Industries, Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
Deepteep (HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Deepteep) (Version: 1209.0.0 - Deepteep)
DeviceDetect (HKLM-x32\...\{97BCFAD0-8BC5-480B-ADA2-F54809F48267}) (Version: 1.4.1.0 - Brother Industries Ltd.) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\{DC7D9EC9-2AD1-33A7-92CF-5F5051E62843}) (Version: 77.0.3865.90 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{2C183CF0-3077-43D0-B001-F93AC5E68942}) (Version: 1.0.487 - LogMeIn, Inc.)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
iCloud (HKLM\...\{2C05E99A-94F0-4F95-B602-CD2D2682D6C3}) (Version: 7.13.0.14 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2413 - Intel Corporation)
Iplay Games (HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Iplay Games) (Version: 3.6.6.540 - iWin Inc.)
Iplay Games Notifier 1.0.87 (only current user) (HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1acdbc65-4038-50e2-9704-a632d68b666b) (Version: 1.0.87 - iWin Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{CFF44AE9-2908-4D7D-B48B-1CB5139015C7}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PC-FAXReceive (HKLM-x32\...\{9C609AF4-9CC1-45F0-B954-29DF7DD40329}) (Version: 1.8.004.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{03BF5A21-6363-410C-B3BE-0946B0012704}) (Version: 3.7.3.1 - Brother Industries Ltd.) Hidden
PDF Reader for Windows 10 (HKLM\...\PDF Reader for Windows 10_is1) (Version:  - PDFLogic Corporation)
PowerENGAGE (HKLM-x32\...\{BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1}) (Version: 3.2.13 - Aviata, Inc.) Hidden
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.31.0 - Ralink)
RemoteSetup (HKLM-x32\...\{6C3BCC5F-16B6-45FD-BE6E-46AF73A2C4A7}) (Version: 3.9.4.1 - Brother Industries Ltd.) Hidden
Roblox Player for Dianna (HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Studio for Dianna (HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\roblox-studio) (Version:  - Roblox Corporation)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
SoftwareUpdateNotification (HKLM-x32\...\{C2430580-570A-48D4-BF61-FA55E35BD052}) (Version: 1.0.8.0 - Brother Insutries Ltd.) Hidden
SpellQuizzer 1.4.2 (HKLM-x32\...\SpellQuizzer_is1) (Version:  - TedCo Software)
StatusMonitor (HKLM-x32\...\{917FA52F-AFA9-46C0-BEE0-895B29160631}) (Version: 1.22.7.0 - Brother Insutries Ltd.) Hidden
SupportTeq  (HKLM-x32\...\{A22B8513-EA8C-46A1-9735-F5BE971C368D}) (Version: 7.4.515 - LogMeIn, Inc.)
TWC WiFi (HKLM-x32\...\TWC WiFi_is1) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - gamigo, Inc.) Hidden
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.1.1.30 - WildTangent) Hidden
WildTangent Helper (HKLM-x32\...\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}) (Version: 1.0.0.365 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 5.0.0.205 - WildTangent) Hidden
ZipCruncher (HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\ZipCruncher) (Version: 995.0.0 - ZipCruncher)
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-27] (Autodesk Inc.)
Brother iPrint&Scan Light -> C:\Program Files\WindowsApps\C2258428.BrotherPrintScan_2.3.0.1_neutral__m06mxaavvcjkt [2017-09-13] (Brother Industries Ltd.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.149.100.0_x86__kgqvnymyfvs32 [2019-10-04] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-08-30] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa [2019-10-07] (Apple Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2018-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2018-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-05] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation)
Solitaire Collection+ -> C:\Program Files\WindowsApps\12291raymond.li.5987855B3B0BC_1.1.8.0_x64__szs6zaftcmqhc [2019-08-03] (raymond.li) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0 [2019-10-10] (Spotify AB)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-07-14] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-05-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2019-10-12] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.)
 
==================== Codecs (Whitelisted) ==================
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Dianna\Desktop\adam - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Dianna\Desktop\Iplay Games.lnk -> C:\Users\Dianna\AppData\Local\GamesManager_iWin_Iplay\GamesManager.exe (iWin Inc) -> -config.channel=20000005 -config.uri=hxxps://www.iplay.com/
ShortcutWithArgument: C:\Users\Dianna\AppData\Roaming\Microsoft\Windows\Start Menu\ZipCruncher.lnk -> C:\Users\Dianna\AppData\Roaming\AppMaster\AppMaster.exe () -> shortcut hxxp://baseapp.zipcruncher.com/
ShortcutWithArgument: C:\Users\Dianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iplay Games\Iplay Games.lnk -> C:\Users\Dianna\AppData\Local\GamesManager_iWin_Iplay\GamesManager.exe (iWin Inc) -> -config.channel=20000005 -config.uri=hxxps://www.iplay.com/
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-12 22:06 - 2017-06-20 14:17 - 000089600 _____ () [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2017-09-12 22:06 - 2005-04-22 13:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2015-10-21 19:50 - 2015-10-21 19:50 - 000576000 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll
2015-10-21 19:50 - 2015-10-21 19:50 - 000518144 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll
2015-10-21 19:50 - 2015-10-21 19:50 - 000853504 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [450]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (370f3eb2-c704-40f7-909f-fbf0b0b2aa99) => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\143[bleep].com -> 143[bleep].com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1se.ru -> 1se.ru
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\2020search.com -> 2020search.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\20x2p.com -> 20x2p.com
 
There are 1540 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2019-01-04 05:13 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Dianna\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{5fb0330a-e3b3-4ba9-b2fd-6aae0a5eadfe}.jpg
DNS Servers: 209.18.47.61 - 209.18.47.63
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AffinegyService => 2
MSCONFIG\Services: ANIWZCSdService => 2
MSCONFIG\Services: ASCValidator => 2
MSCONFIG\Services: avast => 2
MSCONFIG\Services: avastm => 3
MSCONFIG\Services: AvastSecureBrowserElevationService => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: D_Link_DWA-125_WPS => 2
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "DigiDo"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ANIWZCS2Service"
HKLM\...\StartupApproved\Run32: => "D-Link D-Link Wireless 150 USB Adapter DWA-125"
HKLM\...\StartupApproved\Run32: => "D-Link D-Link DWA-125"
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\StartupApproved\Run: => "iCloudPhotos"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F6460361-887B-4020-A4DD-A59393E687C3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6819A887-9EB0-4E59-BDD0-7E350A51A5C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3E78B4B3-C98A-4CBE-B224-EF15AEC41A9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{43D569EF-3B15-40AF-8567-982050B1B2D6}] => (Allow) LPort=54925
FirewallRules: [{F373077D-B6CB-4FA7-9BE0-B4F33DBF4177}] => (Allow) C:\Users\Dianna\AppData\Local\Temp\7zS235B\HP.EasyStart.exe No File
FirewallRules: [{3E2D976E-B712-4873-B018-77D914BC8D4B}] => (Allow) LPort=54925
FirewallRules: [{DD054EF9-DA91-47C2-B5D6-C656D2C90411}] => (Allow) LPort=54950
FirewallRules: [{F3E8943D-CAFC-4D83-B645-757FCDC7C8F2}] => (Allow) LPort=54955
FirewallRules: [{F11BF6C0-6AAB-498B-A65A-7937664EF5A3}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{49CE6E28-707A-4477-80A2-25D51E878A96}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{35A6D162-A72C-4E1E-93A0-C33FD83F113A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{265C2F71-2047-4F7E-B1FF-2C29A5AF58E5}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{D954036F-7D2F-44AE-89A4-CE40DD212D14}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A3C66B34-9263-41A7-9A37-4D85B8AAB6D8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{12EF9FF5-C936-4520-93D9-EC2B034BAE66}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8451A769-ACA7-4F55-A00F-FAFA6E4E36C7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4ED39080-2C3A-4957-B278-C9B7A51D60A7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8333EEBB-AB40-46FC-8F59-9DF05D4779B5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8B6E3DCE-681F-4A26-9C05-8F6B2FDE3677}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F43F610-F8E8-43DC-A9B6-98717D5B8D69}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7BE74942-9913-4F57-B7D4-F18FE1518EF7}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCService.exe No File
FirewallRules: [{C1A15B77-54BB-4A6C-9407-7C150CCBD290}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCService.exe No File
FirewallRules: [{16A2983E-1432-44D1-8139-D90BA2D4AF05}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCDesktop.exe No File
FirewallRules: [{27058CC9-CDD3-4603-9E68-3A4455B45C8E}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCDesktop.exe No File
FirewallRules: [{DFE635B2-9E58-4D39-879A-811E41E9F140}] => (Allow) C:\Program Files (x86)\RemotePC\RPCCoreViewer.exe No File
FirewallRules: [{E89E4C9B-6329-4D6B-874E-BFDCA8D96391}] => (Allow) C:\Program Files (x86)\RemotePC\RPCCoreViewer.exe No File
FirewallRules: [{C6EA247A-6D64-4625-AA0D-AC638F81D0C5}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCUI.exe No File
FirewallRules: [{CEE88332-824A-4CD0-AD22-B72B88A5650A}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCUI.exe No File
FirewallRules: [TCP Query User{42A899BF-A689-449D-8856-F59E92EB7714}C:\users\dianna\downloads\anydesk.exe] => (Allow) C:\users\dianna\downloads\anydesk.exe No File
FirewallRules: [UDP Query User{2683C70B-C46A-46ED-B3D9-402886A1987B}C:\users\dianna\downloads\anydesk.exe] => (Allow) C:\users\dianna\downloads\anydesk.exe No File
FirewallRules: [{95850F6B-E063-4098-BE96-88F58ABA8ACA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FC3D8CF1-AA2D-4DB4-BBAE-F26DCBD2E214}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{207F09B9-8FB4-4FAE-9F08-03FD8904DD6A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3BC9C957-71DB-4496-8C3D-D8161FE5AB74}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{72551800-E8B7-42F7-B2E9-6E121D749156}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2D0499E0-D8DC-417E-807D-25225B3CEACC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C6FE660B-C869-49A2-A530-E907E295C3A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B2196D3E-05C6-4607-94C8-DB08600E81DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A07FD53E-3BCA-48AF-94E4-E6DD480C9B66}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{3A9AC763-57F5-4027-B2F6-343DC1E0129D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{36DD1142-4271-42AB-8E83-41733D6553BF}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{F6325FC4-F537-4283-B9F8-F2AA973F4AD5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{ED22E650-9A44-4C1B-A5DA-073EB81666D7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{B972BC1D-9BB7-45C0-8347-CF85FB3BA177}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{A00546BB-C5A1-4250-8FDE-5B5304F44F52}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{99D980CD-3624-4301-93A9-EB6AAFC093CC}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, Inc. -> AVG Technologies)
 
==================== Restore Points =========================
 
21-09-2019 00:37:40 Scheduled Checkpoint
28-09-2019 13:47:06 Installed Minecraft Launcher
29-09-2019 16:33:33 Installed Minecraft Launcher
04-10-2019 09:28:05 Windows Update
09-10-2019 09:31:56 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/12/2019 03:40:18 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...
 
Error: (10/12/2019 03:40:17 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.
 
Error: (10/12/2019 03:40:17 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...
 
Error: (10/12/2019 03:40:17 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...
 
Error: (10/12/2019 03:40:16 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[4]: 192.168.0.6
 
Error: (10/12/2019 03:40:16 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[3]: 2607:fcc8:bc89:f00:50df:765d:82f0:12e6
 
Error: (10/12/2019 03:40:16 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[2]: 2607:fcc8:bc89:f00::2
 
Error: (10/12/2019 03:40:16 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[1]: 2607:fcc8:bc89:f00:e057:a2cc:a4de:f0e2
 
 
System errors:
=============
Error: (10/12/2019 04:06:13 PM) (Source: DCOM) (EventID: 10016) (User: NANAS-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/12/2019 04:05:38 PM) (Source: DCOM) (EventID: 10016) (User: NANAS-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/12/2019 04:03:17 PM) (Source: DCOM) (EventID: 10016) (User: NANAS-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/12/2019 04:02:27 PM) (Source: DCOM) (EventID: 10016) (User: NANAS-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/12/2019 03:56:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
 
Error: (10/12/2019 03:53:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service hung on starting.
 
Error: (10/12/2019 03:49:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The System Guard Runtime Monitor Broker service hung on starting.
 
Error: (10/12/2019 03:47:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
 
CodeIntegrity:
===================================
 
Date: 2019-10-12 15:56:13.767
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-10-12 15:56:13.162
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-10-12 15:56:10.902
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-10-12 15:55:16.487
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-10-12 15:55:04.346
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-10-12 15:49:07.536
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-10-12 15:44:36.388
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-10-12 15:44:34.139
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard 786G2 v02.03 10/19/2015
Motherboard: Hewlett-Packard 3048h
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 87%
Total physical RAM: 3991.24 MB
Available physical RAM: 494.27 MB
Total Virtual: 5783.24 MB
Available Virtual: 2453.21 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:463.62 GB) (Free:233.78 GB) NTFS
Drive d: (BROTHER) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
Drive e: () (Removable) (Total:7.6 GB) (Free:4.94 GB) FAT32
 
\\?\Volume{e0383c55-8858-11e5-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:2.14 GB) (Free:1.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B13339AB)
Partition 1: (Active) - (Size=2.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=463.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.6 GB) (Disk ID: 8884A893)
Partition 1: (Not Active) - (Size=7.6 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,867 posts
  • MVP

You need to uninstall either AVAST or AVG.  If you uninstall Avast you need to go into msconfig and check the three Avast boxes then  reboot before uninstalling.

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 

 

Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.


  • 0

#3
Panda10

Panda10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Thank you for all your help! I have removed AVG as we were just using it until we could pay for the AVAST subscription renewal. We have paid for it now and it is up and running. Below are the items you requested. Thanks again for all your help.

 

 

Process Explorer

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 74.60 56 K 8 K 0
procexp64.exe 6.99 45,916 K 70,160 K 9220 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
aswidsagent.exe 4.31 29,904 K 45,016 K 2240 Avast Behavior Shield AVAST Software (Verified) AVAST Software s.r.o.
AvastUI.exe 2.80 25,884 K 23,056 K 10140 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
System 0.81 196 K 2,740 K 4
Interrupts 0.69 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.62 39,032 K 45,268 K 1032 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 0.60 139,040 K 132,780 K 7264 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Windows Publisher
AvastSvc.exe 0.53 123,236 K 48,108 K 2180 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
services.exe 0.36 4,948 K 9,992 K 688 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
afwServ.exe 0.25 15,272 K 32,780 K 2756 Avast firewall service AVAST Software (Verified) AVAST Software s.r.o.
csrss.exe 0.16 2,184 K 5,100 K 672 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.11 43,136 K 49,172 K 1644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.08 8,868 K 15,960 K 2696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 0.07 42,404 K 108,192 K 7364 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 3,560 K 10,996 K 2956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
lsass.exe 0.02 6,152 K 17,612 K 696 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 1,496 K 5,524 K 3192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 5,864 K 12,328 K 496 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WorkflowAppControl.exe 0.02 12,700 K 19,368 K 3084 NetworkAppControl Microsoft (No signature was present in the subject) Microsoft
WildTangentHelperService.exe 0.01 4,624 K 16,676 K 2128 (Verified) WildTangent Inc
svchost.exe 0.01 2,240 K 7,924 K 488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 3,008 K 10,632 K 3692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe < 0.01 6,632 K 996 K 2704 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 10,124 K 26,464 K 976 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe < 0.01 6,636 K 12,552 K 7540 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe < 0.01 5,064 K 20,972 K 9000 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 1,692 K 6,372 K 9324 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2,948 K 8,128 K 1872 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe < 0.01 36,452 K 78,288 K 8316 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 25,540 K 28,620 K 3096 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 17,256 K 19,756 K 1328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
USBAppControl.exe < 0.01 10,496 K 15,156 K 2912 USBAppControl Microsoft (No signature was present in the subject) Microsoft
svchost.exe < 0.01 4,108 K 15,816 K 7612 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe < 0.01 8,416 K 21,376 K 2348 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
YourPhone.exe 11,920 K 34,144 K 8908 (No signature was present in the subject)
WUDFHost.exe 2,028 K 7,716 K 888 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wmpnscfg.exe 1,544 K 4,076 K 7808 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
wmpnscfg.exe 1,528 K 3,624 K 8792 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 7,840 K 26,836 K 5992 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 5,080 K 12,024 K 3984 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3,024 K 9,040 K 6160 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,832 K 11,424 K 744 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,672 K 7,032 K 632 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
VpnSvc.exe 10,700 K 30,540 K 3880 Avast SecureLine VPN Service AVAST Software (Verified) AVAST Software s.r.o.
Vpn.exe 9,364 K 19,200 K 9088 Avast SecureLine VPN AVAST Software (Verified) AVAST Software s.r.o.
unsecapp.exe 1,332 K 6,744 K 10148 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 7,452 K 16,440 K 5988 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 2,944 K 11,424 K 6580 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 9,020 K 18,184 K 3032 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,912 K 16,480 K 6472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,792 K 14,384 K 8228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,764 K 17,812 K 6056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,996 K 7,292 K 1996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,300 K 7,576 K 1452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 14,920 K 23,228 K 3000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 19,352 K 27,344 K 9700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,336 K 28,364 K 7132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,656 K 31,632 K 2972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,980 K 9,036 K 1368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,892 K 13,284 K 2004 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,244 K 9,008 K 10232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,588 K 12,144 K 1596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,456 K 12,288 K 3488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,980 K 7,780 K 1100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 20,196 K 37,932 K 2268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,012 K 12,016 K 6100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,484 K 13,952 K 4312 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,360 K 34,184 K 7152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,124 K 14,312 K 1484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,876 K 10,340 K 1344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,984 K 8,864 K 1736 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,676 K 21,204 K 3116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,096 K 8,396 K 2436 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 14,892 K 12,708 K 2700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,428 K 5,888 K 1656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,868 K 7,216 K 1760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,564 K 5,964 K 1108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,412 K 9,116 K 2692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,156 K 12,576 K 1864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,324 K 5,100 K 8220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,176 K 12,076 K 1404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,956 K 11,864 K 1244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,724 K 21,596 K 2376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,288 K 8,124 K 1632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,848 K 15,824 K 1176 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,880 K 6,624 K 1980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,812 K 15,596 K 2112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,852 K 10,880 K 1184 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,764 K 15,444 K 7900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,248 K 9,704 K 8488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,380 K 9,656 K 1728 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,044 K 8,384 K 116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,028 K 3,964 K 864 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,944 K 6,820 K 1144 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,708 K 6,100 K 1336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,024 K 8,012 K 1752 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,064 K 14,540 K 2188 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,472 K 10,388 K 2616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,732 K 7,848 K 3016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,764 K 6,712 K 2708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,396 K 5,684 K 2744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,924 K 12,156 K 3204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,784 K 7,300 K 3828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,928 K 7,452 K 3840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,768 K 6,092 K 2628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,980 K 8,960 K 5980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,404 K 10,516 K 6816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,508 K 6,352 K 7560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,652 K 8,272 K 8668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,464 K 7,656 K 9080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SoftwareUpdateNotificationService.exe 2,140 K 9,824 K 8588 SoftwareUpdateNotificationService Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
smss.exe 700 K 1,328 K 408 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 8,408 K 23,568 K 9892 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 5,876 K 25,788 K 7100 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe 22,824 K 64,360 K 3972 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 892 K 3,488 K 10748 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SettingSyncHost.exe 3,884 K 14,892 K 8856 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 2,296 K 10,064 K 3800 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchProtocolHost.exe 2,456 K 9,084 K 920 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 1,400 K 6,336 K 10592 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
ScreenConnect.WindowsClient.exe 25,516 K 33,560 K 7728 ScreenConnect Client ScreenConnect Software (Verified) ConnectWise, Inc.
ScreenConnect.WindowsClient.exe 25,652 K 33,668 K 7656 ScreenConnect Client ScreenConnect Software (Verified) ConnectWise, Inc.
ScreenConnect.ClientService.exe 16,024 K 26,328 K 1480 (Verified) ConnectWise, Inc.
RuntimeBroker.exe 5,764 K 21,992 K 8064 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1,764 K 8,036 K 9460 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 2,384 K 12,348 K 8812 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1,964 K 7,628 K 8632 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1,372 K 6,000 K 7896 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RemindersServer.exe 2,236 K 11,080 K 1576 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows
Registry 2,516 K 86,188 K 88
procexp.exe 3,220 K 10,632 K 6424 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
printfilterpipelinesvc.exe 7,600 K 16,904 K 6536 Print Filter Pipeline Host Microsoft Corporation (Verified) Microsoft Windows
NisSrv.exe 4,400 K 9,764 K 10132 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Windows Publisher
MpCmdRun.exe 2,032 K 6,496 K 8328 Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Windows Publisher
MicrosoftEdgeSH.exe 3,876 K 13,740 K 9636 Microsoft Edge Web Platform Microsoft Corporation (Verified) Microsoft Windows
MicrosoftEdge.exe 21,668 K 59,608 K 8884 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation
Memory Compression 124 K 24,156 K 1676
GoogleCrashHandler64.exe 1,740 K 652 K 11056 Google Crash Handler Google LLC (Verified) Google Inc
GoogleCrashHandler.exe 1,796 K 540 K 8544 Google Crash Handler Google LLC (Verified) Google Inc
fontdrvhost.exe 3,400 K 7,756 K 876 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 1,628 K 3,976 K 872 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 3,968 K 11,200 K 3040 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 3,188 K 10,416 K 3956 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 7,104 K 18,588 K 2636 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 992 K 4,220 K 5856 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe 3,816 K 15,332 K 5916 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 2,056 K 5,520 K 568 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
CompatTelRunner.exe 3,204 K 4,568 K 7524 Microsoft Compatibility Telemetry Microsoft Corporation (Verified) Microsoft Windows
CompatTelRunner.exe 1,148 K 600 K 2148 Microsoft Compatibility Telemetry Microsoft Corporation (Verified) Microsoft Windows
browser_broker.exe 3,432 K 16,056 K 9180 Browser_Broker Microsoft Corporation (Verified) Microsoft Windows
AVGBrowserUpdate.exe 1,568 K 1,912 K 940 AVG Browser AVG Technologies (Verified) AVG Technologies USA, Inc.
AvEmUpdate.exe 2,700 K 4,176 K 8140 Avast Emergency Update AVAST Software (Verified) AVAST Software s.r.o.
AvastBrowserUpdate.exe 1,572 K 1,844 K 944 Avast Browser Update AVAST Software (Verified) AVAST Software s.r.o.
audiodg.exe 6,268 K 9,328 K 2036 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,664 K 6,788 K 2916 Adobe Acrobat Update Service Adobe Systems (Verified) Adobe Inc.
AppMaster.exe 16,564 K 27,724 K 2784 AppMaster (Verified) Tabatoo LTD
ApplicationFrameHost.exe 7,256 K 25,988 K 8684 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
ANIWConnService.exe 1,608 K 6,388 K 2936 ANIWConnService (No signature was present in the subject) 
 
Command Prompt Junk.txt
 
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                        88 N/A                                         
smss.exe                       408 N/A                                         
csrss.exe                      568 N/A                                         
wininit.exe                    632 N/A                                         
csrss.exe                      672 N/A                                         
services.exe                   688 N/A                                         
lsass.exe                      696 KeyIso, SamSs, VaultSvc                     
winlogon.exe                   744 N/A                                         
svchost.exe                    864 PlugPlay                                    
fontdrvhost.exe                872 N/A                                         
fontdrvhost.exe                876 N/A                                         
WUDFHost.exe                   888 N/A                                         
svchost.exe                    976 BrokerInfrastructure, DcomLaunch, Power,    
                                   SystemEventsBroker                          
svchost.exe                    496 RpcEptMapper, RpcSs                         
svchost.exe                    488 LSM                                         
dwm.exe                       1032 N/A                                         
svchost.exe                   1108 CoreMessagingRegistrar                      
svchost.exe                   1144 lmhosts                                     
svchost.exe                   1176 Schedule                                    
svchost.exe                   1184 NcbService                                  
svchost.exe                   1244 ProfSvc                                     
svchost.exe                   1328 EventLog                                    
svchost.exe                   1336 hidserv                                     
svchost.exe                   1344 UserManager                                 
svchost.exe                   1368 nsi                                         
svchost.exe                   1404 TimeBrokerSvc                               
svchost.exe                   1452 Dhcp                                        
svchost.exe                   1596 NlaSvc                                      
svchost.exe                   1632 EventSystem                                 
svchost.exe                   1644 SysMain                                     
svchost.exe                   1656 Themes                                      
Memory Compression            1676 N/A                                         
svchost.exe                   1728 SENS                                        
svchost.exe                   1736 netprofm                                    
svchost.exe                   1752 AudioEndpointBuilder                        
svchost.exe                   1760 FontCache                                   
svchost.exe                   1864 Audiosrv                                    
svchost.exe                   1872 Dnscache                                    
svchost.exe                   1980 DusmSvc                                     
svchost.exe                   1996 WinHttpAutoProxySvc                         
svchost.exe                   2004 Wcmsvc                                      
svchost.exe                   1484 StateRepository                             
svchost.exe                   2112 WlanSvc                                     
AvastSvc.exe                  2180 avast! Antivirus                            
svchost.exe                   2188 ShellHWDetection                            
spoolsv.exe                   2348 Spooler                                     
svchost.exe                   2376 BFE, mpssvc                                 
svchost.exe                   2436 LanmanWorkstation                           
svchost.exe                   2616 DeviceAssociationService                    
dasHost.exe                   2636 N/A                                         
afwServ.exe                   2756 avast! Firewall                             
armsvc.exe                    2916 AdobeARMservice                             
ANIWConnService.exe           2936 ANIWConnService                             
svchost.exe                   2956 CryptSvc                                    
svchost.exe                   2972 DiagTrack                                   
svchost.exe                   3000 DPS                                         
svchost.exe                   3016 IKEEXT                                      
svchost.exe                   3032 Winmgmt                                     
ScreenConnect.ClientServi     1480 ScreenConnect Client (370f3eb2-c704-40f7-909
                                   f-fbf0b0b2aa99)                             
svchost.exe                   2692 LanmanServer                                
svchost.exe                   2708 SstpSvc                                     
svchost.exe                   2696 stisvc                                      
svchost.exe                   2744 TrkWks                                      
svchost.exe                   2700 SSDPSRV                                     
USBAppControl.exe             2912 USBAppControl                               
WildTangentHelperService.     2128 WildTangentHelper                           
WorkflowAppControl.exe        3084 WorkflowAppControl                          
SearchIndexer.exe             3096 WSearch                                     
svchost.exe                   3116 WpnService                                  
svchost.exe                   3192 WdiServiceHost                              
svchost.exe                   3204 iphlpsvc                                    
svchost.exe                   3488 RasMan                                      
svchost.exe                   3692 wscsvc                                      
svchost.exe                   3828 Browser                                     
svchost.exe                   3840 PolicyAgent                                 
VpnSvc.exe                    3880 SecureLine                                  
dllhost.exe                   3956 N/A                                         
svchost.exe                   2628 WdiSystemHost                               
svchost.exe                   4312 AppXSvc                                     
dasHost.exe                   5856 N/A                                         
wmpnetwk.exe                  5992 WMPNetworkSvc                               
svchost.exe                   6100 upnphost                                    
WmiPrvSE.exe                  6160 N/A                                         
printfilterpipelinesvc.ex     6536 N/A                                         
svchost.exe                   6816 Netman                                      
sihost.exe                    7100 N/A                                         
svchost.exe                   7132 CDPUserSvc_72e2a                            
svchost.exe                   7152 WpnUserService_72e2a                        
taskhostw.exe                 5988 N/A                                         
svchost.exe                    116 TabletInputService                          
svchost.exe                   6472 TokenBroker                                 
ctfmon.exe                    5916 N/A                                         
SearchProtocolHost.exe         920 N/A                                         
svchost.exe                   6056 CDPSvc                                      
explorer.exe                  7364 N/A                                         
svchost.exe                   7560 Appinfo                                     
ScreenConnect.WindowsClie     7656 N/A                                         
ScreenConnect.WindowsClie     7728 N/A                                         
svchost.exe                   7900 cbdhsvc_72e2a                               
svchost.exe                   2268 wuauserv                                    
SecurityHealthService.exe     3800 SecurityHealthService                       
ShellExperienceHost.exe       3972 N/A                                         
RuntimeBroker.exe             8064 N/A                                         
SearchUI.exe                  8316 N/A                                         
svchost.exe                   8488 LicenseManager                              
ApplicationFrameHost.exe      8684 N/A                                         
RuntimeBroker.exe             8812 N/A                                         
MicrosoftEdge.exe             8884 N/A                                         
YourPhone.exe                 8908 N/A                                         
browser_broker.exe            9180 N/A                                         
dllhost.exe                   3040 N/A                                         
aswidsagent.exe               2240 aswbIDSAgent                                
svchost.exe                   9324 OneSyncSvc_72e2a,                           
                                   PimIndexMaintenanceSvc_72e2a,               
                                   UnistoreSvc_72e2a, UserDataSvc_72e2a        
RuntimeBroker.exe             9460 N/A                                         
MicrosoftEdgeSH.exe           9636 N/A                                         
svchost.exe                   9700 UsoSvc                                      
smartscreen.exe               9892 N/A                                         
unsecapp.exe                 10148 N/A                                         
SettingSyncHost.exe           8856 N/A                                         
RuntimeBroker.exe             8632 N/A                                         
svchost.exe                   9080 PcaSvc                                      
AppMaster.exe                 2784 N/A                                         
SoftwareUpdateNotificatio     8588 N/A                                         
AvastUI.exe                  10140 N/A                                         
Vpn.exe                       9088 N/A                                         
GoogleCrashHandler.exe        8544 N/A                                         
GoogleCrashHandler64.exe     11056 N/A                                         
SgrmBroker.exe               10748 SgrmBroker                                  
svchost.exe                  10232 StorSvc                                     
RemindersServer.exe           1576 N/A                                         
AvastBrowserCrashHandler.     2056 N/A                                         
svchost.exe                   9912 BITS                                        
AvastBrowserCrashHandler6    12600 N/A                                         
svchost.exe                   7116 camsvc                                      
WmiPrvSE.exe                 11128 N/A                                         
cmd.exe                       8568 N/A                                         
conhost.exe                   8044 N/A                                         
svchost.exe                  12840 gpsvc                                       
svchost.exe                   8540 lfsvc                                       
svchost.exe                  10500 ClipSVC                                     
WinStore.App.exe             12964 N/A                                         
RuntimeBroker.exe             9808 N/A                                         
svchost.exe                   9848 XblAuthManager                              
chrome.exe                    6760 N/A                                         
chrome.exe                   10664 N/A                                         
chrome.exe                    8232 N/A                                         
chrome.exe                   13180 N/A                                         
chrome.exe                    8616 N/A                                         
chrome.exe                   12820 N/A                                         
chrome.exe                    8672 N/A                                         
chrome.exe                    9748 N/A                                         
chrome.exe                    8776 N/A                                         
chrome.exe                    8700 N/A                                         
chrome.exe                    9664 N/A                                         
chrome.exe                    9220 N/A                                         
chrome.exe                    7552 N/A                                         
chrome.exe                   10552 N/A                                         
WmiApSrv.exe                 13248 wmiApSrv                                    
chrome.exe                    9596 N/A                                         
AvastBrowser.exe             13096 N/A                                         
svchost.exe                  11100 wlidsvc                                     
AvastBrowser.exe             10764 N/A                                         
AvastBrowser.exe              7536 N/A                                         
AvastBrowser.exe             11256 N/A                                         
WmiPrvSE.exe                  8336 N/A                                         
AvastBrowser.exe             12876 N/A                                         
AvastBrowser.exe             10684 N/A                                         
chrome.exe                   13164 N/A                                         
chrome.exe                    8344 N/A                                         
chrome.exe                   12916 N/A                                         
chrome.exe                   13080 N/A                                         
AvastBrowser.exe               228 N/A                                         
AvastBrowser.exe              6812 N/A                                         
AvastBrowser.exe              9952 N/A                                         
SearchFilterHost.exe          7304 N/A                                         
AvastBrowser.exe             10340 N/A                                         
WindowsInternal.Composabl    10984 N/A                                         
tasklist.exe                 13224 N/A                                         
 

Latency Monitor

 

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:32  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        NANAS-PC
OS version:                                           Windows 10 , 10.0, version 1809, build: 17763 (x64)
Hardware:                                             HP Compaq 6000 Pro SFF PC, Hewlett-Packard, 3048h
CPU:                                                  GenuineIntel Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Logical processors:                                   2
Processor groups:                                     1
RAM:                                                  3991 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   2993 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
WARNING: the CPU speed that was measured is only a fraction of the CPU speed reported. Your CPUs may be throttled back due to variable speed settings and thermal issues. It is suggested that you run a utility which reports your actual CPU frequency and temperature. 
 
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   605.90
Average measured interrupt to process latency (µs):   5.836308
 
Highest measured interrupt to DPC latency (µs):       217.90
Average measured interrupt to DPC latency (µs):       1.531224
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              13.122619
Driver with highest ISR routine execution time:       ataport.SYS - ATAPI Driver Extension, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.021764
Driver with highest ISR total time:                   USBPORT.SYS - USB 1.1 & 2.0 Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.032604
 
ISR count (execution time <250 µs):                   7359
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              567.691614
Driver with highest DPC routine execution time:       ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.248798
Driver with highest DPC total execution time:         ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Total time spent in DPCs (%)                          0.562373
 
DPC count (execution time <250 µs):                   83751
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                9
DPC count (execution time 1000-1999 µs):              0
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 svchost.exe
 
Total number of hard pagefaults                       340
Hard pagefault count of hardest hit process:          119
Number of processes hit:                              17
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.681048
CPU 0 ISR highest execution time (µs):                13.122619
CPU 0 ISR total execution time (s):                   0.020279
CPU 0 ISR count:                                      6812
CPU 0 DPC highest execution time (µs):                464.328433
CPU 0 DPC total execution time (s):                   0.327286
CPU 0 DPC count:                                      79400
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.309096
CPU 1 ISR highest execution time (µs):                6.843969
CPU 1 ISR total execution time (s):                   0.000608
CPU 1 ISR count:                                      547
CPU 1 DPC highest execution time (µs):                567.691614
CPU 1 DPC total execution time (s):                   0.032981
CPU 1 DPC count:                                      4360
_________________________________________________________________________________________________________
 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,867 posts
  • MVP

Make sure you have the three Avast files checked in msconfig. 

 

Speccy thinks your PC is too hot.  Sometimes it reads a bit high but the hard drive is also reporting that it is too hot so I expect it's right.  You can get a second opinion from

speedfan:

 

http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time. With no other programs running what is the highest temp you see?  We really expect a desktop to be around 45 but no higher than 50.  .  If it does it usually means either the fan is defective (speedfan should tell you your fan speed so you can see if it is running) or (most likely) the interface between the fan and the heatsink is clogged with dust. The best fix for a clogged heatsink is to remove the fan (not the heatsink or heatpipe) and vacuum out the heatsink.  Also clean any air vents in the case and also in the power supply.  I expect in your case the PC case vents are clogged since the hard drive is also running hot.  Heat will make the CPU run slower to protect itself and heat can damage the hard drive so you need to get this fixed.

 

 

You have had a few hard drive sectors fail.  They have been replaced with spares but sometimes that leaves some corruption.  Let's run a disk check , dism & sfc to make sure everything is OK.

 

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/


Tye:

chkdsk /r C:

hit Enter.  It will tell you it needs to reboot.  Type:

y

Disk check should run when you reboot.  Can take a few hours depending on size of the drive.

 

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 

sfc  /scannow

This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

Let's run MBAR to make sure your hacker didn't leave anything:

https://www.malwareb...om/antirootkit/

 

will take a while.

 

 

Then run a new FRST scan with Addition.txt checked as before and post both logs



 


  • 0

#5
Panda10

Panda10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Thank you for the advice. It may take me a few days to get this done, especially cleaning it out. I have to do it around my work and I have two jobs. Please dont think I have abandoned this if it takes me a few days to post logs and run the programs.
  • 0

#6
Panda10

Panda10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I cleaned the fan and you were right. Vents caked with dust. The speed fan program ran temps like you said and it sounds a lot quieter. I did want to let you know she was playing a game today Blasterball and a black screen appeared with PCSupport on it. She couldn't remove the screen and below it on the task bar she noted it said something about banks and looked like someone was trying to enter a social security number. She unplugged the computer. I am currently running diskchk and the other items and will get back to you as soon as I can. Just wanted to give you this other information first.
  • 0

#7
Panda10

Panda10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I cleaned the fan and you were right. Vents caked with dust. The speed fan program ran temps like you said and it sounds a lot quieter. I did want to let you know she was playing a game today Blasterball and a black screen appeared with PCSupport on it. She couldn't remove the screen and below it on the task bar she noted it said something about banks and looked like someone was trying to enter a social security number. She unplugged the computer. I am currently running diskchk and the other items and will get back to you as soon as I can. Just wanted to give you this other information first.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,867 posts
  • MVP

OK.  No hurry on the replies.  I don't keep track.


  • 0

#9
Panda10

Panda10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

I finally got DskChk to complete. We ended up with a blue screen of death and it took awhile but I was able to bring computer back and run diskchk.

 

DISM ran to 100% and came back with Error 0x800f081f. The source files could not be found. 

 

SFC ran and found errors but was able to fix. 

 

MBAR ran and found 111 and cleanup was done.

 

Output from Event Viewer Tool - System

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 20/10/2019 12:59:03 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/10/2019 2:26:13 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 16/10/2019 9:41:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 16/10/2019 1:50:50 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 12/10/2019 9:43:53 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 12/10/2019 8:51:50 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 12/10/2019 8:21:57 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 12/10/2019 7:38:35 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 12/10/2019 6:58:59 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 12/10/2019 6:23:45 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 12/10/2019 5:49:20 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 10/10/2019 7:57:37 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 10/10/2019 7:40:29 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 10/10/2019 4:45:40 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 09/10/2019 5:24:22 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device RemotePC Graphics Adapter (location Port_#0001.Hub_#0009) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 2 more times.  Please contact the device manufacturer for more information about this problem.
 
Log: 'System' Date/Time: 09/10/2019 5:24:22 PM
Type: Critical Category: 64
Event: 10112 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device RemotePC Graphics Adapter (location (unknown)) is offline due to a user-mode device crash.  Windows will no longer attempt to restart this device because the maximum restart limit has been reached.  Disconnecting the device and reconnecting it, or disabling it and re-enabling it from the device manager, will reset this limit and allow the device to be accessed again.  Please contact the device manufacturer for more information about this problem.
 
Log: 'System' Date/Time: 09/10/2019 5:24:22 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.
 
Log: 'System' Date/Time: 09/10/2019 5:24:20 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device RemotePC Graphics Adapter (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 1 more times.  Please contact the device manufacturer for more information about this problem.
 
Log: 'System' Date/Time: 09/10/2019 5:24:20 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated.  This may temporarily interrupt your ability to access the devices.
 
Log: 'System' Date/Time: 09/10/2019 5:24:19 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device RemotePC Graphics Adapter (location Port_#0001.Hub_#0009) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 3 more times.  Please contact the device manufacturer for more information about this problem.
 
Log: 'System' Date/Time: 09/10/2019 5:24:19 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device RemotePC Graphics Adapter (location (unknown)) is offline due to a user-mode driver crash.  Windows will attempt to restart the device 2 more times.  Please contact the device manufacturer for more information about this problem.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/10/2019 4:53:15 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 20/10/2019 4:47:05 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Energy Server Service queencreek service terminated unexpectedly.  It has done this 6 time(s).
 
Log: 'System' Date/Time: 20/10/2019 4:36:55 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 20/10/2019 4:25:17 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 20/10/2019 4:19:23 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 20/10/2019 4:16:28 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Energy Server Service queencreek service terminated unexpectedly.  It has done this 5 time(s).
 
Log: 'System' Date/Time: 20/10/2019 3:44:47 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Energy Server Service queencreek service terminated unexpectedly.  It has done this 4 time(s).
 
Log: 'System' Date/Time: 19/10/2019 4:11:21 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Energy Server Service queencreek service terminated unexpectedly.  It has done this 3 time(s).
 
Log: 'System' Date/Time: 19/10/2019 3:40:05 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Energy Server Service queencreek service terminated unexpectedly.  It has done this 2 time(s).
 
Log: 'System' Date/Time: 19/10/2019 3:26:33 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 19/10/2019 3:11:33 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Update Orchestrator Service service hung on starting.
 
Log: 'System' Date/Time: 19/10/2019 3:11:28 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 19/10/2019 3:09:48 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Energy Server Service queencreek service terminated unexpectedly.  It has done this 1 time(s).
 
Log: 'System' Date/Time: 19/10/2019 3:05:33 PM
Type: Error Category: 0
Event: 3095 Source: NETLOGON
This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
 
Log: 'System' Date/Time: 19/10/2019 3:03:56 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1115" attempting to start the service SecurityHealthService with arguments "Unavailable" in order to run the server: {2D15188C-D298-4E10-83B2-64666CCBEBBD}
 
Log: 'System' Date/Time: 19/10/2019 3:02:55 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 19/10/2019 3:02:55 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 19/10/2019 3:02:55 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 19/10/2019 3:02:55 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 19/10/2019 2:56:35 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/10/2019 4:58:40 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
 
Log: 'System' Date/Time: 20/10/2019 4:25:33 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
 
Log: 'System' Date/Time: 20/10/2019 4:21:11 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Windows Modules Installer service was changed from auto start to demand start.
 
Log: 'System' Date/Time: 20/10/2019 4:19:58 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
 
Log: 'System' Date/Time: 20/10/2019 4:17:56 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
 
Log: 'System' Date/Time: 20/10/2019 4:17:28 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
 
Log: 'System' Date/Time: 20/10/2019 4:13:47 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
 
Log: 'System' Date/Time: 20/10/2019 4:12:36 PM
Type: Information Category: 1
Event: 44 Source: Microsoft-Windows-WindowsUpdateClient
Windows Update started downloading an update.
 
Log: 'System' Date/Time: 20/10/2019 4:01:15 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
 
Log: 'System' Date/Time: 20/10/2019 4:00:00 PM
Type: Information Category: 0
Event: 6013 Source: EventLog
The system uptime is 89706 seconds.
 
Log: 'System' Date/Time: 20/10/2019 3:59:14 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
 
Log: 'System' Date/Time: 20/10/2019 3:46:24 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
 
Log: 'System' Date/Time: 20/10/2019 3:43:54 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
 
Log: 'System' Date/Time: 20/10/2019 3:40:14 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
 
Log: 'System' Date/Time: 20/10/2019 3:38:01 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
 
Log: 'System' Date/Time: 20/10/2019 3:37:17 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from auto start to demand start.
 
Log: 'System' Date/Time: 20/10/2019 3:36:29 PM
Type: Information Category: 0
Event: 14205 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' stopped.
 
Log: 'System' Date/Time: 20/10/2019 3:35:35 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Windows Modules Installer service was changed from demand start to auto start.
 
Log: 'System' Date/Time: 20/10/2019 3:33:58 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Background Intelligent Transfer Service service was changed from demand start to auto start.
 
Log: 'System' Date/Time: 20/10/2019 3:33:43 PM
Type: Information Category: 0
Event: 16 Source: Microsoft-Windows-Kernel-General
The access history in hive \??\C:\Users\Dianna\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat was cleared updating 2 keys and creating 1 modified pages.
 
 
Output from Event Viewer tool Application
 
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 20/10/2019 1:00:59 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/10/2019 3:59:18 PM
Type: Error Category: 0
Event: 1023 Source: Microsoft-Windows-Perflib
Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code The specified module could not be found.).
 
Log: 'Application' Date/Time: 20/10/2019 3:36:30 PM
Type: Error Category: 0
Event: 2004 Source: Microsoft-Windows-PerfNet
Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Log: 'Application' Date/Time: 20/10/2019 3:31:48 PM
Type: Error Category: 0
Event: 0 Source: ScreenConnect Client
System.Net.Sockets.SocketException (0x80004005): No such host is known    at System.Net.Dns.GetAddrInfo(String name)    at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)    at System.Net.Dns.GetHostEntry(String hostNameOrAddress)    at ScreenConnect.NetworkExtensions.GetIPAddresses(String hostOrIPAddressString)    at ScreenConnect.ClientNetworkExtensions.ConnectTcpSocket(Uri endPointUri)    at ScreenConnect.WindowsClientToolkit.ConnectNetworkConnection(Uri endPointUri, Uri httpProxyUri)    at ScreenConnect.SocketEndPointManager.Run()
 
Log: 'Application' Date/Time: 20/10/2019 3:31:37 PM
Type: Error Category: 0
Event: 0 Source: ScreenConnect Client
System.Net.Sockets.SocketException (0x80004005): An established connection was aborted by the software in your host machine    at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)    at ScreenConnect.SocketNetworkConnection.Receive(Byte[] buffer)    at ScreenConnect.NetworkConnection.OnReadStreamNeedsBufferCycled(Object sender, EventArgs e)    at ScreenConnect.Extensions.RaiseEvent[T](Object sender, EventHandler`1 eventHandler, T eventArgs)    at ScreenConnect.BufferStream.OnNeedsBufferCycled()    at ScreenConnect.BlockBufferReadStream.Read(Byte[] buffer, Int32 offset, Int32 count)    at ScreenConnect.Extensions.ReadByteDefault(Stream stream)    at ScreenConnect.BlockBufferReadStream.ReadByte()    at System.IO.BinaryReader.ReadByte()    at ScreenConnect.MessageSerializer.Deserialize(BinaryReader reader, Type requireBaseClass)    at ScreenConnect.EndPointManager.ReceiveMessage(BinaryReader reader, Type requiredBaseMessageType)    at ScreenConnect.SocketEndPointManager.RunIncomingThread(ThreadSharedState threadSharedState)
 
Log: 'Application' Date/Time: 19/10/2019 3:25:05 PM
Type: Error Category: 0
Event: 1023 Source: Microsoft-Windows-Perflib
Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code The specified module could not be found.).
 
Log: 'Application' Date/Time: 19/10/2019 3:21:21 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 19/10/2019 3:19:59 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: DSAServiceHelper.exe, version: 19.10.42.4, time stamp: 0x5d8bda8d Faulting module name: KERNELBASE.dll, version: 10.0.17763.802, time stamp: 0x86aa4cf5 Exception code: 0xe0434352 Fault offset: 0x0000000000039129 Faulting process id: 0x32dc Faulting application start time: 0x01d58690a5d32bc5 Faulting application path: C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAServiceHelper.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: f38bc8e6-540a-4400-9eae-70578b535182 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 19/10/2019 3:19:53 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: DSAServiceHelper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code e0434352, exception address 00007FF9DA759129
Stack:
 
 
Log: 'Application' Date/Time: 19/10/2019 3:13:40 PM
Type: Error Category: 0
Event: 2004 Source: Microsoft-Windows-PerfNet
Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Log: 'Application' Date/Time: 19/10/2019 3:05:56 PM
Type: Error Category: 0
Event: 65535 Source: WorkflowAppControl
Start Broadcast Receiver Server...
 
Log: 'Application' Date/Time: 19/10/2019 3:05:56 PM
Type: Error Category: 0
Event: 65535 Source: WorkflowAppControl
Wait Workflow Commands request from device.
 
Log: 'Application' Date/Time: 19/10/2019 3:05:56 PM
Type: Error Category: 0
Event: 65535 Source: WorkflowAppControl
Start Server...
 
Log: 'Application' Date/Time: 19/10/2019 3:05:56 PM
Type: Error Category: 0
Event: 65535 Source: WorkflowAppControl
Start Server...
 
Log: 'Application' Date/Time: 19/10/2019 3:05:55 PM
Type: Error Category: 0
Event: 65535 Source: WorkflowAppControl
Host.AddressList[4]: 192.168.0.4
 
Log: 'Application' Date/Time: 19/10/2019 3:05:55 PM
Type: Error Category: 0
Event: 65535 Source: WorkflowAppControl
Host.AddressList[3]: 2607:fcc8:bc89:f00:50df:765d:82f0:12e6
 
Log: 'Application' Date/Time: 19/10/2019 3:05:55 PM
Type: Error Category: 0
Event: 65535 Source: WorkflowAppControl
Host.AddressList[2]: 2607:fcc8:bc89:f00::1
 
Log: 'Application' Date/Time: 19/10/2019 3:05:55 PM
Type: Error Category: 0
Event: 65535 Source: WorkflowAppControl
Host.AddressList[1]: 2607:fcc8:bc89:f00:34bb:667:2eaf:f2b2
 
Log: 'Application' Date/Time: 19/10/2019 3:05:55 PM
Type: Error Category: 0
Event: 65535 Source: WorkflowAppControl
The event description cannot be found.
 
Log: 'Application' Date/Time: 19/10/2019 3:05:55 PM
Type: Error Category: 0
Event: 65535 Source: WorkflowAppControl
Host.AddressList.Length: 5
 
Log: 'Application' Date/Time: 19/10/2019 3:05:50 PM
Type: Error Category: 0
Event: 65535 Source: USBAppControl
Wait Workflow Commands request from device.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/10/2019 4:58:36 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Load for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 4:58:35 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Unload for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 4:58:35 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Load for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 4:57:31 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Load for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 4:57:31 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Unload for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 4:57:31 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Load for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 4:18:45 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Unload for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 4:18:45 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Load for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 4:14:02 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Unload for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 4:14:02 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Load for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 4:11:52 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Unload for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 4:11:52 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Load for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 4:11:50 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Unload for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 4:11:49 PM
Type: Warning Category: 0
Event: 1534 Source: Microsoft-Windows-User Profiles Service
Profile notification of event Load for component {B31118B2-1F49-48E5-B6F5-BC21CAEC56FB} failed, error code is See Tracelogging for error details.   
 
Log: 'Application' Date/Time: 20/10/2019 3:56:45 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (404,T,0) {99CD1361-83CD-4A95-B8D8-08384B0EC974}: A request to write to the file "C:\Users\Dianna\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb.log" at offset 430080 (0x0000000000069000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 20/10/2019 3:52:20 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (404,T,0) {99CD1361-83CD-4A95-B8D8-08384B0EC974}: A request to write to the file "C:\Users\Dianna\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb" at offset 1769472 (0x00000000001b0000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 20/10/2019 3:52:20 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (404,T,0) {99CD1361-83CD-4A95-B8D8-08384B0EC974}: A request to write to the file "C:\Users\Dianna\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb" at offset 1720320 (0x00000000001a4000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 20/10/2019 3:52:20 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
SettingSyncHost (404,T,0) {99CD1361-83CD-4A95-B8D8-08384B0EC974}: A request to write to the file "C:\Users\Dianna\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb" at offset 1720320 (0x00000000001a4000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (36 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 33 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 20/10/2019 3:52:10 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (404,T,0) {99CD1361-83CD-4A95-B8D8-08384B0EC974}: A request to write to the file "C:\Users\Dianna\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb" at offset 1736704 (0x00000000001a8000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 20/10/2019 3:51:56 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (404,T,0) {99CD1361-83CD-4A95-B8D8-08384B0EC974}: A request to write to the file "C:\Users\Dianna\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb" at offset 1703936 (0x00000000001a0000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (17 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-10-2019
Ran by Dianna (administrator) on NANAS-PC (Hewlett-Packard HP Compaq 6000 Pro SFF PC) (20-10-2019 13:02:48)
Running from C:\Users\Dianna\Desktop
Loaded Profiles: Dianna (Available Profiles: Dianna)
Platform: Windows 10 Pro Version 1809 17763.805 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Windows\SysWOW64\ANIWConnService.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(AVAST Software s.r.o. -> The OpenVPN Project) C:\Program Files\AVAST Software\SecureLine\OpenVPN\openvpn.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(ConnectWise, Inc. -> ) C:\Users\Dianna\AppData\Local\Apps\2.0\ARZRD297.NN8\0P26OREG.M7T\scre..tion_454d59d2927f1136_0013.0002_12b0727a906c4960\ScreenConnect.ClientService.exe
(ConnectWise, Inc. -> ScreenConnect Software) C:\Users\Dianna\AppData\Local\Apps\2.0\ARZRD297.NN8\0P26OREG.M7T\scre..tion_454d59d2927f1136_0013.0002_12b0727a906c4960\ScreenConnect.WindowsClient.exe
(ConnectWise, Inc. -> ScreenConnect Software) C:\Users\Dianna\AppData\Local\Apps\2.0\ARZRD297.NN8\0P26OREG.M7T\scre..tion_454d59d2927f1136_0013.0002_12b0727a906c4960\ScreenConnect.WindowsClient.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel® Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(WildTangent Inc -> ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [DigiDo] => C:\Program Files (x86)\Time Warner Cable\TWC WiFi\TrayApp.exe [1158088 2015-06-16] (Affinegy, Inc. -> Affinegy, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [I17B] => C:\WINDOWS\twain_32\Brimi17b\Common\TwDsUiLaunch.exe [85984 2018-03-08] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3581952 2017-04-05] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [644552 2019-07-04] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [138088 2019-10-16] (IDSA Production signing key -> Intel)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35179920 2019-03-31] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [68408 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2019-05-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Run: [AppMaster] => C:\Users\Dianna\AppData\Roaming\AppMaster\AppMaster.exe update force://update?from=startup
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\MountPoints2: {bf103378-4390-11e6-8254-806e6f6e6963} - "D:\start.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.120\Installer\chrmstp.exe [2019-10-15] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.1.1528.100\Installer\chrmstp.exe [2019-07-24] (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-10-14]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05DDB7F6-46B9-4976-8658-A8CE78BA34BB} - \WPD\SqmUpload_S-1-5-21-3029253240-1863324081-1530500289-1001 -> No File <==== ATTENTION
Task: {140EF7E4-254D-4E10-8B6A-B72A2A6B09D0} - \WPD\SqmUpload_S-1-5-21-3029253240-1863324081-1530500289-500 -> No File <==== ATTENTION
Task: {1BAFA537-9C00-43B3-94C6-B4AFD4DB08AE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1D5ACC9E-64CE-410D-BC3B-B0B0319DB0E9} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {26BDC807-B705-4FE8-A2CB-1282653C9E6E} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\AVAST Software\SecureLine\VpnUpdate.exe [1380232 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {274AEE29-31B3-4F76-AA4D-3990D253A904} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3655E0AD-F9E6-4F13-9A01-7D83817C177B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {3D051068-CD65-4877-A443-73C924B14323} - System32\Tasks\UpdatePrt => C:\Users\Dianna\AppData\Roaming\AppMaster\AppMaster.exe
Task: {4290A518-760A-4C88-8857-7155DD474250} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1815792 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {4D121318-C0C1-4667-A907-51C28516DFFE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4D940280-5529-4F01-B516-8A5D4A312D0B} - System32\Tasks\PowerEngagePatch => msiexec /p "C:\Program Files (x86)\PowerENGAGE\patches\PowerENGAGE-3.2.13-3.2.16.msp" /norestart /qn /quiet
Task: {55EB3FEF-0BC6-48D5-AFFF-B637FA1C89C6} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1815792 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {56F35C57-2EFD-418B-A56D-4088B974CF72} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5A3FB241-0B11-4EA5-BC66-0D9F1B406040} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM => {C8367320-6F85-11E0-A1F0-0800200C9A66} C:\WINDOWS\System32\BthTelemetry.dll [31232 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {5AC5C2DE-D5F6-4326-BD51-8A339DC711FF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5D860CDC-90E4-4186-A8DB-A989AEA1A4C4} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {64C52717-91CA-4666-913F-0366B832CEA7} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {754FB253-97C8-470F-B66F-AA18716C8BCD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {761F6D4F-8347-4BE2-9556-E52CDDFF8BAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {8201FA23-6DF8-46F5-BFB6-681C1C492303} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {8595E039-E798-47D4-8491-3485ACCE3FB0} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-03] (AVAST Software s.r.o. -> AVAST Software)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {88E1F378-4659-4325-A983-9070E73B57B0} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {8A05405B-5CFA-47D2-86CA-D1E007CE80CB} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel® Software Development Products -> Intel Corporation)
Task: {8A632A8B-C403-4ADA-8742-B940BC3D081D} - System32\Tasks\Update_Deepteep => C:\Users\Dianna\AppData\Roaming\AppSync\AppSync.exe
Task: {8DEEA504-3CAF-4D4F-80FA-427719FF3C41} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1} /quiet /qn
Task: {8DEEA504-3CAF-4D4F-80FA-427719FF3C41} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run
Task: {917BE8EA-3D83-4E0A-8AA4-A74D9902AC43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-11] (Google Inc -> Google Inc.)
Task: {92320EC3-57A1-4873-ACE8-CECB56118C8B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {94C7FD5A-A3D6-46C0-8553-958094E873A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {9D1F39E4-1E66-4646-B029-F3DFD42C377E} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {9DE57031-8C2F-4774-8EB0-AF8700F02411} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9F80C643-7A02-4618-A2ED-6F237568A4A0} - System32\Tasks\GoogleUpdateTaskMachineUA1d57d3e83562cef => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-11] (Google Inc -> Google Inc.)
Task: {A1E65F9B-9B6B-43F4-A864-04716823EBFF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {A54C1A85-69B1-4412-BCC0-238660297826} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A7EA39BA-1BD6-4837-9281-335F489C889D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A9D654BA-FA11-4F28-A7FB-35988C567902} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AA0FBF09-E819-4E38-8F89-D44533C45015} - System32\Tasks\GoogleUpdateTaskMachineCore1d57d3e833e5569 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-11] (Google Inc -> Google Inc.)
Task: {AE53F9C6-A122-4AB5-91CE-9E2B7EF5CE61} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B60E3BB2-DF0F-412C-977D-23422DD699F3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B763E1E1-3F0C-4C57-A20F-0B488261E26D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-11] (Google Inc -> Google Inc.)
Task: {CB69F5EB-EE64-4E10-B28C-5716E9931534} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D147B2CC-27B1-45D0-803A-D35E184AB7DB} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {E31462E7-72EC-4DCA-9A91-AF2BE4676C7B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EA3A9CCE-3F05-4D29-BB07-33B19099DE70} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {F3F15455-F059-453A-A04E-7CEBD74F41FB} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel® Software Development Products -> Intel Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.63
Tcpip\..\Interfaces\{3776ae8d-984f-4c67-9f6f-42107f405b93}: [DhcpNameServer] 209.18.47.61 209.18.47.63
Tcpip\..\Interfaces\{7ae6d8d8-16bb-48b2-9a7b-a03da63762cd}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{a347f8af-2ad6-4baa-a3bf-dd767f0bb117}: [NameServer] 100.120.224.1
Tcpip\..\Interfaces\{d96daf68-31a2-4d36-aff4-3a0cc699b2f6}: [DhcpNameServer] 192.168.75.1
Tcpip\..\Interfaces\{dff4f626-718f-4b82-8e0d-d611ad810ee4}: [DhcpNameServer] 192.168.75.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll [2019-10-14] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-10-14] (Oracle America, Inc. -> Oracle Corporation)
 
Edge: 
======
DownloadDir: C:\Users\Dianna\Downloads
 
FireFox:
========
FF DefaultProfile: 1wzy29uh.default
FF ProfilePath: C:\Users\Dianna\AppData\Roaming\Mozilla\Firefox\Profiles\1wzy29uh.default [2019-10-16]
FF DownloadDir: C:\Users\Dianna\Desktop
FF Homepage: Mozilla\Firefox\Profiles\1wzy29uh.default -> 
FF Plugin-x32: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-10-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files (x86)\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-10-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-10-07] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-11] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR NewTab: Default ->  Active:"chrome-extension://mphibbepggdcieoagimmngglahpjjdfd/ntp.html", Active:"chrome-extension://aplhpgiggefcecafdflbkmjoopdibfjn/newtab/quicktab.html", Active:"chrome-extension://dadfpfgcpjgddidkjlfpomlddomahkfn/newtab/quicktab.html", Active:"chrome-extension://joefmanjonhbphefnkjedpaalnajpjhg/newtab/quicktab.html", Active:"chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/ntp.html", Not-active:"chrome-extension://aeadlcjifdmjnhgeleicpcdhepfcigfb/newtab/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://www.searchencrypt.com/encsearch?q={searchTerms}
CHR DefaultSearchKeyword: Default -> se
CHR Profile: C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default [2019-10-20]
CHR Extension: (Slides) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Map Beast) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeadlcjifdmjnhgeleicpcdhepfcigfb [2016-09-16]
CHR Extension: (Docs) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (Email Access Online) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aplhpgiggefcecafdflbkmjoopdibfjn [2018-04-12]
CHR Extension: (AdGuard AdBlocker) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2019-07-07]
CHR Extension: (YouTube) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-12]
CHR Extension: (OnlineMapFinder) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd [2019-10-14]
CHR Extension: (Track Package) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadfpfgcpjgddidkjlfpomlddomahkfn [2018-04-25]
CHR Extension: (Search Encrypt) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\elcchnalodncjhbclfbfkmjlecpeiopg [2018-04-27]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-09-18]
CHR Extension: (Sheets) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-20]
CHR Extension: (Avast Online Security) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-10-15]
CHR Extension: (Recipe Star) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\joefmanjonhbphefnkjedpaalnajpjhg [2018-04-12]
CHR Extension: (Ask Web Search) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgfehfbnofiffladdncogfobimealokp [2019-10-19]
CHR Extension: (Search Encrypt) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\miccbchdddoellcffocmhaankbmiapll [2018-04-27]
CHR Extension: (EasyEmailSuite) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphibbepggdcieoagimmngglahpjjdfd [2019-10-14]
CHR Extension: (Yahoo Web) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\njajpefejmjnhcddhaleakkcehiilppa [2018-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (Gmail) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-29]
CHR Extension: (Chrome Media Router) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-25]
CHR Profile: C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-11]
CHR Profile: C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-10-09]
CHR Extension: (Slides) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-02]
CHR Extension: (Daily Mail Tab) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\amekmklmjkninjblenbhgcdlpjnehnke [2019-10-09]
CHR Extension: (Docs) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-02]
CHR Extension: (Google Drive) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-02]
CHR Extension: (YouTube) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-02]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-09-18]
CHR Extension: (Sheets) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-20]
CHR Extension: (Avast Online Security) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-23]
CHR Extension: (Free Live Radio) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jnidiclmddgggajofmnlfkbnidnljecl [2019-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-09-30]
CHR Extension: (TheDocPDFConverter) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onkopdeihmdimjphfbmlefelnegjkefb [2019-10-09]
CHR Extension: (Gmail) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-24]
CHR Profile: C:\Users\Dianna\AppData\Local\Google\Chrome\User Data\System Profile [2019-10-19]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AffinegyService; C:\Program Files (x86)\Time Warner Cable\TWC WiFi\AffinegyService.exe [592840 2015-06-16] (Affinegy, Inc. -> Affinegy, Inc.)
R2 ANIWConnService; C:\WINDOWS\SysWOW64\ANIWConnService.exe [147456 2009-02-26] () [File not signed]
S4 ASCValidator; C:\ProgramData\ASCValidator\ASCValidatorService.exe [29184 2016-08-23] (AppVerifierService) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6085360 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
S4 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-03] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [417536 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
S4 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-06-03] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.1.1528.100\elevation_service.exe [978720 2019-07-18] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8403672 2019-03-23] (BattlEye Innovations e.K. -> )
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [34664 2019-10-16] (IDSA Production signing key -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [105320 2019-10-16] (IDSA Production signing key -> Intel)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2018-11-21] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [877368 2019-08-16] (Intel® Software Development Products -> )
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel® Software Development Products -> Intel Corporation)
R2 ScreenConnect Client (370f3eb2-c704-40f7-909f-fbf0b0b2aa99); C:\Users\Dianna\AppData\Local\Apps\2.0\ARZRD297.NN8\0P26OREG.M7T\scre..tion_454d59d2927f1136_0013.0002_12b0727a906c4960\ScreenConnect.ClientService.exe [90256 2019-10-09] (ConnectWise, Inc. -> )
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [7449992 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2019-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [204088 2019-08-16] (Intel® Software Development Products -> )
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2019-05-17] (Microsoft) [File not signed]
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [877368 2019-08-16] (Intel® Software Development Products -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1565488 2019-10-10] (WildTangent Inc -> )
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2019-05-17] (Microsoft) [File not signed]
S3 ANIWZCSdService; C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [X]
S3 avgm; "C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [171520 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [552848 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
R3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2018-09-05] (AVAST Software s.r.o. -> The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-09-25] (Bluestack Systems, Inc. -> Bluestack System Inc. )
S3 dnetr28ux; C:\WINDOWS\system32\DRIVERS\Dnetr28ux.sys [2253664 2016-03-09] (MEDIATEK INC. -> MediaTek Inc.)
S3 DrvAgent64; C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [20872 2016-12-16] (eSupport.com, Inc -> Phoenix Technologies)
R3 lxremotepcudehost; C:\WINDOWS\System32\Drivers\remotepcudehost.sys [41352 2019-06-26] (Pro Softnet Corp (IDrive, Inc.) -> Windows ® Win 7 DDK provider)
R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2018-09-15] (Microsoft Windows -> MediaTek Inc.)
R3 RemotePCUDE; C:\WINDOWS\System32\drivers\RemotePCUDE.sys [37096 2019-06-26] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41816 2019-08-16] (Intel Corporation -> )
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46688 2019-10-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [350136 2019-10-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-12] (Microsoft Windows -> Microsoft Corporation)
U3 avgbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-10-20 13:02 - 2019-10-20 13:04 - 000037138 _____ C:\Users\Dianna\Desktop\FRST.txt
2019-10-20 13:02 - 2019-10-20 13:02 - 001617408 _____ (Farbar) C:\Users\Dianna\Desktop\FRST64.exe
2019-10-20 13:02 - 2019-10-20 13:02 - 000000000 ____D C:\Users\Dianna\Desktop\FRST-OlderVersion
2019-10-20 12:59 - 2019-10-20 13:01 - 000014166 _____ C:\VEW.txt
2019-10-20 12:56 - 2019-10-20 12:56 - 000061440 _____ ( ) C:\Users\Dianna\Desktop\VEW.exe
2019-10-20 11:36 - 2019-10-20 11:36 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-10-19 11:20 - 2019-10-19 11:20 - 000001509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2019-10-19 11:16 - 2019-10-19 11:16 - 000003834 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2019-10-19 11:14 - 2019-10-19 11:14 - 000283599 _____ C:\Users\Dianna\Downloads\BOR Distribution Form.pdf
2019-10-16 22:54 - 2019-10-16 22:54 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4753D468.sys
2019-10-16 22:54 - 2019-10-16 22:54 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-16 22:53 - 2019-10-17 12:19 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-10-16 22:53 - 2019-10-16 22:53 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2019-10-16 22:52 - 2019-10-17 12:16 - 000000000 ____D C:\Users\Dianna\Desktop\mbar
2019-10-16 22:51 - 2019-10-16 22:52 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Dianna\Downloads\mbar-1.10.3.1001.exe
2019-10-16 21:24 - 2019-10-16 21:24 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2019-10-16 21:21 - 2019-10-16 21:21 - 000000080 ___SH C:\bootTel.dat
2019-10-16 18:03 - 2019-10-16 18:03 - 000001291 _____ C:\Users\Dianna\Desktop\Google Chrome.lnk
2019-10-16 17:55 - 2019-10-16 17:55 - 000000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2019-10-16 11:42 - 2019-10-16 11:42 - 000016384 _____ C:\Users\Dianna\Downloads\otis distressed 10.16.19.xls
2019-10-14 22:43 - 2019-10-14 22:43 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\java
2019-10-14 22:27 - 2019-10-14 22:27 - 000000000 ___HD C:\$AV_ASW
2019-10-14 22:21 - 2019-10-14 22:27 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\ZUpdater
2019-10-14 22:01 - 2019-10-14 22:01 - 000003762 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2019-10-14 22:01 - 2019-10-14 22:01 - 000003528 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2019-10-14 22:01 - 2019-10-14 22:01 - 000002678 _____ C:\WINDOWS\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2019-10-14 22:01 - 2019-08-16 14:29 - 000041816 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2019-10-14 22:00 - 2019-10-14 22:03 - 000000000 ____D C:\ProgramData\Intel
2019-10-14 22:00 - 2019-10-14 22:00 - 000000000 ____D C:\Program Files\Intel
2019-10-14 21:51 - 2019-10-14 21:51 - 000001121 _____ C:\Users\Public\Desktop\Minecraft Launcher.lnk
2019-10-14 21:51 - 2019-10-14 21:51 - 000001121 _____ C:\ProgramData\Desktop\Minecraft Launcher.lnk
2019-10-14 21:51 - 2019-10-14 21:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2019-10-14 21:50 - 2019-10-14 21:50 - 000848432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2019-10-14 21:50 - 2019-10-14 21:50 - 000460448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-10-14 21:44 - 2019-10-14 21:37 - 000316528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-10-14 21:44 - 2019-10-14 21:36 - 000236024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-10-14 21:44 - 2019-10-14 21:36 - 000171520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-10-14 21:44 - 2019-10-14 21:36 - 000110320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-10-14 21:44 - 2019-10-14 21:36 - 000083792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-10-14 21:44 - 2019-10-14 21:36 - 000042736 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-10-14 21:44 - 2019-10-14 21:36 - 000016304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2019-10-14 21:44 - 2019-10-14 21:35 - 000355720 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-10-14 21:44 - 2019-10-14 21:32 - 000204824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-10-14 21:44 - 2019-10-14 21:31 - 000552848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2019-10-14 21:44 - 2019-10-14 21:31 - 000274456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-10-14 21:44 - 2019-10-14 21:31 - 000209552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-10-14 21:44 - 2019-10-14 21:31 - 000065120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-10-14 21:34 - 2019-10-14 21:34 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\Sun
2019-10-14 21:34 - 2019-10-14 21:34 - 000000000 ____D C:\Users\Dianna\AppData\LocalLow\Sun
2019-10-14 21:33 - 2019-10-14 21:33 - 000098288 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2019-10-14 21:33 - 2019-10-14 21:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-10-14 21:32 - 2019-10-14 21:32 - 000000000 ____D C:\ProgramData\Oracle
2019-10-14 21:32 - 2019-10-14 21:32 - 000000000 ____D C:\Program Files (x86)\Java
2019-10-14 21:22 - 2019-03-28 02:35 - 000433448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_clr0400.dll
2019-10-14 21:22 - 2019-03-28 02:35 - 000087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140_clr0400.dll
2019-10-14 21:22 - 2019-03-28 02:35 - 000083768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140_clr0400.dll
2019-10-14 21:21 - 2019-03-28 05:11 - 000029232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2019-10-14 21:21 - 2019-03-28 05:11 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2019-10-14 21:21 - 2019-03-28 05:09 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2019-10-14 21:21 - 2019-03-28 05:09 - 000017968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2019-10-14 21:21 - 2019-03-28 02:35 - 000622832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_clr0400.dll
2019-10-14 21:20 - 2019-03-28 02:35 - 000772176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_clr0400.dll
2019-10-14 21:20 - 2019-03-28 02:35 - 000702400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase_clr0400.dll
2019-10-14 20:57 - 2019-10-16 21:33 - 000000000 ____D C:\Program Files\LatencyMon
2019-10-14 20:57 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2019-10-14 20:42 - 2019-10-14 20:42 - 000015068 _____ C:\junk.txt
2019-10-14 20:33 - 2019-10-14 20:33 - 000000000 ____D C:\ProgramData\AVG
2019-10-14 20:23 - 2019-10-14 20:22 - 004146112 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgremoverx.exe
2019-10-14 20:15 - 2019-10-14 20:29 - 000036408 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2019-10-14 20:15 - 2019-10-14 20:15 - 002794360 _____ (Sysinternals - www.sysinternals.com) C:\Users\Dianna\Desktop\procexp.exe
2019-10-14 20:05 - 2019-10-14 20:05 - 000004020 _____ C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
2019-10-14 20:05 - 2019-10-14 20:05 - 000001015 _____ C:\Users\Public\Desktop\Avast SecureLine VPN.lnk
2019-10-14 20:05 - 2019-10-14 20:05 - 000001015 _____ C:\ProgramData\Desktop\Avast SecureLine VPN.lnk
2019-10-13 19:15 - 2019-10-13 19:15 - 000015189 _____ C:\Users\Dianna\Downloads\10.13.19.ods
2019-10-13 19:06 - 2019-10-14 20:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-10-13 19:06 - 2018-09-05 21:01 - 000053904 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\aswTap.sys
2019-10-13 19:02 - 2019-10-13 19:02 - 000000000 ____D C:\WINDOWS\SysWOW64\WildTangent
2019-10-12 14:55 - 2019-10-20 13:04 - 000000000 ____D C:\FRST
2019-10-12 13:30 - 2019-10-12 13:30 - 000000000 ____D C:\Program Files (x86)\AVG
2019-10-12 13:24 - 2019-10-14 20:04 - 000000000 ____D C:\Users\Dianna\AppData\Local\AVG
2019-10-11 11:50 - 2019-10-11 11:50 - 000028577 _____ C:\Users\Dianna\Downloads\CS Fairdale Payment Authorization 103181.pdf.pdf
2019-10-10 18:09 - 2019-10-10 18:09 - 000066080 _____ C:\Users\Dianna\Downloads\Untitled_Message.zip
2019-10-10 18:09 - 2019-10-10 18:09 - 000036968 _____ C:\Users\Dianna\Downloads\9.18.19 (1).CC
2019-10-10 18:08 - 2019-10-10 18:09 - 000036968 _____ C:\Users\Dianna\Downloads\9.18.19.CC
2019-10-10 16:16 - 2019-10-10 16:16 - 000002408 _____ C:\Users\Dianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-10-10 16:11 - 2019-10-10 16:11 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2019-10-10 13:34 - 2019-10-10 13:34 - 026806784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 024616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 023455744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 020816384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 019284992 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 019014144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 012960768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 012259840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 008903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 007921664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 007872000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 006065152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 005436696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 004873728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 003614720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tellib.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 003550384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 002469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 002429768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-10-10 13:34 - 2019-10-10 13:34 - 002323696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 002278240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 002160160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-10-10 13:34 - 2019-10-10 13:34 - 001309696 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 001291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 001289192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 001247560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2019-10-10 13:34 - 2019-10-10 13:34 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 001201136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 001024712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000883200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000843264 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000833024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000829440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000522104 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2019-10-10 13:34 - 2019-10-10 13:34 - 000495616 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FileHistory.exe
2019-10-10 13:34 - 2019-10-10 13:34 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2019-10-10 13:34 - 2019-10-10 13:34 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2019-10-10 13:34 - 2019-10-10 13:34 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnscmmc.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxgraphics.dll
2019-10-10 13:34 - 2019-10-10 13:34 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NAPCRYPT.DLL
2019-10-10 13:33 - 2019-10-10 13:33 - 017485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 015220224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 009680400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 007645392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 006542464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 005086208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 004628992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 004588544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 004057088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 003567104 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 003387392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002699768 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002699264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002437344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002421760 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-10-10 13:33 - 2019-10-10 13:33 - 002192384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002110472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002072176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 002015400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001994976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001929728 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001918792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001904128 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001830200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001751432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001701880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-10-10 13:33 - 2019-10-10 13:33 - 001677816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001674480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001666232 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001608192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001590072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001344960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-10-10 13:33 - 2019-10-10 13:33 - 001331536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001253688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 001182448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 001098136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001087800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001056056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 001054928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 001048888 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000917816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000895560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000860160 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2019-10-10 13:33 - 2019-10-10 13:33 - 000851272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2019-10-10 13:33 - 2019-10-10 13:33 - 000805296 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000782336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000764216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000750592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000681720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000662024 _____ (Microsoft Corporation) C:\WINDOWS\system32\computecore.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000652088 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000605496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000604336 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000531976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000508728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000462136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000453432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-10-10 13:33 - 2019-10-10 13:33 - 000449368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000444728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000421176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2019-10-10 13:33 - 2019-10-10 13:33 - 000387832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000385336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000376568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000294512 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000282424 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000224568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2019-10-10 13:33 - 2019-10-10 13:33 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000213304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000201736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-10-10 13:33 - 2019-10-10 13:33 - 000193336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000163232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000147944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000104464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-10-10 13:33 - 2019-10-10 13:33 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2019-10-10 13:33 - 2019-10-10 13:33 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000039304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000033056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2019-10-10 13:33 - 2019-10-10 13:33 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2019-10-10 12:54 - 2019-10-10 12:54 - 000000000 ____D C:\WINDOWS\SysWOW64\%LOCALAPPDATA%
2019-10-09 18:08 - 2019-10-12 14:05 - 000000000 ____D C:\ProgramData\AnyDesk
2019-10-09 18:06 - 2019-10-12 14:05 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\AnyDesk
2019-10-09 18:00 - 2019-10-11 13:07 - 000000000 ____D C:\Users\Dianna\AppData\Local\Deployment
2019-10-09 18:00 - 2019-10-09 18:00 - 000000000 ____D C:\Users\Dianna\AppData\Local\Apps\2.0
2019-10-09 13:17 - 2019-02-21 11:58 - 018774248 _____ C:\WINDOWS\system32\gsdll64.dll
2019-10-09 13:16 - 2019-10-09 13:16 - 000001508 _____ C:\WINDOWS\SysWOW64\RemotePCService.txt
2019-10-09 13:16 - 2019-10-09 13:16 - 000000282 _____ C:\WINDOWS\system32\RPCPrinterDownloader.txt
2019-10-09 13:16 - 2019-10-09 13:16 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\RemotePC
2019-10-09 13:15 - 2019-10-10 16:11 - 000000000 ____D C:\Program Files (x86)\RemotePC
2019-10-09 13:15 - 2019-10-10 16:10 - 000000000 ____D C:\ProgramData\RemotePC
2019-10-09 13:15 - 2019-06-26 11:32 - 000041352 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\remotepcudehost.sys
2019-10-09 13:15 - 2019-06-26 11:32 - 000037096 _____ C:\WINDOWS\system32\Drivers\RemotePCUDE.sys
2019-10-09 13:13 - 2019-10-09 13:14 - 000000000 ____D C:\ProgramData\SupremoRemoteDesktop
2019-10-09 12:24 - 2019-10-09 12:24 - 000016384 _____ C:\Users\Dianna\Downloads\10.9.19.4.xls
2019-10-09 11:04 - 2019-10-09 11:04 - 000016384 _____ C:\Users\Dianna\Downloads\10.9.19.xls
2019-10-07 14:39 - 2019-10-07 14:39 - 000003450 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA1d57d3e83562cef
2019-10-07 14:39 - 2019-10-07 14:39 - 000003326 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore1d57d3e833e5569
2019-10-05 12:09 - 2019-10-05 12:09 - 000003934 _____ C:\WINDOWS\system32\Tasks\BlueStacksHelper
2019-10-05 12:05 - 2019-10-05 12:05 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks Multi-Instance Manager.lnk
2019-10-05 12:05 - 2019-10-05 12:05 - 000002081 _____ C:\Users\Public\Desktop\BlueStacks Multi-Instance Manager.lnk
2019-10-05 12:05 - 2019-10-05 12:05 - 000002081 _____ C:\ProgramData\Desktop\BlueStacks Multi-Instance Manager.lnk
2019-10-05 12:04 - 2019-10-05 12:04 - 000001786 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2019-10-05 12:04 - 2019-10-05 12:04 - 000001786 _____ C:\ProgramData\Desktop\BlueStacks.lnk
2019-10-05 12:04 - 2019-10-05 12:04 - 000001768 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks.lnk
2019-10-05 12:02 - 2019-10-05 12:05 - 000000000 ____D C:\ProgramData\BlueStacks
2019-10-05 12:02 - 2019-10-05 12:02 - 000000000 ____D C:\Program Files\BlueStacks
2019-10-05 11:59 - 2019-10-05 12:01 - 000000000 ____D C:\Users\Public\BlueStacks
2019-10-05 11:59 - 2019-10-05 12:01 - 000000000 ____D C:\Users\Dianna\AppData\Local\BlueStacks
2019-10-05 11:59 - 2019-10-05 12:00 - 000000000 ____D C:\Users\Dianna\AppData\Local\BlueStacksSetup
2019-10-04 23:04 - 2019-10-04 23:04 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\Happy Chef
2019-10-04 21:29 - 2019-10-04 21:29 - 000001500 _____ C:\Users\Dianna\Desktop\Roblox Player.lnk
2019-10-04 21:29 - 2019-10-04 21:29 - 000001303 _____ C:\Users\Dianna\Desktop\Roblox Studio.lnk
2019-10-04 10:02 - 2019-10-04 10:02 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2019-10-04 10:02 - 2019-10-04 10:02 - 000018002 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2019-10-04 09:57 - 2019-10-04 09:57 - 001155584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shellstyle.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 001155584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shellstyle.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2019-10-04 09:57 - 2019-10-04 09:57 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 000263360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 000241976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssecflt.sys
2019-10-04 09:57 - 2019-10-04 09:57 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2019-10-04 09:57 - 2019-10-04 09:57 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssecuser.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 005605560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 004344832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 002765312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 002349056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 002279304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 002096640 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-10-04 09:56 - 2019-10-04 09:56 - 002018304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-10-04 09:56 - 2019-10-04 09:56 - 001924976 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplaySwitch.exe
2019-10-04 09:56 - 2019-10-04 09:56 - 001764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 001750528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 001506304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 001315328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 001278808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2019-10-04 09:56 - 2019-10-04 09:56 - 001132032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 001019392 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000993280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000901632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2019-10-04 09:56 - 2019-10-04 09:56 - 000840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000767800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DismApi.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-10-04 09:56 - 2019-10-04 09:56 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000452992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MbbCx.sys
2019-10-04 09:56 - 2019-10-04 09:56 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000231224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Dism.exe
2019-10-04 09:56 - 2019-10-04 09:56 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2019-10-04 09:56 - 2019-10-04 09:56 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvsetup.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSTheme.exe
2019-10-04 09:56 - 2019-10-04 09:56 - 000030720 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2019-10-04 09:56 - 2019-10-04 09:56 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shunimpl.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 022135584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 006928384 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 006444544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 006316792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 005767168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 005309080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 004737536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 004303872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 003978240 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 003820976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 003634688 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 003428864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 002924344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 002848768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 002779784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 002118656 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001966392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 001864704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001711104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001484896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001390888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 001319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001272120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001170432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 001059328 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2019-10-04 09:55 - 2019-10-04 09:55 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 001011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\refsutil.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 001006392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DismApi.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000888120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2019-10-04 09:55 - 2019-10-04 09:55 - 000821048 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000801792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000791864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000661096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000598328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000589824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000588600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000515448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2019-10-04 09:55 - 2019-10-04 09:55 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000434952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000399360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000384272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000349184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000341392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2019-10-04 09:55 - 2019-10-04 09:55 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000290616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dism.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000256704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\spopk.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.OneCore.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000155968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spopk.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcl.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\regapi.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000093496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 000086840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regapi.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000065608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnppolicy.dll
2019-10-04 09:55 - 2019-10-04 09:55 - 000044912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PasswordOnWakeSettingFlyout.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000042296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2019-10-04 09:55 - 2019-10-04 09:55 - 000038184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PasswordOnWakeSettingFlyout.exe
2019-10-04 09:55 - 2019-10-04 09:55 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\shunimpl.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 007886848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 007698432 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 006058032 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 005573016 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 005299712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 004352472 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-10-04 09:54 - 2019-10-04 09:54 - 003363640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 003198976 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 003000832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 002839040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 002706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 002415928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 002200376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001720120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001701176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001674752 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001522488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001399608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001294272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2019-10-04 09:54 - 2019-10-04 09:54 - 001052984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 001023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 001005056 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000938296 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000863544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 000817464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000780408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000775216 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000770096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000741688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000613176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 000605368 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000505640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000439096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000278416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2019-10-04 09:54 - 2019-10-04 09:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.OneCore.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000193704 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2019-10-04 09:54 - 2019-10-04 09:54 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000156512 _____ (Microsoft Corporation) C:\WINDOWS\system32\devobj.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_AppExecutionAlias.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_BackgroundApps.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000135816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devobj.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvsetup.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-10-04 09:54 - 2019-10-04 09:54 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2019-10-04 09:54 - 2019-10-04 09:54 - 000079032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2019-10-04 09:54 - 2019-10-04 09:54 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-10-04 09:54 - 2019-10-04 09:54 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSTheme.exe
2019-10-04 09:53 - 2019-10-04 09:53 - 000608256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-10-04 09:53 - 2019-10-04 09:53 - 000234808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000138552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000131384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000057656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000052536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000042296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2019-10-04 09:53 - 2019-10-04 09:53 - 000018744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys
2019-10-02 10:56 - 2019-10-02 10:56 - 000016384 _____ C:\Users\Dianna\Downloads\10.2.19.xls
2019-10-01 10:58 - 2019-10-01 10:58 - 000018958 _____ C:\Users\Dianna\Downloads\9.18.19.ods
2019-09-29 16:34 - 2019-10-14 22:47 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\.minecraft
2019-09-29 16:34 - 2019-10-14 21:51 - 000000000 ____D C:\Program Files (x86)\Minecraft Launcher
2019-09-27 13:42 - 2019-09-27 13:42 - 000029043 _____ C:\Users\Dianna\Downloads\Bob_Evans_Event_11_Sausage_&_Sides_Ad_Quotes_ (1).zip
2019-09-27 13:41 - 2019-09-27 13:41 - 000071680 _____ C:\Users\Dianna\Downloads\Bob Evans_ Sausage items _Event 11_2019_ Quotes (1).xls
2019-09-25 15:07 - 2019-09-25 15:07 - 000002586 _____ C:\Users\Dianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iplay Games Notifier.lnk
2019-09-25 15:07 - 2019-09-25 15:07 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\Iplay Games Notifier
2019-09-25 11:36 - 2019-09-25 11:36 - 000017396 _____ C:\Users\Dianna\Downloads\9.23.19 (4).pdf.A
2019-09-25 11:27 - 2019-09-25 11:27 - 000017396 _____ C:\Users\Dianna\Downloads\9.23.19.A
2019-09-25 11:27 - 2019-09-25 11:27 - 000017396 _____ C:\Users\Dianna\Downloads\9.23.19 (3).A
2019-09-25 11:27 - 2019-09-25 11:27 - 000017396 _____ C:\Users\Dianna\Downloads\9.23.19 (2).A
2019-09-25 11:27 - 2019-09-25 11:27 - 000017396 _____ C:\Users\Dianna\Downloads\9.23.19 (1).A
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-10-20 12:47 - 2019-02-02 02:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-10-20 12:22 - 2019-09-06 21:40 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE
2019-10-20 12:21 - 2018-09-15 03:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-10-20 12:20 - 2018-09-15 03:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-20 11:36 - 2018-06-03 14:41 - 000000000 ____D C:\Users\Dianna\AppData\Local\AVAST Software
2019-10-19 11:32 - 2018-09-15 03:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-10-19 11:32 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-10-19 11:20 - 2018-11-21 21:15 - 000000000 ____D C:\ProgramData\Package Cache
2019-10-19 11:20 - 2018-07-20 20:02 - 000000000 ____D C:\Users\Dianna\AppData\Local\CrashDumps
2019-10-19 11:19 - 2019-09-06 21:25 - 000008051 _____ C:\WINDOWS\BRRBCOM.INI
2019-10-19 11:19 - 2016-07-06 12:17 - 000000000 ____D C:\Program Files (x86)\Intel
2019-10-19 11:05 - 2019-02-02 02:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-10-19 11:04 - 2018-09-15 02:09 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-10-17 02:28 - 2018-07-26 11:05 - 000000000 ____D C:\Users\Dianna\AppData\Local\Adobe
2019-10-16 22:48 - 2018-07-13 22:35 - 000000000 ____D C:\Users\Dianna\AppData\Local\PlaceholderTileLogoFolder
2019-10-16 22:39 - 2018-10-11 19:56 - 000000000 ____D C:\Users\Dianna\Desktop\New folder
2019-10-16 21:56 - 2018-10-29 16:55 - 000000000 ____D C:\Users\Dianna\AppData\Local\D3DSCache
2019-10-16 21:43 - 2016-07-12 22:17 - 000000000 ____D C:\Users\Dianna\AppData\Local\PackageStaging
2019-10-16 21:35 - 2016-07-15 19:28 - 000442720 _____ C:\WINDOWS\ntbtlog.txt
2019-10-16 21:34 - 2018-09-15 03:31 - 000000000 ____D C:\WINDOWS\INF
2019-10-16 18:05 - 2019-02-02 02:25 - 000000000 ____D C:\Users\Dianna
2019-10-16 18:03 - 2019-03-24 11:12 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\AppMaster
2019-10-15 16:40 - 2015-11-11 06:35 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-10-15 16:40 - 2015-11-11 06:35 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-10-15 16:40 - 2015-11-11 06:35 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-10-15 12:31 - 2016-07-13 15:52 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2019-10-14 22:29 - 2017-11-04 17:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-10-14 21:44 - 2018-09-15 03:33 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-10-14 20:03 - 2016-07-19 18:16 - 000000000 ____D C:\ProgramData\AVAST Software
2019-10-13 19:06 - 2016-07-19 18:16 - 000000000 ____D C:\Program Files\AVAST Software
2019-10-12 16:43 - 2018-05-14 11:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-10-12 15:51 - 2016-07-12 20:24 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2019-10-12 14:24 - 2015-11-11 06:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-10-12 14:08 - 2018-01-24 18:39 - 000000000 ____D C:\Users\Dianna\AppData\Local\Packages
2019-10-10 19:26 - 2018-10-12 10:44 - 000000022 _____ C:\Users\Dianna\Downloads\archive (23).zip
2019-10-10 19:24 - 2018-06-13 10:33 - 000000022 _____ C:\Users\Dianna\Downloads\archive (4).zip
2019-10-10 19:20 - 2018-06-13 10:33 - 000000022 _____ C:\Users\Dianna\Downloads\archive (3).zip
2019-10-10 19:19 - 2018-06-04 10:47 - 000000022 _____ C:\Users\Dianna\Downloads\Round_2.zip
2019-10-10 19:07 - 2018-06-04 10:00 - 000000022 _____ C:\Users\Dianna\Downloads\archive.zip
2019-10-10 18:38 - 2019-08-05 12:00 - 000000022 _____ C:\Users\Dianna\Downloads\archive (72).zip
2019-10-10 18:36 - 2019-07-09 13:37 - 000000022 _____ C:\Users\Dianna\Downloads\archive (65).zip
2019-10-10 18:34 - 2019-08-23 12:28 - 000000022 _____ C:\Users\Dianna\Downloads\archive (75).zip
2019-10-10 18:33 - 2019-08-23 12:12 - 000000022 _____ C:\Users\Dianna\Downloads\archive (74).zip
2019-10-10 18:30 - 2019-09-08 20:48 - 000000022 _____ C:\Users\Dianna\Downloads\archive (77).zip
2019-10-10 18:29 - 2019-08-28 12:08 - 000000022 _____ C:\Users\Dianna\Downloads\archive (76).zip
2019-10-10 16:16 - 2016-07-12 19:50 - 000000000 ___RD C:\Users\Dianna\OneDrive
2019-10-10 15:51 - 2019-02-02 02:37 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-10-10 15:41 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-10-10 15:41 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-10-10 15:41 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2019-10-10 15:41 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-10-10 15:41 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-10-10 15:41 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-10-10 15:41 - 2018-09-15 02:09 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-10-10 12:34 - 2018-01-25 11:52 - 000000000 ___RD C:\Users\Dianna\3D Objects
2019-10-10 12:34 - 2016-04-27 02:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-10-10 12:25 - 2019-02-02 02:20 - 000290272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-10-09 19:16 - 2018-09-15 05:11 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-10-09 19:16 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2019-10-09 13:24 - 2018-09-15 03:33 - 000000000 ____D C:\WINDOWS\ServiceState
2019-10-09 09:38 - 2016-07-13 00:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-10-09 09:34 - 2016-07-13 00:59 - 127230528 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-10-07 20:44 - 2017-09-12 22:11 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\ControlCenter4
2019-10-07 20:44 - 2017-09-12 22:06 - 000000000 ____D C:\ProgramData\ControlCenter4
2019-10-07 14:39 - 2015-11-11 06:34 - 000000000 ____D C:\Program Files (x86)\Google
2019-10-04 23:02 - 2017-03-31 20:27 - 000000000 ____D C:\Users\Dianna\AppData\Local\GamesManager_iWin_Iplay
2019-10-04 21:29 - 2017-04-01 13:05 - 000000000 ____D C:\Users\Dianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2019-09-27 21:55 - 2017-04-01 13:05 - 000000252 _____ C:\Users\Dianna\AppData\LocalLow\rbxcsettings.rbx
2019-09-25 15:07 - 2017-03-31 20:27 - 000002371 _____ C:\Users\Dianna\Desktop\Iplay Games.lnk
2019-09-24 22:05 - 2016-07-12 22:34 - 000000000 ____D C:\Users\Dianna\AppData\Local\VirtualStore
 
==================== Files in the root of some directories ================
 
2017-09-17 22:27 - 2018-05-04 21:08 - 000000253 _____ () C:\Users\Dianna\AppData\Roaming\ANICONFIG_{250B47EB-9548-417C-8B15-A2AF8E13625E}.ini
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ============================
 
FRST Addition Log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2019
Ran by Dianna (20-10-2019 13:06:05)
Running from C:\Users\Dianna\Desktop
Windows 10 Pro Version 1809 17763.805 (X64) (2019-02-02 06:49:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3029253240-1863324081-1530500289-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3029253240-1863324081-1530500289-503 - Limited - Disabled)
Dianna (S-1-5-21-3029253240-1863324081-1530500289-1002 - Administrator - Enabled) => C:\Users\Dianna
Guest (S-1-5-21-3029253240-1863324081-1530500289-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3029253240-1863324081-1530500289-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3029253240-1863324081-1530500289-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20048 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{5C028510-A6A1-409A-A2BF-4DCB43B21EF9}) (Version: 7.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5C7D4FCF-80C5-4520-9934-D50532AAC59C}) (Version: 7.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Avast Premium Security (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 75.1.1528.100 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 5.2.438 - AVAST Software)
Belkin USB Wireless Adapter (HKLM-x32\...\{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Blasterball 2: Remix (HKLM-x32\...\WTA-955be546-7244-4c80-b826-e351ea6c6dfe) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WTA-d4580b05-e4ea-4f5d-b132-693c44546886) (Version: 3.0.2.59 - WildTangent) Hidden
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.130.10.1003 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{613ce488-8460-4831-ad3a-dd0b4c39fdaf}) (Version: 4.3.2.0 - Brother Industries, Ltd.)
Brother iPrint&Scan (HKLM-x32\...\{A7B27ABE-950F-48B4-B74F-F3F87C9E9BCD}) (Version: 4.3.2.0 - Brother Industries, Ltd.) Hidden
Brother MFL-Pro Suite MFC-J430W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{3CE8B8E8-B33B-453C-BB7A-821ED6E18A24}) (Version: 1.0.27 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{E2FFD9C0-F6F4-445F-8B82-B5AE3925E431}) (Version: 3.0.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{DE927463-3897-456D-BBAC-47882CAC8AD9}) (Version: 1.0.26.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{D0F69DE9-EE0B-4A7A-8248-6D5EC97D171C}) (Version: 1.0.23.0 - Brother Industries Ltd.) Hidden
ControlCenter4 (HKLM-x32\...\{41EAC89B-B9AF-4C0C-813E-E5813548A8E4}) (Version: 4.6.17.1 - Brother Industries, Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
DeviceDetect (HKLM-x32\...\{97BCFAD0-8BC5-480B-ADA2-F54809F48267}) (Version: 1.4.1.0 - Brother Industries Ltd.) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\{DC7D9EC9-2AD1-33A7-92CF-5F5051E62843}) (Version: 77.0.3865.120 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{2C183CF0-3077-43D0-B001-F93AC5E68942}) (Version: 1.0.487 - LogMeIn, Inc.)
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
iCloud (HKLM\...\{2C05E99A-94F0-4F95-B602-CD2D2682D6C3}) (Version: 7.13.0.14 - Apple Inc.)
Intel Driver && Support Assistant (HKLM-x32\...\{6B913517-E442-4045-A3A6-4C9EC4C4F0CC}) (Version: 19.10.42.4 - Intel) Hidden
Intel® Computing Improvement Program (HKLM\...\{A9133872-C9FE-45CC-8F01-D1947B0F09EA}) (Version: 2.4.04755 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{d42c99b5-286f-435f-8ba8-367bd9cffb1b}) (Version: 19.10.42.4 - Intel)
Iplay Games (HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\Iplay Games) (Version: 3.6.6.540 - iWin Inc.)
Iplay Games Notifier 1.0.87 (only current user) (HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1acdbc65-4038-50e2-9704-a632d68b666b) (Version: 1.0.87 - iWin Inc.)
Java 8 Update 221 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft OneDrive (HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{C69E6AE7-4574-4BCD-9864-72282140C852}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
PC-FAXReceive (HKLM-x32\...\{9C609AF4-9CC1-45F0-B954-29DF7DD40329}) (Version: 1.8.004.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{03BF5A21-6363-410C-B3BE-0946B0012704}) (Version: 3.7.3.1 - Brother Industries Ltd.) Hidden
PDF Reader for Windows 10 (HKLM\...\PDF Reader for Windows 10_is1) (Version:  - PDFLogic Corporation)
PowerENGAGE (HKLM-x32\...\{BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1}) (Version: 3.2.13 - Aviata, Inc.) Hidden
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.31.0 - Ralink)
RemoteSetup (HKLM-x32\...\{6C3BCC5F-16B6-45FD-BE6E-46AF73A2C4A7}) (Version: 3.9.4.1 - Brother Industries Ltd.) Hidden
Roblox Player for Dianna (HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Studio for Dianna (HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\roblox-studio) (Version:  - Roblox Corporation)
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
SoftwareUpdateNotification (HKLM-x32\...\{C2430580-570A-48D4-BF61-FA55E35BD052}) (Version: 1.0.8.0 - Brother Insutries Ltd.) Hidden
SpellQuizzer 1.4.2 (HKLM-x32\...\SpellQuizzer_is1) (Version:  - TedCo Software)
StatusMonitor (HKLM-x32\...\{917FA52F-AFA9-46C0-BEE0-895B29160631}) (Version: 1.22.7.0 - Brother Insutries Ltd.) Hidden
SupportTeq  (HKLM-x32\...\{A22B8513-EA8C-46A1-9735-F5BE971C368D}) (Version: 7.4.515 - LogMeIn, Inc.)
TWC WiFi (HKLM-x32\...\TWC WiFi_is1) (Version:  - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - gamigo, Inc.) Hidden
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.1.1.30 - WildTangent) Hidden
WildTangent Helper (HKLM-x32\...\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}) (Version: 1.0.0.365 - WildTangent) Hidden
WildTangent ShortcutProvider (HKLM-x32\...\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}) (Version: 5.0.0.208 - WildTangent) Hidden
ZipCruncher (HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\ZipCruncher) (Version: 995.0.0 - ZipCruncher)
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-27] (Autodesk Inc.)
Brother iPrint&Scan Light -> C:\Program Files\WindowsApps\C2258428.BrotherPrintScan_2.3.0.1_neutral__m06mxaavvcjkt [2017-09-13] (Brother Industries Ltd.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.150.300.0_x86__kgqvnymyfvs32 [2019-10-19] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.618.0_x64__v10z8vjag6ke6 [2019-10-15] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa [2019-10-07] (Apple Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20218.0_x64__8wekyb3d8bbwe [2019-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2018-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2018-09-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-19] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.10022.0_x64__8wekyb3d8bbwe [2019-10-05] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-07-19] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation)
Solitaire Collection+ -> C:\Program Files\WindowsApps\12291raymond.li.5987855B3B0BC_1.1.8.0_x64__szs6zaftcmqhc [2019-08-03] (raymond.li) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0 [2019-10-10] (Spotify AB)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-08] (Twitter Inc.)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-07-14] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-05-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-14] (AVAST Software s.r.o. -> AVAST Software)
 
==================== Codecs (Whitelisted) ==================
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Dianna\Desktop\adam - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Dianna\Desktop\Iplay Games.lnk -> C:\Users\Dianna\AppData\Local\GamesManager_iWin_Iplay\GamesManager.exe (iWin Inc) -> -config.channel=20000005 -config.uri=hxxps://www.iplay.com/
ShortcutWithArgument: C:\Users\Dianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Iplay Games\Iplay Games.lnk -> C:\Users\Dianna\AppData\Local\GamesManager_iWin_Iplay\GamesManager.exe (iWin Inc) -> -config.channel=20000005 -config.uri=hxxps://www.iplay.com/
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-12 22:06 - 2017-06-20 14:17 - 000089600 _____ () [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2017-09-12 22:06 - 2005-04-22 13:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2019-10-13 19:06 - 2018-09-05 21:32 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [450]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (370f3eb2-c704-40f7-909f-fbf0b0b2aa99) => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\143[bleep].com -> 143[bleep].com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1se.ru -> 1se.ru
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\2020search.com -> 2020search.com
IE restricted site: HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\20x2p.com -> 20x2p.com
 
There are 1540 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2019-01-04 05:13 - 000000825 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Dianna\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{5fb0330a-e3b3-4ba9-b2fd-6aae0a5eadfe}.jpg
DNS Servers: 209.18.47.61 - 209.18.47.63
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AffinegyService => 2
MSCONFIG\Services: ANIWZCSdService => 2
MSCONFIG\Services: ASCValidator => 2
MSCONFIG\Services: avast => 2
MSCONFIG\Services: avastm => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: D_Link_DWA-125_WPS => 2
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "DigiDo"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ANIWZCS2Service"
HKLM\...\StartupApproved\Run32: => "D-Link D-Link Wireless 150 USB Adapter DWA-125"
HKLM\...\StartupApproved\Run32: => "D-Link D-Link DWA-125"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3029253240-1863324081-1530500289-1002\...\StartupApproved\Run: => "iCloudPhotos"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F6460361-887B-4020-A4DD-A59393E687C3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6819A887-9EB0-4E59-BDD0-7E350A51A5C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3E78B4B3-C98A-4CBE-B224-EF15AEC41A9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{43D569EF-3B15-40AF-8567-982050B1B2D6}] => (Allow) LPort=54925
FirewallRules: [{F373077D-B6CB-4FA7-9BE0-B4F33DBF4177}] => (Allow) C:\Users\Dianna\AppData\Local\Temp\7zS235B\HP.EasyStart.exe No File
FirewallRules: [{3E2D976E-B712-4873-B018-77D914BC8D4B}] => (Allow) LPort=54925
FirewallRules: [{DD054EF9-DA91-47C2-B5D6-C656D2C90411}] => (Allow) LPort=54950
FirewallRules: [{F3E8943D-CAFC-4D83-B645-757FCDC7C8F2}] => (Allow) LPort=54955
FirewallRules: [{F11BF6C0-6AAB-498B-A65A-7937664EF5A3}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{49CE6E28-707A-4477-80A2-25D51E878A96}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{265C2F71-2047-4F7E-B1FF-2C29A5AF58E5}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{D954036F-7D2F-44AE-89A4-CE40DD212D14}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A3C66B34-9263-41A7-9A37-4D85B8AAB6D8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{12EF9FF5-C936-4520-93D9-EC2B034BAE66}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8451A769-ACA7-4F55-A00F-FAFA6E4E36C7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4ED39080-2C3A-4957-B278-C9B7A51D60A7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8333EEBB-AB40-46FC-8F59-9DF05D4779B5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8B6E3DCE-681F-4A26-9C05-8F6B2FDE3677}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F43F610-F8E8-43DC-A9B6-98717D5B8D69}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12101.4.43017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7BE74942-9913-4F57-B7D4-F18FE1518EF7}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCService.exe No File
FirewallRules: [{C1A15B77-54BB-4A6C-9407-7C150CCBD290}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCService.exe No File
FirewallRules: [{16A2983E-1432-44D1-8139-D90BA2D4AF05}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCDesktop.exe No File
FirewallRules: [{27058CC9-CDD3-4603-9E68-3A4455B45C8E}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCDesktop.exe No File
FirewallRules: [{DFE635B2-9E58-4D39-879A-811E41E9F140}] => (Allow) C:\Program Files (x86)\RemotePC\RPCCoreViewer.exe No File
FirewallRules: [{E89E4C9B-6329-4D6B-874E-BFDCA8D96391}] => (Allow) C:\Program Files (x86)\RemotePC\RPCCoreViewer.exe No File
FirewallRules: [{C6EA247A-6D64-4625-AA0D-AC638F81D0C5}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCUI.exe No File
FirewallRules: [{CEE88332-824A-4CD0-AD22-B72B88A5650A}] => (Allow) C:\Program Files (x86)\RemotePC\RemotePCUI.exe No File
FirewallRules: [TCP Query User{42A899BF-A689-449D-8856-F59E92EB7714}C:\users\dianna\downloads\anydesk.exe] => (Allow) C:\users\dianna\downloads\anydesk.exe No File
FirewallRules: [UDP Query User{2683C70B-C46A-46ED-B3D9-402886A1987B}C:\users\dianna\downloads\anydesk.exe] => (Allow) C:\users\dianna\downloads\anydesk.exe No File
FirewallRules: [{95850F6B-E063-4098-BE96-88F58ABA8ACA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FC3D8CF1-AA2D-4DB4-BBAE-F26DCBD2E214}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{207F09B9-8FB4-4FAE-9F08-03FD8904DD6A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3BC9C957-71DB-4496-8C3D-D8161FE5AB74}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{72551800-E8B7-42F7-B2E9-6E121D749156}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2D0499E0-D8DC-417E-807D-25225B3CEACC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C6FE660B-C869-49A2-A530-E907E295C3A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B2196D3E-05C6-4607-94C8-DB08600E81DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.117.543.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3A9AC763-57F5-4027-B2F6-343DC1E0129D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{36DD1142-4271-42AB-8E83-41733D6553BF}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{F6325FC4-F537-4283-B9F8-F2AA973F4AD5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{ED22E650-9A44-4C1B-A5DA-073EB81666D7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{B972BC1D-9BB7-45C0-8347-CF85FB3BA177}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{A00546BB-C5A1-4250-8FDE-5B5304F44F52}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe No File
FirewallRules: [{3A1D8936-6B44-43BF-9FAE-EDB079642FA8}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{91443846-E598-433F-928C-B1E468FE48E1}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{36950698-D800-472E-89EF-3365EBE71502}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{124A66D2-2D27-4C4A-A94B-0E207395FD6B}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{4394C0D6-07A7-4088-AA03-C4E4B136A6AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4A9DF643-E081-412D-8E20-6F6FF4E7BC44}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
 
==================== Restore Points =========================
 
19-10-2019 11:42:55 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/20/2019 11:59:18 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
 
Error: (10/20/2019 11:36:30 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (10/20/2019 11:31:48 AM) (Source: ScreenConnect Client) (EventID: 0) (User: )
Description: System.Net.Sockets.SocketException (0x80004005): No such host is known
   at System.Net.Dns.GetAddrInfo(String name)
   at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
   at System.Net.Dns.GetHostEntry(String hostNameOrAddress)
   at ScreenConnect.NetworkExtensions.GetIPAddresses(String hostOrIPAddressString)
   at ScreenConnect.ClientNetworkExtensions.ConnectTcpSocket(Uri endPointUri)
   at ScreenConnect.WindowsClientToolkit.ConnectNetworkConnection(Uri endPointUri, Uri httpProxyUri)
   at ScreenConnect.SocketEndPointManager.Run()
 
Error: (10/20/2019 11:31:37 AM) (Source: ScreenConnect Client) (EventID: 0) (User: )
Description: System.Net.Sockets.SocketException (0x80004005): An established connection was aborted by the software in your host machine
   at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
   at ScreenConnect.SocketNetworkConnection.Receive(Byte[] buffer)
   at ScreenConnect.NetworkConnection.OnReadStreamNeedsBufferCycled(Object sender, EventArgs e)
   at ScreenConnect.Extensions.RaiseEvent[T](Object sender, EventHandler`1 eventHandler, T eventArgs)
   at ScreenConnect.BufferStream.OnNeedsBufferCycled()
   at ScreenConnect.BlockBufferReadStream.Read(Byte[] buffer, Int32 offset, Int32 count)
   at ScreenConnect.Extensions.ReadByteDefault(Stream stream)
   at ScreenConnect.BlockBufferReadStream.ReadByte()
   at System.IO.BinaryReader.ReadByte()
   at ScreenConnect.MessageSerializer.Deserialize(BinaryReader reader, Type requireBaseClass)
   at ScreenConnect.EndPointManager.ReceiveMessage(BinaryReader reader, Type requiredBaseMessageType)
   at ScreenConnect.SocketEndPointManager.RunIncomingThread(ThreadSharedState threadSharedState)
 
Error: (10/19/2019 11:25:05 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\WINDOWS\system32\sysmain.dll" (Win32 error code 126).
 
Error: (10/19/2019 11:21:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (10/19/2019 11:19:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DSAServiceHelper.exe, version: 19.10.42.4, time stamp: 0x5d8bda8d
Faulting module name: KERNELBASE.dll, version: 10.0.17763.802, time stamp: 0x86aa4cf5
Exception code: 0xe0434352
Fault offset: 0x0000000000039129
Faulting process id: 0x32dc
Faulting application start time: 0x01d58690a5d32bc5
Faulting application path: C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAServiceHelper.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: f38bc8e6-540a-4400-9eae-70578b535182
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/19/2019 11:19:53 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DSAServiceHelper.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code e0434352, exception address 00007FF9DA759129
Stack:
 
 
System errors:
=============
Error: (10/20/2019 12:53:15 PM) (Source: DCOM) (EventID: 10016) (User: NANAS-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/20/2019 12:47:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly.  It has done this 6 time(s).
 
Error: (10/20/2019 12:36:55 PM) (Source: DCOM) (EventID: 10016) (User: NANAS-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/20/2019 12:25:17 PM) (Source: DCOM) (EventID: 10016) (User: NANAS-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/20/2019 12:19:23 PM) (Source: DCOM) (EventID: 10016) (User: NANAS-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user Nanas-PC\Dianna SID (S-1-5-21-3029253240-1863324081-1530500289-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (10/20/2019 12:16:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly.  It has done this 5 time(s).
 
Error: (10/20/2019 11:44:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (10/19/2019 12:11:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Energy Server Service queencreek service terminated unexpectedly.  It has done this 3 time(s).
 
 
Windows Defender:
===================================
Date: 2019-10-16 18:03:26.360
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: BrowserModifier:Win32/DeepSync
ID: 256237
Severity: High
Category: Browser Modifier
Path: file:_C:\Users\Dianna\AppData\Roaming\AppMaster\AppMaster.exe; file:_C:\WINDOWS\System32\Tasks\UpdatePrt->(UTF-16LE); process:_pid:9436,ProcessStart:132157361129052247; regkey:[email protected]\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\AppMaster; regkey:[email protected]\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZipCruncher; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D051068-CD65-4877-A443-73C924B14323}; regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdatePrt; runkey:[email protected]\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\AppMaster; taskscheduler:_C:\WINDOWS\System32\Tasks\UpdatePrt; uninstall:[email protected]\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ZipCruncher
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\Dianna\AppData\Roaming\AppMaster\AppMaster.exe
Signature Version: AV: 1.303.1869.0, AS: 1.303.1869.0, NIS: 1.303.1869.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2
 
Date: 2019-10-16 18:01:59.077
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: BrowserModifier:Win32/DeepSync
ID: 256237
Severity: High
Category: Browser Modifier
Path: file:_C:\Users\Dianna\AppData\Roaming\AppMaster\AppMaster.exe; process:_pid:9436,ProcessStart:132157361129052247
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Users\Dianna\AppData\Roaming\AppMaster\AppMaster.exe
Signature Version: AV: 1.303.1869.0, AS: 1.303.1869.0, NIS: 1.303.1869.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2
 
Date: 2019-10-12 16:58:41.372
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.285.732.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16400.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2019-10-12 16:58:41.372
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.285.732.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16400.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2019-10-12 16:58:41.371
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.285.732.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16400.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2019-10-12 16:58:41.363
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.285.732.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16400.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2019-10-12 16:58:41.363
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.285.732.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16400.2
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===================================
 
Date: 2019-10-16 22:00:46.789
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-10-14 21:27:16.147
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-10-14 21:26:58.623
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-10-14 21:26:57.690
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-10-14 21:26:49.540
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-10-14 19:58:13.414
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-10-14 19:58:13.063
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-10-14 19:57:19.244
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVG\Antivirus\avgfmwlight.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard 786G2 v02.03 10/19/2015
Motherboard: Hewlett-Packard 3048h
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 76%
Total physical RAM: 3991.24 MB
Available physical RAM: 946.04 MB
Total Virtual: 5527.24 MB
Available Virtual: 1854.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:463.62 GB) (Free:243.41 GB) NTFS
Drive d: (BROTHER) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
 
\\?\Volume{e0383c55-8858-11e5-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:2.14 GB) (Free:1.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B13339AB)
Partition 1: (Active) - (Size=2.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=463.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
We are still not sure whether or not the PCSupport program is gone. I have tried to delete all programs that we were not familiar with but there were a few It wouldn't let me.
 
Is there anyway to tell if we have got everything or not?
 
Thanks!

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,867 posts
  • MVP

Uninstall:

 

GoTo Opener (unless you need it for work)

Intel® Driver & Support Assistant (broken)

PowerENGAGE (unless you need it for work)

SupportTeq (unless you need it for work)

 

Change PC Settings\"Sync your Settings" section or Change PC settings\OneDrive\Sync Settings, turn off the switch,

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   15.05KB   0 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP