Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hacked mouse functions

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hacked mouse functions

Unread postby arpigeo » June 22nd, 2019, 8:34 am

Hi......I started experiencing this on 6-21
Affecting both mouse and some keyboard functions
primarily scrolling and highlighting. Also some problems with text typing in backwards. Any help is most appreciated.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2019
Ran by bigdog (administrator) on LAPTOP-U0HD8BIR (HP HP Notebook) (22-06-2019 07:51:31)
Running from C:\Users\bigdog\Desktop
Loaded Profiles: bigdog (Available Profiles: bigdog & heyoka)
Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: English (United States)
Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1"
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software s.r.o. -> ) C:\Program Files\AVAST Software\Avast\AvastNM.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\Vpn.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnNM.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126577.inf_amd64_ae71f87c8938d56a\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126577.inf_amd64_ae71f87c8938d56a\igfxEM.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Ruiware, LLC -> Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Ruiware, LLC. -> WinPatrol) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
(Ruiware, LLC. -> WinPatrol) C:\Program Files\Ruiware\WinPrivacy\WinPrivacyTrayApp.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8811776 2016-11-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [WinPrivacy] => C:\Program Files\Ruiware\WinPrivacy\WinPrivacyTrayApp.exe [1782920 2016-02-15] (Ruiware, LLC. -> WinPatrol)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [262024 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp. -> CyberLink Corp.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1231240 2016-11-13] (Ruiware, LLC -> Ruiware)
HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\...\Run: [EPSON12BB47 (Epson Stylus NX430)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [232448 2011-01-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\74.0.1376.131\Installer\chrmstp.exe [2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-06-21]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08154EB0-423F-4CEB-8427-0DDD348796EE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2934152 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {19491A91-FB3F-4D09-A1CD-8C43A67F774E} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {24273EAF-AD1C-43A3-8795-5A36BD99097B} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1958568 2019-05-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {36C1B655-29AC-4144-A492-4CB0B0286663} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe [1398208 2019-06-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {37910CBA-AAEA-4DD1-9AA6-758BBD8E37CF} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3181639895-2614141711-2789008911-1002 => C:\Users\bigdog\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {3CAC6B0F-30B8-4524-B4B3-C7543FFFD2A3} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [3438680 2016-10-10] (AVAST Software a.s. -> AVAST Software)
Task: {49F8BEE7-C4F7-42DA-9290-BD3BA34EA43C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6975BAD9-7F46-4255-B972-EF78FD74A1E8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {86E948C5-9AF4-4F37-A238-4BA10C4AB779} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {93E380F3-D011-4C76-A3AD-E14A013CD350} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {B27AF937-F724-43A1-9A22-FA5E79DD8E23} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
Task: {B48CEB1E-ACD1-48C1-998C-8C8B989F6C74} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D9B5DAE0-C456-4E02-9075-66599B16EC18} - System32\Tasks\HPCeeScheduleForbigdog => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97848 2016-01-23] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {F812A06F-3704-4D76-9A13-A67037A36E1A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [1286656 2017-09-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {F889C64C-9A13-46C5-A877-35F2B4FE5F03} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1958568 2019-05-14] (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForbigdog.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{65131c46-5f47-462b-92b9-596c9ec547bb}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a6cc44b6-d414-4f13-b5a5-89e5d7ad5a47}: [DhcpNameServer] 172.168.0.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> {27E28A69-35C1-42D3-B483-067A34B74997} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> {27E28A69-35C1-42D3-B483-067A34B74997} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3181639895-2614141711-2789008911-1001 -> {27E28A69-35C1-42D3-B483-067A34B74997} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-11-28] (Intel(R) Software Development Products -> Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6844776 2019-05-28] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-18] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [409224 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-18] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\74.0.1376.131\elevation_service.exe [1079424 2019-05-14] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [127192 2015-11-19] (Realtek Semiconductor Corp -> )
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [168448 2011-01-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [131072 2011-01-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-11-03] (Intel Corporation - pGFX -> Intel Corporation)
R2 HP Comm Recover; c:\Program Files\HPCommRecovery\HPCommRecovery.exe [44032 2016-03-02] (HP Inc.) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (Hewlett-Packard Company -> HP Inc.)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312576 2016-11-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [7038904 2019-06-19] (AVAST Software s.r.o. -> AVAST Software)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360872 2018-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 WinPrivacySvc; C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe [477320 2016-02-15] (Ruiware, LLC. -> WinPatrol)
S2 WPWDSvc; C:\Program Files\Ruiware\WinPrivacy\WPWDSvc.exe [421512 2016-02-15] (Ruiware, LLC. -> WinPatrol)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37104 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [207448 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [262496 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [205848 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [61472 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15488 2019-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279120 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42288 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [168104 2019-06-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [112312 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87944 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1030784 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [477584 2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [225600 2019-06-17] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [385880 2019-05-30] (AVAST Software s.r.o. -> AVAST Software)
S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Power Technology -> Windows (R) Win 7 DDK provider)
R3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2015-11-14] (Power Technology -> Windows (R) Win 7 DDK provider)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-11-03] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-11-03] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-11-03] (Intel Corporation -> Intel Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-02-06] (PAIPTAC Driver -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-02-25] (Realtek Semiconductor Corp -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-26] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R4 rwpvcy; C:\WINDOWS\System32\drivers\rwpvcy.sys [49944 2015-09-10] (Ruiware, LLC. -> Ruiware, LLC)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55400 2018-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2019-05-16] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-22 07:51 - 2019-06-22 07:52 - 000024489 _____ C:\Users\bigdog\Desktop\FRST.txt
2019-06-22 07:50 - 2019-06-22 07:51 - 000000000 ____D C:\FRST
2019-06-21 12:53 - 2019-06-21 12:53 - 000000000 ____D C:\Users\bigdog\AppData\Roaming\hpqLog
2019-06-21 10:49 - 2019-06-21 10:49 - 000478392 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\07D9E638.sys
2019-06-21 10:49 - 2019-06-21 10:49 - 000085600 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\70044193.sys
2019-06-21 10:48 - 2019-06-21 10:49 - 000000000 ____D C:\KVRT_Data
2019-06-21 10:37 - 2019-06-21 10:37 - 002418688 _____ (Farbar) C:\Users\bigdog\Desktop\FRST64.exe
2019-06-18 17:44 - 2019-06-18 18:40 - 000000000 ____D C:\Users\bigdog\AppData\Local\PlaceholderTileLogoFolder
2019-06-18 15:48 - 2019-06-22 07:18 - 000004294 _____ C:\WINDOWS\System32\Tasks\Avast SecureLine VPN Update
2019-06-12 08:15 - 2019-06-07 01:57 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-12 08:15 - 2019-06-07 01:46 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-12 08:15 - 2019-06-07 01:38 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-12 08:14 - 2019-06-07 07:04 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-12 08:14 - 2019-06-07 07:04 - 001633136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-12 08:14 - 2019-06-07 06:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-06-12 08:14 - 2019-06-07 06:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-12 08:14 - 2019-06-07 06:45 - 012756480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-12 08:14 - 2019-06-07 06:42 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-12 08:14 - 2019-06-07 06:41 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-12 08:14 - 2019-06-07 06:40 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-12 08:14 - 2019-06-07 06:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-12 08:14 - 2019-06-07 06:23 - 001453920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-12 08:14 - 2019-06-07 06:19 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-12 08:14 - 2019-06-07 06:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-12 08:14 - 2019-06-07 06:07 - 011942400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-12 08:14 - 2019-06-07 06:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-12 08:14 - 2019-06-07 06:04 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-12 08:14 - 2019-06-07 06:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-12 08:14 - 2019-06-07 02:07 - 000707384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-12 08:14 - 2019-06-07 02:01 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-12 08:14 - 2019-06-07 01:58 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-12 08:14 - 2019-06-07 01:58 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-12 08:14 - 2019-06-07 01:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-12 08:14 - 2019-06-07 01:58 - 000422416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-12 08:14 - 2019-06-07 01:58 - 000135176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-12 08:14 - 2019-06-07 01:58 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 000792888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-12 08:14 - 2019-06-07 01:57 - 000494304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 000148280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 000137448 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-06-12 08:14 - 2019-06-07 01:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-12 08:14 - 2019-06-07 01:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-06-12 08:14 - 2019-06-07 01:47 - 000380432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-12 08:14 - 2019-06-07 01:47 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-06-12 08:14 - 2019-06-07 01:46 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-12 08:14 - 2019-06-07 01:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-12 08:14 - 2019-06-07 01:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-12 08:14 - 2019-06-07 01:46 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-06-12 08:14 - 2019-06-07 01:46 - 000357072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-12 08:14 - 2019-06-07 01:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-12 08:14 - 2019-06-07 01:37 - 022019584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-12 08:14 - 2019-06-07 01:31 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-12 08:14 - 2019-06-07 01:27 - 022718976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-12 08:14 - 2019-06-07 01:24 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-12 08:14 - 2019-06-07 01:24 - 003400704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-12 08:14 - 2019-06-07 01:24 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-06-12 08:14 - 2019-06-07 01:23 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-12 08:14 - 2019-06-07 01:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-06-12 08:14 - 2019-06-07 01:23 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-06-12 08:14 - 2019-06-07 01:22 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-06-12 08:14 - 2019-06-07 01:22 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-12 08:14 - 2019-06-07 01:22 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-12 08:14 - 2019-06-07 01:22 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-12 08:14 - 2019-06-07 01:22 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-12 08:14 - 2019-06-07 01:21 - 007588864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-12 08:14 - 2019-06-07 01:21 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-12 08:14 - 2019-06-07 01:21 - 001778688 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-12 08:14 - 2019-06-07 01:21 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-12 08:14 - 2019-06-07 01:21 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-12 08:14 - 2019-06-07 01:21 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-12 08:14 - 2019-06-07 01:20 - 002610688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-12 08:14 - 2019-06-07 01:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-06-12 08:14 - 2019-06-07 01:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-12 08:14 - 2019-06-07 01:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-06-12 08:14 - 2019-06-07 01:19 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-12 08:14 - 2019-06-07 01:19 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-12 08:14 - 2019-06-07 01:19 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-12 08:14 - 2019-06-07 01:19 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-12 08:14 - 2019-06-07 01:19 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-12 08:14 - 2019-06-07 01:19 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-12 08:14 - 2019-06-07 01:18 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-12 08:14 - 2019-06-07 01:18 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-12 08:14 - 2019-06-07 01:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-12 08:14 - 2019-06-07 01:17 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-12 08:14 - 2019-06-07 01:17 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-12 08:14 - 2019-06-07 01:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-12 08:14 - 2019-06-07 01:16 - 001102336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-06-12 08:14 - 2019-06-07 01:16 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-12 08:14 - 2019-06-07 01:16 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-12 08:14 - 2019-06-07 01:16 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-12 08:14 - 2019-06-07 00:00 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2019-06-12 08:14 - 2019-05-18 18:12 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-12 08:14 - 2019-05-18 18:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-12 08:14 - 2019-05-18 18:12 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-12 08:14 - 2019-05-18 18:12 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-12 08:14 - 2019-05-17 08:44 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-12 08:14 - 2019-05-17 08:40 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-06-12 08:14 - 2019-05-17 08:40 - 000280888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-12 08:14 - 2019-05-17 08:27 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-12 08:14 - 2019-05-17 08:26 - 004393984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-06-12 08:14 - 2019-05-17 08:25 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-06-12 08:14 - 2019-05-17 08:25 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-06-12 08:14 - 2019-05-17 08:25 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-06-12 08:14 - 2019-05-17 08:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-06-12 08:14 - 2019-05-17 08:23 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-12 08:14 - 2019-05-17 08:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-12 08:14 - 2019-05-17 08:22 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-12 08:14 - 2019-05-17 08:21 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-06-12 08:14 - 2019-05-17 08:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-06-12 08:14 - 2019-05-17 08:21 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-06-12 08:14 - 2019-05-17 08:21 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2019-06-12 08:14 - 2019-05-17 08:21 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-12 08:14 - 2019-05-17 08:20 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-12 08:14 - 2019-05-17 08:19 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-12 08:14 - 2019-05-17 08:07 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-06-12 08:14 - 2019-05-17 08:00 - 005658112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-12 08:14 - 2019-05-17 07:58 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-06-12 08:14 - 2019-05-17 07:56 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-12 08:14 - 2019-05-17 07:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2019-06-12 08:14 - 2019-05-17 07:55 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-06-12 08:14 - 2019-05-17 07:55 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-12 08:14 - 2019-05-17 07:55 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-06-12 08:14 - 2019-05-17 07:54 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-12 08:14 - 2019-05-17 07:54 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-06-12 08:14 - 2019-05-17 05:33 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-06-12 08:14 - 2019-05-17 04:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-06-12 08:14 - 2019-05-17 03:07 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-06-12 08:14 - 2019-05-17 02:44 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-06-12 08:14 - 2019-05-17 02:44 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-06-12 08:14 - 2019-05-17 02:43 - 000297688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 001980256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-12 08:14 - 2019-05-17 02:30 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-12 08:14 - 2019-05-17 02:26 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-12 08:14 - 2019-05-17 02:23 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-06-12 08:14 - 2019-05-17 02:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-12 08:14 - 2019-05-17 02:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-12 08:14 - 2019-05-17 02:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-06-12 08:14 - 2019-05-17 02:22 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-12 08:14 - 2019-05-17 02:21 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-06-12 08:14 - 2019-05-17 02:21 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-12 08:14 - 2019-05-17 02:21 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-12 08:14 - 2019-05-17 02:20 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-12 08:14 - 2019-05-17 02:20 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-06-12 08:14 - 2019-05-17 02:19 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-12 08:14 - 2019-05-17 02:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-12 08:14 - 2019-05-17 02:19 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-06-12 08:14 - 2019-05-17 02:19 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-12 08:14 - 2019-05-17 02:19 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2019-06-12 08:14 - 2019-05-17 02:19 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-12 08:14 - 2019-05-17 02:18 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-12 08:14 - 2019-05-17 02:18 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-12 08:14 - 2019-05-17 02:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-06-12 08:14 - 2019-05-17 02:08 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-12 08:14 - 2019-05-17 02:08 - 000723432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-12 08:14 - 2019-05-17 02:08 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-12 08:14 - 2019-05-17 02:08 - 000401328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 002768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 002467320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-12 08:14 - 2019-05-17 02:07 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-12 08:14 - 2019-05-17 02:07 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-06-12 08:14 - 2019-05-17 02:07 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-06-12 08:14 - 2019-05-17 02:06 - 001943136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-06-12 08:14 - 2019-05-17 02:06 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-06-12 08:14 - 2019-05-17 02:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-06-12 08:14 - 2019-05-17 02:06 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-12 08:14 - 2019-05-17 02:06 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-06-12 08:14 - 2019-05-17 02:06 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-12 08:14 - 2019-05-17 02:06 - 000151888 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-12 08:14 - 2019-05-17 02:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-06-12 08:14 - 2019-05-17 02:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-06-12 08:14 - 2019-05-17 01:44 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-12 08:14 - 2019-05-17 01:38 - 004709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-12 08:14 - 2019-05-17 01:37 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-12 08:14 - 2019-05-17 01:37 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-12 08:14 - 2019-05-17 01:37 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-06-12 08:14 - 2019-05-17 01:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-12 08:14 - 2019-05-17 01:36 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-06-12 08:14 - 2019-05-17 01:36 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-12 08:14 - 2019-05-17 01:36 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-12 08:14 - 2019-05-17 01:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-12 08:14 - 2019-05-17 01:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-12 08:14 - 2019-05-17 01:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-12 08:14 - 2019-05-17 01:35 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-06-12 08:14 - 2019-05-17 01:35 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-12 08:14 - 2019-05-17 01:35 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-06-12 08:14 - 2019-05-17 01:34 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-12 08:14 - 2019-05-17 01:34 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-12 08:14 - 2019-05-17 01:34 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-12 08:14 - 2019-05-17 01:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-12 08:14 - 2019-05-17 01:34 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-12 08:14 - 2019-05-17 01:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-06-12 08:14 - 2019-05-17 01:34 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-06-12 08:14 - 2019-05-17 01:34 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2019-06-12 08:14 - 2019-05-17 01:33 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-06-12 08:14 - 2019-05-17 01:33 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-12 08:14 - 2019-05-17 01:33 - 002370560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-12 08:14 - 2019-05-17 01:33 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-06-12 08:14 - 2019-05-17 01:33 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-12 08:14 - 2019-05-17 01:33 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-06-12 08:14 - 2019-05-17 01:33 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-12 08:14 - 2019-05-17 01:32 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-06-12 08:14 - 2019-05-17 01:32 - 000815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 003293184 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-12 08:14 - 2019-05-17 01:30 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-12 08:14 - 2019-05-17 01:30 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-06-12 08:14 - 2019-05-17 01:30 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-07 12:13 - 2019-06-07 12:19 - 281583111 _____ C:\Users\bigdog\Desktop\How-to-Make-Breadboard-Ends-Part-15-of-Build-a-Dovetail-Desk-with-Hand-Tools-720p.mp4
2019-06-03 00:08 - 2019-06-03 00:10 - 087892674 _____ C:\Users\bigdog\Desktop\ISHITANI-Making-a-Kigumi-Table-720p.mp4
2019-06-02 19:11 - 2019-06-02 19:18 - 381900081 _____ C:\Users\bigdog\Desktop\How-to-Make-a-Poor-Mans-Rebate-Plane-or-Paul-Sellers-720p.mp4
2019-05-28 22:14 - 2019-02-13 01:47 - 001909560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2019-05-27 19:01 - 2019-05-27 19:01 - 000000000 ____D C:\Program Files\Google
2019-05-27 08:48 - 2019-05-27 08:46 - 000363400 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2019-05-24 17:16 - 2019-06-03 14:59 - 000000000 ____D C:\Users\bigdog\Desktop\#55

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-22 07:46 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-22 07:18 - 2018-05-23 18:38 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2019-06-22 07:16 - 2016-10-10 17:31 - 000000000 __SHD C:\Users\bigdog\IntelGraphicsProfiles
2019-06-21 23:50 - 2019-04-28 08:29 - 000000165 _____ C:\Users\bigdog\Desktop\mine.txt
2019-06-21 23:20 - 2018-05-23 18:38 - 000003584 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-06-21 23:20 - 2018-05-23 18:38 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-06-21 23:20 - 2018-05-23 18:38 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3181639895-2614141711-2789008911-1002
2019-06-21 23:20 - 2018-05-23 18:38 - 000002808 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForbigdog
2019-06-21 23:20 - 2018-05-23 18:38 - 000002542 _____ C:\WINDOWS\System32\Tasks\HPDAS
2019-06-21 23:20 - 2018-02-06 21:20 - 000000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForbigdog.job
2019-06-21 23:06 - 2018-05-23 18:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-06-21 20:43 - 2018-05-23 18:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-21 19:56 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-21 13:14 - 2018-08-07 01:04 - 000000000 ____D C:\Program Files (x86)\Google
2019-06-21 13:08 - 2017-11-21 23:00 - 000000000 ____D C:\Users\bigdog\AppData\Local\Packages
2019-06-21 13:05 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-21 12:56 - 2018-08-07 01:04 - 000000000 ____D C:\Users\bigdog\AppData\Local\Google
2019-06-21 12:56 - 2016-08-16 08:30 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2019-06-21 12:54 - 2018-05-23 18:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2019-06-21 12:54 - 2016-10-10 17:34 - 000000000 ____D C:\Users\bigdog\AppData\Local\Hewlett-Packard
2019-06-21 12:54 - 2016-08-16 08:26 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2019-06-21 12:54 - 2016-04-11 08:17 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2019-06-21 12:53 - 2016-04-11 08:17 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-21 12:52 - 2016-04-11 08:17 - 000000000 ____D C:\Program Files\HP
2019-06-21 10:14 - 2018-11-15 22:50 - 000000000 ____D C:\Program Files\rempl
2019-06-21 10:08 - 2016-08-16 08:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2019-06-21 10:07 - 2018-05-23 18:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-21 09:30 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-06-21 09:20 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-06-20 12:41 - 2016-10-10 18:01 - 000168104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2019-06-18 17:47 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-18 16:10 - 2017-05-24 12:46 - 000000000 ____D C:\Program Files\UNP
2019-06-17 07:09 - 2016-10-10 18:01 - 000225600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2019-06-15 01:59 - 2018-05-23 18:13 - 000000000 ____D C:\Users\bigdog
2019-06-14 21:35 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2019-06-12 19:23 - 2018-05-23 18:12 - 000933328 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-12 19:20 - 2016-10-10 20:29 - 000000000 ___RD C:\Users\bigdog\3D Objects
2019-06-12 19:20 - 2015-11-02 14:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-12 19:18 - 2018-05-23 18:07 - 000462192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-12 19:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-06-12 19:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-06-12 19:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-06-12 19:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-12 08:13 - 2016-10-10 21:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-12 08:09 - 2016-10-10 21:17 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-05 19:39 - 2016-10-24 12:59 - 000000000 ____D C:\Users\bigdog\Documents\Invoices
2019-06-03 14:59 - 2016-10-21 13:10 - 000000000 ____D C:\Users\bigdog\Desktop\New folder
2019-06-02 07:41 - 2018-08-17 07:47 - 000000000 ____D C:\Users\bigdog\AppData\Local\CrashDumps
2019-06-01 11:10 - 2016-10-24 13:03 - 000000000 ____D C:\Users\bigdog\Documents\Estimates
2019-05-30 21:57 - 2018-04-11 19:41 - 000835688 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-05-30 21:57 - 2018-04-11 19:41 - 000179816 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-30 20:54 - 2016-10-10 18:01 - 000385880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2019-05-28 15:02 - 2019-04-11 18:42 - 000003856 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-05-28 15:02 - 2019-04-11 18:42 - 000003272 _____ C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-05-28 15:02 - 2018-05-18 07:57 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-05-28 14:36 - 2019-02-03 20:16 - 000000000 ____D C:\Users\bigdog\Desktop\`table
2019-05-27 08:48 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-27 08:47 - 2019-02-13 09:04 - 000279120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2019-05-27 08:47 - 2018-11-08 13:42 - 000042288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2019-05-27 08:47 - 2016-10-10 18:01 - 000477584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2019-05-27 08:47 - 2016-10-10 18:01 - 000112312 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2019-05-27 08:47 - 2016-10-10 18:01 - 000087944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2019-05-27 08:46 - 2019-01-06 09:19 - 000262496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2019-05-27 08:46 - 2019-01-06 09:19 - 000205848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2019-05-27 08:46 - 2019-01-06 09:19 - 000061472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2019-05-27 08:46 - 2019-01-06 09:19 - 000037104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2019-05-27 08:46 - 2017-11-19 14:21 - 000207448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2019-05-27 08:46 - 2016-10-10 18:01 - 001030784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

==================== Files in the root of some directories ================


2018-02-19 11:08 - 2018-02-19 11:08 - 000000000 _____ () C:\Users\bigdog\AppData\Local\BlackstarMarketing.log
2016-10-10 17:31 - 2019-06-22 07:46 - 003590531 _____ () C:\Users\bigdog\AppData\Local\BTServer.log
2019-04-26 17:52 - 2019-04-26 18:08 - 000000324 _____ () C:\Users\bigdog\AppData\Local\insider.log
2019-01-20 17:11 - 2019-01-20 17:11 - 000001218 _____ () C:\Users\bigdog\AppData\Local\recently-used.xbel
2017-01-14 13:47 - 2017-01-14 13:47 - 000000017 _____ () C:\Users\bigdog\AppData\Local\resmon.resmoncfg
2016-10-11 16:15 - 2016-10-11 16:15 - 000000000 _____ () C:\Users\bigdog\AppData\Local\{5AFF81E6-BA3C-4619-8325-B1ECD9082378}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2019
Ran by bigdog (22-06-2019 07:53:30)
Running from C:\Users\bigdog\Desktop
Windows 10 Home Version 1803 17134.829 (X64) (2018-05-23 22:39:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3181639895-2614141711-2789008911-500 - Administrator - Disabled)
bigdog (S-1-5-21-3181639895-2614141711-2789008911-1001 - Administrator - Enabled) => C:\Users\bigdog
DefaultAccount (S-1-5-21-3181639895-2614141711-2789008911-503 - Limited - Disabled)
Guest (S-1-5-21-3181639895-2614141711-2789008911-501 - Limited - Disabled)
heyoka (S-1-5-21-3181639895-2614141711-2789008911-1002 - Limited - Enabled) => C:\Users\heyoka
WDAGUtilityAccount (S-1-5-21-3181639895-2614141711-2789008911-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Any Audio Converter 6.0.9 (HKLM-x32\...\Any Audio Converter) (Version: 6.0.9 - Anvsoft)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.5.2378 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 74.0.1376.131 - AVAST Software)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.275.2 - AVAST Software)
Blackstar INSIDER (HKLM-x32\...\{C7F2434B-AE8C-49C1-84F9-BB2F2A546007}) (Version: 1.8.1229 - Blackstar Amplification Ltd.)
Blackstar INSIDER Interface (HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\...\1789510094.www.blackstaramps.com) (Version: - http://www.blackstaramps.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
DFX (HKLM-x32\...\DFX) (Version: 12.021.0.0 - Power Technology)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
FretCalc-3.10 (HKLM-x32\...\ST6UNST #1) (Version: - )
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Gimp WebP Plugin version 0.1.1 (HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\...\{37689CA1-6CF5-49D4-B8CC-0307045AD54C}_is1) (Version: 0.1.1 - Nathan Osman)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Chipset Device Software (HKLM-x32\...\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}) (Version: 10.1.1.32 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4471 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
PreSonus Studio One 3 (HKLM-x32\...\PreSonus Studio One 3) (Version: 3.5.5.45892 - PreSonus Audio Electronics)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.48 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7818 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.72 - REALTEK Semiconductor Corp.)
REAPER (HKLM-x32\...\REAPER) (Version: - )
REAPER (x64) (HKLM\...\REAPER) (Version: - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-3) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-4) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware)
WinPrivacy (HKLM-x32\...\{18605281-BFFE-4968-9B86-05322D5FBB33}) (Version: 2016.2.851 - WinPatrol)

Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220 [2019-03-11] (Dolby Laboratories)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_1.8.1812.301_x86__8wekyb3d8bbwe [2019-06-18] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad]
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.14.58.0_x64__kx24dqmazqk8j [2019-04-19] (Random Salad Games LLC) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3181639895-2614141711-2789008911-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\bigdog\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3181639895-2614141711-2789008911-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\bigdog\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3181639895-2614141711-2789008911-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\bigdog\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3181639895-2614141711-2789008911-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki126577.inf_amd64_ae71f87c8938d56a\igfxDTCM.dll [2018-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-05-27] (AVAST Software s.r.o. -> AVAST Software)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-08-16 08:51 - 2016-03-02 19:52 - 000044032 _____ (HP Inc.) [File not signed] c:\Program Files\HPCommRecovery\HPCommRecovery.exe
2016-10-11 22:35 - 2015-06-20 14:03 - 001186304 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Ruiware\WinPrivacy\SQLite.Interop.dll
2019-06-19 07:03 - 2019-06-19 07:00 - 002095104 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\AVAST Software\SecureLine\libcrypto-1_1.dll
2016-10-11 22:35 - 2015-04-10 13:48 - 002497024 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Ruiware\WinPrivacy\LIBEAY32.dll
2016-10-11 22:35 - 2015-04-10 13:48 - 000473088 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Ruiware\WinPrivacy\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2019-01-04 09:34 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts


2017-06-16 19:19 - 2017-06-16 19:19 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D9CB729A-E437-4903-9CDE-3150BD027463}] => (Allow) C:\Program Files (x86)\PreSonus\Studio One 3\Studio One.exe (PreSonus) [File not signed]
FirewallRules: [UDP Query User{AC46A4DE-B974-489E-B837-38069213BE47}C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe] => (Allow) C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe (Blackstar Amplification Ltd.) [File not signed]
FirewallRules: [TCP Query User{8331B2D7-E121-44A1-B71E-D15456C63340}C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe] => (Allow) C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe (Blackstar Amplification Ltd.) [File not signed]
FirewallRules: [{360FA433-74FA-4B62-A442-8A651B5681C3}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{570C52D9-E01D-4BFA-BC27-65A87FDAB766}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E5E6291C-6BFB-44F9-92DD-0E0D99B99144}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57FDB766-F4B6-41D1-9152-804B59B39755}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{88D9DBF5-EC6B-41F0-8934-9496211776FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2CC30ED0-2A57-4351-B387-089807530325}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
FirewallRules: [{2130F917-5752-4B8F-9BF9-CC78EE69BC8B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{159CAD10-7398-45F9-AFEB-244B51586052}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{CF31C8DA-63CE-4F09-BAE7-10D35040BC47}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{1BCE5023-D65A-4B71-81E0-D3337700A1BA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{1C15C2EB-98E1-49EC-9EB6-F9082703920C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{7A5ED073-2157-4B90-8B7D-159A32D82E88}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe (Ruiware, LLC. -> WinPatrol)
FirewallRules: [{4C22157F-5A51-42E2-927E-E19D8DED3777}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe (Ruiware, LLC. -> WinPatrol)
FirewallRules: [{7B352114-41EE-4494-BD30-448F1F8255C5}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe (Ruiware, LLC. -> WinPatrol)
FirewallRules: [{39BF1EDD-9CC6-4A8E-AF61-A9BD381E6843}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe (Ruiware, LLC. -> WinPatrol)
FirewallRules: [{98E43DF7-E04F-4FAD-A633-8877EA0D32C6}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe (Ruiware, LLC. -> WinPatrol)
FirewallRules: [{D06262A0-33A7-4A9D-8D79-8E890FF4AA4F}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe (Ruiware, LLC. -> WinPatrol)
FirewallRules: [{9C0F3B88-1E6A-469F-9EE8-0E41A93F2F3B}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{1D7050C3-49CE-4F32-BCE3-8930731780AC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ABC713B5-5856-43E2-A6B3-FC92068BE104}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0D19F2AB-4984-48F3-B2CB-3EED466C42D7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BE72115D-E7CB-4EE0-AC15-AF852B3F137D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{76337B65-95AD-4C55-AA8F-0FC79A6D362C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{05998F07-19D8-4DF3-9505-D081857FCAE2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D0AF47DB-1BF1-4892-930B-E74725DD783D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6604D946-F6A7-4C37-94B3-2988BD89BD0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

06-06-2019 23:51:55 Scheduled Checkpoint
12-06-2019 08:09:01 Windows Update
20-06-2019 00:38:37 Scheduled Checkpoint
21-06-2019 12:51:16 Removed HP Registration Service.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/21/2019 12:53:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (06/21/2019 07:50:31 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/21/2019 07:50:31 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/20/2019 06:37:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8527172

Error: (06/20/2019 06:37:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8527172

Error: (06/20/2019 06:37:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/20/2019 07:04:35 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/20/2019 07:04:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (06/22/2019 07:45:57 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-U0HD8BIR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-U0HD8BIR\bigdog SID (S-1-5-21-3181639895-2614141711-2789008911-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/22/2019 07:32:41 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-U0HD8BIR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-U0HD8BIR\bigdog SID (S-1-5-21-3181639895-2614141711-2789008911-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/22/2019 07:16:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/21/2019 11:50:46 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-U0HD8BIR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-U0HD8BIR\bigdog SID (S-1-5-21-3181639895-2614141711-2789008911-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/21/2019 10:59:01 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-U0HD8BIR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-U0HD8BIR\bigdog SID (S-1-5-21-3181639895-2614141711-2789008911-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/21/2019 10:58:57 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-U0HD8BIR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-U0HD8BIR\bigdog SID (S-1-5-21-3181639895-2614141711-2789008911-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/21/2019 08:43:15 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-U0HD8BIR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-U0HD8BIR\bigdog SID (S-1-5-21-3181639895-2614141711-2789008911-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/21/2019 08:31:23 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-U0HD8BIR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-U0HD8BIR\bigdog SID (S-1-5-21-3181639895-2614141711-2789008911-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-05-27 18:20:11.390
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.249.1124.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-27 18:20:11.390
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.249.1124.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-27 18:20:11.390
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.249.1124.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-05-27 18:20:11.201
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.249.1124.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-02-14 17:43:39.202
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.249.1124.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

==================== Memory info ===========================

BIOS: Insyde F.15 08/11/2016
Motherboard: HP 8207
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 46%
Total physical RAM: 8046.91 MB
Available physical RAM: 4315.42 MB
Total Virtual: 9326.91 MB
Available Virtual: 5800.37 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.55 GB) (Free:807.51 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.73 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{a0447d22-090a-4b0c-bb64-0c890f1ce5db}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.45 GB) NTFS
\\?\Volume{b4c3c50f-01f0-4cc6-a354-e6bd1a917911}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt ============================


`
arpigeo
Regular Member
 
Posts: 23
Joined: June 25th, 2010, 12:17 pm
Advertisement
Register to Remove

Re: hacked mouse functions

Unread postby pgmigg » June 24th, 2019, 2:37 pm

Hello arpigeo ,

Welcome to the forum and sorry for some delay! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4647
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: hacked mouse functions

Unread postby arpigeo » June 24th, 2019, 6:04 pm

excellent
I appreciate all your hard work and time pgmigg.
arpigeo
Regular Member
 
Posts: 23
Joined: June 25th, 2010, 12:17 pm

Re: hacked mouse functions

Unread postby pgmigg » June 24th, 2019, 8:46 pm

Hello arpigeo,

Step 1.
Run CKScanner
  1. Please download CKScanner from here and save it to your Desktop <----------------- Important!!!
  2. Double-click CKScanner.exe and click Search For Files.
  3. After a very short time, when the cursor hourglass disappears, click Save List To File.
  4. A message box will verify the file saved.
  5. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
TSG - SysInfo utility
  1. Please download SysInfo utility from here and save it to your Desktop.
  2. Right click on SysInfo.exe, select "Run As Administrator..." to run it... if UAC prompts, please allow it.
  3. Right click, select copy and then paste in your next post.

Step 3.
Run CodeCheck Scan
  1. Please download codecheck from here and save it to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then:
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of SysInfo scan
  4. Contents of a log created by codecheck.txt
  5. Answers to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4647
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: hacked mouse functions

Unread postby arpigeo » June 25th, 2019, 7:36 am

Thanks again pgmigg.....sure hope your week is off to a good start
My system is a personal one and not connected to any network
No problem in following your instructions
Since they are so small , I'm just posting as a single reply
here's the result

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\program files\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files (x86)\presonus\studio one 3\presets\presonus\fat channel\drum\snare crackalak.dsppreset
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.17134.1_none_a227092418e9be66\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.17134.81_none_b683e3bc89a9896c\ssh-keygen.exe
scanner sequence 3.BC.11.NGAPGZ
----- EOF -----


Codecheck Version 1.0

06025


Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz, Intel64 Family 6 Model 78 Stepping 3
Processor Count: 4
RAM: 8046 Mb
Graphics Card: Intel(R) HD Graphics 520, 1024 Mb
Hard Drives: C: 914 GB (806 GB Free); D: 15 GB (1 GB Free);
Motherboard: HP, 8207
Antivirus: Avast Antivirus, Enabled and Updated
arpigeo
Regular Member
 
Posts: 23
Joined: June 25th, 2010, 12:17 pm

Re: hacked mouse functions

Unread postby pgmigg » June 25th, 2019, 6:00 pm

Hello arpigeo,

Actually I don't think that your computer was infected at all. Your logs are clean excluding a few minor remnants which we will remove below. Then I would like to ask you to run one more scan. To do it, please:

Step 1.
Create a Backup With Tweaking.com Registry Backup (TCRB)
There is also a tutorial with pictures available HERE.
  1. I saw TCRB in the list of installed programs - if it is not so, please download TCRB from HERE and save it to your Desktop, then double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB.
  2. Launch TCRB.
  3. Click the Backup Registry tab and make sure all the boxes are checked.
  4. Click on Backup Now.
  5. Once the backup is finished you can now exit the program.
< STOP > Do not proceed any further if you were not able to create a registry backup. Post back with what happened so we can determine why it was unsuccessful.

Step 2.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Click Start and type notepad.exe in the search programs and files box and click Enter - a blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    Task: {B48CEB1E-ACD1-48C1-998C-8C8B989F6C74} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
    SearchScopes: HKLM -> {27E28A69-35C1-42D3-B483-067A34B74997} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {27E28A69-35C1-42D3-B483-067A34B74997} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-3181639895-2614141711-2789008911-1001 -> {27E28A69-35C1-42D3-B483-067A34B74997} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
    
    EmptyTemp:
    
  4. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  5. Right click on FRST64.exe and select Run as administrator.
  6. Press the Fix button one time only and wait.
  7. When FRST finishes you will be prompted to reboot your computer. Click OK.
  8. Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 3.
Scan with AdwCleaner.
  1. Please download AdwCleaner and save it to your Desktop.
  2. Double click AdwCleaner.exe to run it.
  3. Click Yes on UAC question and I Agreeon Welcome window.
  4. Click Scan now button. If it will ask for update please decline it by click No.
  5. On Scan Results screen, please click View Scan Results Log button and the Notepad with a log file AdwCleaner[Sxx].txt will be opened.
  6. Close the AdwCleaner.
  7. Please post the contents of AdwCleaner[Sxx].txt log file with your next reply.
  8. You can also find the log file at C:\AdwCleaner[Sxx].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Then:
Please tell me what is your default Internet browser?
Are your mouse and keyboard USB-type, wireless, or BlueTooth ones?

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the fixlog.txt log file
  3. Content of the C:\AdwCleaner[Sxx].txt
  4. Answers for my questions
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4647
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: hacked mouse functions

Unread postby arpigeo » June 27th, 2019, 3:45 pm

```````````````````````````````````````````````````````````````````````````````````````````````````````````````````````
pgmigg

This is certainly perplexing
My system is still having all the same problems
I'll try to explain more thoroughly

#1 problem is that when I boot up and get to Desktop , the Recycle Bin is already highlighted and doesn't want to let me unhighlight it ......if I hit the Esc key it will unhighlight and I can click another icon

#2 is that the system doesn't want to let me highlight text or rather I can highlight it but as soon as I release the mouse button , it'll un- highlight
Again is I hold down the Esc key I can make it happen but not without ......this happens in both text files as well as the text in a browser window such as your forum

#3 is the most frustrating and persistant
The scrolling function keeps returning to the top of a page . This affects all my devices ...wireless mouse , touchpad , wireless keyboard and on-board keyboard.
At first I thought it might be an issue with the wireless mouse so I un-installed it and had the same problem with the touchpad. I also un-installed the onboard keyboard , but the wireless had the same issue.
It's really weird , I'll be able to browse and scroll normally and then after a few mins this thing will take hold. Right now I'm typing in Notepad because it won't let me type in the forum reply window. Just a second ago it grabbed control and would move the cursor to the start of a line of text instead of where I was originally typing from. After a reboot , I'm able to type again.
While I'm browsing , it will affect all methods of scrolling .....scroll wheel ....browser side bar and also keyboard navigation arrows . I can override it for a time by either holding down the Esc key and scrolling or holding down the Shift key. I never know which will work and either way after a period of time I just got grabbed again

as I said there seems to be a lag time after rebooting before it will take hold ....

It's not consistent though sometimes it will start up after only a few mins. and other times it'll take 30 or 40
But once it does I can only hold it back for a short while before it will overpower any of the work arounds.

To answer your other questions
wireless mouse
wireless keyboard
Avast browser for online
No problem with following your instructions
Once again thanks for all your hard work
arpigeo
Regular Member
 
Posts: 23
Joined: June 25th, 2010, 12:17 pm

Re: hacked mouse functions

Unread postby arpigeo » June 27th, 2019, 3:46 pm

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by bigdog (27-06-2019 14:34:42) Run:1
Running from C:\Users\bigdog\Desktop
Loaded Profiles: bigdog (Available Profiles: bigdog & heyoka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {B48CEB1E-ACD1-48C1-998C-8C8B989F6C74} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
SearchScopes: HKLM -> {27E28A69-35C1-42D3-B483-067A34B74997} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> {27E28A69-35C1-42D3-B483-067A34B74997} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3181639895-2614141711-2789008911-1001 -> {27E28A69-35C1-42D3-B483-067A34B74997} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}

EmptyTemp:
*****************

Restore point was successfully created.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B48CEB1E-ACD1-48C1-998C-8C8B989F6C74}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B48CEB1E-ACD1-48C1-998C-8C8B989F6C74}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{27E28A69-35C1-42D3-B483-067A34B74997} => removed successfully
HKLM\Software\Classes\CLSID\{27E28A69-35C1-42D3-B483-067A34B74997} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{27E28A69-35C1-42D3-B483-067A34B74997} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{27E28A69-35C1-42D3-B483-067A34B74997} => not found
HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{27E28A69-35C1-42D3-B483-067A34B74997} => removed successfully
HKLM\Software\Classes\CLSID\{27E28A69-35C1-42D3-B483-067A34B74997} => not found

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31899268 B
Java, Flash, Steam htmlcache => 1335 B
Windows/system/drivers => 3538390 B
Edge => 1031607 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 87638 B
LocalService => 0 B
NetworkService => 22426 B
NetworkService => 0 B
bigdog => 58372786 B
heyoka => 27213251 B

RecycleBin => 807954721 B
EmptyTemp: => 897.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:36:01 ====
arpigeo
Regular Member
 
Posts: 23
Joined: June 25th, 2010, 12:17 pm

Re: hacked mouse functions

Unread postby arpigeo » June 27th, 2019, 3:47 pm

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-06-25.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-27-2019
# Duration: 00:00:16
# OS: Windows 10 Home
# Scanned: 27554
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [1250 octets] - [23/06/2019 18:59:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
arpigeo
Regular Member
 
Posts: 23
Joined: June 25th, 2010, 12:17 pm

Re: hacked mouse functions

Unread postby pgmigg » June 28th, 2019, 3:50 pm

Hi arpigeo,

Thank you for additional detailed explanations and answering to my questions - I hope it will help a lot because right now I understand the whole picture much better.

I would like to uninstall all Avast ingredients, including Avast Browser and use Windows Defender as your Antivirus Software. As your default browser you can chose Mozilla Firefox or Google Chrome.
Avast is not exactly the best written piece of software, and I've seen a number of cases where it has interacted badly with the host computer, causing any number of weird effects.

Of cause you can always re-install both those programs once we've finished working through your problems.

Step 1.
Download Mozilla Firefox or Google Chrome software

Step 2.
Remove Program
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Click the Select all button next to Code: to select the entire script).
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click on the every Entrys in a row below (please do it exactly in my sequence!), if it exists, choose Uninstall, and give permission to Continue:
    Avast Secure Browser
    Avast SecureLine
    Avast Free Antivirus
  4. When all programs have been uninstalled, please close Control Panel
  5. Reboot (restart) your computer.
  6. The Windows Defender will be started automatically as your default defense software.

Step 3.
Install Mozilla Firefox or Google Chrome as default browser from saved on the Desktop appropriate installer.

Step 4.
Fresh FRST Scan
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Run a new scan with FRST and post me your new Frst.txt and Addition.txt logs.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

Don't post anything as attachments unless I will ask you about it specifically!

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of FRST.txt and Addition.txt logs created by FRST scan.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4647
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: hacked mouse functions

Unread postby arpigeo » June 30th, 2019, 10:07 am

pgmigg
No problem executing your instruction
Seems like you were on the right track ......my system seems to be
operating normally again.
I'd have never made the connection between the two . That's why you guys are the pros
I've been using Avast for several years now with zero issues ..seems like one of you guys actually suggested it to
me ....maybe some recent update set things into motion.
I'll stick with your prefered set-up and see how things go

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2019
Ran by bigdog (administrator) on LAPTOP-U0HD8BIR (HP HP Notebook) (30-06-2019 09:46:37)
Running from C:\Users\bigdog\Desktop
Loaded Profiles: bigdog (Available Profiles: bigdog & heyoka)
Platform: Windows 10 Home Version 1803 17134.829 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Hewlett-Packard Company -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126577.inf_amd64_ae71f87c8938d56a\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126577.inf_amd64_ae71f87c8938d56a\igfxEM.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Ruiware, LLC -> Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Ruiware, LLC. -> WinPatrol) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
(Ruiware, LLC. -> WinPatrol) C:\Program Files\Ruiware\WinPrivacy\WinPrivacyTrayApp.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8811776 2016-11-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM\...\Run: [WinPrivacy] => C:\Program Files\Ruiware\WinPrivacy\WinPrivacyTrayApp.exe [1782920 2016-02-15] (Ruiware, LLC. -> WinPatrol)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2016-01-29] (CyberLink Corp. -> CyberLink Corp.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1231240 2016-11-13] (Ruiware, LLC -> Ruiware)
HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\...\Run: [EPSON12BB47 (Epson Stylus NX430)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [232448 2011-01-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-06-21]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {36C1B655-29AC-4144-A492-4CB0B0286663} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe [1398208 2019-06-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {37910CBA-AAEA-4DD1-9AA6-758BBD8E37CF} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3181639895-2614141711-2789008911-1002 => C:\Users\bigdog\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {49F8BEE7-C4F7-42DA-9290-BD3BA34EA43C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6975BAD9-7F46-4255-B972-EF78FD74A1E8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {93E380F3-D011-4C76-A3AD-E14A013CD350} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [816960 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {B27AF937-F724-43A1-9A22-FA5E79DD8E23} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
Task: {D9B5DAE0-C456-4E02-9075-66599B16EC18} - System32\Tasks\HPCeeScheduleForbigdog => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97848 2016-01-23] (Hewlett-Packard Company -> Hewlett-Packard)
Task: {F812A06F-3704-4D76-9A13-A67037A36E1A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [1286656 2017-09-30] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForbigdog.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{65131c46-5f47-462b-92b9-596c9ec547bb}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{a6cc44b6-d414-4f13-b5a5-89e5d7ad5a47}: [DhcpNameServer] 172.168.0.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File

FireFox:
========
FF DefaultProfile: s71yucc7.default
FF ProfilePath: C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\s71yucc7.default [2019-06-29]
FF ProfilePath: C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\rafrharu.default-release [2019-06-30]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\rafrharu.default-release\Extensions\firefox@ghostery.com.xpi [2019-06-29]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\rafrharu.default-release\Extensions\sp@avast.com.xpi [2019-06-29]
FF Extension: (Avast Online Security) - C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\rafrharu.default-release\Extensions\wrc@avast.com.xpi [2019-06-29]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-11-28] (Intel(R) Software Development Products -> Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [127192 2015-11-19] (Realtek Semiconductor Corp -> )
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [168448 2011-01-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [131072 2011-01-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-11-03] (Intel Corporation - pGFX -> Intel Corporation)
R2 HP Comm Recover; c:\Program Files\HPCommRecovery\HPCommRecovery.exe [44032 2016-03-02] (HP Inc.) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (Hewlett-Packard Company -> HP Inc.)
R3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312576 2016-11-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360872 2018-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4413440 2019-03-14] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107160 2019-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 WinPrivacySvc; C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe [477320 2016-02-15] (Ruiware, LLC. -> WinPatrol)
S2 WPWDSvc; C:\Program Files\Ruiware\WinPrivacy\WPWDSvc.exe [421512 2016-02-15] (Ruiware, LLC. -> WinPatrol)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Power Technology -> Windows (R) Win 7 DDK provider)
R3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2015-11-14] (Power Technology -> Windows (R) Win 7 DDK provider)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-11-03] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-11-03] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-11-03] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-06-27] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-06-30] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-06-30] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-06-30] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-06-30] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-06-30] (Malwarebytes Corporation -> Malwarebytes)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2018-02-06] (PAIPTAC Driver -> )
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-02-25] (Realtek Semiconductor Corp -> Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [784264 2018-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-26] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [7904088 2018-04-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation )
R4 rwpvcy; C:\WINDOWS\System32\drivers\rwpvcy.sys [49944 2015-09-10] (Ruiware, LLC. -> Ruiware, LLC)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55400 2018-09-21] (Synaptics Incorporated -> Synaptics Incorporated)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2019-05-16] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-30 09:46 - 2019-06-30 09:48 - 000018481 _____ C:\Users\bigdog\Desktop\FRST.txt
2019-06-30 09:42 - 2019-06-30 09:42 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-06-30 09:42 - 2019-06-30 09:42 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-06-30 09:42 - 2019-06-30 09:42 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-06-30 09:28 - 2019-06-30 09:28 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-06-29 15:46 - 2019-06-29 15:46 - 000000384 _____ C:\Users\bigdog\Desktop\round plane.txt
2019-06-29 08:55 - 2019-06-30 09:46 - 000000000 ____D C:\Users\bigdog\AppData\LocalLow\Mozilla
2019-06-29 08:55 - 2019-06-29 08:56 - 000000000 ____D C:\ProgramData\Mozilla
2019-06-29 08:55 - 2019-06-29 08:55 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-06-29 08:55 - 2019-06-29 08:55 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-06-29 08:55 - 2019-06-29 08:55 - 000000000 ____D C:\Users\bigdog\AppData\Roaming\Mozilla
2019-06-29 08:55 - 2019-06-29 08:55 - 000000000 ____D C:\Users\bigdog\AppData\Local\Mozilla
2019-06-29 08:55 - 2019-06-29 08:55 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-06-29 08:55 - 2019-06-29 08:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-06-27 18:24 - 2019-06-27 18:24 - 000094278 _____ C:\Users\bigdog\Desktop\bookmarks_6_27_19.html
2019-06-27 16:37 - 2019-06-27 22:00 - 000000000 ____D C:\WINDOWS\Minidump
2019-06-27 15:25 - 2019-06-30 09:41 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-06-27 14:43 - 2019-06-27 14:43 - 007025360 _____ (Malwarebytes) C:\Users\bigdog\Desktop\AdwCleaner.exe
2019-06-27 14:13 - 2019-06-27 14:13 - 000000000 ____D C:\Users\bigdog\Desktop\FRST-OlderVersion
2019-06-27 14:09 - 2019-06-27 14:09 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-LAPTOP-U0HD8BIR-Windows-10-Home-(64-bit).dat
2019-06-27 14:09 - 2019-06-27 14:09 - 000000000 ____D C:\Users\bigdog\Desktop\LAPTOP-U0HD8BIR
2019-06-27 14:04 - 2019-06-27 14:04 - 000002319 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2019-06-27 14:04 - 2019-06-27 14:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2019-06-27 14:04 - 2019-06-27 14:04 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2019-06-27 14:03 - 2019-06-27 14:04 - 000017991 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2019-06-23 18:58 - 2019-06-23 18:59 - 000000000 ____D C:\AdwCleaner
2019-06-23 18:28 - 2019-06-23 18:28 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\374414E4.sys
2019-06-23 18:27 - 2019-06-23 18:51 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2019-06-23 18:20 - 2019-06-27 14:28 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-06-23 18:20 - 2019-06-23 18:20 - 000000000 ____D C:\Users\bigdog\AppData\Local\mbamtray
2019-06-23 18:20 - 2019-06-23 18:20 - 000000000 ____D C:\Users\bigdog\AppData\Local\mbam
2019-06-23 18:20 - 2019-06-23 18:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-06-23 18:20 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-06-23 18:19 - 2019-06-23 18:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-06-23 18:19 - 2019-06-23 18:19 - 000000000 ____D C:\Program Files\Malwarebytes
2019-06-22 07:50 - 2019-06-30 09:46 - 000000000 ____D C:\FRST
2019-06-21 12:53 - 2019-06-21 12:53 - 000000000 ____D C:\Users\bigdog\AppData\Roaming\hpqLog
2019-06-21 10:48 - 2019-06-21 10:49 - 000000000 ____D C:\KVRT_Data
2019-06-21 10:37 - 2019-06-27 14:13 - 002418688 _____ (Farbar) C:\Users\bigdog\Desktop\FRST64.exe
2019-06-18 17:44 - 2019-06-18 18:40 - 000000000 ____D C:\Users\bigdog\AppData\Local\PlaceholderTileLogoFolder
2019-06-18 15:48 - 2019-06-30 08:33 - 000004294 _____ C:\WINDOWS\System32\Tasks\Avast SecureLine VPN Update
2019-06-12 08:15 - 2019-06-07 01:57 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-06-12 08:15 - 2019-06-07 01:46 - 006569344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-12 08:15 - 2019-06-07 01:38 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-06-12 08:14 - 2019-06-07 07:04 - 021388752 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-06-12 08:14 - 2019-06-07 07:04 - 001633136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-06-12 08:14 - 2019-06-07 06:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-06-12 08:14 - 2019-06-07 06:47 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-06-12 08:14 - 2019-06-07 06:45 - 012756480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-06-12 08:14 - 2019-06-07 06:42 - 003613696 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-06-12 08:14 - 2019-06-07 06:41 - 004055552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-06-12 08:14 - 2019-06-07 06:40 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-06-12 08:14 - 2019-06-07 06:40 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-06-12 08:14 - 2019-06-07 06:23 - 001453920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-06-12 08:14 - 2019-06-07 06:19 - 020383832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-06-12 08:14 - 2019-06-07 06:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-06-12 08:14 - 2019-06-07 06:07 - 011942400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-06-12 08:14 - 2019-06-07 06:04 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-06-12 08:14 - 2019-06-07 06:04 - 002881536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-06-12 08:14 - 2019-06-07 06:04 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-06-12 08:14 - 2019-06-07 02:07 - 000707384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2019-06-12 08:14 - 2019-06-07 02:01 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-06-12 08:14 - 2019-06-07 01:58 - 001220112 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-06-12 08:14 - 2019-06-07 01:58 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-06-12 08:14 - 2019-06-07 01:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-06-12 08:14 - 2019-06-07 01:58 - 000422416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmicmiplugin.dll
2019-06-12 08:14 - 2019-06-07 01:58 - 000135176 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-06-12 08:14 - 2019-06-07 01:58 - 000076304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 002811192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 001934808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 001209696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 000792888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 000709728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 000594024 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2019-06-12 08:14 - 2019-06-07 01:57 - 000494304 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 000413720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 000383504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 000170296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2019-06-12 08:14 - 2019-06-07 01:57 - 000148280 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2019-06-12 08:14 - 2019-06-07 01:57 - 000137448 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-06-12 08:14 - 2019-06-07 01:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-06-12 08:14 - 2019-06-07 01:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-06-12 08:14 - 2019-06-07 01:47 - 000380432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2019-06-12 08:14 - 2019-06-07 01:47 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-06-12 08:14 - 2019-06-07 01:46 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-06-12 08:14 - 2019-06-07 01:46 - 001805656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2019-06-12 08:14 - 2019-06-07 01:46 - 001011872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2019-06-12 08:14 - 2019-06-07 01:46 - 000581048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-06-12 08:14 - 2019-06-07 01:46 - 000357072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-06-12 08:14 - 2019-06-07 01:46 - 000128792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2019-06-12 08:14 - 2019-06-07 01:37 - 022019584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-06-12 08:14 - 2019-06-07 01:31 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-06-12 08:14 - 2019-06-07 01:27 - 022718976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-06-12 08:14 - 2019-06-07 01:24 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-06-12 08:14 - 2019-06-07 01:24 - 003400704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-06-12 08:14 - 2019-06-07 01:24 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-06-12 08:14 - 2019-06-07 01:23 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-06-12 08:14 - 2019-06-07 01:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-06-12 08:14 - 2019-06-07 01:23 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-06-12 08:14 - 2019-06-07 01:22 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-06-12 08:14 - 2019-06-07 01:22 - 003710976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-06-12 08:14 - 2019-06-07 01:22 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-06-12 08:14 - 2019-06-07 01:22 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2019-06-12 08:14 - 2019-06-07 01:22 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2019-06-12 08:14 - 2019-06-07 01:21 - 007588864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-06-12 08:14 - 2019-06-07 01:21 - 004866048 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-06-12 08:14 - 2019-06-07 01:21 - 001778688 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-06-12 08:14 - 2019-06-07 01:21 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-06-12 08:14 - 2019-06-07 01:21 - 000473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2019-06-12 08:14 - 2019-06-07 01:21 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-06-12 08:14 - 2019-06-07 01:20 - 002610688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-06-12 08:14 - 2019-06-07 01:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-06-12 08:14 - 2019-06-07 01:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-06-12 08:14 - 2019-06-07 01:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-06-12 08:14 - 2019-06-07 01:19 - 003212288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-06-12 08:14 - 2019-06-07 01:19 - 002175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-06-12 08:14 - 2019-06-07 01:19 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-06-12 08:14 - 2019-06-07 01:19 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-06-12 08:14 - 2019-06-07 01:19 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2019-06-12 08:14 - 2019-06-07 01:19 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2019-06-12 08:14 - 2019-06-07 01:18 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-06-12 08:14 - 2019-06-07 01:18 - 000686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2019-06-12 08:14 - 2019-06-07 01:18 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-06-12 08:14 - 2019-06-07 01:17 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-06-12 08:14 - 2019-06-07 01:17 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-06-12 08:14 - 2019-06-07 01:17 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2019-06-12 08:14 - 2019-06-07 01:16 - 001102336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2019-06-12 08:14 - 2019-06-07 01:16 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2019-06-12 08:14 - 2019-06-07 01:16 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-06-12 08:14 - 2019-06-07 01:16 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2019-06-12 08:14 - 2019-06-07 00:00 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2019-06-12 08:14 - 2019-05-18 18:12 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-06-12 08:14 - 2019-05-18 18:12 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-06-12 08:14 - 2019-05-18 18:12 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2019-06-12 08:14 - 2019-05-18 18:12 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2019-06-12 08:14 - 2019-05-17 08:44 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2019-06-12 08:14 - 2019-05-17 08:40 - 002394960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2019-06-12 08:14 - 2019-05-17 08:40 - 000280888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-06-12 08:14 - 2019-05-17 08:27 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-06-12 08:14 - 2019-05-17 08:26 - 004393984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-06-12 08:14 - 2019-05-17 08:25 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-06-12 08:14 - 2019-05-17 08:25 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2019-06-12 08:14 - 2019-05-17 08:25 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2019-06-12 08:14 - 2019-05-17 08:24 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2019-06-12 08:14 - 2019-05-17 08:23 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2019-06-12 08:14 - 2019-05-17 08:22 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2019-06-12 08:14 - 2019-05-17 08:22 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2019-06-12 08:14 - 2019-05-17 08:21 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2019-06-12 08:14 - 2019-05-17 08:21 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2019-06-12 08:14 - 2019-05-17 08:21 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2019-06-12 08:14 - 2019-05-17 08:21 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3gpui.dll
2019-06-12 08:14 - 2019-05-17 08:21 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2019-06-12 08:14 - 2019-05-17 08:20 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2019-06-12 08:14 - 2019-05-17 08:19 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2019-06-12 08:14 - 2019-05-17 08:07 - 002206424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2019-06-12 08:14 - 2019-05-17 08:00 - 005658112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-06-12 08:14 - 2019-05-17 07:58 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2019-06-12 08:14 - 2019-05-17 07:56 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2019-06-12 08:14 - 2019-05-17 07:56 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3gpui.dll
2019-06-12 08:14 - 2019-05-17 07:55 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2019-06-12 08:14 - 2019-05-17 07:55 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2019-06-12 08:14 - 2019-05-17 07:55 - 000470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2019-06-12 08:14 - 2019-05-17 07:54 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2019-06-12 08:14 - 2019-05-17 07:54 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2019-06-12 08:14 - 2019-05-17 05:33 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-06-12 08:14 - 2019-05-17 04:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-06-12 08:14 - 2019-05-17 03:07 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2019-06-12 08:14 - 2019-05-17 02:44 - 000829960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2019-06-12 08:14 - 2019-05-17 02:44 - 000550520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2019-06-12 08:14 - 2019-05-17 02:43 - 000297688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 002256560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 001989552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 001980256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 001380096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-06-12 08:14 - 2019-05-17 02:42 - 000125504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KerbClientShared.dll
2019-06-12 08:14 - 2019-05-17 02:30 - 013878784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-06-12 08:14 - 2019-05-17 02:26 - 002969600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-06-12 08:14 - 2019-05-17 02:23 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2019-06-12 08:14 - 2019-05-17 02:23 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2019-06-12 08:14 - 2019-05-17 02:23 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2019-06-12 08:14 - 2019-05-17 02:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2019-06-12 08:14 - 2019-05-17 02:22 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2019-06-12 08:14 - 2019-05-17 02:21 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-06-12 08:14 - 2019-05-17 02:21 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2019-06-12 08:14 - 2019-05-17 02:21 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2019-06-12 08:14 - 2019-05-17 02:20 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2019-06-12 08:14 - 2019-05-17 02:20 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2019-06-12 08:14 - 2019-05-17 02:19 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-06-12 08:14 - 2019-05-17 02:19 - 001630720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2019-06-12 08:14 - 2019-05-17 02:19 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2019-06-12 08:14 - 2019-05-17 02:19 - 001073664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-06-12 08:14 - 2019-05-17 02:19 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2019-06-12 08:14 - 2019-05-17 02:19 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2019-06-12 08:14 - 2019-05-17 02:18 - 002796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2019-06-12 08:14 - 2019-05-17 02:18 - 001006592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2019-06-12 08:14 - 2019-05-17 02:18 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-06-12 08:14 - 2019-05-17 02:08 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-06-12 08:14 - 2019-05-17 02:08 - 000723432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-06-12 08:14 - 2019-05-17 02:08 - 000491200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2019-06-12 08:14 - 2019-05-17 02:08 - 000401328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 002768960 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 002467320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-06-12 08:14 - 2019-05-17 02:07 - 001288712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 001260272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-06-12 08:14 - 2019-05-17 02:07 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2019-06-12 08:14 - 2019-05-17 02:07 - 000275768 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-06-12 08:14 - 2019-05-17 02:07 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-06-12 08:14 - 2019-05-17 02:06 - 001943136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-06-12 08:14 - 2019-05-17 02:06 - 001784696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2019-06-12 08:14 - 2019-05-17 02:06 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2019-06-12 08:14 - 2019-05-17 02:06 - 001140992 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-06-12 08:14 - 2019-05-17 02:06 - 001098056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-06-12 08:14 - 2019-05-17 02:06 - 000983424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-06-12 08:14 - 2019-05-17 02:06 - 000151888 _____ (Microsoft Corporation) C:\WINDOWS\system32\KerbClientShared.dll
2019-06-12 08:14 - 2019-05-17 02:04 - 001826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2019-06-12 08:14 - 2019-05-17 02:00 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2019-06-12 08:14 - 2019-05-17 01:44 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-06-12 08:14 - 2019-05-17 01:38 - 004709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-06-12 08:14 - 2019-05-17 01:37 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-06-12 08:14 - 2019-05-17 01:37 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2019-06-12 08:14 - 2019-05-17 01:37 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2019-06-12 08:14 - 2019-05-17 01:36 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2019-06-12 08:14 - 2019-05-17 01:36 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2019-06-12 08:14 - 2019-05-17 01:36 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2019-06-12 08:14 - 2019-05-17 01:36 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2019-06-12 08:14 - 2019-05-17 01:36 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe
2019-06-12 08:14 - 2019-05-17 01:36 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2019-06-12 08:14 - 2019-05-17 01:36 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2019-06-12 08:14 - 2019-05-17 01:35 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-06-12 08:14 - 2019-05-17 01:35 - 000362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2019-06-12 08:14 - 2019-05-17 01:35 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-06-12 08:14 - 2019-05-17 01:34 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2019-06-12 08:14 - 2019-05-17 01:34 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-06-12 08:14 - 2019-05-17 01:34 - 000671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2019-06-12 08:14 - 2019-05-17 01:34 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2019-06-12 08:14 - 2019-05-17 01:34 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2019-06-12 08:14 - 2019-05-17 01:34 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-06-12 08:14 - 2019-05-17 01:34 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2019-06-12 08:14 - 2019-05-17 01:34 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2019-06-12 08:14 - 2019-05-17 01:33 - 003091456 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2019-06-12 08:14 - 2019-05-17 01:33 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-06-12 08:14 - 2019-05-17 01:33 - 002370560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-06-12 08:14 - 2019-05-17 01:33 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2019-06-12 08:14 - 2019-05-17 01:33 - 001214464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-06-12 08:14 - 2019-05-17 01:33 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2019-06-12 08:14 - 2019-05-17 01:33 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2019-06-12 08:14 - 2019-05-17 01:32 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2019-06-12 08:14 - 2019-05-17 01:32 - 000815104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 004937216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 003376640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 003293184 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 001805312 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 001383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 000620032 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-06-12 08:14 - 2019-05-17 01:31 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-06-12 08:14 - 2019-05-17 01:30 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2019-06-12 08:14 - 2019-05-17 01:30 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-06-12 08:14 - 2019-05-17 01:30 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2019-06-07 12:13 - 2019-06-07 12:19 - 281583111 _____ C:\Users\bigdog\Desktop\How-to-Make-Breadboard-Ends-Part-15-of-Build-a-Dovetail-Desk-with-Hand-Tools-720p.mp4
2019-06-03 00:08 - 2019-06-03 00:10 - 087892674 _____ C:\Users\bigdog\Desktop\ISHITANI-Making-a-Kigumi-Table-720p.mp4
2019-06-02 19:11 - 2019-06-02 19:18 - 381900081 _____ C:\Users\bigdog\Desktop\How-to-Make-a-Poor-Mans-Rebate-Plane-or-Paul-Sellers-720p.mp4

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-30 09:43 - 2018-08-17 07:47 - 000000000 ____D C:\Users\bigdog\AppData\Local\CrashDumps
2019-06-30 09:42 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-06-30 09:41 - 2018-05-23 18:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-06-30 09:41 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-30 09:41 - 2016-10-10 17:33 - 000000000 ____D C:\Users\bigdog\AppData\Roaming\AVAST Software
2019-06-30 09:41 - 2016-10-10 17:31 - 000000000 __SHD C:\Users\bigdog\IntelGraphicsProfiles
2019-06-30 09:41 - 2016-08-16 08:44 - 000000000 ____D C:\ProgramData\AVAST Software
2019-06-30 09:41 - 2016-08-16 08:44 - 000000000 ____D C:\Program Files\AVAST Software
2019-06-30 09:40 - 2018-04-11 17:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-06-30 09:39 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-30 09:35 - 2018-05-18 07:55 - 000000000 ____D C:\Users\bigdog\AppData\Local\AVAST Software
2019-06-30 09:27 - 2018-02-06 21:20 - 000000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForbigdog.job
2019-06-29 22:33 - 2018-05-23 18:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-06-29 22:24 - 2018-05-23 18:38 - 000003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForbigdog
2019-06-29 17:06 - 2018-05-23 18:38 - 000003584 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-06-29 17:06 - 2018-05-23 18:38 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2019-06-29 17:06 - 2018-05-23 18:38 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3181639895-2614141711-2789008911-1002
2019-06-29 17:06 - 2018-05-23 18:38 - 000002542 _____ C:\WINDOWS\System32\Tasks\HPDAS
2019-06-29 17:06 - 2018-05-23 18:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2019-06-28 00:25 - 2018-05-23 18:13 - 000000000 ____D C:\Users\bigdog
2019-06-27 16:49 - 2016-10-21 13:10 - 000000000 ____D C:\Users\bigdog\Desktop\New folder
2019-06-27 16:42 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-06-27 16:42 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2019-06-27 16:26 - 2016-10-29 13:27 - 000000000 ____D C:\Users\bigdog\AppData\LocalLow\Temp
2019-06-25 00:48 - 2019-04-28 08:29 - 000000165 _____ C:\Users\bigdog\Desktop\mine.txt
2019-06-23 18:20 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-06-22 08:13 - 2018-05-23 18:07 - 000416112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-06-22 08:12 - 2019-05-27 19:01 - 000000000 ____D C:\Program Files\Google
2019-06-22 08:12 - 2018-08-07 01:04 - 000000000 ____D C:\Program Files (x86)\Google
2019-06-21 13:08 - 2017-11-21 23:00 - 000000000 ____D C:\Users\bigdog\AppData\Local\Packages
2019-06-21 13:05 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-06-21 12:56 - 2018-08-07 01:04 - 000000000 ____D C:\Users\bigdog\AppData\Local\Google
2019-06-21 12:56 - 2016-08-16 08:30 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2019-06-21 12:54 - 2018-05-23 18:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2019-06-21 12:54 - 2016-10-10 17:34 - 000000000 ____D C:\Users\bigdog\AppData\Local\Hewlett-Packard
2019-06-21 12:54 - 2016-08-16 08:26 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2019-06-21 12:54 - 2016-04-11 08:17 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2019-06-21 12:53 - 2016-04-11 08:17 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-21 12:52 - 2016-04-11 08:17 - 000000000 ____D C:\Program Files\HP
2019-06-21 10:14 - 2018-11-15 22:50 - 000000000 ____D C:\Program Files\rempl
2019-06-18 16:10 - 2017-05-24 12:46 - 000000000 ____D C:\Program Files\UNP
2019-06-12 19:23 - 2018-05-23 18:12 - 000933328 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-06-12 19:20 - 2016-10-10 20:29 - 000000000 ___RD C:\Users\bigdog\3D Objects
2019-06-12 19:20 - 2015-11-02 14:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-12 19:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-06-12 19:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-06-12 19:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-06-12 19:15 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-06-12 08:13 - 2016-10-10 21:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-06-12 08:09 - 2016-10-10 21:17 - 135349160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-06-05 19:39 - 2016-10-24 12:59 - 000000000 ____D C:\Users\bigdog\Documents\Invoices
2019-06-03 14:59 - 2019-05-24 17:16 - 000000000 ____D C:\Users\bigdog\Desktop\#55
2019-06-01 11:10 - 2016-10-24 13:03 - 000000000 ____D C:\Users\bigdog\Documents\Estimates

==================== Files in the root of some directories ================

2018-02-19 11:08 - 2018-02-19 11:08 - 000000000 _____ () C:\Users\bigdog\AppData\Local\BlackstarMarketing.log
2016-10-10 17:31 - 2019-06-30 09:42 - 003639742 _____ () C:\Users\bigdog\AppData\Local\BTServer.log
2019-04-26 17:52 - 2019-04-26 18:08 - 000000324 _____ () C:\Users\bigdog\AppData\Local\insider.log
2019-01-20 17:11 - 2019-01-20 17:11 - 000001218 _____ () C:\Users\bigdog\AppData\Local\recently-used.xbel
2017-01-14 13:47 - 2017-01-14 13:47 - 000000017 _____ () C:\Users\bigdog\AppData\Local\resmon.resmoncfg
2016-10-11 16:15 - 2016-10-11 16:15 - 000000000 _____ () C:\Users\bigdog\AppData\Local\{5AFF81E6-BA3C-4619-8325-B1ECD9082378}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
arpigeo
Regular Member
 
Posts: 23
Joined: June 25th, 2010, 12:17 pm

Re: hacked mouse functions

Unread postby arpigeo » June 30th, 2019, 10:08 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by bigdog (30-06-2019 09:50:53)
Running from C:\Users\bigdog\Desktop
Windows 10 Home Version 1803 17134.829 (X64) (2018-05-23 22:39:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3181639895-2614141711-2789008911-500 - Administrator - Disabled)
bigdog (S-1-5-21-3181639895-2614141711-2789008911-1001 - Administrator - Enabled) => C:\Users\bigdog
DefaultAccount (S-1-5-21-3181639895-2614141711-2789008911-503 - Limited - Disabled)
Guest (S-1-5-21-3181639895-2614141711-2789008911-501 - Limited - Disabled)
heyoka (S-1-5-21-3181639895-2614141711-2789008911-1002 - Limited - Enabled) => C:\Users\heyoka
WDAGUtilityAccount (S-1-5-21-3181639895-2614141711-2789008911-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Any Audio Converter 6.0.9 (HKLM-x32\...\Any Audio Converter) (Version: 6.0.9 - Anvsoft)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Blackstar INSIDER (HKLM-x32\...\{C7F2434B-AE8C-49C1-84F9-BB2F2A546007}) (Version: 1.8.1229 - Blackstar Amplification Ltd.)
Blackstar INSIDER Interface (HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\...\1789510094.www.blackstaramps.com) (Version: - www.blackstaramps.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3.6129 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
DFX (HKLM-x32\...\DFX) (Version: 12.021.0.0 - Power Technology)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
FretCalc-3.10 (HKLM-x32\...\ST6UNST #1) (Version: - )
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Gimp WebP Plugin version 0.1.1 (HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\...\{37689CA1-6CF5-49D4-B8CC-0307045AD54C}_is1) (Version: 0.1.1 - Nathan Osman)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Chipset Device Software (HKLM-x32\...\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}) (Version: 10.1.1.32 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4471 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 67.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 67.0.4 (x64 en-US)) (Version: 67.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla)
PreSonus Studio One 3 (HKLM-x32\...\PreSonus Studio One 3) (Version: 3.5.5.45892 - PreSonus Audio Electronics)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.48 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7818 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.72 - REALTEK Semiconductor Corp.)
REAPER (HKLM-x32\...\REAPER) (Version: - )
REAPER (x64) (HKLM\...\REAPER) (Version: - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-3) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-4) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware)
WinPrivacy (HKLM-x32\...\{18605281-BFFE-4968-9B86-05322D5FBB33}) (Version: 2016.2.851 - WinPatrol)

Packages:
=========
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220 [2019-03-11] (Dolby Laboratories)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Jigsaw -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJigsaw_1.8.1812.301_x86__8wekyb3d8bbwe [2019-06-18] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2019-06-15] (Microsoft Studios) [MS Ad]
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.15.61.0_x64__kx24dqmazqk8j [2019-06-28] (Random Salad Games LLC) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3181639895-2614141711-2789008911-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\bigdog\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3181639895-2614141711-2789008911-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\bigdog\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-3181639895-2614141711-2789008911-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\bigdog\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki126577.inf_amd64_ae71f87c8938d56a\igfxDTCM.dll [2018-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-08-16 08:51 - 2016-03-02 19:52 - 000044032 _____ (HP Inc.) [File not signed] c:\Program Files\HPCommRecovery\HPCommRecovery.exe
2016-10-11 22:35 - 2015-06-20 14:03 - 001186304 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Ruiware\WinPrivacy\SQLite.Interop.dll
2016-10-11 22:35 - 2015-04-10 13:48 - 002497024 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Ruiware\WinPrivacy\LIBEAY32.dll
2016-10-11 22:35 - 2015-04-10 13:48 - 000473088 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\Ruiware\WinPrivacy\SSLEAY32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 03:24 - 2019-01-04 09:34 - 000000830 _____ C:\WINDOWS\system32\drivers\etc\hosts


2017-06-16 19:19 - 2017-06-16 19:19 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3181639895-2614141711-2789008911-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: BthHFSrv => 3
MSCONFIG\Services: bthserv => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D9CB729A-E437-4903-9CDE-3150BD027463}] => (Allow) C:\Program Files (x86)\PreSonus\Studio One 3\Studio One.exe (PreSonus) [File not signed]
FirewallRules: [UDP Query User{AC46A4DE-B974-489E-B837-38069213BE47}C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe] => (Allow) C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe (Blackstar Amplification Ltd.) [File not signed]
FirewallRules: [TCP Query User{8331B2D7-E121-44A1-B71E-D15456C63340}C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe] => (Allow) C:\program files (x86)\blackstar amplification ltd\blackstar insider\blackstarinsiderserverpc.exe (Blackstar Amplification Ltd.) [File not signed]
FirewallRules: [{360FA433-74FA-4B62-A442-8A651B5681C3}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{570C52D9-E01D-4BFA-BC27-65A87FDAB766}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E5E6291C-6BFB-44F9-92DD-0E0D99B99144}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{57FDB766-F4B6-41D1-9152-804B59B39755}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{88D9DBF5-EC6B-41F0-8934-9496211776FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2CC30ED0-2A57-4351-B387-089807530325}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
FirewallRules: [{2130F917-5752-4B8F-9BF9-CC78EE69BC8B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{159CAD10-7398-45F9-AFEB-244B51586052}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe (CyberLink Corp. -> CyberLink)
FirewallRules: [{CF31C8DA-63CE-4F09-BAE7-10D35040BC47}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{1BCE5023-D65A-4B71-81E0-D3337700A1BA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{1C15C2EB-98E1-49EC-9EB6-F9082703920C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{7A5ED073-2157-4B90-8B7D-159A32D82E88}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe (Ruiware, LLC. -> WinPatrol)
FirewallRules: [{4C22157F-5A51-42E2-927E-E19D8DED3777}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe (Ruiware, LLC. -> WinPatrol)
FirewallRules: [{7B352114-41EE-4494-BD30-448F1F8255C5}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe (Ruiware, LLC. -> WinPatrol)
FirewallRules: [{39BF1EDD-9CC6-4A8E-AF61-A9BD381E6843}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe (Ruiware, LLC. -> WinPatrol)
FirewallRules: [{98E43DF7-E04F-4FAD-A633-8877EA0D32C6}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe (Ruiware, LLC. -> WinPatrol)
FirewallRules: [{D06262A0-33A7-4A9D-8D79-8E890FF4AA4F}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe (Ruiware, LLC. -> WinPatrol)
FirewallRules: [{1D7050C3-49CE-4F32-BCE3-8930731780AC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ABC713B5-5856-43E2-A6B3-FC92068BE104}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0D19F2AB-4984-48F3-B2CB-3EED466C42D7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BE72115D-E7CB-4EE0-AC15-AF852B3F137D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{76337B65-95AD-4C55-AA8F-0FC79A6D362C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{05998F07-19D8-4DF3-9505-D081857FCAE2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D0AF47DB-1BF1-4892-930B-E74725DD783D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6604D946-F6A7-4C37-94B3-2988BD89BD0B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.109.383.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{088EC8B9-B8B7-4C1D-B652-DB39E3D6FB37}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E8B9F774-C3B1-4FF1-B9AB-2B98DF4F7A3F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

29-06-2019 16:41:00 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2019 09:49:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vpnupdate.exe, version: 5.3.458.0, time stamp: 0x5ce535b2
Faulting module name: vpnupdate.exe, version: 5.3.458.0, time stamp: 0x5ce535b2
Exception code: 0xc0000409
Fault offset: 0x000de1ad
Faulting process id: 0x2698
Faulting application start time: 0x01d52f4a9eecf340
Faulting application path: c:\program files\avast software\secureline\vpnupdate.exe
Faulting module path: c:\program files\avast software\secureline\vpnupdate.exe
Report Id: 7eca4427-ab81-430a-b13a-912c2dfea85e
Faulting package full name:
Faulting package-relative application ID:

Error: (06/30/2019 09:43:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Vpn.exe, version: 5.3.458.0, time stamp: 0x5ce53533
Faulting module name: ucrtbase.dll, version: 10.0.17134.677, time stamp: 0x9b002dcc
Exception code: 0xc0000409
Fault offset: 0x000a1aeb
Faulting process id: 0x1fa8
Faulting application start time: 0x01d52f49bce54ee5
Faulting application path: C:\Program Files\AVAST Software\SecureLine\Vpn.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 7b40ebd1-7c8a-422e-a129-a7fddcadf2f6
Faulting package full name:
Faulting package-relative application ID:

Error: (06/29/2019 05:20:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinPrivacySvc.exe, version: 2016.2.851.0, time stamp: 0x56c28c80
Faulting module name: KERNELBASE.dll, version: 10.0.17134.799, time stamp: 0x08a3d2a4
Exception code: 0xe0434352
Fault offset: 0x000000000003a388
Faulting process id: 0xd24
Faulting application start time: 0x01d52d282607c575
Faulting application path: C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 0161bece-4e29-4855-9697-2da5b1cad6b6
Faulting package full name:
Faulting package-relative application ID:

Error: (06/29/2019 05:20:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WinPrivacySvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IndexOutOfRangeException
at System.Array.Clear(System.Array, Int32, Int32)
at System.Collections.Generic.List`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Clear()
at Ruiware.WinPrivacy.Service.MainController.ActiveConnectionsEventsProcessor()
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (06/29/2019 05:20:26 PM) (Source: WinPrivacy) (EventID: 0) (User: )
Description: Index was outside the bounds of the array.

Error: (06/29/2019 05:20:26 PM) (Source: WinPrivacy) (EventID: 0) (User: )
Description: Index was outside the bounds of the array.

Error: (06/29/2019 05:20:26 PM) (Source: WinPrivacy) (EventID: 0) (User: )
Description: Index was outside the bounds of the array.

Error: (06/29/2019 05:20:26 PM) (Source: WinPrivacy) (EventID: 0) (User: )
Description: Index was outside the bounds of the array.


System errors:
=============
Error: (06/30/2019 09:44:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/30/2019 09:42:35 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-U0HD8BIR)
Description: The server Microsoft.Windows.Cortana_1.10.7.17134_neutral_neutral_cw5n1h2txyewy!CortanaUI did not register with DCOM within the required timeout.

Error: (06/30/2019 09:40:07 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

Error: (06/30/2019 09:34:08 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Remediation Service service hung on starting.

Error: (06/30/2019 09:13:28 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-U0HD8BIR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-U0HD8BIR\bigdog SID (S-1-5-21-3181639895-2614141711-2789008911-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/30/2019 09:13:21 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-U0HD8BIR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-U0HD8BIR\bigdog SID (S-1-5-21-3181639895-2614141711-2789008911-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/30/2019 07:35:38 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-U0HD8BIR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-U0HD8BIR\bigdog SID (S-1-5-21-3181639895-2614141711-2789008911-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/30/2019 07:34:40 AM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-U0HD8BIR)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user LAPTOP-U0HD8BIR\bigdog SID (S-1-5-21-3181639895-2614141711-2789008911-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-06-30 09:42:10.303
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.249.1124.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-06-30 09:42:10.302
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.249.1124.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-06-30 09:42:10.302
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.249.1124.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2019-06-30 09:42:09.853
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.249.1124.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2019-05-27 18:20:11.390
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.249.1124.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14104.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

==================== Memory info ===========================

BIOS: Insyde F.15 08/11/2016
Motherboard: HP 8207
Processor: Intel(R) Core(TM) i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 32%
Total physical RAM: 8046.91 MB
Available physical RAM: 5427.82 MB
Total Virtual: 9326.91 MB
Available Virtual: 6869.09 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:914.55 GB) (Free:820.47 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.73 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{a0447d22-090a-4b0c-bb64-0c890f1ce5db}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.45 GB) NTFS
\\?\Volume{b4c3c50f-01f0-4cc6-a354-e6bd1a917911}\ () (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)

Partition: GPT.

==================== End of Addition.txt ============================
arpigeo
Regular Member
 
Posts: 23
Joined: June 25th, 2010, 12:17 pm

Re: hacked mouse functions

Unread postby arpigeo » June 30th, 2019, 2:16 pm

pgmigg
It apprears I misspoke . Everything worked great until I logged back in again just now .
Same issues as before .
Strange how it will operate normally and then start up all the sudden . The other day it acted normally for most of the day and then started up all of the sudden in the evening .
The random nature of it had me stumped ...one of the reasons I suspected some kind of infection.
Any thoughts?
arpigeo
Regular Member
 
Posts: 23
Joined: June 25th, 2010, 12:17 pm

Re: hacked mouse functions

Unread postby pgmigg » July 1st, 2019, 10:13 am

Hi arpigeo,

arpigeo wrote:Seems like you were on the right track ......my system seems to be
operating normally again.
I'd have never made the connection between the two . That's why you guys are the pros
I've been using Avast for several years now with zero issues ..seems like one of you guys actually suggested it to
me ....maybe some recent update set things into motion.
I'll stick with your prefered set-up and see how things go
You know, over time, everything changes and once upon a time Avast was a very good protective tool that we recommended.
Then, as is often the case, it seemed to the developers that the product can be expanded and there is no limit to this desire - in the end, we have what we have, because it’s impossible to reach everything at the highest level - their browser is ugly, and much more could be better.

There are still a lot of remnants and let's continue...

Step 1.
FRST Fix
  1. Close all your programs.
  2. You should still have FRST64.exe on your Desktop. If not please download it HERE and save it on your Desktop.
  3. Click Start and type notepad.exe in the search programs and files box and click Enter - a blank Notepad page should open.
    • Copy and Paste the following script into Notepad, but do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-06-21]
    ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
    FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
    Task: {36C1B655-29AC-4144-A492-4CB0B0286663} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe [1398208 2019-06-19] (AVAST Software s.r.o. -> AVAST Software)
    Task: {49F8BEE7-C4F7-42DA-9290-BD3BA34EA43C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
    Task: {6975BAD9-7F46-4255-B972-EF78FD74A1E8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
    FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\rafrharu.default-release\Extensions\sp@avast.com.xpi [2019-06-29]
    FF Extension: (Avast Online Security) - C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\rafrharu.default-release\Extensions\wrc@avast.com.xpi [2019-06-29]
    2019-06-18 15:48 - 2019-06-30 08:33 - 000004294 _____ C:\WINDOWS\System32\Tasks\Avast SecureLine VPN Update
    2019-06-30 09:41 - 2016-10-10 17:33 - 000000000 ____D C:\Users\bigdog\AppData\Roaming\AVAST Software
    2019-06-30 09:41 - 2016-08-16 08:44 - 000000000 ____D C:\ProgramData\AVAST Software
    2019-06-30 09:41 - 2016-08-16 08:44 - 000000000 ____D C:\Program Files\AVAST Software
    2019-06-30 09:35 - 2018-05-18 07:55 - 000000000 ____D C:\Users\bigdog\AppData\Local\AVAST Software
    2019-06-29 17:06 - 2018-05-23 18:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    
    C:\Program Files\AVAST Software
    C:\Program Files\Common Files\AV
    
    EmptyTemp:
    
  4. Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  5. Right click on FRST64.exe and select Run as administrator.
  6. Press the Fix button one time only and wait.
  7. When FRST finishes you will be prompted to reboot your computer. Click OK.
  8. Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step 2.
ESET Online Scanner
  1. Please close all open programs and windows.
  2. Please go HERE then click on Scan now and save esetonlinescanner_enu.exe on your Desktop.
  3. Double-click on esetsmartinstaller_enu.exe to run it.
  4. Select blue Computer Scan button.
  5. Then select blue Full Scan button and wait for a while - it can take even a few hours to finish.
  6. Be sure on the next screen that Enable ESET to detect and quarantine potentially unwanted applications is marked.
  7. Now click on Start scan button.
  8. Be patient and wait for a while - it can take even a few hours to finish.
  9. When completed, in case anything will be found, you will need to click on Save scan log button and save the log on your Desktop as ESET.txt.
  10. Click on Continue, do it one more time on the next screen, then exit out of ESET Online Scanner by clicking on Close button.

Then:
... It apprears I misspoke . Everything worked great until I logged back in again just now .
Same issues as before .
Strange how it will operate normally and then start up all the sudden . The other day it acted normally for most of the day and then started up all of the sudden in the evening .
The random nature of it had me stumped ...one of the reasons I suspected some kind of infection.
Any thoughts?
You said that "Everything worked great until I logged back in again" - could you please step by step reconstruct the sequence of your actions?
The fact is that your phrase looks like that, when you finish your work, you do not turn off the computer, but you make a logout - is it because you have two user accounts on the machine?
Try to turn off the computer (full shut down), and then turn it on again.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[Rxx].txt log file
  3. Contents of the ESET.txt log file if it was saved
  4. Answers to my questions.
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4647
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: hacked mouse functions

Unread postby arpigeo » July 4th, 2019, 8:50 am

Hi pgmigg .....hope your week has been a good one
I'm including the fixlog as requested
The EST scan did take a good long time but found nothing
To answer your question , I'll usually boot up my system in the morning and then
let it hibernate during the day when I'm not using it ....shut down in the evening
I'm using a password ....so my reference to signing on was just to come out of hibernation.
This has been a very odd problem , I appreciate you sticking with me on it
Yesterday morning when I booted the system it immediately start giving me problems
I can always tell because the recycle bin will be highlighted as soon as the desktop boots
I'll have to use the ESC key and mouse click combo to get it to unhighlight .....usually multiple times as it
will continue to try and default back to the recycle
Anyways it continued to fight me for several hrs with varying degrees of the same 3 issues.....using the ESC key seems to be
the only reliable way of gaining back control ...sometime it will take multiple times pressing and holding it while clicking to gain back
function
The evening before I had read for quite a few hrs and the system worked completely normal
So after battling it for a couple of hrs , it starts to function normally again and continued to work the rest of the day and
night . This morning it has booted up and worked perfectly from the start .
I've never run in to anything remotely like this ........Ghost in the machine is what I'm leaning to at this point lol
Once again I so appreciate your time and expertise

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-06-2019
Ran by bigdog (01-07-2019 11:34:24) Run:2
Running from C:\Users\bigdog\Desktop
Loaded Profiles: bigdog (Available Profiles: bigdog & heyoka)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk [2019-06-21]
ShortcutTarget: Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe (AVAST Software s.r.o. -> AVAST Software)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {36C1B655-29AC-4144-A492-4CB0B0286663} - System32\Tasks\Avast SecureLine VPN Update => c:\program files\avast software\secureline\vpnupdate.exe [1398208 2019-06-19] (AVAST Software s.r.o. -> AVAST Software)
Task: {49F8BEE7-C4F7-42DA-9290-BD3BA34EA43C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {6975BAD9-7F46-4255-B972-EF78FD74A1E8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\rafrharu.default-release\Extensions\sp@avast.com.xpi [2019-06-29]
FF Extension: (Avast Online Security) - C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\rafrharu.default-release\Extensions\wrc@avast.com.xpi [2019-06-29]
2019-06-18 15:48 - 2019-06-30 08:33 - 000004294 _____ C:\WINDOWS\System32\Tasks\Avast SecureLine VPN Update
2019-06-30 09:41 - 2016-10-10 17:33 - 000000000 ____D C:\Users\bigdog\AppData\Roaming\AVAST Software
2019-06-30 09:41 - 2016-08-16 08:44 - 000000000 ____D C:\ProgramData\AVAST Software
2019-06-30 09:41 - 2016-08-16 08:44 - 000000000 ____D C:\Program Files\AVAST Software
2019-06-30 09:35 - 2018-05-18 07:55 - 000000000 ____D C:\Users\bigdog\AppData\Local\AVAST Software
2019-06-29 17:06 - 2018-05-23 18:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

C:\Program Files\AVAST Software
C:\Program Files\Common Files\AV

EmptyTemp:
*****************

Restore point was successfully created.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk => moved successfully
C:\Program Files\AVAST Software\SecureLine\Vpn.exe => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{36C1B655-29AC-4144-A492-4CB0B0286663}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36C1B655-29AC-4144-A492-4CB0B0286663}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast SecureLine VPN Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast SecureLine VPN Update" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{49F8BEE7-C4F7-42DA-9290-BD3BA34EA43C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49F8BEE7-C4F7-42DA-9290-BD3BA34EA43C}" => removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6975BAD9-7F46-4255-B972-EF78FD74A1E8}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6975BAD9-7F46-4255-B972-EF78FD74A1E8}" => removed successfully
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removed successfully
C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\rafrharu.default-release\Extensions\sp@avast.com.xpi => moved successfully
C:\Users\bigdog\AppData\Roaming\Mozilla\Firefox\Profiles\rafrharu.default-release\Extensions\wrc@avast.com.xpi => moved successfully
"C:\WINDOWS\System32\Tasks\Avast SecureLine VPN Update" => not found
C:\Users\bigdog\AppData\Roaming\AVAST Software => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Program Files\AVAST Software => moved successfully
C:\Users\bigdog\AppData\Local\AVAST Software => moved successfully
C:\WINDOWS\System32\Tasks\AVAST Software => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"C:\Program Files\AVAST Software" => not found
C:\Program Files\Common Files\AV => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20135475 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 838442 B
Edge => 0 B
Chrome => 0 B
Firefox => 697674604 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 5078 B
LocalService => 0 B
NetworkService => 11222 B
NetworkService => 0 B
bigdog => 16527033 B
heyoka => 0 B

RecycleBin => 33895626849 B
EmptyTemp: => 32.3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:38:05 ====
arpigeo
Regular Member
 
Posts: 23
Joined: June 25th, 2010, 12:17 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware