ssmarsh
2019-12-25, 18:06
Hello and thank you in advance for any assistance you can provide. My laptop is running very slow. Disk usage stuck at 100%. My Farbar logs are below. The laptop kept crashing while running aswMBR so I can't post that log. Happy holidays and thank you again for your assistance!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-12-2019
Ran by Evan (administrator) on LAPTOP-9KG4QFMS (TOSHIBA Satellite C55-C) (25-12-2019 10:19:09)
Running from C:\Users\Evan\Desktop
Loaded Profiles: Evan (Available Profiles: Evan)
Platform: Windows 10 Home Version 1903 18362.418 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.12228.20364\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [601944 2015-08-14] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-23] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [MRT] => C:\WINDOWS\system32\MRT.exe [127230528 2019-10-17] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-219441427-1511812545-325799061-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-23] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1000F1A4-6A4D-486E-9BAB-06CFDB90939F} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe
Task: {2ADCD8C2-8263-4192-8C1B-D9391FDD5221} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A9C7DE2-70C6-46CB-9487-50DF26995966} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-05] (Google Inc -> Google Inc.)
Task: {51563FA3-1AE9-4B8B-957B-1E24162831A5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {64550D90-6F01-4BE4-BFE3-A9DF7B5C924B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {754E16BD-3BA7-4073-8144-08DE143DBDA8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {75F74B4F-D598-4C92-99FB-DFBE70F5A02D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {7856A58B-F9D8-4F26-B44B-91163C390519} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {85A32D42-EEB9-4A51-AFB0-4E95B0432D0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-05] (Google Inc -> Google Inc.)
Task: {A0031712-2DC9-4842-BBDD-ED7ADF7D0127} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [700040 2014-04-03] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {A0D570E1-9D43-4245-A45F-3E9C9EE61F93} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {B6A39BE8-0B4C-4981-9C6C-CC06580EC8F3} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [135504 2015-07-08] (TOSHIBA CORPORATION -> Toshiba Corporation)
Task: {B7C295CF-5154-44CC-BDE9-CAA34B5A3027} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {BE89278B-A8B7-4142-A18A-AA074DD28992} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
Task: {C141E928-EE54-416B-B75C-F304AD048002} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3BEE270-EFCC-477E-A741-2FCCB83F9F5D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_pepper.exe [1453112 2019-09-28] (Adobe Inc. -> Adobe)
Task: {E0B41339-B7E6-4183-9E3B-44C04DB02732} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
Task: {E114C354-D91C-44EF-B612-3E3B99709119} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E9F07132-A572-4F6B-B1EA-ABE4DD162C04} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F8F35569-A792-48A2-BCB3-853793447E9E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{65d38424-445e-405a-a168-68ad940d6c8f}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{65d38424-445e-405a-a168-68ad940d6c8f}: [DhcpNameServer] 40.42.1.201
Tcpip\..\Interfaces\{6f041e61-5ab5-448f-a777-18db4cd52ef3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6f041e61-5ab5-448f-a777-18db4cd52ef3}: [DhcpNameServer] 10.0.0.1
Internet Explorer:
==================
HKU\S-1-5-21-219441427-1511812545-325799061-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-219441427-1511812545-325799061-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H15C3
SearchScopes: HKU\S-1-5-21-219441427-1511812545-325799061-1001 -> DefaultScope {196494D6-F5AC-4C8C-84A0-D8F9A521DEFC} URL =
SearchScopes: HKU\S-1-5-21-219441427-1511812545-325799061-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-219441427-1511812545-325799061-1001 -> {196494D6-F5AC-4C8C-84A0-D8F9A521DEFC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: bpmb4f54.default
FF ProfilePath: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bpmb4f54.default [2019-09-28]
FF Homepage: Mozilla\Firefox\Profiles\bpmb4f54.default -> www.google.com
FF Extension: (Bing Search) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bpmb4f54.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-01-03] [Legacy]
FF Extension: (Toshiba Defaults) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bpmb4f54.default\Extensions\defaults@toshiba.com [2015-12-04] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bpmb4f54.default\Extensions\sp@avast.com.xpi [2017-11-18] [UpdateUrl:hxxps://firefoxextension.avast.com/sp/update.json]
FF Extension: (Avast Online Security) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bpmb4f54.default\Extensions\wrc@avast.com.xpi [2018-06-20]
FF SearchPlugin: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bpmb4f54.default\searchplugins\bing-.xml [2016-01-03]
FF Extension: (Toshiba Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\defaults@toshiba.com [2018-02-10] [Legacy]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-11] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 3
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-27]
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-12-03]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-12-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-03]
CHR Extension: (Avast SafePrice) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-03]
CHR Extension: (Avast Online Security) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-02]
CHR Extension: (Chrome Media Router) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-03]
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-12-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Avast Online Security) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-12-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-23]
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-09]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-23] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-01-30] (BattlEye Innovations e.K. -> )
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe [74392 2019-10-24] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-12-02] (Microsoft Corporation -> Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370848 2019-05-05] (Intel Corporation -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [287240 2018-03-28] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA CORPORATION -> TOSHIBA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-12-29] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-09-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-09-30] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-09-30] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-12-31] (Symantec Corporation -> Symantec Corporation)
S3 ElgatoGC658Y; C:\WINDOWS\System32\Drivers\ElgatoGC658.sys [43488 2015-11-06] (Elgato Systems LLC -> UB658)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2019-01-09] (Symantec Corporation -> Symantec Corporation)
R3 QIOMem; C:\WINDOWS\System32\drivers\QIOMem.sys [14000 2015-05-05] (WDKTestCert 1,130752733198717037 -> TOSHIBA)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-12-12] (Realtek Semiconductor Corp -> Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [54792 2018-03-28] (Synaptics Incorporated -> Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45720 2015-06-13] (TOSHIBA CORPORATION -> Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2015-05-25] (Splitmedialabs Limited -> SplitmediaLabs Limited)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-12-25 10:19 - 2019-12-25 10:22 - 000025562 _____ C:\Users\Evan\Desktop\FRST.txt
2019-12-25 10:18 - 2019-12-25 10:21 - 000000000 ____D C:\FRST
2019-12-25 10:15 - 2019-12-25 10:15 - 002271744 _____ (Farbar) C:\Users\Evan\Desktop\FRST64.exe
2019-12-25 10:13 - 2019-12-25 10:13 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-LAPTOP-9KG4QFMS-Windows-10-Home-(64-bit).dat
2019-12-25 10:13 - 2019-12-25 10:13 - 000000000 ____D C:\RegBackup
2019-12-25 10:12 - 2019-12-25 10:12 - 000002319 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2019-12-25 10:12 - 2019-12-25 10:12 - 000002319 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2019-12-25 10:12 - 2019-12-25 10:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2019-12-25 10:12 - 2019-12-25 10:12 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2019-12-25 10:11 - 2019-12-25 10:12 - 000019558 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2019-12-25 10:10 - 2019-12-25 10:10 - 005766144 _____ (Tweaking.com) C:\Users\Evan\Downloads\tweaking.com_registry_backup_setup (1).exe
2019-12-25 10:09 - 2019-12-25 10:09 - 005766144 _____ (Tweaking.com) C:\Users\Evan\Desktop\tweaking.com_registry_backup_setup.exe
2019-12-25 09:57 - 2019-12-25 09:57 - 000000080 ___SH C:\bootTel.dat
2019-12-23 22:18 - 2019-12-23 22:18 - 000000000 ____D C:\Users\Evan\Documents\Add-in Express
2019-12-05 01:20 - 2019-12-05 01:20 - 000000000 _____ C:\Users\Evan\AppData\Local\{0175564F-3257-48C0-B3E3-6D472A5975AC}
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-12-25 10:22 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-25 10:20 - 2015-09-23 23:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-12-25 10:17 - 2015-12-06 20:00 - 001388432 _____ C:\Users\Public\VOIP.dat
2019-12-25 10:02 - 2019-09-27 21:37 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-25 10:02 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-25 10:02 - 2016-09-06 20:29 - 000000000 ____D C:\Users\Evan\AppData\Local\AVAST Software
2019-12-25 09:59 - 2017-09-18 02:04 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-12-25 09:59 - 2015-12-04 13:49 - 000000000 __SHD C:\Users\Evan\IntelGraphicsProfiles
2019-12-25 09:58 - 2019-09-27 22:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-12-25 09:56 - 2019-03-18 23:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-12-25 09:55 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-25 09:51 - 2019-09-27 22:02 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{919BFABA-C22C-4537-8F90-E95D601417AD}
2019-12-25 09:33 - 2019-09-27 21:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-12-24 16:24 - 2016-11-16 16:07 - 000000000 ____D C:\Users\Evan\Desktop\Roto
2019-12-24 16:20 - 2019-09-27 22:02 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2019-12-23 22:42 - 2019-01-10 23:15 - 000000000 ____D C:\Users\Evan\Desktop\Roto 2019
2019-12-23 22:19 - 2015-09-23 23:53 - 000000000 ____D C:\ProgramData\WinZip
2019-12-23 22:14 - 2016-04-28 23:02 - 000000000 ____D C:\ProgramData\Apple
2019-12-23 22:13 - 2016-02-07 13:29 - 000000000 ____D C:\Program Files\OBS
2019-12-23 22:13 - 2016-02-07 13:29 - 000000000 ____D C:\Program Files (x86)\OBS
2019-12-23 22:12 - 2016-01-11 19:57 - 000000000 ____D C:\Program Files\InterActual
2019-12-23 22:02 - 2019-09-27 21:26 - 000000000 ____D C:\Users\Evan
2019-12-23 22:01 - 2018-01-15 17:36 - 000000000 ____D C:\Users\Evan\AppData\Roaming\DVDVideoSoft
2019-12-23 21:48 - 2015-12-06 19:47 - 000000000 ____D C:\Users\Evan\Desktop\Evan's files
2019-12-23 21:38 - 2016-12-24 20:28 - 000000000 ____D C:\Program Files (x86)\iMobie
2019-12-23 21:27 - 2019-02-25 20:35 - 000000000 ____D C:\ProgramData\Wondershare
2019-12-23 21:27 - 2019-02-25 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2019-12-23 21:27 - 2015-09-23 23:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-12-23 21:26 - 2015-09-23 23:46 - 000000000 ____D C:\ProgramData\CyberLink
2019-12-23 21:24 - 2016-03-03 17:11 - 000000000 ____D C:\Program Files (x86)\Minecraft
2019-12-23 21:22 - 2015-12-05 17:00 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-23 21:22 - 2015-12-05 17:00 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-23 21:22 - 2015-12-05 17:00 - 000002271 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-12-23 20:51 - 2019-09-28 05:50 - 000185665 ____H C:\Users\Evan\AppData\Local\IconCache.db.backup
2019-12-16 21:09 - 2019-09-27 22:02 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-16 21:09 - 2019-09-27 22:02 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories ========
2015-12-06 20:00 - 2019-12-25 10:17 - 001388432 _____ () C:\Users\Public\VOIP.dat
2019-12-05 01:20 - 2019-12-05 01:20 - 000000000 _____ () C:\Users\Evan\AppData\Local\{0175564F-3257-48C0-B3E3-6D472A5975AC}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2019
Ran by Evan (25-12-2019 10:23:16)
Running from C:\Users\Evan\Desktop
Windows 10 Home Version 1903 18362.418 (X64) (2019-09-28 03:04:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-219441427-1511812545-325799061-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-219441427-1511812545-325799061-503 - Limited - Disabled)
Evan (S-1-5-21-219441427-1511812545-325799061-1001 - Administrator - Enabled) => C:\Users\Evan
Guest (S-1-5-21-219441427-1511812545-325799061-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-219441427-1511812545-325799061-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20056 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.255 - Adobe)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Bluetooth(R) Link (HKLM\...\{936D21BF-3344-4B20-BC4C-3B67580C19F5}) (Version: 4.3.04 - Toshiba Corporation)
Chrome Remote Desktop Host (HKLM-x32\...\{738276A2-92E7-4313-9E4D-D090F7DA98EC}) (Version: 79.0.3945.10 - Google Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.43.53 - Conexant)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5509.05 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5070 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.29089 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.182 - Synaptics Incorporated)
TI Connect™ CE (HKLM-x32\...\{30258E3F-5B74-4450-8188-3221682375F4}) (Version: 5.2.0.51 - Texas Instruments Inc.)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.8 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.0.9 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.1.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 8.1.1.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{0DFA8761-7735-4DE8-A0EB-2286578DCFC6}) (Version: 2.6.14 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 2.00.0005 - Toshiba Corporation)
TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.1.6403 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.1.2 - TOSHIBA)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2018-06-27] (Amazon.com)
AOL Video -> C:\Program Files\WindowsApps\Aol.AOLOn_1.1.28.0_neutral__95th8zv6cmbrc [2017-05-03] (AOL)
Asphalt 8: Airborne -> C:\Program Files\WindowsApps\GAMELOFTSA.Asphalt8Airborne_4.6.0.8_x86__0pp20fcewvvtj [2019-11-01] (GAMELOFT SA)
Baseball.free -> C:\Program Files\WindowsApps\45515SkyLineGames.Baseball.free_1.2.3.0_x64__zrw4chdf0m07a [2019-06-16] (SkyLine Gamez) [MS Ad]
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.5.0.8_x86__h6adky7gbf63m [2019-11-20] (Gameloft.)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.21.8716.0_x86__q4d96b2w5wcc2 [2019-10-17] (Evernote)
Fallout Shelter -> C:\Program Files\WindowsApps\BethesdaSoftworks.FalloutShelter_1.13.156.2_x64__3275kfvn8vcwc [2018-10-24] (Bethesda Softworks)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-20] (HP Inc.)
Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.3.0_neutral__fphbd361v8tya [2019-03-09] (Hulu.)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_6.0.44.0_x64__a76a11dkgb644 [2019-08-14] (iHeartMedia.)
INSTEON for Hub -> C:\Program Files\WindowsApps\SmartLabs.INSTEONforHub_1.2.1.18_x86__4162j3jeed9tp [2016-11-08] (SmartLabs)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-12-06] (AMZN Mobile LLC)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20206.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2018-11-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2018-11-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.13.105.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Studios)
MLB.TV -> C:\Program Files\WindowsApps\1508E719.MLB.TV_4.3.0.0_x64__9h0pwecjjphwj [2016-10-26] (MLB Advanced Media L.P.)
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-14] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad]
My Toshiba -> C:\Program Files\WindowsApps\EnnovaResearch.ToshibaPlaces_3.2.49.0_x64__3s2an63h56yee [2016-02-08] (Ennova Research)
MyMusicCloud - Toshiba -> C:\Program Files\WindowsApps\TriPlayInc.MyMusicCloud-Toshiba_1.0.50.2550_x86__rejfh65ekdhs8 [2017-01-24] (TriPlay Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-25] (Netflix, Inc.)
Texture - Unlimited Magazines -> C:\Program Files\WindowsApps\NextIssue.NextIssueMagazines_1.6.1.0_x64__91pt4qm2m3xcw [2015-12-18] (NEXT ISSUE MEDIA LLC)
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-11-17] (TripAdvisor LLC)
TruRecorder -> C:\Program Files\WindowsApps\7906AAC0.TruRecorder_2.2.39.0_x86__nvaxck9xhg5vg [2019-11-07] (Dynabook Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2016-04-02] (Microsoft Corporation) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2017-02-14] (Microsoft Corporation)
Zappos.com -> C:\Program Files\WindowsApps\ZapposIPInc.Zappos.com_1.1.0.72_neutral__5e9xhf7t0emqp [2016-03-17] (Zappos IP Inc.)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2015-09-23] (Zinio LLC)
ZUUS -> C:\Program Files\WindowsApps\181132B7.ZUUS_1.1.0.0_neutral__zrxb4n2dhz0mw [2015-09-24] (ZUUS Media, Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-219441427-1511812545-325799061-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Evan\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-219441427-1511812545-325799061-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Evan\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-219441427-1511812545-325799061-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Evan\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Cut the Rope.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=jfbadlndcminbkfojhlimnkgaackjmdo
ShortcutWithArgument: C:\Users\Evan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\AppData:CSM [466]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 06:04 - 2019-01-04 03:51 - 000000943 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-219441427-1511812545-325799061-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Evan\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\kobe.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Ear Trumpet.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-219441427-1511812545-325799061-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-219441427-1511812545-325799061-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-219441427-1511812545-325799061-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-219441427-1511812545-325799061-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-219441427-1511812545-325799061-1001\...\StartupApproved\Run: => "Selection Tools"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{114DCF7D-92A1-48BC-9722-387C9C5F2E65}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{27303508-BAA8-431B-95D2-8092EEB3597C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{77617336-D27A-45C1-A8B3-940C9CC383C4}C:\users\evan\desktop\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\evan\desktop\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{AFE6A7F3-407B-408B-AA77-15C8AF0FA315}C:\users\evan\desktop\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\evan\desktop\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{6E347067-A118-430E-BEE5-926710294422}C:\users\evan\desktop\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\users\evan\desktop\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{1219A958-769B-443B-820D-9DBE48B3C2FB}C:\users\evan\desktop\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\users\evan\desktop\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{EF6E686F-A5D6-4498-B3F1-CA73C35CD865}C:\users\evan\desktop\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\users\evan\desktop\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{A45187FF-2CD0-42C6-9992-D6BA7AD0A619}C:\users\evan\desktop\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\users\evan\desktop\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{D4CA2698-15D0-465E-95EC-59346AE723CC}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [TCP Query User{07319ABC-BA9A-4265-A4FC-214C4A7AB172}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{69F2A5E7-D720-481E-A6D6-0C4A78D5AF6A}C:\users\evan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evan\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [TCP Query User{45FEF741-69D8-46E5-9309-EE4AB5312A52}C:\users\evan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evan\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [{486E2CCF-F506-4113-BC08-9D082F878B51}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{27281003-414F-4E2B-972C-D8F65E77979E}] => (Allow) LPort=5357
FirewallRules: [{4E0A701E-D50D-4946-B668-2ACE2A6ED835}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [UDP Query User{C15ED996-8E9B-4F4B-9F3F-18C82D7A171A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [TCP Query User{D86E8BC9-9B73-4462-AA04-FB78196FFB07}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{16381798-9B4E-49B2-8214-BCA7E03D2826}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{AC3CB65F-0642-4236-89A1-BA3D4D3FEDF2}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{1BB55A3A-BDB7-4007-A6EA-DC957A36343E}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\bin\steamwebhelper.exe No File
FirewallRules: [{8A7F04DE-1D49-4AC4-96E1-B35C7520E726}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\bin\steamwebhelper.exe No File
FirewallRules: [{0BB00C81-3B19-4784-A62F-43E156C746B6}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\Steam.exe No File
FirewallRules: [{C723E612-5F9C-4C06-8664-7F61EAD6E67B}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\Steam.exe No File
FirewallRules: [{23FFBDCB-33E2-46DC-A998-50A3F9E88499}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{73D61D9A-207E-4845-9BF1-0204C59B0EAB}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CF065D4A-A0CB-45E2-B737-9C7D0A773C9D}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{943757AB-9F31-4F7A-ABE2-D02E0B6287B6}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{16875DED-515F-4B66-A8D9-159F0051C93E}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{27041887-BFF3-48F6-A3D8-31F683C09E8D}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{03DD9D65-8498-4CBC-9422-4BBDA1DDCEB2}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F1B7FF55-E610-4D92-AE37-78EFED235030}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
FirewallRules: [{A85B9D26-3B1F-4FC1-B133-3DEA25D6187A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E58D5E7E-782C-488E-856D-8BA8BC0C1E2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{16D9291C-E245-4A64-9537-7DCDF53EAE86}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8BDEB011-2904-4454-B4B3-A45C272D8BDE}] => (Allow) LPort=2869
FirewallRules: [{55062301-4487-428D-AC5E-22E5DA9F51AA}] => (Allow) LPort=1900
FirewallRules: [{B7D52757-FE20-48CD-8456-0940BBDA5D06}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1418DC7F-1C8B-4DC2-A5C3-33AC2B047D55}C:\users\evan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\evan\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [UDP Query User{FB80E8D5-452F-490B-908B-8B211416CF20}C:\users\evan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\evan\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [{D99AC034-07E5-41C3-9A8D-9E74BD3C4310}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{89173536-C8CE-477B-91B3-43A3B2484B2E}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{1A07CAAA-1FF4-459D-B696-1F75DB86B295}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6933FAC7-AD56-431D-9C09-201F629794E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2A947709-3EDB-4AA6-840D-1C645DCEDDEE}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe (Google LLC -> Google Inc.)
FirewallRules: [{D5E7354D-B581-405E-AA6B-9A82D0ACA99E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
23-12-2019 22:30:49 Before Spybot Forum Help Dec 23 2019
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (12/25/2019 10:23:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.18362.1, time stamp: 0x533f8404
Faulting module name: twinapi.appcore.dll, version: 10.0.18362.1, time stamp: 0x42f071ca
Exception code: 0xc000027b
Fault offset: 0x00000000000d5cc8
Faulting process id: 0x3274
Faulting application start time: 0x01d5bb372dd877a7
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: fb824233-1637-4f9a-afae-0d80a3dbca6d
Faulting package full name: 1508E719.MLB.TV_4.3.0.0_x64__9h0pwecjjphwj
Faulting package-relative application ID: App
Error: (12/25/2019 10:22:06 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15052,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (12/25/2019 10:20:59 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Office 16 Click-to-Run Extensibility Component -- Error 1704. An installation for Adobe Acrobat Reader DC is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
Error: (12/25/2019 10:11:09 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6556,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (12/25/2019 10:02:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.18362.387 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2f64
Start Time: 01d5bb342f5c11f0
Termination Time: 4294967295
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Report Id: 0eb7074f-3d21-43e3-8bff-1a80832743e1
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Hang type: Cross-thread
Error: (12/25/2019 09:43:25 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7528,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (12/24/2019 06:39:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.18362.1, time stamp: 0x533f8404
Faulting module name: twinapi.appcore.dll, version: 10.0.18362.1, time stamp: 0x42f071ca
Exception code: 0xc000027b
Fault offset: 0x00000000000d5cc8
Faulting process id: 0x13d4
Faulting application start time: 0x01d5bab36454958d
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 70601962-1307-4a78-8565-0025ccefcf03
Faulting package full name: 1508E719.MLB.TV_4.3.0.0_x64__9h0pwecjjphwj
Faulting package-relative application ID: App
Error: (12/24/2019 04:31:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.18362.1, time stamp: 0x533f8404
Faulting module name: twinapi.appcore.dll, version: 10.0.18362.1, time stamp: 0x42f071ca
Exception code: 0xc000027b
Fault offset: 0x00000000000d5cc8
Faulting process id: 0x13f0
Faulting application start time: 0x01d5baa186855a12
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 62ddf998-27f8-4d0c-9deb-7c7f5e495ce4
Faulting package full name: 1508E719.MLB.TV_4.3.0.0_x64__9h0pwecjjphwj
Faulting package-relative application ID: App
System errors:
=============
Error: (12/25/2019 10:14:51 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:47 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:43 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:39 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:35 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:32 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:28 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:24 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
CodeIntegrity:
===================================
Date: 2019-12-25 10:24:15.891
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:24:15.886
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:23:56.080
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:23:56.076
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:23:14.248
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:23:14.244
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:16:33.052
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:16:33.046
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: INSYDE Corp. 5.00 07/16/2015
Motherboard: FF50 06F2
Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 8106.14 MB
Available physical RAM: 4557.7 MB
Total Virtual: 9386.14 MB
Available Virtual: 6168.21 MB
==================== Drives ================================
Drive c: (TI10716100B) (Fixed) (Total:930.29 GB) (Free:740.86 GB) NTFS
\\?\Volume{c19e0a1a-83d5-4e41-84ce-c3fc70b75f75}\ () (Fixed) (Total:0.95 GB) (Free:0.4 GB) NTFS
\\?\Volume{7c6c66e1-7d6e-4b53-88df-3d70cc5053b7}\ (ESP) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-12-2019
Ran by Evan (administrator) on LAPTOP-9KG4QFMS (TOSHIBA Satellite C55-C) (25-12-2019 10:19:09)
Running from C:\Users\Evan\Desktop
Loaded Profiles: Evan (Available Profiles: Evan)
Platform: Windows 10 Home Version 1903 18362.418 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.12228.20364\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\System Setting\TCrdMain_Win8.exe
(TOSHIBA CORPORATION -> Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA CORPORATION -> TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA CORPORATION -> TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [601944 2015-08-14] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-23] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [268680 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [MRT] => C:\WINDOWS\system32\MRT.exe [127230528 2019-10-17] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-219441427-1511812545-325799061-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\Installer\chrmstp.exe [2019-12-23] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1000F1A4-6A4D-486E-9BAB-06CFDB90939F} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe
Task: {2ADCD8C2-8263-4192-8C1B-D9391FDD5221} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A9C7DE2-70C6-46CB-9487-50DF26995966} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-05] (Google Inc -> Google Inc.)
Task: {51563FA3-1AE9-4B8B-957B-1E24162831A5} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1873288 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {64550D90-6F01-4BE4-BFE3-A9DF7B5C924B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {754E16BD-3BA7-4073-8144-08DE143DBDA8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {75F74B4F-D598-4C92-99FB-DFBE70F5A02D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3933576 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
Task: {7856A58B-F9D8-4F26-B44B-91163C390519} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {85A32D42-EEB9-4A51-AFB0-4E95B0432D0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-12-05] (Google Inc -> Google Inc.)
Task: {A0031712-2DC9-4842-BBDD-ED7ADF7D0127} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [700040 2014-04-03] (TOSHIBA CORPORATION -> TOSHIBA Corporation)
Task: {A0D570E1-9D43-4245-A45F-3E9C9EE61F93} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1373592 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {B6A39BE8-0B4C-4981-9C6C-CC06580EC8F3} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [135504 2015-07-08] (TOSHIBA CORPORATION -> Toshiba Corporation)
Task: {B7C295CF-5154-44CC-BDE9-CAA34B5A3027} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {BE89278B-A8B7-4142-A18A-AA074DD28992} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
Task: {C141E928-EE54-416B-B75C-F304AD048002} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [112984 2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3BEE270-EFCC-477E-A741-2FCCB83F9F5D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_pepper.exe [1453112 2019-09-28] (Adobe Inc. -> Adobe)
Task: {E0B41339-B7E6-4183-9E3B-44C04DB02732} - System32\Tasks\Microsoft\Windows\rempl\shell-usoscan => C:\Program Files\rempl\remsh.exe
Task: {E114C354-D91C-44EF-B612-3E3B99709119} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {E9F07132-A572-4F6B-B1EA-ABE4DD162C04} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24671608 2019-12-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F8F35569-A792-48A2-BCB3-853793447E9E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{65d38424-445e-405a-a168-68ad940d6c8f}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{65d38424-445e-405a-a168-68ad940d6c8f}: [DhcpNameServer] 40.42.1.201
Tcpip\..\Interfaces\{6f041e61-5ab5-448f-a777-18db4cd52ef3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6f041e61-5ab5-448f-a777-18db4cd52ef3}: [DhcpNameServer] 10.0.0.1
Internet Explorer:
==================
HKU\S-1-5-21-219441427-1511812545-325799061-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-219441427-1511812545-325799061-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com?cid=H15C3
SearchScopes: HKU\S-1-5-21-219441427-1511812545-325799061-1001 -> DefaultScope {196494D6-F5AC-4C8C-84A0-D8F9A521DEFC} URL =
SearchScopes: HKU\S-1-5-21-219441427-1511812545-325799061-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-219441427-1511812545-325799061-1001 -> {196494D6-F5AC-4C8C-84A0-D8F9A521DEFC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: bpmb4f54.default
FF ProfilePath: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bpmb4f54.default [2019-09-28]
FF Homepage: Mozilla\Firefox\Profiles\bpmb4f54.default -> www.google.com
FF Extension: (Bing Search) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bpmb4f54.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-01-03] [Legacy]
FF Extension: (Toshiba Defaults) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bpmb4f54.default\Extensions\defaults@toshiba.com [2015-12-04] [Legacy]
FF Extension: (Avast SafePrice) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bpmb4f54.default\Extensions\sp@avast.com.xpi [2017-11-18] [UpdateUrl:hxxps://firefoxextension.avast.com/sp/update.json]
FF Extension: (Avast Online Security) - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bpmb4f54.default\Extensions\wrc@avast.com.xpi [2018-06-20]
FF SearchPlugin: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\bpmb4f54.default\searchplugins\bing-.xml [2016-01-03]
FF Extension: (Toshiba Defaults) - C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\defaults@toshiba.com [2018-02-10] [Legacy]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel(R) Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-12-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-16] (Google LLC -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-10-11] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Profile 3
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-09-27]
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-12-03]
CHR Extension: (Avast Online Security (BETA)) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2017-12-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-12-03]
CHR Extension: (Avast SafePrice) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-12-03]
CHR Extension: (Avast Online Security) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-12-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-02]
CHR Extension: (Chrome Media Router) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-03]
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-12-25]
CHR Extension: (Adobe Acrobat) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-10-16]
CHR Extension: (Google Docs Offline) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Avast Online Security) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-12-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-23]
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-09]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6259592 2019-12-23] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [996880 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-01-30] (BattlEye Innovations e.K. -> )
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe [74392 2019-10-24] (Google LLC -> Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11345992 2019-12-02] (Microsoft Corporation -> Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [370848 2019-05-05] (Intel Corporation -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [287240 2018-03-28] (Synaptics Incorporated -> Synaptics Incorporated)
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA CORPORATION -> TOSHIBA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-18] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120016 2018-12-29] (Wondershare Technology Co.,Ltd -> Wondershare)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37616 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [204824 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [274456 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [209552 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [65120 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2019-09-27] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [276952 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42736 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [161544 2019-11-01] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110320 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83792 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848432 2019-09-30] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460448 2019-09-30] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [236024 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316528 2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515792 2018-12-31] (Symantec Corporation -> Symantec Corporation)
S3 ElgatoGC658Y; C:\WINDOWS\System32\Drivers\ElgatoGC658.sys [43488 2015-11-06] (Elgato Systems LLC -> UB658)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153296 2019-01-09] (Symantec Corporation -> Symantec Corporation)
R3 QIOMem; C:\WINDOWS\System32\drivers\QIOMem.sys [14000 2015-05-05] (WDKTestCert 1,130752733198717037 -> TOSHIBA)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-12-12] (Realtek Semiconductor Corp -> Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [54792 2018-03-28] (Synaptics Incorporated -> Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [45720 2015-06-13] (TOSHIBA CORPORATION -> Toshiba Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
S3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2015-05-25] (Splitmedialabs Limited -> SplitmediaLabs Limited)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-12-25 10:19 - 2019-12-25 10:22 - 000025562 _____ C:\Users\Evan\Desktop\FRST.txt
2019-12-25 10:18 - 2019-12-25 10:21 - 000000000 ____D C:\FRST
2019-12-25 10:15 - 2019-12-25 10:15 - 002271744 _____ (Farbar) C:\Users\Evan\Desktop\FRST64.exe
2019-12-25 10:13 - 2019-12-25 10:13 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-LAPTOP-9KG4QFMS-Windows-10-Home-(64-bit).dat
2019-12-25 10:13 - 2019-12-25 10:13 - 000000000 ____D C:\RegBackup
2019-12-25 10:12 - 2019-12-25 10:12 - 000002319 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2019-12-25 10:12 - 2019-12-25 10:12 - 000002319 _____ C:\ProgramData\Desktop\Tweaking.com - Registry Backup.lnk
2019-12-25 10:12 - 2019-12-25 10:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2019-12-25 10:12 - 2019-12-25 10:12 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2019-12-25 10:11 - 2019-12-25 10:12 - 000019558 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2019-12-25 10:10 - 2019-12-25 10:10 - 005766144 _____ (Tweaking.com) C:\Users\Evan\Downloads\tweaking.com_registry_backup_setup (1).exe
2019-12-25 10:09 - 2019-12-25 10:09 - 005766144 _____ (Tweaking.com) C:\Users\Evan\Desktop\tweaking.com_registry_backup_setup.exe
2019-12-25 09:57 - 2019-12-25 09:57 - 000000080 ___SH C:\bootTel.dat
2019-12-23 22:18 - 2019-12-23 22:18 - 000000000 ____D C:\Users\Evan\Documents\Add-in Express
2019-12-05 01:20 - 2019-12-05 01:20 - 000000000 _____ C:\Users\Evan\AppData\Local\{0175564F-3257-48C0-B3E3-6D472A5975AC}
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-12-25 10:22 - 2019-03-18 23:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-12-25 10:20 - 2015-09-23 23:55 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-12-25 10:17 - 2015-12-06 20:00 - 001388432 _____ C:\Users\Public\VOIP.dat
2019-12-25 10:02 - 2019-09-27 21:37 - 000840848 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-12-25 10:02 - 2019-03-18 23:50 - 000000000 ____D C:\WINDOWS\INF
2019-12-25 10:02 - 2016-09-06 20:29 - 000000000 ____D C:\Users\Evan\AppData\Local\AVAST Software
2019-12-25 09:59 - 2017-09-18 02:04 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-12-25 09:59 - 2015-12-04 13:49 - 000000000 __SHD C:\Users\Evan\IntelGraphicsProfiles
2019-12-25 09:58 - 2019-09-27 22:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-12-25 09:56 - 2019-03-18 23:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2019-12-25 09:55 - 2019-03-18 23:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-12-25 09:51 - 2019-09-27 22:02 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{919BFABA-C22C-4537-8F90-E95D601417AD}
2019-12-25 09:33 - 2019-09-27 21:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-12-24 16:24 - 2016-11-16 16:07 - 000000000 ____D C:\Users\Evan\Desktop\Roto
2019-12-24 16:20 - 2019-09-27 22:02 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2019-12-23 22:42 - 2019-01-10 23:15 - 000000000 ____D C:\Users\Evan\Desktop\Roto 2019
2019-12-23 22:19 - 2015-09-23 23:53 - 000000000 ____D C:\ProgramData\WinZip
2019-12-23 22:14 - 2016-04-28 23:02 - 000000000 ____D C:\ProgramData\Apple
2019-12-23 22:13 - 2016-02-07 13:29 - 000000000 ____D C:\Program Files\OBS
2019-12-23 22:13 - 2016-02-07 13:29 - 000000000 ____D C:\Program Files (x86)\OBS
2019-12-23 22:12 - 2016-01-11 19:57 - 000000000 ____D C:\Program Files\InterActual
2019-12-23 22:02 - 2019-09-27 21:26 - 000000000 ____D C:\Users\Evan
2019-12-23 22:01 - 2018-01-15 17:36 - 000000000 ____D C:\Users\Evan\AppData\Roaming\DVDVideoSoft
2019-12-23 21:48 - 2015-12-06 19:47 - 000000000 ____D C:\Users\Evan\Desktop\Evan's files
2019-12-23 21:38 - 2016-12-24 20:28 - 000000000 ____D C:\Program Files (x86)\iMobie
2019-12-23 21:27 - 2019-02-25 20:35 - 000000000 ____D C:\ProgramData\Wondershare
2019-12-23 21:27 - 2019-02-25 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2019-12-23 21:27 - 2015-09-23 23:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-12-23 21:26 - 2015-09-23 23:46 - 000000000 ____D C:\ProgramData\CyberLink
2019-12-23 21:24 - 2016-03-03 17:11 - 000000000 ____D C:\Program Files (x86)\Minecraft
2019-12-23 21:22 - 2015-12-05 17:00 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-12-23 21:22 - 2015-12-05 17:00 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-12-23 21:22 - 2015-12-05 17:00 - 000002271 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2019-12-23 20:51 - 2019-09-28 05:50 - 000185665 ____H C:\Users\Evan\AppData\Local\IconCache.db.backup
2019-12-16 21:09 - 2019-09-27 22:02 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2019-12-16 21:09 - 2019-09-27 22:02 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories ========
2015-12-06 20:00 - 2019-12-25 10:17 - 001388432 _____ () C:\Users\Public\VOIP.dat
2019-12-05 01:20 - 2019-12-05 01:20 - 000000000 _____ () C:\Users\Evan\AppData\Local\{0175564F-3257-48C0-B3E3-6D472A5975AC}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-12-2019
Ran by Evan (25-12-2019 10:23:16)
Running from C:\Users\Evan\Desktop
Windows 10 Home Version 1903 18362.418 (X64) (2019-09-28 03:04:35)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-219441427-1511812545-325799061-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-219441427-1511812545-325799061-503 - Limited - Disabled)
Evan (S-1-5-21-219441427-1511812545-325799061-1001 - Administrator - Enabled) => C:\Users\Evan
Guest (S-1-5-21-219441427-1511812545-325799061-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-219441427-1511812545-325799061-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20056 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.255 - Adobe)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Bluetooth(R) Link (HKLM\...\{936D21BF-3344-4B20-BC4C-3B67580C19F5}) (Version: 4.3.04 - Toshiba Corporation)
Chrome Remote Desktop Host (HKLM-x32\...\{738276A2-92E7-4313-9E4D-D090F7DA98EC}) (Version: 79.0.3945.10 - Google Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.43.53 - Conexant)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5509.05 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5070 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.12228.20364 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12228.20364 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.29089 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.182 - Synaptics Incorporated)
TI Connect™ CE (HKLM-x32\...\{30258E3F-5B74-4450-8188-3221682375F4}) (Version: 5.2.0.51 - Texas Instruments Inc.)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.8 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.0.9 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.1.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 8.1.1.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{0DFA8761-7735-4DE8-A0EB-2286578DCFC6}) (Version: 2.6.14 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 2.00.0005 - Toshiba Corporation)
TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.1.6403 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.1.2 - TOSHIBA)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Packages:
=========
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2811.0_x64__343d40qqvtj1t [2018-06-27] (Amazon.com)
AOL Video -> C:\Program Files\WindowsApps\Aol.AOLOn_1.1.28.0_neutral__95th8zv6cmbrc [2017-05-03] (AOL)
Asphalt 8: Airborne -> C:\Program Files\WindowsApps\GAMELOFTSA.Asphalt8Airborne_4.6.0.8_x86__0pp20fcewvvtj [2019-11-01] (GAMELOFT SA)
Baseball.free -> C:\Program Files\WindowsApps\45515SkyLineGames.Baseball.free_1.2.3.0_x64__zrw4chdf0m07a [2019-06-16] (SkyLine Gamez) [MS Ad]
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_4.5.0.8_x86__h6adky7gbf63m [2019-11-20] (Gameloft.)
Evernote -> C:\Program Files\WindowsApps\Evernote.Evernote_6.21.8716.0_x86__q4d96b2w5wcc2 [2019-10-17] (Evernote)
Fallout Shelter -> C:\Program Files\WindowsApps\BethesdaSoftworks.FalloutShelter_1.13.156.2_x64__3275kfvn8vcwc [2018-10-24] (Bethesda Softworks)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_105.1.623.0_x64__v10z8vjag6ke6 [2019-11-20] (HP Inc.)
Hulu -> C:\Program Files\WindowsApps\HuluLLC.HuluPlus_2.5.3.0_neutral__fphbd361v8tya [2019-03-09] (Hulu.)
iHeartRadio -> C:\Program Files\WindowsApps\ClearChannelRadioDigital.iHeartRadio_6.0.44.0_x64__a76a11dkgb644 [2019-08-14] (iHeartMedia.)
INSTEON for Hub -> C:\Program Files\WindowsApps\SmartLabs.INSTEONforHub_1.2.1.18_x86__4162j3jeed9tp [2016-11-08] (SmartLabs)
Kindle -> C:\Program Files\WindowsApps\AMZNMobileLLC.KindleforWindows8_2.1.0.2_neutral__stfe6vwa9jnbp [2015-12-06] (AMZN Mobile LLC)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20206.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2018-11-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2018-11-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.13.105.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Studios)
MLB.TV -> C:\Program Files\WindowsApps\1508E719.MLB.TV_4.3.0.0_x64__9h0pwecjjphwj [2016-10-26] (MLB Advanced Media L.P.)
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-14] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad]
My Toshiba -> C:\Program Files\WindowsApps\EnnovaResearch.ToshibaPlaces_3.2.49.0_x64__3s2an63h56yee [2016-02-08] (Ennova Research)
MyMusicCloud - Toshiba -> C:\Program Files\WindowsApps\TriPlayInc.MyMusicCloud-Toshiba_1.0.50.2550_x86__rejfh65ekdhs8 [2017-01-24] (TriPlay Inc)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-25] (Netflix, Inc.)
Texture - Unlimited Magazines -> C:\Program Files\WindowsApps\NextIssue.NextIssueMagazines_1.6.1.0_x64__91pt4qm2m3xcw [2015-12-18] (NEXT ISSUE MEDIA LLC)
TripAdvisor Hotels Flights Restaurants -> C:\Program Files\WindowsApps\TripAdvisorLLC.TripAdvisorHotelsFlightsRestaurants_1.5.10.0_x64__qj0v5chwq8f2g [2016-11-17] (TripAdvisor LLC)
TruRecorder -> C:\Program Files\WindowsApps\7906AAC0.TruRecorder_2.2.39.0_x86__nvaxck9xhg5vg [2019-11-07] (Dynabook Inc.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2016-04-02] (Microsoft Corporation) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2017-02-14] (Microsoft Corporation)
Zappos.com -> C:\Program Files\WindowsApps\ZapposIPInc.Zappos.com_1.1.0.72_neutral__5e9xhf7t0emqp [2016-03-17] (Zappos IP Inc.)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2015-09-23] (Zinio LLC)
ZUUS -> C:\Program Files\WindowsApps\181132B7.ZUUS_1.1.0.0_neutral__zrxb4n2dhz0mw [2015-09-24] (ZUUS Media, Inc.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-219441427-1511812545-325799061-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Evan\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-219441427-1511812545-325799061-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Evan\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-219441427-1511812545-325799061-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Evan\AppData\Local\Microsoft\OneDrive\19.192.0926.0012\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2019-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-09-27] (AVAST Software s.r.o. -> AVAST Software)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Cut the Rope.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" --app-id=jfbadlndcminbkfojhlimnkgaackjmdo
ShortcutWithArgument: C:\Users\Evan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Public\AppData:CSM [466]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 06:04 - 2019-01-04 03:51 - 000000943 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-219441427-1511812545-325799061-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Evan\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\kobe.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Ear Trumpet.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-219441427-1511812545-325799061-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-219441427-1511812545-325799061-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-219441427-1511812545-325799061-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-219441427-1511812545-325799061-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-219441427-1511812545-325799061-1001\...\StartupApproved\Run: => "Selection Tools"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{114DCF7D-92A1-48BC-9722-387C9C5F2E65}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [TCP Query User{27303508-BAA8-431B-95D2-8092EEB3597C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe No File
FirewallRules: [UDP Query User{77617336-D27A-45C1-A8B3-940C9CC383C4}C:\users\evan\desktop\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\evan\desktop\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [TCP Query User{AFE6A7F3-407B-408B-AA77-15C8AF0FA315}C:\users\evan\desktop\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\users\evan\desktop\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe No File
FirewallRules: [UDP Query User{6E347067-A118-430E-BEE5-926710294422}C:\users\evan\desktop\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\users\evan\desktop\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{1219A958-769B-443B-820D-9DBE48B3C2FB}C:\users\evan\desktop\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\users\evan\desktop\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{EF6E686F-A5D6-4498-B3F1-CA73C35CD865}C:\users\evan\desktop\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\users\evan\desktop\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [TCP Query User{A45187FF-2CD0-42C6-9992-D6BA7AD0A619}C:\users\evan\desktop\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\users\evan\desktop\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe No File
FirewallRules: [UDP Query User{D4CA2698-15D0-465E-95EC-59346AE723CC}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [TCP Query User{07319ABC-BA9A-4265-A4FC-214C4A7AB172}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{69F2A5E7-D720-481E-A6D6-0C4A78D5AF6A}C:\users\evan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evan\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [TCP Query User{45FEF741-69D8-46E5-9309-EE4AB5312A52}C:\users\evan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evan\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [{486E2CCF-F506-4113-BC08-9D082F878B51}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{27281003-414F-4E2B-972C-D8F65E77979E}] => (Allow) LPort=5357
FirewallRules: [{4E0A701E-D50D-4946-B668-2ACE2A6ED835}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [UDP Query User{C15ED996-8E9B-4F4B-9F3F-18C82D7A171A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [TCP Query User{D86E8BC9-9B73-4462-AA04-FB78196FFB07}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{16381798-9B4E-49B2-8214-BCA7E03D2826}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{AC3CB65F-0642-4236-89A1-BA3D4D3FEDF2}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\steamapps\common\Counter-Strike Global Offensive\csgo.exe No File
FirewallRules: [{1BB55A3A-BDB7-4007-A6EA-DC957A36343E}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\bin\steamwebhelper.exe No File
FirewallRules: [{8A7F04DE-1D49-4AC4-96E1-B35C7520E726}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\bin\steamwebhelper.exe No File
FirewallRules: [{0BB00C81-3B19-4784-A62F-43E156C746B6}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\Steam.exe No File
FirewallRules: [{C723E612-5F9C-4C06-8664-7F61EAD6E67B}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\Steam.exe No File
FirewallRules: [{23FFBDCB-33E2-46DC-A998-50A3F9E88499}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{73D61D9A-207E-4845-9BF1-0204C59B0EAB}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CF065D4A-A0CB-45E2-B737-9C7D0A773C9D}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{943757AB-9F31-4F7A-ABE2-D02E0B6287B6}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{16875DED-515F-4B66-A8D9-159F0051C93E}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{27041887-BFF3-48F6-A3D8-31F683C09E8D}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{03DD9D65-8498-4CBC-9422-4BBDA1DDCEB2}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F1B7FF55-E610-4D92-AE37-78EFED235030}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
FirewallRules: [{A85B9D26-3B1F-4FC1-B133-3DEA25D6187A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E58D5E7E-782C-488E-856D-8BA8BC0C1E2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{16D9291C-E245-4A64-9537-7DCDF53EAE86}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8BDEB011-2904-4454-B4B3-A45C272D8BDE}] => (Allow) LPort=2869
FirewallRules: [{55062301-4487-428D-AC5E-22E5DA9F51AA}] => (Allow) LPort=1900
FirewallRules: [{B7D52757-FE20-48CD-8456-0940BBDA5D06}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{1418DC7F-1C8B-4DC2-A5C3-33AC2B047D55}C:\users\evan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\evan\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [UDP Query User{FB80E8D5-452F-490B-908B-8B211416CF20}C:\users\evan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\evan\appdata\roaming\spotify\spotify.exe No File
FirewallRules: [{D99AC034-07E5-41C3-9A8D-9E74BD3C4310}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{89173536-C8CE-477B-91B3-43A3B2484B2E}] => (Allow) C:\Users\Evan\Desktop\Evan's files\Downloads\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{1A07CAAA-1FF4-459D-B696-1F75DB86B295}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6933FAC7-AD56-431D-9C09-201F629794E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2A947709-3EDB-4AA6-840D-1C645DCEDDEE}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe (Google LLC -> Google Inc.)
FirewallRules: [{D5E7354D-B581-405E-AA6B-9A82D0ACA99E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
23-12-2019 22:30:49 Before Spybot Forum Help Dec 23 2019
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (12/25/2019 10:23:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.18362.1, time stamp: 0x533f8404
Faulting module name: twinapi.appcore.dll, version: 10.0.18362.1, time stamp: 0x42f071ca
Exception code: 0xc000027b
Fault offset: 0x00000000000d5cc8
Faulting process id: 0x3274
Faulting application start time: 0x01d5bb372dd877a7
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: fb824233-1637-4f9a-afae-0d80a3dbca6d
Faulting package full name: 1508E719.MLB.TV_4.3.0.0_x64__9h0pwecjjphwj
Faulting package-relative application ID: App
Error: (12/25/2019 10:22:06 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15052,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (12/25/2019 10:20:59 AM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Office 16 Click-to-Run Extensibility Component -- Error 1704. An installation for Adobe Acrobat Reader DC is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
Error: (12/25/2019 10:11:09 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6556,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (12/25/2019 10:02:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.18362.387 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2f64
Start Time: 01d5bb342f5c11f0
Termination Time: 4294967295
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Report Id: 0eb7074f-3d21-43e3-8bff-1a80832743e1
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
Hang type: Cross-thread
Error: (12/25/2019 09:43:25 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7528,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (12/24/2019 06:39:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.18362.1, time stamp: 0x533f8404
Faulting module name: twinapi.appcore.dll, version: 10.0.18362.1, time stamp: 0x42f071ca
Exception code: 0xc000027b
Fault offset: 0x00000000000d5cc8
Faulting process id: 0x13d4
Faulting application start time: 0x01d5bab36454958d
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 70601962-1307-4a78-8565-0025ccefcf03
Faulting package full name: 1508E719.MLB.TV_4.3.0.0_x64__9h0pwecjjphwj
Faulting package-relative application ID: App
Error: (12/24/2019 04:31:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.18362.1, time stamp: 0x533f8404
Faulting module name: twinapi.appcore.dll, version: 10.0.18362.1, time stamp: 0x42f071ca
Exception code: 0xc000027b
Fault offset: 0x00000000000d5cc8
Faulting process id: 0x13f0
Faulting application start time: 0x01d5baa186855a12
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 62ddf998-27f8-4d0c-9deb-7c7f5e495ce4
Faulting package full name: 1508E719.MLB.TV_4.3.0.0_x64__9h0pwecjjphwj
Faulting package-relative application ID: App
System errors:
=============
Error: (12/25/2019 10:14:51 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:47 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:43 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:39 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:35 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:32 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:28 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (12/25/2019 10:14:24 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
CodeIntegrity:
===================================
Date: 2019-12-25 10:24:15.891
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:24:15.886
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:23:56.080
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:23:56.076
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:23:14.248
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:23:14.244
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:16:33.052
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2019-12-25 10:16:33.046
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: INSYDE Corp. 5.00 07/16/2015
Motherboard: FF50 06F2
Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 8106.14 MB
Available physical RAM: 4557.7 MB
Total Virtual: 9386.14 MB
Available Virtual: 6168.21 MB
==================== Drives ================================
Drive c: (TI10716100B) (Fixed) (Total:930.29 GB) (Free:740.86 GB) NTFS
\\?\Volume{c19e0a1a-83d5-4e41-84ce-c3fc70b75f75}\ () (Fixed) (Total:0.95 GB) (Free:0.4 GB) NTFS
\\?\Volume{7c6c66e1-7d6e-4b53-88df-3d70cc5053b7}\ (ESP) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================