Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windows 10 computer slow

windows 10

  • Please log in to reply

#1
gweng

gweng

    Member

  • Member
  • PipPip
  • 50 posts

I am working on my husband's computer for him. The computer is "acting up". It is slow and sometimes does not completely boot up. There are no specific errors reports. The latest malwarebytes scan shows no issues. I have just installed all available Windows and system updates.

 

Here are the FRST scan reports as requested:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-06-2019
Ran by dmgsk (administrator) on DMG-DELL-LAPTOP (Dell Inc. Inspiron 7573) (06-06-2019 17:23:23)
Running from C:\Users\dmgsk\Desktop
Loaded Profiles: dmgsk (Available Profiles: dmgsk)
Platform: Windows 10 Home Version 1803 17134.765 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Creative Home) [File not signed] C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2018 Deluxe\Planner\PLNRnote.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_842874489af34daa\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_842874489af34daa\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_842874489af34daa\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_842874489af34daa\IntelCpHeciSvc.exe
(Intel® Software Development Products -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\dmgsk\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe
(Pro Softnet Corporation -> Prosoftnet) [File not signed] C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Pro Softnet Corporation -> Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
Failed to access process -> WavesSvc64.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RTKNGUI] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9226728 2017-05-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [989576 2017-05-24] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [834336 2019-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [77496 2018-10-31] (Pro Softnet Corporation -> Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [2013200 2018-10-31] (Pro Softnet Corporation -> Prosoftnet) [File not signed]
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [AddressBookReminderApp] => C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2018 Deluxe\ReminderApp.exe
HKU\S-1-5-21-526892741-2499307875-880777781-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2019-03-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-526892741-2499307875-880777781-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [570368 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\Installer\chrmstp.exe [2019-05-26] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk [2018-11-07]
ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2018 Deluxe\Planner\PLNRnote.exe (Creative Home) [File not signed]
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {053ABB56-8207-488A-9999-04762F27B84B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26166344 2019-05-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {090207EF-BB52-4BE3-926E-148FC63CD50D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2C57557C-4C47-40F8-88D0-B8AA4BCC5CC5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6364808 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {2E4B8D2B-91E6-442E-BB42-F0E1F946F65B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-26] (Google Inc -> Google LLC)
Task: {5D1505E1-140A-4B79-A948-F323A82AE22B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149520 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {64DE4AEC-55A4-439F-9F28-2CD5AEC08E11} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {765EB6BF-4723-4A01-A589-105025DD9591} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6364808 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {85789D1C-C923-4301-A6CE-0BE71947E4D5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209368 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {897EA98A-09BC-4BA6-9BCE-9605A80B4118} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8FF45C11-5FF4-49A2-9FBA-FA933E5EA649} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149520 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0B014CB-3AE6-40D9-BBAB-E48AD7804EB7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26166344 2019-05-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {B3A309A8-7C2A-45D1-A9B6-15AB1089DB17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-26] (Google Inc -> Google LLC)
Task: {BE425B5F-55FC-42B5-8E2B-47595F72EF91} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {D73C1262-8859-45B2-99E1-6C5F2267CE81} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MpCmdRun.exe [469960 2019-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D758B6EF-BC75-4AF4-A9E8-93A5D0319751} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209368 2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{135e1f26-0db5-48f8-bab1-5166153d098e}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{1897693b-e664-4acc-81cb-03578f0444a1}: [DhcpNameServer] 10.1.0.50 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{b09812bd-ea88-4bdc-b8c3-5b1d721cfc86}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-526892741-2499307875-880777781-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-26] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-26] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-526892741-2499307875-880777781-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\dmgsk\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-12-12] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\dmgsk\AppData\Local\Google\Chrome\User Data\Default [2019-06-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dmgsk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-05-26]
CHR Extension: (Chrome Media Router) - C:\Users\dmgsk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-26]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_10d045798a3d667e\aesm_service.exe [3367272 2018-11-28] (Intel® Software Development Products -> Intel Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11145800 2019-05-22] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208792 2018-02-10] (Dell Inc -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3346320 2018-02-10] (Dell Inc -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217488 2018-02-10] (Dell Inc -> Dell Inc.)
R2 esifsvc; C:\Windows\system32\Intel\DPTF\esif_uf.exe [1701480 2017-07-18] (Intel Corporation -> Intel Corporation)
S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2413720 2017-06-09] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [507000 2017-04-21] (Intel Corporation - pGFX -> Intel Corporation)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [242872 2018-10-31] (Pro Softnet Corporation -> Prosoftnet)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 RtkAudioUniversalService; C:\Windows\System32\RtkAudUService64.exe [834336 2019-02-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [45528 2018-06-05] (Dell Inc. -> Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [604552 2017-05-24] (Waves Inc -> Waves Audio Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-06] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AX88179; C:\Windows\System32\drivers\ax88179_178a.sys [74240 2018-04-11] (Microsoft Windows -> ASIX Electronics Corp.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Techporch Incorporated -> Dell Inc.)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [41208 2018-02-10] (Techporch Incorporated -> Dell Computer Corporation)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [74168 2017-07-18] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [69560 2017-07-18] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [382392 2017-07-18] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-05-14] (Malwarebytes Corporation -> Malwarebytes)
R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [54816 2017-06-12] (Intel® Software -> Intel Corporation)
R3 HID_PCI; C:\Windows\System32\drivers\HID_PCI.sys [32888 2017-05-10] (Intel® Embedded Subsystems and IP Blocks Group -> Intel)
S3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [97912 2017-05-09] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S3 iaStorAfs; C:\Windows\System32\drivers\iaStorAfs.sys [70632 2017-06-09] (Intel® Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [244744 2017-04-14] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
R3 ISH; C:\Windows\System32\drivers\ISH.sys [152184 2017-05-10] (Intel® Embedded Subsystems and IP Blocks Group -> Intel)
R3 ISH_BusDriver; C:\Windows\System32\drivers\ISH_BusDriver.sys [88184 2017-05-10] (Intel® Embedded Subsystems and IP Blocks Group -> Intel)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-05-14] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [127136 2019-06-06] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73912 2019-06-06] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-06-06] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [117344 2019-06-06] (Malwarebytes Corporation -> Malwarebytes)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [8623128 2018-04-04] (Intel® Wireless Connectivity Solutions -> Intel Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [27584 2018-03-14] (NVIDIA Corporation -> Windows ® Win 7 DDK provider)
S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [58816 2018-03-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [420832 2017-04-27] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
S3 rtux64w10; C:\Windows\System32\drivers\rtux64w10.sys [427488 2017-08-29] (Realtek Semiconductor Corp. -> Realtek Corporation )
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [42000 2016-10-31] (Intel® Software -> Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [47496 2019-06-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [337632 2019-06-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-06] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; \??\C:\CTS\Test\OpenHardwareMonitorLib.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-06-06 17:23 - 2019-06-06 17:24 - 000024838 _____ C:\Users\dmgsk\Desktop\FRST.txt
2019-06-06 17:17 - 2019-06-06 17:17 - 000073912 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-06-06 17:16 - 2019-06-06 17:16 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-06-06 17:16 - 2019-06-06 17:16 - 000127136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-06-06 17:16 - 2019-06-06 17:16 - 000117344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-06-06 17:09 - 2019-06-06 17:09 - 000000000 ____D C:\Windows\LastGood.Tmp
2019-06-06 15:11 - 2019-06-06 17:23 - 000000000 ____D C:\FRST
2019-06-06 15:08 - 2019-06-06 15:08 - 002417664 _____ (Farbar) C:\Users\dmgsk\Desktop\FRST64.exe
2019-06-01 17:09 - 2019-06-01 17:09 - 000000000 ___HD C:\OneDriveTemp
2019-05-30 16:48 - 2019-06-06 17:03 - 000000000 ____D C:\Windows\System32\Tasks\NCH Software
2019-05-30 16:48 - 2019-05-30 16:48 - 000001366 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2019-05-30 16:48 - 2019-05-30 16:48 - 000001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk
2019-05-30 16:48 - 2019-05-30 16:48 - 000001214 _____ C:\Users\Public\Desktop\PhotoPad Image Editor.lnk
2019-05-30 16:48 - 2019-05-30 16:48 - 000000000 ____D C:\Users\dmgsk\AppData\Roaming\NCH Software
2019-05-30 16:48 - 2019-05-30 16:48 - 000000000 ____D C:\ProgramData\NCH Software
2019-05-30 16:48 - 2019-05-30 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2019-05-30 16:48 - 2019-05-30 16:48 - 000000000 ____D C:\Program Files (x86)\NCH Software
2019-05-28 16:16 - 2019-05-28 16:16 - 000000000 ____D C:\Users\dmgsk\AppData\Local\iSpring Solutions
2019-05-28 16:11 - 2019-05-28 16:11 - 000000000 ____D C:\Users\dmgsk\AppData\Local\CEF
2019-05-28 16:09 - 2019-05-28 16:09 - 000001057 _____ C:\Users\Public\Desktop\iSpring Suite 8.lnk
2019-05-28 16:09 - 2019-05-28 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpring Suite 8
2019-05-28 16:07 - 2019-05-28 16:07 - 000000000 ____D C:\Users\Public\Documents\iSpring Suite 8
2019-05-28 15:53 - 2019-05-30 17:16 - 000000704 ____H C:\Users\dmgsk\AppData\Roaming\d9135c394decbfc1cfce595848be5701eeb798e2
2019-05-28 15:53 - 2019-05-30 17:16 - 000000704 ____H C:\ProgramData\d9135c394decbfc1cfce595848be5701eeb798e2
2019-05-28 15:53 - 2019-05-28 15:53 - 000000128 ____H C:\Users\dmgsk\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2019-05-28 15:53 - 2019-05-28 15:53 - 000000128 ____H C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6
2019-05-26 16:05 - 2019-05-26 16:05 - 000003418 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-26 16:05 - 2019-05-26 16:05 - 000003294 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-26 16:05 - 2019-05-26 16:05 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-26 16:05 - 2019-05-26 16:05 - 000002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-26 16:05 - 2019-05-26 16:05 - 000000000 ____D C:\Program Files (x86)\Google
2019-05-25 15:37 - 2019-06-06 13:37 - 000004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{56CC69CE-F869-4696-B7CE-0F588399FDDC}
2019-05-23 12:29 - 2019-05-23 12:29 - 002983190 _____ C:\Users\dmgsk\Documents\2019 Dave bday.hmk
2019-05-23 12:18 - 2019-05-23 12:18 - 001778775 _____ C:\Users\dmgsk\Documents\2019 Debbie Miles bday.hmk
2019-05-16 13:44 - 2019-05-16 13:44 - 006429781 _____ C:\Users\dmgsk\Documents\2019 Thanks to Becky.hmk
2019-05-16 13:23 - 2019-05-16 13:23 - 005230339 _____ C:\Users\dmgsk\Documents\2019 Thanks to Bruce and Ann.hmk
2019-05-16 13:00 - 2019-05-16 13:01 - 004134179 _____ C:\Users\dmgsk\Documents\2019 Thanks to Andy and Shirley.hmk
2019-05-14 20:40 - 2019-05-14 20:40 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-05-14 20:07 - 2019-05-03 05:51 - 003613696 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-05-14 20:07 - 2019-05-03 05:28 - 002882048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-05-14 20:07 - 2019-05-03 00:36 - 001035256 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-05-14 20:07 - 2019-05-03 00:33 - 005625152 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2019-05-14 20:07 - 2019-05-03 00:33 - 001219896 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-05-14 20:07 - 2019-05-03 00:33 - 001027384 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-05-14 20:07 - 2019-05-03 00:31 - 009084432 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-05-14 20:07 - 2019-05-03 00:31 - 007519888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-05-14 20:07 - 2019-05-03 00:31 - 007436536 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-05-14 20:07 - 2019-05-03 00:31 - 002811192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-05-14 20:07 - 2019-05-03 00:31 - 002771256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-05-14 20:07 - 2019-05-03 00:19 - 006043712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-05-14 20:07 - 2019-05-03 00:18 - 006569344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-14 20:07 - 2019-05-03 00:18 - 002258640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-05-14 20:07 - 2019-05-03 00:12 - 025855488 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-05-14 20:07 - 2019-05-03 00:10 - 022017024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-05-14 20:07 - 2019-05-03 00:05 - 022716416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-05-14 20:07 - 2019-05-03 00:02 - 019401216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-05-14 20:07 - 2019-05-03 00:02 - 004866048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-05-14 20:07 - 2019-05-03 00:01 - 008189440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2019-05-14 20:07 - 2019-05-03 00:00 - 006661632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-05-14 20:07 - 2019-05-03 00:00 - 003400192 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-05-14 20:07 - 2019-05-02 23:59 - 007593472 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-05-14 20:07 - 2019-05-02 23:59 - 005788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-05-14 20:07 - 2019-05-02 23:59 - 003710976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-05-14 20:07 - 2019-05-02 23:57 - 001826816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2019-05-14 20:07 - 2019-05-02 23:57 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-05-14 20:07 - 2019-05-02 23:56 - 005350912 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-05-14 20:07 - 2019-05-02 23:56 - 001803776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-05-14 20:07 - 2019-05-02 23:55 - 003090432 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2019-05-14 20:07 - 2019-05-02 23:55 - 002166784 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-05-14 20:07 - 2019-05-02 23:54 - 004929024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-05-14 20:07 - 2019-05-02 23:54 - 001628672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-05-14 20:07 - 2019-05-02 23:54 - 001097728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-05-14 20:07 - 2019-04-19 04:39 - 012754944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-05-14 20:07 - 2019-04-19 03:28 - 011940864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-05-14 20:07 - 2019-04-18 23:06 - 002571632 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-05-14 20:07 - 2019-04-18 23:01 - 001982008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-05-14 20:07 - 2019-04-18 22:42 - 004384256 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2019-05-14 20:07 - 2019-04-18 22:39 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2019-05-14 20:07 - 2019-04-18 22:38 - 002368512 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2019-05-14 20:07 - 2019-04-18 22:36 - 002909696 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-05-14 20:07 - 2019-04-18 22:35 - 001458688 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2019-05-14 20:07 - 2019-04-18 22:35 - 001175552 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2019-05-14 20:07 - 2019-04-18 22:35 - 001156608 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-05-14 20:06 - 2019-05-03 06:14 - 000790208 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2019-05-14 20:06 - 2019-05-03 06:13 - 001376472 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2019-05-14 20:06 - 2019-05-03 06:13 - 000396088 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-05-14 20:06 - 2019-05-03 05:55 - 000123392 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-05-14 20:06 - 2019-05-03 05:54 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2019-05-14 20:06 - 2019-05-03 05:52 - 000119808 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-05-14 20:06 - 2019-05-03 05:51 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-05-14 20:06 - 2019-05-03 05:50 - 004054528 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-05-14 20:06 - 2019-05-03 05:50 - 001663488 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-05-14 20:06 - 2019-05-03 05:49 - 001288704 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-05-14 20:06 - 2019-05-03 05:49 - 000488448 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-05-14 20:06 - 2019-05-03 05:49 - 000210944 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-05-14 20:06 - 2019-05-03 05:43 - 001027008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-05-14 20:06 - 2019-05-03 05:43 - 000662328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2019-05-14 20:06 - 2019-05-03 05:30 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-05-14 20:06 - 2019-05-03 05:30 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-05-14 20:06 - 2019-05-03 05:28 - 000089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2019-05-14 20:06 - 2019-05-03 05:27 - 000176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-05-14 20:06 - 2019-05-03 05:26 - 000425472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-05-14 20:06 - 2019-05-03 05:25 - 004055040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-05-14 20:06 - 2019-05-03 05:25 - 001471488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-05-14 20:06 - 2019-05-03 00:43 - 000177128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2019-05-14 20:06 - 2019-05-03 00:34 - 000159864 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-05-14 20:06 - 2019-05-03 00:33 - 000709720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-05-14 20:06 - 2019-05-03 00:33 - 000568104 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2019-05-14 20:06 - 2019-05-03 00:33 - 000134968 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-05-14 20:06 - 2019-05-03 00:33 - 000076088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-05-14 20:06 - 2019-05-03 00:33 - 000063072 _____ (Microsoft Corporation) C:\Windows\system32\cryptdll.dll
2019-05-14 20:06 - 2019-05-03 00:32 - 000793640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2019-05-14 20:06 - 2019-05-03 00:32 - 000776784 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-05-14 20:06 - 2019-05-03 00:32 - 000493880 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-05-14 20:06 - 2019-05-03 00:32 - 000438984 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-05-14 20:06 - 2019-05-03 00:32 - 000209208 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-05-14 20:06 - 2019-05-03 00:32 - 000170296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-05-14 20:06 - 2019-05-03 00:32 - 000164664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2019-05-14 20:06 - 2019-05-03 00:31 - 001459328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-05-14 20:06 - 2019-05-03 00:31 - 001260480 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-05-14 20:06 - 2019-05-03 00:31 - 001141224 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-05-14 20:06 - 2019-05-03 00:31 - 001098064 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2019-05-14 20:06 - 2019-05-03 00:31 - 000983632 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2019-05-14 20:06 - 2019-05-03 00:31 - 000545808 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-05-14 20:06 - 2019-05-03 00:31 - 000412984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-05-14 20:06 - 2019-05-03 00:31 - 000115728 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2019-05-14 20:06 - 2019-05-03 00:20 - 000434704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-05-14 20:06 - 2019-05-03 00:20 - 000384976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-05-14 20:06 - 2019-05-03 00:20 - 000192016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-05-14 20:06 - 2019-05-03 00:20 - 000146920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-05-14 20:06 - 2019-05-03 00:19 - 000665224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-05-14 20:06 - 2019-05-03 00:19 - 000056288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll
2019-05-14 20:06 - 2019-05-03 00:18 - 001130568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2019-05-14 20:06 - 2019-05-03 00:00 - 000120832 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll
2019-05-14 20:06 - 2019-05-03 00:00 - 000099328 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2019-05-14 20:06 - 2019-05-02 23:59 - 001307648 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2019-05-14 20:06 - 2019-05-02 23:59 - 000514560 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2019-05-14 20:06 - 2019-05-02 23:59 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2019-05-14 20:06 - 2019-05-02 23:59 - 000204288 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2019-05-14 20:06 - 2019-05-02 23:59 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-05-14 20:06 - 2019-05-02 23:58 - 002175488 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-05-14 20:06 - 2019-05-02 23:58 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2019-05-14 20:06 - 2019-05-02 23:58 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2019-05-14 20:06 - 2019-05-02 23:58 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-05-14 20:06 - 2019-05-02 23:58 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-05-14 20:06 - 2019-05-02 23:58 - 000462336 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2019-05-14 20:06 - 2019-05-02 23:58 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2019-05-14 20:06 - 2019-05-02 23:57 - 001560576 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-05-14 20:06 - 2019-05-02 23:57 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-05-14 20:06 - 2019-05-02 23:57 - 001295872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2019-05-14 20:06 - 2019-05-02 23:57 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-05-14 20:06 - 2019-05-02 23:57 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-05-14 20:06 - 2019-05-02 23:56 - 000773632 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2019-05-14 20:06 - 2019-05-02 23:56 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-05-14 20:06 - 2019-05-02 23:56 - 000333824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2019-05-14 20:06 - 2019-05-02 23:55 - 000659968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2019-05-14 20:06 - 2019-05-02 23:54 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-05-14 20:06 - 2019-05-02 23:54 - 000845824 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2019-05-14 20:06 - 2019-05-02 23:54 - 000778752 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2019-05-14 20:06 - 2019-05-02 23:54 - 000776192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-05-14 20:06 - 2019-05-02 23:54 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-05-14 20:06 - 2019-05-02 23:54 - 000667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapi.dll
2019-05-14 20:06 - 2019-05-02 23:54 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-05-14 20:06 - 2019-05-02 23:54 - 000535552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-05-14 20:06 - 2019-05-02 23:54 - 000507392 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2019-05-14 20:06 - 2019-05-02 23:54 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2019-05-14 20:06 - 2019-05-02 23:53 - 000204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-05-14 20:06 - 2019-05-02 23:53 - 000186880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-05-14 20:06 - 2019-05-02 23:53 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-05-14 20:06 - 2019-05-02 23:53 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-05-14 20:06 - 2019-05-02 22:38 - 000001310 _____ C:\Windows\system32\tcbres.wim
2019-05-14 20:06 - 2019-04-23 01:13 - 001008640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MixedRealityCapture.dll
2019-05-14 20:06 - 2019-04-23 00:14 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-05-14 20:06 - 2019-04-19 04:55 - 001634920 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-05-14 20:06 - 2019-04-19 04:54 - 000720200 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-05-14 20:06 - 2019-04-19 04:40 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2019-05-14 20:06 - 2019-04-19 04:38 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\RDSPnf.exe
2019-05-14 20:06 - 2019-04-19 04:38 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\perfproc.dll
2019-05-14 20:06 - 2019-04-19 04:36 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2019-05-14 20:06 - 2019-04-19 04:34 - 000522240 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2019-05-14 20:06 - 2019-04-19 03:44 - 001454648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-05-14 20:06 - 2019-04-19 03:37 - 000607960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-05-14 20:06 - 2019-04-19 03:30 - 000036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfproc.dll
2019-05-14 20:06 - 2019-04-19 03:26 - 002405888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2019-05-14 20:06 - 2019-04-19 03:25 - 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2019-05-14 20:06 - 2019-04-18 23:07 - 000985400 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2019-05-14 20:06 - 2019-04-18 23:06 - 000798520 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2019-05-14 20:06 - 2019-04-18 23:06 - 000713264 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2019-05-14 20:06 - 2019-04-18 23:06 - 000436024 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-05-14 20:06 - 2019-04-18 23:06 - 000274232 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2019-05-14 20:06 - 2019-04-18 23:02 - 000831800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2019-05-14 20:06 - 2019-04-18 23:01 - 000581592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2019-05-14 20:06 - 2019-04-18 23:01 - 000576016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2019-05-14 20:06 - 2019-04-18 23:01 - 000380728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-05-14 20:06 - 2019-04-18 22:43 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\fcon.dll
2019-05-14 20:06 - 2019-04-18 22:41 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2019-05-14 20:06 - 2019-04-18 22:41 - 000095232 _____ (Microsoft Corporation) C:\Windows\system32\EduPrintProv.exe
2019-05-14 20:06 - 2019-04-18 22:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\system32\browserexport.exe
2019-05-14 20:06 - 2019-04-18 22:40 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\JpnServiceDS.dll
2019-05-14 20:06 - 2019-04-18 22:40 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\enrollmentapi.dll
2019-05-14 20:06 - 2019-04-18 22:40 - 000167936 _____ (Microsoft Corporation) C:\Windows\system32\FilterDS.dll
2019-05-14 20:06 - 2019-04-18 22:40 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetDriverInstall.dll
2019-05-14 20:06 - 2019-04-18 22:39 - 000567296 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2019-05-14 20:06 - 2019-04-18 22:39 - 000425472 _____ (Microsoft Corporation) C:\Windows\system32\SDDS.dll
2019-05-14 20:06 - 2019-04-18 22:39 - 000374784 _____ (Microsoft Corporation) C:\Windows\system32\BingASDS.dll
2019-05-14 20:06 - 2019-04-18 22:39 - 000361472 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2019-05-14 20:06 - 2019-04-18 22:39 - 000204288 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2019-05-14 20:06 - 2019-04-18 22:38 - 000593408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2019-05-14 20:06 - 2019-04-18 22:38 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2019-05-14 20:06 - 2019-04-18 22:38 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2019-05-14 20:06 - 2019-04-18 22:38 - 000300544 _____ (Microsoft Corporation) C:\Windows\system32\dmenterprisediagnostics.dll
2019-05-14 20:06 - 2019-04-18 22:38 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2019-05-14 20:06 - 2019-04-18 22:37 - 000953856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2019-05-14 20:06 - 2019-04-18 22:37 - 000445952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2019-05-14 20:06 - 2019-04-18 22:37 - 000397312 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2019-05-14 20:06 - 2019-04-18 22:37 - 000381952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2019-05-14 20:06 - 2019-04-18 22:37 - 000366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2019-05-14 20:06 - 2019-04-18 22:37 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2019-05-14 20:06 - 2019-04-18 22:37 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2019-05-14 20:06 - 2019-04-18 22:36 - 001300992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2019-05-14 20:06 - 2019-04-18 22:36 - 000827392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2019-05-14 20:06 - 2019-04-18 22:36 - 000814592 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2019-05-14 20:06 - 2019-04-18 22:36 - 000546816 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2019-05-14 20:06 - 2019-04-18 22:36 - 000357888 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2019-05-14 20:06 - 2019-04-18 22:36 - 000186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2019-05-14 20:06 - 2019-04-18 22:35 - 001938944 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2019-05-14 20:06 - 2019-04-18 22:35 - 000784896 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2019-05-14 20:06 - 2019-04-18 22:35 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-05-14 20:06 - 2019-04-18 22:35 - 000535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2019-05-14 20:06 - 2019-04-18 22:35 - 000523776 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2019-05-14 20:06 - 2019-04-18 22:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapibase.dll
2019-05-14 20:06 - 2019-04-18 22:34 - 000935936 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2019-05-14 20:06 - 2019-04-18 22:34 - 000899584 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-05-14 20:06 - 2019-04-18 22:34 - 000885760 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2019-05-14 20:06 - 2019-04-18 22:34 - 000778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-05-14 20:06 - 2019-04-18 22:34 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2019-05-14 20:06 - 2019-04-18 21:18 - 000806360 _____ C:\Windows\SysWOW64\locale.nls
2019-05-14 20:06 - 2019-04-18 21:18 - 000806360 _____ C:\Windows\system32\locale.nls
2019-05-14 20:06 - 2019-04-08 19:48 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-05-14 20:06 - 2019-04-08 19:48 - 000376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-05-14 20:06 - 2019-04-08 19:48 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-05-14 20:06 - 2019-04-08 19:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-05-14 20:06 - 2019-04-08 19:48 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-05-10 16:07 - 2019-05-10 16:07 - 002615520 _____ C:\Users\dmgsk\Documents\2019 Gwen get well.hmk
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-06-06 17:20 - 2018-04-11 17:36 - 000000000 ____D C:\Windows\INF
2019-06-06 17:19 - 2018-10-31 09:32 - 000000000 ___RD C:\Users\dmgsk\OneDrive
2019-06-06 17:16 - 2018-10-31 09:28 - 000000000 __SHD C:\Users\dmgsk\IntelGraphicsProfiles
2019-06-06 17:16 - 2018-10-26 22:54 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-06 17:16 - 2018-04-11 17:38 - 000000000 ____D C:\Windows\AppReadiness
2019-06-06 17:16 - 2018-04-11 17:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-06 17:11 - 2018-04-11 15:04 - 000786432 _____ C:\Windows\system32\config\BBI
2019-06-06 17:10 - 2018-10-31 09:25 - 000000000 ____D C:\Users\dmgsk
2019-06-06 17:00 - 2018-10-26 22:53 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-06-06 15:26 - 2018-04-11 17:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-06 15:24 - 2018-10-31 17:11 - 000000000 ____D C:\ProgramData\IDrive
2019-06-06 15:13 - 2018-10-26 22:54 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-06-06 15:05 - 2018-04-11 17:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-06-06 15:02 - 2018-10-31 17:03 - 000000000 ____D C:\Program Files\Microsoft Office
2019-06-06 15:00 - 2018-04-11 17:38 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2019-06-03 11:57 - 2018-10-31 18:20 - 000000000 ____D C:\Users\dmgsk\Documents\XLOG
2019-06-01 17:08 - 2018-10-31 09:33 - 000003376 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-526892741-2499307875-880777781-1002
2019-06-01 17:08 - 2018-10-31 09:25 - 000002416 _____ C:\Users\dmgsk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-30 17:16 - 2018-11-07 00:28 - 000000000 ____D C:\Users\dmgsk\AppData\Roaming\iSpring Solutions
2019-05-30 17:10 - 2018-11-07 00:28 - 000000128 ____H C:\Users\dmgsk\AppData\Roaming\de2ad1ebe368dd659e06d005941e7c4d2ce419b6
2019-05-30 17:10 - 2018-11-07 00:28 - 000000128 ____H C:\ProgramData\de2ad1ebe368dd659e06d005941e7c4d2ce419b6
2019-05-30 15:26 - 2018-10-31 09:32 - 000000000 ____D C:\Users\dmgsk\AppData\Local\PlaceholderTileLogoFolder
2019-05-29 13:04 - 2018-10-26 22:53 - 000521464 _____ C:\Windows\system32\FNTCACHE.DAT
2019-05-28 16:07 - 2018-11-07 00:24 - 000000000 ____D C:\ProgramData\iSpring Solutions
2019-05-28 16:07 - 2018-11-07 00:24 - 000000000 ____D C:\Program Files\iSpring
2019-05-28 16:07 - 2018-11-07 00:24 - 000000000 ____D C:\Program Files\Common Files\iSpring Solutions
2019-05-26 16:04 - 2018-10-31 17:25 - 000000000 ____D C:\Users\dmgsk\AppData\Local\Google
2019-05-22 17:58 - 2018-10-31 09:28 - 000000000 ____D C:\Users\dmgsk\AppData\Local\Packages
2019-05-17 10:48 - 2018-11-16 14:56 - 000000000 ____D C:\Program Files\rempl
2019-05-16 12:46 - 2019-02-05 16:10 - 000000000 ____D C:\Users\dmgsk\Documents\NSP Ginley Generatons Article
2019-05-16 12:00 - 2018-10-31 17:51 - 000000000 ____D C:\Users\dmgsk\Documents\Ski Patrol
2019-05-14 21:23 - 2018-10-26 22:04 - 000838560 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-14 21:11 - 2018-04-11 17:38 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2019-05-14 21:11 - 2018-04-11 17:38 - 000000000 ____D C:\Windows\TextInput
2019-05-14 21:11 - 2018-04-11 17:38 - 000000000 ____D C:\Windows\ShellExperiences
2019-05-14 21:11 - 2018-04-11 17:38 - 000000000 ____D C:\Windows\bcastdvr
2019-05-14 20:40 - 2019-02-16 09:15 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-05-14 20:25 - 2018-04-11 17:30 - 000000000 ____D C:\Windows\CbsTemp
2019-05-14 20:05 - 2018-10-31 22:43 - 000000000 ____D C:\Windows\system32\MRT
2019-05-14 19:59 - 2018-10-31 22:43 - 132445408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-05-08 12:15 - 2018-10-31 17:25 - 000000000 ____D C:\Users\dmgsk\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories =======
 
2019-05-28 15:53 - 2019-05-30 17:16 - 000000704 ____H () C:\Users\dmgsk\AppData\Roaming\d9135c394decbfc1cfce595848be5701eeb798e2
2018-11-07 00:28 - 2019-05-30 17:10 - 000000128 ____H () C:\Users\dmgsk\AppData\Roaming\de2ad1ebe368dd659e06d005941e7c4d2ce419b6
2019-05-28 15:53 - 2019-05-28 15:53 - 000000128 ____H () C:\Users\dmgsk\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
 
==================== SigCheck ===============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2019
Ran by dmgsk (06-06-2019 17:25:17)
Running from C:\Users\dmgsk\Desktop
Windows 10 Home Version 1803 17134.765 (X64) (2018-10-27 13:41:35)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-526892741-2499307875-880777781-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-526892741-2499307875-880777781-503 - Limited - Disabled)
dmgsk (S-1-5-21-526892741-2499307875-880777781-1002 - Administrator - Enabled) => C:\Users\dmgsk
Guest (S-1-5-21-526892741-2499307875-880777781-501 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-526892741-2499307875-880777781-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Application Support (32-bit) (HKLM-x32\...\{9F7041CB-8398-4691-B8CB-0D52273BB3D9}) (Version: 7.4 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{6E7DF4EE-1976-4215-9D81-755AFC95687D}) (Version: 7.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonus Pack 2018 (HKLM-x32\...\{4E03CE4B-8698-41F9-97F8-E51BAD95A313}) (Version: 1.0.0.8 - Creative Home)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG7500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG7500_series) (Version: 1.00 - Canon Inc.)
Canon MG7500 series On-screen Manual (HKLM-x32\...\Canon MG7500 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG7500 series User Registration (HKLM-x32\...\Canon MG7500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.)
Dell SupportAssist (HKLM\...\{33E712C1-2183-421C-9BC8-C902DB9C596C}) (Version: 2.2.1.23 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.169 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Hallmark Card Studio 2018 Deluxe (HKLM-x32\...\{6A5E49ED-49CD-470D-BF5F-44CF84B54C35}) (Version: 19.0.0.11 - Creative Home)
iCloud (HKLM\...\{03742818-3BC2-45BA-B6BB-4C2D453FD033}) (Version: 7.11.0.19 - Apple Inc.)
IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
iSpring Suite 7 (HKLM\...\{99495375-448E-4F2A-8926-7295F56F39D8}) (Version: 7.1.0 - iSpring Solutions Inc.)
iSpring Suite 8 (HKLM\...\{8B08F8C6-C3E5-4100-8E9D-FF4356D73221}) (Version: 8.3.15546 - iSpring Solutions Inc.)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.11629.20196 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-526892741-2499307875-880777781-1002\...\OneDriveSetup.exe) (Version: 19.070.0410.0007 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.11629.20196 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11629.20196 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11629.20196 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11629.20196 - Microsoft Corporation) Hidden
PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 5.16 - NCH Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31236 - Realtek Semiconductor Corp.)
Sigma Data Center 5.5 (HKLM-x32\...\Sigma Data Center5.5) (Version: 5.5 - Sigma Elektro GmbH)
SplashID Safe (HKLM-x32\...\{849C45F9-9B58-48BF-AF3C-381AA7361F0C}) (Version: 8.1.1 - SplashData)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}) (Version: 2.58.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows Driver Package - SIGMA Elektro GmbH (usbser) Ports  (02/20/2017 1.7.0000.0000) (HKLM\...\F11095F081576CA0F709F279E5FC84AC50628B78) (Version: 02/20/2017 1.7.0000.0000 - SIGMA Elektro GmbH)
Zoom (HKU\S-1-5-21-526892741-2499307875-880777781-1002\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
 
Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1520.1.0_x86__kgqvnymyfvs32 [2019-06-06] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.140.300.0_x86__kgqvnymyfvs32 [2019-05-29] (king.com)
Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.2.5.0_x64__htrsf667h5kn2 [2019-05-29] (Dell Inc)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_2.4.520.0_x64__rz1tebttyb220 [2019-03-08] (Dolby Laboratories)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.29.2900.0_x86__ytsefhwckbdv6 [2019-05-29] (G5 Entertainment AB)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa [2019-05-29] (Apple Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.30.10924.0_x64__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.3.4032.0_x86__8wekyb3d8bbwe [2019-04-13] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.11.402.0_x64__8wekyb3d8bbwe [2019-05-24] (Microsoft Studios)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2018-10-31] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-13] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-526892741-2499307875-880777781-1002_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Inc -> Waves Audio Ltd)
ShellIconOverlayIdentifiers: [          0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2018-10-29] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2018-10-29] (Pro-Softnet Corporation, U.S.A) [File not signed]
ShellIconOverlayIdentifiers: [          0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2018-10-29] (Pro-Softnet Corporation, U.S.A) [File not signed]
ContextMenuHandlers1: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2018-10-29] () [File not signed]
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2019-03-13] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers2: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2018-10-29] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [IDriveMenu] -> {AFBFEC11-0FD5-48ED-B8AF-315197F09A82} => C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll [2018-10-29] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_842874489af34daa\igfxDTCM.dll [2018-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-10-31 17:11 - 2018-10-29 17:26 - 000601600 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2018-10-31 17:11 - 2018-10-29 17:26 - 000834048 _____ () [File not signed] C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2018-11-01 19:28 - 2013-11-07 19:35 - 000561152 _____ (CANON INC. ) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2018-11-01 19:29 - 2014-01-15 15:12 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_ENU.DLL
2018-11-01 19:29 - 2014-01-15 15:10 - 000307712 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNSS_IMG.dll
2018-11-01 19:28 - 2014-01-17 16:51 - 000588288 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2018-11-01 19:29 - 2014-03-17 13:15 - 000375296 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2017-06-19 14:13 - 2017-06-19 14:13 - 000364032 _____ (Creative Home) [File not signed] C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2018 Deluxe\Planner\PLNRnote.exe
2018-10-31 17:11 - 2018-10-31 16:17 - 002013200 _____ (Pro Softnet Corporation -> Prosoftnet) [File not signed] C:\Program Files (x86)\IDriveWindows\id_tray.exe
2018-10-31 17:11 - 2018-10-29 17:26 - 000874496 _____ (Pro-Softnet Corporation, U.S.A) [File not signed] C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData:iSpring Suite 7 [128]
AlternateDataStreams: C:\ProgramData:iSpring Suite 8 [704]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Suite 7 [128]
AlternateDataStreams: C:\Users\All Users:iSpring Suite 8 [704]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Suite 7 [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Suite 8 [704]
AlternateDataStreams: C:\Users\dmgsk\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\dmgsk\Application Data:iSpring Suite 7 [128]
AlternateDataStreams: C:\Users\dmgsk\Application Data:iSpring Suite 8 [704]
AlternateDataStreams: C:\Users\dmgsk\AppData\Roaming:iSpring Solutions [128]
AlternateDataStreams: C:\Users\dmgsk\AppData\Roaming:iSpring Suite 7 [128]
AlternateDataStreams: C:\Users\dmgsk\AppData\Roaming:iSpring Suite 8 [704]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-11 17:38 - 2018-04-11 17:36 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-526892741-2499307875-880777781-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\dmgsk\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\p1010161.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{811611CB-C82D-439C-8229-B12E1D2065DD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{73FB76EE-81CE-44FE-BDD6-5744378FD030}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{94644F25-B689-40C3-8AD6-464EB0856A05}C:\program files (x86)\idrivewindows\cmd_dutil\idwutil_600.exe] => (Allow) C:\program files (x86)\idrivewindows\cmd_dutil\idwutil_600.exe (Pro Softnet Corporation -> )
FirewallRules: [UDP Query User{1E6CD718-5F46-4FD0-B6BC-B510F3045BB2}C:\program files (x86)\idrivewindows\cmd_dutil\idwutil_600.exe] => (Allow) C:\program files (x86)\idrivewindows\cmd_dutil\idwutil_600.exe (Pro Softnet Corporation -> )
FirewallRules: [{EAA23AFB-405F-4FA1-A559-80E895FBDE1C}] => (Block) C:\program files (x86)\idrivewindows\cmd_dutil\idwutil_600.exe (Pro Softnet Corporation -> )
FirewallRules: [{8C5B1901-308C-4128-AE4B-7DCBCB6E1D30}] => (Block) C:\program files (x86)\idrivewindows\cmd_dutil\idwutil_600.exe (Pro Softnet Corporation -> )
FirewallRules: [{CBCE2288-118B-402C-9D86-D9C84C53A9AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B6287090-5B55-4970-8A7B-42099AF5326C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{284D2F41-EC73-40CB-BEFD-08F41D082B89}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C8F6BE9-BABA-4E7B-810A-D965CBAA66FA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{10280CC9-9CF5-4D50-851A-6126088EAAC3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8CAF6955-43C9-477A-A77B-184BA785EAD1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8F7FE380-8704-4FAC-8E46-8C6F784930AE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DAF8107E-7B89-4887-8CA4-867F6EAB6446}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{9E7AE279-97BC-4C75-BE6A-6D4F4A787ECB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{510F7DA8-5A43-4C68-BF11-07AA0B200DC0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3D1CB1AA-5AC2-4E7E-8EFB-B9E1FCD1323E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C49B3545-032B-4621-929D-7343FFD6965E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{297D2FEE-1A15-45A1-9AAF-C644403791CE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{684E785C-D063-41AE-B5F1-0CD26E229FD0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9C63894F-89B4-4F82-A26A-521E63AD00AB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{19FDEB48-FA30-4939-9C1E-78886924BF8C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12095.7.41059.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8DF31A09-72DF-4402-9DB3-B833F4E1BE74}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
26-05-2019 16:41:19 Scheduled Checkpoint
28-05-2019 16:01:09 Installed iSpring Suite 8
06-06-2019 17:07:50 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/06/2019 05:18:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WavesSvc64.exe, version: 1.15.11.0, time stamp: 0x5911bd9a
Faulting module name: WavesSvc64.exe, version: 1.15.11.0, time stamp: 0x5911bd9a
Exception code: 0xc0000005
Fault offset: 0x0000000000002059
Faulting process id: 0x2bd4
Faulting application start time: 0x01d51cbe2b9052fe
Faulting application path: C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
Faulting module path: C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
Report Id: 685b34a2-0040-4ec9-9500-2f93c46827ea
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/06/2019 05:16:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WavesSvc64.exe, version: 1.15.11.0, time stamp: 0x5911bd9a
Faulting module name: WavesSvc64.exe, version: 1.15.11.0, time stamp: 0x5911bd9a
Exception code: 0xc0000005
Fault offset: 0x0000000000002059
Faulting process id: 0x1cc0
Faulting application start time: 0x01d51cbde195e729
Faulting application path: C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
Faulting module path: C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
Report Id: 6b848dfa-dc32-4c76-89c7-ae2ec0238248
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/06/2019 05:16:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DMG-Dell-Laptop.local already in use; will try DMG-Dell-Laptop-2.local instead
 
Error: (06/06/2019 05:16:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister    4 DMG-Dell-Laptop.local. Addr 10.0.0.108
 
Error: (06/06/2019 05:16:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.108:5353   16 DMG-Dell-Laptop.local. AAAA 2601:0281:8280:05C7:0000:0000:0000:371A
 
Error: (06/06/2019 05:11:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SensorService, version: 10.0.17134.556, time stamp: 0xf23cada5
Faulting module name: ESENT.dll, version: 10.0.17134.112, time stamp: 0xbce77d42
Exception code: 0xc0000602
Fault offset: 0x0000000000252de2
Faulting process id: 0x798
Faulting application start time: 0x01d51caaeea6db13
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\ESENT.dll
Report Id: 5889add6-300c-4617-9838-6b7edcbe1d5f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/06/2019 05:10:57 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (1944,G,0) Terminating process due to non-recoverable failure: PV: 10.0.17134.0 SV: 10.0.17134.0 GLE: 0 ERR: -260(bf.cxx:22164): dllentry.cxx(108) (ESENT[10.0.17134.0] RETAIL RTM MBCS). Tag: EnforceTag:InitdEseInstancesOnDllUnload.
 
Error: (06/06/2019 05:00:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4762156
 
 
System errors:
=============
Error: (06/06/2019 05:20:41 PM) (Source: DCOM) (EventID: 10016) (User: DMG-DELL-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/06/2019 05:20:13 PM) (Source: DCOM) (EventID: 10016) (User: DMG-DELL-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/06/2019 05:20:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/06/2019 05:20:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/06/2019 05:19:30 PM) (Source: DCOM) (EventID: 10016) (User: DMG-DELL-LAPTOP)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscCloudBackupProvider
 and APPID 
Unavailable
 to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/06/2019 05:19:27 PM) (Source: DCOM) (EventID: 10016) (User: DMG-DELL-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/06/2019 05:18:43 PM) (Source: DCOM) (EventID: 10016) (User: DMG-DELL-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/06/2019 05:16:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2019-05-29 20:05:10.636
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {01AC832A-FC6C-4A5F-8B0B-9B3E13B95DD9}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-05-26 15:24:35.962
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D1746E77-2EF3-42CC-9E3D-B2EBC45E5458}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-05-25 16:01:48.603
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {308A8443-809A-4941-A54D-CDBDD076F0C8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-05-25 08:41:24.319
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C2D268C2-7458-4B5A-B131-D790064BFD0F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-05-24 17:30:19.918
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6E77D54C-6594-4861-8249-835314500001}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-06-06 13:42:01.772
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.293.2807.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16000.6
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-05-29 10:17:32.570
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.293.2505.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15900.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-05-22 17:43:35.896
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.293.2160.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15900.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2019-04-07 17:44:47.488
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2019-03-19 18:53:25.623
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.289.1498.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.15700.9
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2019-06-06 17:27:07.124
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-06-06 17:27:07.122
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-06-06 17:27:05.839
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-06-06 17:27:05.837
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-06-06 17:27:04.295
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-06-06 17:27:04.293
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2019-06-06 17:26:28.941
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-06-06 17:26:28.939
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.13.1 12/10/2018
Motherboard: Dell Inc. 0PTYF0
Processor: Intel® Core™ i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 51%
Total physical RAM: 8026.12 MB
Available physical RAM: 3862.83 MB
Total Virtual: 13402.12 MB
Available Virtual: 8714.9 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1861.9 GB) (Free:1541.76 GB) NTFS
 
\\?\Volume{544bd2c8-ca86-4733-bccb-023c813f461f}\ (Recovery) (Fixed) (Total:0.73 GB) (Free:0.37 GB) NTFS
\\?\Volume{ddec603d-ed4c-4ba0-b9bd-71bc8ddc7bdf}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 5137F086)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Thanks in advance for your help!
 
Gwen
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,029 posts
  • MVP

Uninstall Bonjour.  It's not working correctly.

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:
 

 DISM  /Online  /Cleanup-Image  /RestoreHealth


 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 

sfc  /scannow

This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::

 

notepad %UserProfile%\desktop\junk.txt


Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:
 

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button )  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 


  • 0

#3
gweng

gweng

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
SFC response:
 
Windows did not find any integrity violation
 
 
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 09/06/2019 2:12:01 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/06/2019 9:00:29 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 06/06/2019 7:47:24 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 03/06/2019 2:47:51 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 29/05/2019 7:03:00 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 28/04/2019 3:33:15 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 08/04/2019 10:30:01 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 14/01/2019 5:41:14 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 18/12/2018 11:46:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 18/12/2018 5:34:55 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 17/12/2018 11:31:13 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 13/12/2018 10:37:31 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 13/12/2018 8:33:36 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 26/11/2018 7:50:10 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/06/2019 2:46:47 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/06/2019 2:29:39 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service hung on starting.
 
Log: 'System' Date/Time: 09/06/2019 2:27:37 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  and APPID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:17:41 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:17:27 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:17:27 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:16:49 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:16:42 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscCloudBackupProvider  and APPID  Unavailable  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:16:23 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:15:48 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:15:12 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:13:25 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:13:16 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:13:16 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:10:27 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/06/2019 10:40:20 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  and APPID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 1:27:50 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.295.286.0).
 
Log: 'System' Date/Time: 08/06/2019 1:19:23 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 1:19:23 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 1:19:21 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/06/2019 8:00:20 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 09/06/2019 2:27:06 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/06/2019 11:13:19 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 08/06/2019 11:12:22 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC3\6&3c98fc9&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 11:12:22 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC2\6&3700e716&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 11:12:22 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC2\6&3750a30&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 11:12:22 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC2\6&2c562392&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 11:12:19 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/06/2019 11:12:07 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&0.
 
Log: 'System' Date/Time: 08/06/2019 11:10:52 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\IntelWifiIhv04.dll 
 
Log: 'System' Date/Time: 08/06/2019 10:39:56 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/06/2019 10:39:36 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/06/2019 1:16:23 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 08/06/2019 1:15:22 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC3\6&3c98fc9&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 1:15:22 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC2\6&3700e716&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 1:15:22 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC2\6&3750a30&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 1:15:22 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC2\6&2c562392&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 1:15:20 AM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/06/2019 1:15:11 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&0.
 
Log: 'System' Date/Time: 08/06/2019 1:14:33 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\IntelWifiIhv04.dll 
 
 
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 09/06/2019 2:12:01 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/06/2019 9:00:29 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 06/06/2019 7:47:24 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 03/06/2019 2:47:51 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 29/05/2019 7:03:00 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 28/04/2019 3:33:15 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 08/04/2019 10:30:01 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 14/01/2019 5:41:14 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 18/12/2018 11:46:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 18/12/2018 5:34:55 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 17/12/2018 11:31:13 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 13/12/2018 10:37:31 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 13/12/2018 8:33:36 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 26/11/2018 7:50:10 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/06/2019 2:46:47 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 09/06/2019 2:29:39 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service hung on starting.
 
Log: 'System' Date/Time: 09/06/2019 2:27:37 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  and APPID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:17:41 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:17:27 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:17:27 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:16:49 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:16:42 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscCloudBackupProvider  and APPID  Unavailable  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:16:23 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:15:48 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:15:12 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:13:25 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:13:16 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:13:16 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 11:10:27 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 08/06/2019 10:40:20 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  and APPID  {8BC3F05E-D86B-11D0-A075-00C04FB68820}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 1:27:50 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.295.286.0).
 
Log: 'System' Date/Time: 08/06/2019 1:19:23 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 1:19:23 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscBrokerManager  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 08/06/2019 1:19:21 AM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user DMG-DELL-LAPTOP\dmgsk SID (S-1-5-21-526892741-2499307875-880777781-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/06/2019 8:00:20 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 09/06/2019 2:27:06 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/06/2019 11:13:19 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 08/06/2019 11:12:22 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC3\6&3c98fc9&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 11:12:22 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC2\6&3700e716&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 11:12:22 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC2\6&3750a30&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 11:12:22 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC2\6&2c562392&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 11:12:19 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/06/2019 11:12:07 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&0.
 
Log: 'System' Date/Time: 08/06/2019 11:10:52 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\IntelWifiIhv04.dll 
 
Log: 'System' Date/Time: 08/06/2019 10:39:56 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/06/2019 10:39:36 PM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/06/2019 1:16:23 AM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 08/06/2019 1:15:22 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC3\6&3c98fc9&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 1:15:22 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC2\6&3700e716&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 1:15:22 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC2\6&3750a30&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 1:15:22 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device HID\Vid_8087&Pid_0AC2\6&2c562392&0&0000.
 
Log: 'System' Date/Time: 08/06/2019 1:15:20 AM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode.  The minimum required supported state mask is 0x491f7fffff, got 0x1fffffff.  Low Energy peripheral role functionality will not be available.
 
Log: 'System' Date/Time: 08/06/2019 1:15:11 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device ACPI\INT3400\2&daba3ff&0.
 
Log: 'System' Date/Time: 08/06/2019 1:14:33 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\IntelWifiIhv04.dll 
 
 
Process CPU Private Bytes Working Set PID Verified Signer
System Idle Process 84.84 52 K 8 K 0
svchost.exe 12.17 104,540 K 113,240 K 2424 (Verified) Microsoft Windows Publisher
procexp64.exe 0.92 106,068 K 125,792 K 8880 (Verified) Microsoft Corporation
Interrupts 0.61 0 K 0 K n/a
System 0.52 208 K 9,944 K 4
dwm.exe 0.25 68,096 K 71,268 K 1424 (Verified) Microsoft Windows
MsMpEng.exe 0.09 204,844 K 166,640 K 5368 (Verified) Microsoft Windows Publisher
id_tray.exe 0.06 36,548 K 46,596 K 11732 (Certificate expired) Prosoftnet
csrss.exe 0.06 2,464 K 5,644 K 772 (Verified) Microsoft Windows Publisher
MBAMService.exe 0.05 222,856 K 220,848 K 4672 (Verified) Malwarebytes Corporation
explorer.exe 0.04 64,104 K 137,676 K 7048 (Verified) Microsoft Windows
chrome.exe 0.04 68,216 K 91,592 K 11748 (Verified) Google LLC
chrome.exe 0.03 87,068 K 117,444 K 11044 (Verified) Google LLC
chrome.exe 0.02 83,228 K 133,884 K 2976 (Verified) Google LLC
svchost.exe 0.02 6,840 K 16,516 K 13164 (Verified) Microsoft Windows Publisher
id_service.exe 0.01 67,980 K 54,076 K 6420 (Verified) Pro Softnet Corporation
svchost.exe 0.01 5,556 K 14,224 K 5972 (Verified) Microsoft Windows Publisher
id_bglaunch.exe 0.01 27,492 K 25,040 K 11588 (Verified) Pro Softnet Corporation
chrome.exe 0.01 40,048 K 76,276 K 11944 (Verified) Google LLC
AppleMobileDeviceProcess.exe < 0.01 3,188 K 11,304 K 10844 (Verified) Apple Inc.
chrome.exe < 0.01 37,264 K 55,692 K 11860 (Verified) Google LLC
chrome.exe < 0.01 26,076 K 36,064 K 11392 (Verified) Google LLC
CNMNSST.exe < 0.01 1,792 K 8,024 K 11964 (Verified) Canon Inc.
SupportAssistAgent.exe < 0.01 574,200 K 104,416 K 13836 (Verified) Dell Inc.
svchost.exe < 0.01 8,260 K 14,876 K 1240 (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 62,100 K 93,612 K 7620 (Verified) Google LLC
chrome.exe < 0.01 30,796 K 42,628 K 11348 (Verified) Google LLC
chrome.exe < 0.01 24,156 K 31,784 K 11220 (Verified) Google LLC
chrome.exe < 0.01 29,532 K 43,340 K 1312 (Verified) Google LLC
chrome.exe < 0.01 27,760 K 34,272 K 8596 (Verified) Google LLC
chrome.exe < 0.01 21,768 K 26,576 K 11604 (Verified) Google LLC
dptf_helper.exe < 0.01 1,292 K 3,808 K 2408 (Verified) Intel Corporation
smartscreen.exe < 0.01 13,532 K 26,104 K 6332 (Verified) Microsoft Windows
svchost.exe < 0.01 10,136 K 18,716 K 4332 (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 22,252 K 27,308 K 11336 (Verified) Google LLC
svchost.exe < 0.01 12,800 K 29,280 K 96 (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 21,448 K 33,532 K 692 (Verified) Google LLC
svchost.exe < 0.01 3,456 K 9,960 K 11800 (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,168 K 8,844 K 3172 (Verified) Microsoft Windows Publisher
CNQMUPDT.EXE < 0.01 26,604 K 17,252 K 9748 (Verified) Canon Inc.
OfficeClickToRun.exe < 0.01 46,044 K 55,496 K 13984 (Verified) Microsoft Corporation
dasHost.exe < 0.01 5,212 K 13,376 K 2804 (Verified) Microsoft Windows
lsass.exe < 0.01 8,320 K 17,792 K 848 (Verified) Microsoft Windows Publisher
conhost.exe < 0.01 5,584 K 956 K 9756 (Verified) Microsoft Windows
chrome.exe < 0.01 29,120 K 55,440 K 11060 (Verified) Google LLC
mbamtray.exe < 0.01 23,612 K 35,348 K 916 (Verified) Malwarebytes Corporation
iCloudServices.exe < 0.01 23,604 K 43,692 K 10436 (Verified) Apple Inc.
RuntimeBroker.exe < 0.01 5,440 K 20,328 K 13488 (Verified) Microsoft Windows
svchost.exe < 0.01 7,752 K 29,896 K 6232 (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 5,500 K 18,164 K 7128 (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 8,228 K 22,128 K 6156 (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4,344 K 13,792 K 11764 (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,528 K 11,668 K 4692 (Verified) Microsoft Windows Publisher
csrss.exe < 0.01 1,936 K 4,988 K 660 (Verified) Microsoft Windows Publisher
WUDFHost.exe 5,228 K 13,812 K 984 (Verified) Microsoft Windows
WUDFHost.exe 9,956 K 8,560 K 636 (Verified) Microsoft Windows
WmiPrvSE.exe 5,936 K 11,724 K 14940 (Verified) Microsoft Windows
WmiPrvSE.exe 8,956 K 17,336 K 4636 (Verified) Microsoft Windows
WmiPrvSE.exe 11,700 K 23,532 K 7216 (Verified) Microsoft Windows
wlanext.exe 928 K 4,000 K 3784 (Verified) Microsoft Windows
winlogon.exe 2,516 K 10,448 K 1052 (Verified) Microsoft Windows
wininit.exe 1,328 K 6,012 K 752 (Verified) Microsoft Windows Publisher
WavesSysSvc64.exe 5,052 K 10,048 K 4200 (Verified) Waves Inc
WavesSvc64.exe 13,716 K 11,236 K 11036 (Verified) Waves Inc
Video.UI.exe Suspended 20,860 K 34,716 K 4568 (No signature was present in the subject)
taskhostw.exe 6,888 K 16,648 K 6312 (Verified) Microsoft Windows
TabTip.exe 3,912 K 14,424 K 9080 (Verified) Microsoft Windows
svchost.exe 1,752 K 6,328 K 2600 (Verified) Microsoft Windows Publisher
svchost.exe 2,348 K 7,392 K 3452 (Verified) Microsoft Windows Publisher
svchost.exe 5,812 K 9,416 K 2328 (Verified) Microsoft Windows Publisher
svchost.exe 3,728 K 11,964 K 3272 (Verified) Microsoft Windows Publisher
svchost.exe 5,372 K 14,052 K 3584 (Verified) Microsoft Windows Publisher
svchost.exe 4,300 K 17,160 K 6684 (Verified) Microsoft Windows Publisher
svchost.exe 3,844 K 11,556 K 4700 (Verified) Microsoft Windows Publisher
svchost.exe 4,188 K 12,308 K 4228 (Verified) Microsoft Windows Publisher
svchost.exe 16,748 K 18,504 K 1944 (Verified) Microsoft Windows Publisher
svchost.exe 1,880 K 7,600 K 2416 (Verified) Microsoft Windows Publisher
svchost.exe 3,448 K 9,496 K 3052 (Verified) Microsoft Windows Publisher
svchost.exe 1,880 K 6,316 K 3264 (Verified) Microsoft Windows Publisher
svchost.exe 4,588 K 19,428 K 4260 (Verified) Microsoft Windows Publisher
svchost.exe 6,588 K 14,564 K 3132 (Verified) Microsoft Windows Publisher
svchost.exe 15,072 K 29,536 K 4276 (Verified) Microsoft Windows Publisher
svchost.exe 12,264 K 20,360 K 1920 (Verified) Microsoft Windows Publisher
svchost.exe 2,392 K 7,468 K 2584 (Verified) Microsoft Windows Publisher
svchost.exe 3,048 K 7,860 K 3256 (Verified) Microsoft Windows Publisher
svchost.exe 2,144 K 7,576 K 3836 (Verified) Microsoft Windows Publisher
svchost.exe 2,364 K 8,288 K 4480 (Verified) Microsoft Windows Publisher
svchost.exe 3,364 K 15,120 K 3060 (Verified) Microsoft Windows Publisher
svchost.exe 1,756 K 6,596 K 10868 (Verified) Microsoft Windows Publisher
svchost.exe 2,844 K 8,012 K 1292 (Verified) Microsoft Windows Publisher
svchost.exe 2,092 K 11,040 K 1768 (Verified) Microsoft Windows Publisher
svchost.exe 1,836 K 7,396 K 2968 (Verified) Microsoft Windows Publisher
svchost.exe 20,056 K 29,708 K 4268 (Verified) Microsoft Windows Publisher
svchost.exe 2,404 K 6,808 K 4544 (Verified) Microsoft Windows Publisher
svchost.exe 2,648 K 11,404 K 3676 (Verified) Microsoft Windows Publisher
svchost.exe 2,636 K 8,900 K 2336 (Verified) Microsoft Windows Publisher
svchost.exe 4,664 K 11,712 K 2908 (Verified) Microsoft Windows Publisher
svchost.exe 2,460 K 9,980 K 1908 (Verified) Microsoft Windows Publisher
svchost.exe 2,684 K 10,060 K 1744 (Verified) Microsoft Windows Publisher
svchost.exe 152,260 K 144,500 K 13708 (Verified) Microsoft Windows Publisher
svchost.exe 1,996 K 7,988 K 2760 (Verified) Microsoft Windows Publisher
svchost.exe 6,076 K 14,160 K 1988 (Verified) Microsoft Windows Publisher
svchost.exe 2,072 K 7,348 K 2432 (Verified) Microsoft Windows Publisher
svchost.exe 25,928 K 38,540 K 13976 (Verified) Microsoft Windows Publisher
svchost.exe 5,004 K 13,604 K 4236 (Verified) Microsoft Windows Publisher
svchost.exe 3,500 K 13,968 K 6436 (Verified) Microsoft Windows Publisher
svchost.exe 1,776 K 7,912 K 7372 (Verified) Microsoft Windows Publisher
svchost.exe 1,628 K 7,068 K 7312 (Verified) Microsoft Windows Publisher
svchost.exe 2,204 K 9,184 K 1564 (Verified) Microsoft Windows Publisher
svchost.exe 7,884 K 12,508 K 1900 (Verified) Microsoft Windows Publisher
svchost.exe 2,032 K 8,980 K 2132 (Verified) Microsoft Windows Publisher
svchost.exe 2,448 K 10,440 K 1576 (Verified) Microsoft Windows Publisher
svchost.exe 1,824 K 5,800 K 14684 (Verified) Microsoft Windows Publisher
svchost.exe 2,208 K 11,224 K 1956 (Verified) Microsoft Windows Publisher
svchost.exe 2,184 K 12,800 K 3636 (Verified) Microsoft Windows Publisher
svchost.exe 3,644 K 7,788 K 1888 (Verified) Microsoft Windows Publisher
svchost.exe 1,644 K 6,116 K 4244 (Verified) Microsoft Windows Publisher
svchost.exe 1,352 K 5,176 K 4732 (Verified) Microsoft Windows Publisher
svchost.exe 1,772 K 6,920 K 4308 (Verified) Microsoft Windows Publisher
svchost.exe 1,316 K 5,312 K 4192 (Verified) Microsoft Windows Publisher
svchost.exe 1,940 K 7,336 K 2960 (Verified) Microsoft Windows Publisher
svchost.exe 1,692 K 6,404 K 2452 (Verified) Microsoft Windows Publisher
svchost.exe 1,364 K 5,520 K 2444 (Verified) Microsoft Windows Publisher
svchost.exe 2,324 K 6,036 K 1932 (Verified) Microsoft Windows Publisher
svchost.exe 1,824 K 7,468 K 1960 (Verified) Microsoft Windows Publisher
svchost.exe 1,648 K 6,712 K 1556 (Verified) Microsoft Windows Publisher
svchost.exe 1,004 K 3,680 K 968 (Verified) Microsoft Windows Publisher
svchost.exe 5,844 K 20,812 K 9272 (Verified) Microsoft Windows Publisher
svchost.exe 2,700 K 10,188 K 5916 (Verified) Microsoft Windows Publisher
svchost.exe 2,196 K 6,820 K 252 (Verified) Microsoft Windows Publisher
svchost.exe 2,048 K 8,540 K 4464 (Verified) Microsoft Windows Publisher
spoolsv.exe 8,784 K 20,372 K 3724 (Verified) Microsoft Windows
splwow64.exe 3,240 K 9,640 K 6116 (Verified) Microsoft Windows
smss.exe 504 K 1,152 K 432 (Verified) Microsoft Windows Publisher
SkypeBridge.exe 36,580 K 58,748 K 13240 (No signature was present in the subject) Microsoft Corporation
SkypeBackgroundHost.exe Suspended 2,104 K 11,284 K 4128 (No signature was present in the subject) Microsoft Corporation
SkypeApp.exe Suspended 196,464 K 178,360 K 4344 (No signature was present in the subject) Microsoft Corporation
sihost.exe 6,720 K 24,396 K 6096 (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 25,980 K 51,368 K 7472 (Verified) Microsoft Windows
SgrmBroker.exe 2,640 K 4,288 K 15324 (Verified) Microsoft Windows Publisher
SettingSyncHost.exe 8,956 K 6,248 K 9256 (Verified) Microsoft Windows
services.exe 5,436 K 9,600 K 832 (Verified) Microsoft Windows Publisher
sedsvc.exe 4,028 K 12,544 K 6060 (Verified) Microsoft Windows
sedlauncher.exe 4,708 K 2,068 K 1088 (Verified) Microsoft Windows
SecurityHealthService.exe 3,992 K 14,076 K 4252 (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 94,468 K 86,276 K 1220 (Verified) Microsoft Windows
SearchIndexer.exe 27,172 K 32,740 K 15288 (Verified) Microsoft Windows
RuntimeBroker.exe 11,760 K 32,204 K 8560 (Verified) Microsoft Windows
RuntimeBroker.exe 8,420 K 28,560 K 13464 (Verified) Microsoft Windows
RuntimeBroker.exe 6,692 K 21,404 K 8156 (Verified) Microsoft Windows
RuntimeBroker.exe 4,800 K 24,252 K 7256 (Verified) Microsoft Windows
RuntimeBroker.exe 8,180 K 27,912 K 10640 (Verified) Microsoft Windows
RuntimeBroker.exe 2,472 K 9,064 K 3884 (Verified) Microsoft Windows
RtkNGUI64.exe 6,824 K 12,464 K 10932 (Verified) Realtek Semiconductor Corp.
RtkAudUService64.exe 2,600 K 8,516 K 5344 (Verified) Realtek Semiconductor Corp.
RtkAudUService64.exe 1,868 K 7,164 K 928 (Verified) Realtek Semiconductor Corp.
RtkAudUService64.exe 2,400 K 9,048 K 11072 (Verified) Realtek Semiconductor Corp.
Registry 2,364 K 42,628 K 120
procexp.exe 3,112 K 10,604 K 864 (Verified) Microsoft Corporation
PresentationFontCache.exe 27,148 K 17,668 K 6164 (Verified) Microsoft Corporation
OneDrive.exe 16,996 K 47,400 K 11232 (Verified) Microsoft Corporation
NisSrv.exe 5,188 K 9,672 K 5100 (Verified) Microsoft Windows Publisher
MSASCuiL.exe 2,188 K 8,716 K 10856 (Verified) Microsoft Windows
MicrosoftEdge.exe Suspended 22,976 K 49,784 K 8292 (Verified) Microsoft Corporation
Microsoft.Photos.exe Suspended 44,192 K 58,936 K 5096 (No signature was present in the subject)
Memory Compression 408 K 119,652 K 2640
LockApp.exe Suspended 13,352 K 39,740 K 11720 (Verified) Microsoft Windows
IntelCpHeciSvc.exe 1,484 K 6,112 K 4828 (Verified) Intel® pGFX
IntelCpHDCPSvc.exe 1,536 K 6,316 K 4220 (Verified) Intel® pGFX
igfxEM.exe 3,828 K 12,992 K 8048 (Verified) Intel® pGFX
igfxCUIService.exe 1,992 K 7,536 K 2864 (Verified) Intel® pGFX
ibtsiva.exe 996 K 4,100 K 4288 (Verified) Intel Corporation - pGFX
fontdrvhost.exe 7,352 K 12,508 K 1124 (Verified) Microsoft Windows
fontdrvhost.exe 1,836 K 3,628 K 1020 (Verified) Microsoft Windows
esif_uf.exe 1,688 K 5,800 K 4184 (Verified) Intel Corporation
dllhost.exe 1,624 K 6,128 K 4340 (Verified) Microsoft Windows
dllhost.exe 3,236 K 9,788 K 15124 (Verified) Microsoft Windows
dllhost.exe 3,744 K 10,744 K 9468 (Verified) Microsoft Windows
DDVRulesProcessor.exe 17,136 K 12,488 K 10872 (Verified) Dell Inc
DDVDataCollector.exe 13,848 K 19,248 K 14112 (Verified) Dell Inc
DDVCollectorSvcApi.exe 1,628 K 6,504 K 12952 (Verified) Dell Inc
ctfmon.exe 5,132 K 21,204 K 8864 (Verified) Microsoft Windows
conhost.exe 5,336 K 5,088 K 3820 (Verified) Microsoft Windows
CNQMMAIN.EXE 74,004 K 71,584 K 11852 (Verified) Canon Inc.
chrome.exe 18,860 K 34,792 K 2360 (Verified) Google LLC
chrome.exe 24,248 K 57,184 K 2380 (Verified) Google LLC
chrome.exe 74,468 K 131,948 K 10548 (Verified) Google LLC
chrome.exe 13,864 K 22,248 K 12496 (Verified) Google LLC
chrome.exe 3,324 K 8,148 K 10004 (Verified) Google LLC
chrome.exe 2,004 K 7,964 K 9448 (Verified) Google LLC
browser_broker.exe 1,888 K 7,648 K 9344 (Verified) Microsoft Windows
audiodg.exe 10,352 K 17,504 K 9928 (Verified) Microsoft Windows
APSDaemon.exe 5,716 K 15,992 K 11416 (Verified) Apple Inc.
AppVShNotify.exe 1,728 K 6,564 K 13212 (Verified) Microsoft Corporation
AppVShNotify.exe 1,948 K 7,096 K 13852 (Verified) Microsoft Corporation
ApplicationFrameHost.exe 10,332 K 23,916 K 8684 (Verified) Microsoft Windows
aesm_service.exe 2,144 K 8,060 K 7100 (Verified) Intel® Software Development Products
 
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                       120 N/A                                         
smss.exe                       432 N/A                                         
csrss.exe                      660 N/A                                         
wininit.exe                    752 N/A                                         
csrss.exe                      772 N/A                                         
services.exe                   832 N/A                                         
lsass.exe                      848 KeyIso, SamSs, VaultSvc                     
svchost.exe                    968 PlugPlay                                    
WUDFHost.exe                   984 N/A                                         
fontdrvhost.exe               1020 N/A                                         
svchost.exe                     96 BrokerInfrastructure, DcomLaunch, Power,    
                                   SystemEventsBroker                          
WUDFHost.exe                   636 N/A                                         
winlogon.exe                  1052 N/A                                         
fontdrvhost.exe               1124 N/A                                         
svchost.exe                   1240 RpcEptMapper, RpcSs                         
svchost.exe                   1292 LSM                                         
dwm.exe                       1424 N/A                                         
svchost.exe                   1556 BthAvctpSvc                                 
svchost.exe                   1564 NcbService                                  
svchost.exe                   1576 bthserv                                     
svchost.exe                   1768 TimeBrokerSvc                               
svchost.exe                   1900 SensorService                               
svchost.exe                   1908 SensrSvc                                    
svchost.exe                   1920 BFE, CoreMessagingRegistrar, mpssvc         
svchost.exe                   1932 hidserv                                     
svchost.exe                   1944 EventLog                                    
svchost.exe                   1960 TabletInputService                          
svchost.exe                   1988 Schedule                                    
svchost.exe                   1744 ProfSvc                                     
svchost.exe                   2132 SEMgrSvc                                    
svchost.exe                   2328 nsi                                         
svchost.exe                   2336 UserManager                                 
svchost.exe                   2416 camsvc                                      
svchost.exe                   2424 SysMain                                     
svchost.exe                   2432 EventSystem                                 
svchost.exe                   2444 Themes                                      
svchost.exe                   2452 BTAGService                                 
svchost.exe                   2584 Dhcp                                        
svchost.exe                   2600 DeviceAssociationService                    
Memory Compression            2640 N/A                                         
svchost.exe                   2760 SENS                                        
dasHost.exe                   2804 N/A                                         
igfxCUIService.exe            2864 igfxCUIService2.0.0.0                       
svchost.exe                   2908 NlaSvc                                      
svchost.exe                   2960 AudioEndpointBuilder                        
svchost.exe                   2968 FontCache                                   
svchost.exe                   3052 netprofm                                    
svchost.exe                   3060 Audiosrv                                    
svchost.exe                   3132 StateRepository                             
svchost.exe                   3172 SSDPSRV                                     
svchost.exe                   3256 Dnscache                                    
svchost.exe                   3264 DusmSvc                                     
svchost.exe                   3272 Wcmsvc                                      
svchost.exe                   3452 WinHttpAutoProxySvc                         
svchost.exe                   3584 WlanSvc                                     
svchost.exe                   3636 LicenseManager                              
svchost.exe                   3676 ShellHWDetection                            
spoolsv.exe                   3724 Spooler                                     
wlanext.exe                   3784 N/A                                         
conhost.exe                   3820 N/A                                         
svchost.exe                   3836 LanmanWorkstation                           
esif_uf.exe                   4184 esifsvc                                     
svchost.exe                   4192 TrkWks                                      
WavesSysSvc64.exe             4200 WavesSysSvc                                 
IntelCpHDCPSvc.exe            4220 cplspcon                                    
svchost.exe                   4228 stisvc                                      
svchost.exe                   4236 CryptSvc                                    
svchost.exe                   4244 SstpSvc                                     
SecurityHealthService.exe     4252 SecurityHealthService                       
svchost.exe                   4260 WpnService                                  
svchost.exe                   4268 DPS                                         
svchost.exe                   4276 DiagTrack                                   
ibtsiva.exe                   4288 ibtsiva                                     
svchost.exe                   4308 W32Time                                     
svchost.exe                   4332 Winmgmt                                     
svchost.exe                   4544 TapiSrv                                     
MBAMService.exe               4672 MBAMService                                 
svchost.exe                   4700 iphlpsvc                                    
svchost.exe                   4732 WdiServiceHost                              
IntelCpHeciSvc.exe            4828 cphs                                        
svchost.exe                   4480 LanmanServer                                
svchost.exe                   4692 RasMan                                      
RtkAudUService64.exe          5344 RtkAudioUniversalService                    
MsMpEng.exe                   5368 WinDefend                                   
svchost.exe                   1888 PcaSvc                                      
RtkAudUService64.exe           928 N/A                                         
sihost.exe                    6096 N/A                                         
dptf_helper.exe               2408 N/A                                         
svchost.exe                   6156 CDPUserSvc_57d0a                            
PresentationFontCache.exe     6164 FontCache3.0.0.0                            
svchost.exe                   6232 WpnUserService_57d0a                        
taskhostw.exe                 6312 N/A                                         
svchost.exe                   6436 TokenBroker                                 
svchost.exe                   7128 CDPSvc                                      
explorer.exe                  7048 N/A                                         
svchost.exe                   7312 NgcSvc                                      
svchost.exe                   7372 NgcCtnrSvc                                  
igfxEM.exe                    8048 N/A                                         
dllhost.exe                   4340 N/A                                         
mbamtray.exe                   916 N/A                                         
ShellExperienceHost.exe       7472 N/A                                         
RuntimeBroker.exe             8156 N/A                                         
SearchUI.exe                  1220 N/A                                         
NisSrv.exe                    5100 WdNisSvc                                    
RuntimeBroker.exe             8560 N/A                                         
ApplicationFrameHost.exe      8684 N/A                                         
ctfmon.exe                    8864 N/A                                         
TabTip.exe                    9080 N/A                                         
SkypeBackgroundHost.exe       4128 N/A                                         
Video.UI.exe                  4568 N/A                                         
SkypeApp.exe                  4344 N/A                                         
chrome.exe                    2976 N/A                                         
MicrosoftEdge.exe             8292 N/A                                         
svchost.exe                   6684 lfsvc                                       
RuntimeBroker.exe             7256 N/A                                         
svchost.exe                   9272 OneSyncSvc_57d0a,                           
                                   PimIndexMaintenanceSvc_57d0a,               
                                   UnistoreSvc_57d0a, UserDataSvc_57d0a        
browser_broker.exe            9344 N/A                                         
dllhost.exe                   9468 N/A                                         
chrome.exe                   10004 N/A                                         
chrome.exe                    9448 N/A                                         
SettingSyncHost.exe           9256 N/A                                         
chrome.exe                    2360 N/A                                         
chrome.exe                    1312 N/A                                         
aesm_service.exe              7100 AESMService                                 
chrome.exe                   10548 N/A                                         
RuntimeBroker.exe            10640 N/A                                         
MSASCuiL.exe                 10856 N/A                                         
RtkNGUI64.exe                10932 N/A                                         
WavesSvc64.exe               11036 N/A                                         
chrome.exe                   11044 N/A                                         
chrome.exe                   11060 N/A                                         
RtkAudUService64.exe         11072 N/A                                         
chrome.exe                   11220 N/A                                         
OneDrive.exe                 11232 N/A                                         
iCloudServices.exe           10436 N/A                                         
svchost.exe                   1956 Appinfo                                     
AppleMobileDeviceProcess.    10844 N/A                                         
APSDaemon.exe                11416 N/A                                         
id_bglaunch.exe              11588 N/A                                         
chrome.exe                   11604 N/A                                         
id_tray.exe                  11732 N/A                                         
chrome.exe                   11748 N/A                                         
CNQMMAIN.EXE                 11852 N/A                                         
chrome.exe                   11860 N/A                                         
chrome.exe                   11944 N/A                                         
CNMNSST.exe                  11964 N/A                                         
chrome.exe                   11392 N/A                                         
chrome.exe                   11348 N/A                                         
WmiPrvSE.exe                  7216 N/A                                         
chrome.exe                    8596 N/A                                         
chrome.exe                   11336 N/A                                         
svchost.exe                  11800 wscsvc                                      
chrome.exe                    2380 N/A                                         
splwow64.exe                  6116 N/A                                         
RuntimeBroker.exe             3884 N/A                                         
CNQMUPDT.EXE                  9748 N/A                                         
DDVRulesProcessor.exe        10872 DDVRulesProcessor                           
svchost.exe                  13164 DoSvc                                       
LockApp.exe                  11720 N/A                                         
RuntimeBroker.exe            13464 N/A                                         
svchost.exe                  13976 UsoSvc, wuauserv                            
OfficeClickToRun.exe         13984 ClickToRunSvc                               
svchost.exe                   5916 StorSvc                                     
id_service.exe                6420 IDriveService                               
dllhost.exe                  15124 N/A                                         
AppVShNotify.exe             13212 N/A                                         
AppVShNotify.exe             13852 N/A                                         
sedsvc.exe                    6060 sedsvc                                      
SgrmBroker.exe               15324 SgrmBroker                                  
SupportAssistAgent.exe       13836 SupportAssistAgent                          
DDVDataCollector.exe         14112 DDVDataCollector                            
DDVCollectorSvcApi.exe       12952 DDVCollectorSvcApi                          
SearchIndexer.exe            15288 WSearch                                     
Microsoft.Photos.exe          5096 N/A                                         
RuntimeBroker.exe            13488 N/A                                         
svchost.exe                  13708 WbioSrvc                                    
sedlauncher.exe               1088 N/A                                         
svchost.exe                    252 lmhosts                                     
conhost.exe                   9756 N/A                                         
svchost.exe                   4464 NcdAutoSetup                                
SkypeBridge.exe              13240 N/A                                         
chrome.exe                    7620 N/A                                         
chrome.exe                     692 N/A                                         
svchost.exe                  11764 wcncsvc                                     
WmiPrvSE.exe                  4636 N/A                                         
WmiPrvSE.exe                 14940 N/A                                         
smartscreen.exe               6332 N/A                                         
chrome.exe                   12496 N/A                                         
svchost.exe                  14684 WdiSystemHost                               
svchost.exe                  10868 gpsvc                                       
svchost.exe                   5972 fdPHost                                     
svchost.exe                  12228 BITS                                        
notepad.exe                   6544 N/A                                         
svchost.exe                   5628 AppXSvc                                     
svchost.exe                  14444 wlidsvc                                     
backgroundTaskHost.exe        6196 N/A                                         
audiodg.exe                   8056 N/A                                         
cmd.exe                       3036 N/A                                         
conhost.exe                   3576 N/A                                         
tasklist.exe                 10448 N/A                                         
Attached File  DMG-DELL-LAPTOP.txt   212.86KB   177 downloads
 
 
 

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,029 posts
  • MVP

Speccy says your hard drive is dying.  Too many reallocated sectors as well as problems reading data.

 

Try running SeaTools for Windows:

 

https://www.seagate....ols-win-master/

 

If you do the long/extended test (usually takes hours so you might want to let it run while you sleep)  and it passes then I'm barking up the wrong tree.


  • 0

#5
gweng

gweng

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Seagate tools reply:
 
Now is a good time to make sure you have a current backup of your important data.
 
Unfortunately, your Seagate product has failed an important diagnostic test, possibly caused by problem sectors which are difficult to read.  Seagate recommends that you run SeaTools Bootable, which has the ability to repair most problem sectors.  SeaTools Bootable may be able to save you from the inconvenience and down time of exchanging the drive.
 
SeaTools indicates that your device has a FAIL status.  If you need data recovery services, please visit the Data Recovery link below for more information on your options.
 
Should I go ahead and run Seagate Bootable?

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,029 posts
  • MVP

Worth a shot tho I doubt it will be able to fix it.  Might want to backup any data you can't live without before you do it.  When a drive is as sick as yours sometimes just running a test will be the last straw.  Any chance the drive or the PC is under warranty?  Didn't look like the drive was that old.


  • 0

#7
gweng

gweng

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Thanks for all of the help and advice. This hard drive is a replacement under warranty  (10/18) .  The computer and new drive is no longer under warranty. I decided to just replace the drive with an SSD. Thanks again!


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 22,029 posts
  • MVP

OK.  Hopefully you will have better luck with your SSD that I've had.  Had a couple of cheap SSDs fail within a year.  Finally started buying Samsung and they seem to be holding up well.


  • 0






Similar Topics


Also tagged with one or more of these keywords: windows 10

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP