Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

System Review For RKinner

Started by CarlM24 , Feb 03 2020 08:27 AM

Please log in to reply

#1
CarlM24

Posted 03 February 2020 - 08:27 AM

Member

Member
13 posts

Hello,

Firstly, thank you @RKinner for taking your time to review my logs - it's greatly appreciated

As requested, here is the FRST scan file:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2020 02

Ran by User (administrator) on CARLS-ACER (Acer Aspire A517-51G) (03-02-2020 14:20:24)

Running from C:\Users\User\Downloads

Loaded Profiles: User (Available Profiles: User & rach_)

Platform: Windows 10 Pro Version 1903 18362.592 (X64) Language: English (United Kingdom)

Default browser: Chrome

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1572521543794.exe

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe

(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe

(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe

(ANVSOFT TECHNOLOGY CO., LIMITED -> ) C:\Program Files (x86)\Anvsoft\Syncios\devicenotifier.exe

(ANVSOFT TECHNOLOGY CO., LIMITED -> ) C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe

(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe

(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe

(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxCUIService.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxEM.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\IntelCpHDCPSvc.exe

(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\IntelCpHeciSvc.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel® Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe

(Intel® Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe

(Intel® Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe

(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe

(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12430.20136.0_x64__8wekyb3d8bbwe\HxOutlook.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12430.20136.0_x64__8wekyb3d8bbwe\HxTsr.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBar.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBarFT.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20011.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe

(Microsoft Windows -> ) C:\Windows\System32\OpenSSH\ssh-agent.exe

(Microsoft Windows -> ) C:\Windows\System32\OpenSSH\sshd.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe

(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe

(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe

(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe

(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\12\bin\pg_ctl.exe

(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\12\bin\postgres.exe

(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe

(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe

(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIUOE.EXE

(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

(VMware, Inc. -> ) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe

(WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [318920 2019-03-07] (Intel® Rapid Storage Technology -> Intel Corporation)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1312040 2018-12-04] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.)

HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\User\AppData\Local\Microsoft\Teams\Update.exe [1789552 2019-07-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)

HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default

HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [117680 2019-11-04] (VMware, Inc. -> VMware, Inc.)

HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [139624 2019-12-13] (IDSA Production signing key -> Intel)

HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [3129016 2019-11-27] (ANVSOFT TECHNOLOGY CO., LIMITED -> )

HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

HKU\S-1-5-21-1276120112-1206609660-3957714281-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\User\AppData\Local\Microsoft\Teams\Update.exe [1789552 2019-07-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)

HKU\S-1-5-21-1276120112-1206609660-3957714281-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIUOE.EXE [416896 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

HKU\S-1-5-21-1276120112-1206609660-3957714281-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIUOE.EXE [416896 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

HKU\S-1-5-21-1276120112-1206609660-3957714281-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-11-26] (Adobe Inc. -> Adobe Systems Incorporated)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-27] (Google LLC -> Google LLC)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2019-12-16]

ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)

GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A76C822-94D8-4A38-A550-422040260696} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24629104 2020-01-08] (Microsoft Corporation -> Microsoft Corporation)

Task: {409A3F80-F134-4C5E-9A85-072F1E180835} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {42201141-70D4-4233-B03D-AE7A62EB72CB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {43F4F1D3-6BF2-4A85-BA5D-BD6073D46F2C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2024320 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {5721865D-7172-43BB-A4DC-C3ED0E7F1F8A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6128536 2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

Task: {579D56F6-A613-4901-9504-15F07DE1467F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158552 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {5AEF8F40-E66C-4DB9-9A55-EDB9855EAF91} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24629104 2020-01-08] (Microsoft Corporation -> Microsoft Corporation)

Task: {5B6DF1EE-F40C-4894-B587-9EF8CC5C1566} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {6D391B90-8E54-45D7-ABF2-E13F5AF4C913} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

Task: {7462A7CC-5D9C-4623-B59D-ED9A3484AE6E} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)

Task: {785F8D7B-5660-4F49-B985-50C205A4E032} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6128536 2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

Task: {875D7D6A-69E4-44E6-9FA5-E54FC84E6DDB} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"

Task: {893A5281-FCEB-43D1-90DD-54E280CD2FFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-17] (Google Inc -> Google LLC)

Task: {91A5DAFB-16A0-46B2-B4FF-B25D216F2238} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2050456 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {91F0C408-FC70-4413-8908-63C4C175716C} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [File not signed]

Task: {9F093984-6FD5-4E26-A3AA-59B2849F837A} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel® Software Development Products -> Intel Corporation)

Task: {A45C7365-4035-4F79-8369-02F4DF742D1D} - System32\Tasks\EPSON ET-2710 Series Update {74D41F01-1D29-4686-9292-AD54E15E88F6} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUOE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

Task: {AF0D71C9-5084-4869-A341-240B7CBC5C36} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158552 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {C896C1F8-55DF-4C48-B314-E30EB50683D9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2050456 2020-01-27] (Microsoft Corporation -> Microsoft Corporation)

Task: {CA30006E-B676-49EC-8818-2F970E3B0E67} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe

Task: {CB2FE7AC-6F94-4DDA-9DE5-28C21B8B6274} - System32\Tasks\AD_Postgres_down => sc stop postgresql-x64-9.3

Task: {E6F6C60B-5F3D-4F3A-A71C-DF59F3030DCC} - System32\Tasks\EPSON ET-2710 Series Update {34AAF178-0509-4EFD-A325-C27775E33FE6} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUOE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

Task: {E8B55EEF-D3E5-4F54-A6AD-4282D3904CF1} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel® Software Development Products -> Intel Corporation)

Task: {EF48A62C-837E-4982-876B-4451A934E156} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {F26D189E-F815-444C-99F2-063F7400979F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-11] (Adobe Inc. -> Adobe Systems)

Task: {FAB1FF94-6B64-4970-AA9E-31D1876660EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-05-17] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON ET-2710 Series Update {34AAF178-0509-4EFD-A325-C27775E33FE6}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUOE.EXE:/EXE:{34AAF178-0509-4EFD-A325-C27775E33FE6} /F:UpdateWORKGROUP\CARLS-ACER$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

Task: C:\WINDOWS\Tasks\EPSON ET-2710 Series Update {74D41F01-1D29-4686-9292-AD54E15E88F6}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUOE.EXE:/EXE:{74D41F01-1D29-4686-9292-AD54E15E88F6} /F:UpdateWORKGROUP\CARLS-ACER$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 40.89.161.88 crimecoast.com

Tcpip\Parameters: [DhcpNameServer] 172.16.1.254

Tcpip\..\Interfaces\{d9dfe960-cdcb-416d-b8cb-85f086bd9575}: [DhcpNameServer] 172.20.10.1

Tcpip\..\Interfaces\{e2162464-32a7-468d-879c-4a29aef84ce9}: [DhcpNameServer] 172.16.1.254

Internet Explorer:

==================

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

FireFox:

========

FF DefaultProfile: s2yk6800.default

FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s2yk6800.default [2019-09-04]

FF Extension: (ETP Search Volume Study) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s2yk6800.default\Extensions\[email protected] [2019-05-19]

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-12] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.422\npGoogleUpdate3.dll [2019-12-13] (Google LLC -> Google LLC)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)

Chrome:

=======

CHR DefaultProfile: Profile 1

CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-02-03]

CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-15]

CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-15]

CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-15]

CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-15]

CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-15]

CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-16]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-02-03]

CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-15]

CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-15]

CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-13]

CHR Extension: (Secure Shell App) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnhechapfaindjhompbnflcldabbghjo [2020-02-03]

CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2019-10-15]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)

R2 agent_ovpnconnect; C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1572521543794.exe [532992 2019-10-31] () [File not signed]

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8577760 2019-07-17] (BattlEye Innovations e.K. -> )

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11164232 2020-01-07] (Microsoft Corporation -> Microsoft Corporation)

R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [38248 2019-12-13] (IDSA Production signing key -> Intel)

R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [145768 2019-12-13] (IDSA Production signing key -> Intel)

R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2018-01-29] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [877368 2019-08-16] (Intel® Software Development Products -> )

R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [529696 2019-11-14] (Intel® Wireless Connectivity Solutions -> Intel Corporation)

S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel® Software Development Products -> Intel Corporation)

R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-10-21] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [974848 2019-03-01] (Microsoft Windows -> )

R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [204088 2019-08-16] (Intel® Software Development Products -> )

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12758528 2019-12-16] (TeamViewer GmbH -> TeamViewer Germany GmbH)

S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [877368 2019-08-16] (Intel® Software Development Products -> )

R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [15476144 2019-11-04] (VMware, Inc. -> )

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

R2 postgresql-x64-12; "C:\Program Files\PostgreSQL\12\bin\pg_ctl.exe" runservice -N "postgresql-x64-12" -D "C:\Program Files\PostgreSQL\12\data" -w

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbdisk3; C:\WINDOWS\system32\drivers\cbdisk3.sys [223936 2013-10-18] (EldoS Corporation -> EldoS Corporation)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [97912 2017-04-24] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)

R0 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [1094000 2019-03-07] (Intel® Rapid Storage Technology -> Intel Corporation)

R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [186656 2019-11-14] (Intel® Wireless Connectivity Solutions -> Intel Corporation)

R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [17408 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

S3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)

S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2018-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)

R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [8720672 2019-11-19] (Intel® Wireless Connectivity Solutions -> Intel Corporation)

R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [78656 2019-11-02] (Insecure.Com LLC -> Insecure.Com LLC.)

R1 npf; C:\WINDOWS\system32\DRIVERS\npf.sys [78656 2019-11-02] (Insecure.Com LLC -> Insecure.Com LLC.)

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvac.inf_amd64_d424a07e89ab274a\nvlddmkm.sys [17036560 2018-03-08] (NVIDIA Corporation -> NVIDIA Corporation)

S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-03] (NVIDIA Corporation -> NVIDIA Corporation)

S3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1167768 2019-10-21] (Realtek Semiconductor Corp. -> Realtek )

R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2017-04-11] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)

R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41816 2019-08-16] (Intel Corporation -> )

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166752 2019-07-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)

R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [66104 2018-05-10] (Synaptics Incorporated -> Synaptics Incorporated)

S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

S3 tapoas; C:\WINDOWS\System32\drivers\tapoas.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)

R3 tap_ovpnconnect; C:\WINDOWS\System32\drivers\tap_ovpnconnect.sys [39408 2019-10-31] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)

S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-08-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)

R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [58160 2019-04-01] (Tomasz Moń -> USBPcap)

R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2018-01-08] (VMware, Inc. -> VMware, Inc.)

R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [103224 2019-08-14] (VMware, Inc. -> VMware, Inc.)

R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc. -> VMware, Inc.)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-13] (Microsoft Windows -> Microsoft Corporation)

S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-13] (Microsoft Windows -> Microsoft Corporation)

U4 npcap_wifi; no ImagePath

U4 npf_wifi; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-03 12:39 - 2020-02-03 14:21 - 000037858 _____ C:\Users\User\Downloads\FRST.txt

2020-02-03 12:38 - 2020-02-03 14:20 - 000000000 ____D C:\FRST

2020-02-03 12:37 - 2020-02-03 12:37 - 002279424 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe

2020-02-03 12:29 - 2020-02-03 12:29 - 002798456 _____ (Sysinternals - www.sysinternals.com) C:\Users\User\Downloads\procexp.exe

2020-01-28 13:46 - 2020-01-28 13:46 - 000000000 ___HD C:\OneDriveTemp

2020-01-28 13:43 - 2020-01-28 13:43 - 000000004 ____H C:\ProgramData\cm-lock

2020-01-28 13:42 - 2020-01-28 13:49 - 000025532 _____ C:\WINDOWS\ntbtlog.txt

2020-01-28 13:41 - 2020-01-28 13:41 - 000000000 ____D C:\WINDOWS\pss

2020-01-21 22:25 - 2020-01-21 22:25 - 000110478 _____ C:\Users\User\Downloads\compresspng.zip

2020-01-17 00:45 - 2020-01-17 00:45 - 025900032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 025444352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 022627840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 019849216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 018020352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 009928208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2020-01-17 00:45 - 2020-01-17 00:45 - 008012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 007754752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 007600448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 007016448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 006520480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 005913600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 003729408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2020-01-17 00:45 - 2020-01-17 00:45 - 003703296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 003263488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 002801152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2020-01-17 00:45 - 2020-01-17 00:45 - 002716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2020-01-17 00:45 - 2020-01-17 00:45 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 002494464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 002473976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 001985928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 001835008 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 001697280 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 001664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 001655880 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 001610752 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 001399096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2020-01-17 00:45 - 2020-01-17 00:45 - 001330952 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 001106944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 001098720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 001072952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2020-01-17 00:45 - 2020-01-17 00:45 - 001051664 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 001020032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe

2020-01-17 00:45 - 2020-01-17 00:45 - 000842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000689664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000678712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaaut.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

2020-01-17 00:45 - 2020-01-17 00:45 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaaut.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2020-01-17 00:45 - 2020-01-17 00:45 - 000542496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000432256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe

2020-01-17 00:45 - 2020-01-17 00:45 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys

2020-01-17 00:45 - 2020-01-17 00:45 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000363840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe

2020-01-17 00:45 - 2020-01-17 00:45 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys

2020-01-17 00:45 - 2020-01-17 00:45 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV1.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe

2020-01-17 00:45 - 2020-01-17 00:45 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssrvlic.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe

2020-01-17 00:45 - 2020-01-17 00:45 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti_ci.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000162696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe

2020-01-17 00:45 - 2020-01-17 00:45 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiadss.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tsusbhub.sys

2020-01-17 00:45 - 2020-01-17 00:45 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000127520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiadss.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000089536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiarpc.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe

2020-01-17 00:45 - 2020-01-17 00:45 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enterpriseresourcemanager.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\LSCSHostPolicy.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lstelemetry.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDScan.sys

2020-01-17 00:45 - 2020-01-17 00:45 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiatrace.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiatrace.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll

2020-01-17 00:45 - 2020-01-17 00:45 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DMAlertListener.ProxyStub.dll

2020-01-17 00:35 - 2020-01-17 00:35 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe

2020-01-17 00:35 - 2020-01-17 00:35 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

2020-01-13 22:31 - 2020-01-13 22:31 - 000100356 _____ C:\Users\User\Downloads\ALPHA CARS (UK) LTD - P60 End of Year Summary for year 2018-19 for CARL SERVICE.pdf

2020-01-13 22:29 - 2020-01-16 11:00 - 000014691 _____ C:\Users\User\Downloads\Information request.xlsx

2020-01-13 20:47 - 2020-01-16 22:24 - 000019972 _____ C:\Users\User\Downloads\Amazon bookkeeping file.xlsx

2020-01-13 20:43 - 2020-01-13 21:41 - 000000000 ____D C:\Users\User\Documents\2018-19 Bank Statements

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-03 14:16 - 2019-08-16 17:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2020-02-03 14:16 - 2019-03-19 04:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2020-02-03 11:58 - 2019-05-17 21:37 - 000000000 ____D C:\Program Files (x86)\TeamViewer

2020-02-03 11:49 - 2019-03-19 04:52 - 000000000 ___HD C:\Program Files\WindowsApps

2020-02-03 11:49 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\AppReadiness

2020-02-03 11:40 - 2019-08-16 18:03 - 000004156 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{F3820418-0D7F-42CA-9680-B575E78F113F}

2020-01-28 13:50 - 2019-10-07 08:44 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData

2020-01-28 13:50 - 2019-10-07 08:44 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData

2020-01-28 13:47 - 2019-08-31 12:45 - 000000000 ___RD C:\Users\User\Creative Cloud Files

2020-01-28 13:46 - 2019-05-20 18:41 - 000000000 ___RD C:\Users\User\OneDrive - The Manchester College

2020-01-28 13:46 - 2019-04-25 13:42 - 000000000 ___RD C:\Users\User\OneDrive

2020-01-28 13:44 - 2019-04-25 13:38 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles

2020-01-28 13:43 - 2019-10-21 20:31 - 000000000 ____D C:\ProgramData\ssh

2020-01-28 13:43 - 2019-09-16 16:10 - 000000000 ____D C:\ProgramData\VMware

2020-01-28 13:42 - 2019-08-16 18:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2020-01-28 13:42 - 2019-05-17 20:57 - 000000000 ____D C:\ProgramData\NVIDIA

2020-01-28 13:42 - 2019-03-19 04:37 - 001310720 _____ C:\WINDOWS\system32\config\BBI

2020-01-27 14:39 - 2019-05-17 21:51 - 000000128 _____ C:\Users\User\AppData\Local\PUTTY.RND

2020-01-27 13:56 - 2019-05-17 21:29 - 000000000 ____D C:\Users\User\AppData\Roaming\FileZilla

2020-01-27 13:41 - 2019-03-19 04:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared

2020-01-27 13:40 - 2019-05-19 16:32 - 000000000 ____D C:\Program Files\Microsoft Office

2020-01-27 13:36 - 2019-05-17 21:24 - 000002305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2020-01-27 13:36 - 2019-05-17 21:24 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2020-01-27 13:36 - 2019-05-17 21:24 - 000002264 _____ C:\ProgramData\Desktop\Google Chrome.lnk

2020-01-27 13:35 - 2019-09-05 19:31 - 000000000 ___HD C:\adobeTemp

2020-01-27 13:35 - 2019-05-17 21:12 - 000000000 ____D C:\Users\User\AppData\Roaming\Adobe

2020-01-22 11:27 - 2019-03-19 04:50 - 000000000 ____D C:\WINDOWS\INF

2020-01-21 22:58 - 2019-12-17 16:34 - 000000000 ____D C:\Users\User\.zenmap

2020-01-21 19:52 - 2019-08-16 17:35 - 000485856 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2020-01-21 19:50 - 2019-03-19 04:52 - 000000000 ___SD C:\WINDOWS\system32\UNP

2020-01-21 19:50 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\SystemResources

2020-01-21 19:49 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\ShellExperiences

2020-01-21 19:49 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\bcastdvr

2020-01-21 19:43 - 2019-07-11 11:57 - 000000128 _____ C:\Users\User\AppData\Roaming\PUTTY.RND

2020-01-19 00:16 - 2019-08-16 18:03 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1276120112-1206609660-3957714281-1001

2020-01-19 00:15 - 2019-08-15 20:05 - 000002368 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2020-01-17 00:51 - 2019-05-17 21:45 - 000000000 ____D C:\WINDOWS\system32\MRT

2020-01-17 00:49 - 2019-05-17 21:45 - 120202352 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2020-01-17 00:49 - 2019-03-19 04:37 - 000000000 ____D C:\WINDOWS\CbsTemp

2020-01-16 23:20 - 2019-08-06 10:34 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics

2020-01-16 22:24 - 2019-10-27 19:24 - 000000000 ____D C:\Program Files (x86)\Intel

2020-01-16 22:22 - 2019-05-17 21:28 - 000000000 ____D C:\ProgramData\Package Cache

2020-01-16 22:21 - 2019-05-17 20:58 - 000000000 ____D C:\Program Files\Intel

2020-01-16 22:19 - 2019-10-27 19:26 - 000000000 ____D C:\Users\User\Downloads\Intel Driver and Support Assistant

2020-01-16 21:19 - 2019-05-17 21:17 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder

2020-01-16 21:01 - 2019-03-19 04:52 - 000000000 ____D C:\WINDOWS\system32\NDF

2020-01-16 20:56 - 2019-12-02 13:04 - 000000000 ____D C:\Users\User\AppData\Roaming\OpenVPN Connect

2020-01-16 20:52 - 2019-07-06 11:48 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps

2020-01-13 22:29 - 2019-05-17 21:12 - 000000000 ____D C:\Users\User\AppData\Local\Packages

2020-01-07 18:30 - 2019-05-20 07:25 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ========

2019-07-11 11:57 - 2020-01-21 19:43 - 000000128 _____ () C:\Users\User\AppData\Roaming\PUTTY.RND

2019-08-31 12:39 - 2019-08-31 12:39 - 000000410 _____ () C:\Users\User\AppData\Local\oobelibMkey.log

2019-05-17 21:51 - 2020-01-27 14:39 - 000000128 _____ () C:\Users\User\AppData\Local\PUTTY.RND

2019-10-27 21:09 - 2019-10-27 21:09 - 000000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg

2019-12-17 16:34 - 2020-01-21 22:51 - 000000286 _____ () C:\Users\User\AppData\Local\zenmap.exe.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Here is the additional.txt file:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-02-2020 02

Ran by User (03-02-2020 14:21:36)

Running from C:\Users\User\Downloads

Windows 10 Pro Version 1903 18362.592 (X64) (2019-08-16 18:04:20)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1276120112-1206609660-3957714281-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1276120112-1206609660-3957714281-503 - Limited - Disabled)

Guest (S-1-5-21-1276120112-1206609660-3957714281-501 - Limited - Disabled)

rach_ (S-1-5-21-1276120112-1206609660-3957714281-1002 - Limited - Enabled) => C:\Users\rach_

sshd (S-1-5-21-1276120112-1206609660-3957714281-1008 - Limited - Enabled)

User (S-1-5-21-1276120112-1206609660-3957714281-1001 - Administrator - Enabled) => C:\Users\User

WDAGUtilityAccount (S-1-5-21-1276120112-1206609660-3957714281-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccessData Evidence Processing Engine 10.16 (HKLM\...\{ED3748EE-1695-4B17-9506-52A6FF2073E5}) (Version: 10.16.1.9 - AccessData)

AccessData Forensic Toolkit 6.2 (HKLM\...\{248F07B1-B16D-49B1-8155-E794AF9BD711}) (Version: 6.2.1.10 - AccessData)

AccessData FTK Suite 6.2 (HKLM-x32\...\{282D2841-6F23-4969-A071-8283CC6E375D}) (Version: 6.2.1.10 - AccessData)

AccessData License Manager (HKLM-x32\...\{78BC8273-B8F7-4595-B804-D83C3279BE3D}) (Version: 3.1.12.3 - AccessData)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated)

CodeMeter Runtime Kit v5.21 (HKLM\...\{05CA69B3-6699-425F-8223-39E4E00B6581}) (Version: 5.21.1478.500 - WIBU-SYSTEMS AG)

Documentation Manager (HKLM\...\{FDDF7EA4-D624-4418-B3C5-1CF6247F844D}) (Version: 21.60.2.1 - Intel Corporation) Hidden

EPSON ET-2710 Series Printer Uninstall (HKLM\...\EPSON ET-2710 Series) (Version: - Seiko Epson Corporation)

Epson Event Manager (HKLM-x32\...\{15F081E3-93FF-4FF3-B447-42CC458C4F79}) (Version: 3.11.0021 - Seiko Epson Corporation)

EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.56.1.0 - Seiko Epson Corporation)

Epson Printer Connection Checker (HKLM-x32\...\{9ABD2971-9B8B-4958-9100-4EAFCC32A86D}) (Version: 3.0.0.0 - Seiko Epson Corporation)

Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)

Epson Software Updater (HKLM-x32\...\{0854CD22-DF5E-4587-B977-6FC9DB57B63D}) (Version: 4.5.0 - Seiko Epson Corporation)

EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)

FileZilla Client 3.46.3 (HKLM-x32\...\FileZilla Client) (Version: 3.46.3 - Tim Kosse)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden

Grammarly for Microsoft® Office Suite (HKLM\...\{774C6AE6-94F7-431B-B3C5-F0C5CC518935}) (Version: 6.7.201 - Grammarly) Hidden

Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-1276120112-1206609660-3957714281-1001\...\{91a57459-1019-492e-aa14-04edbec439f1}) (Version: 6.7.201 - Grammarly)

Intel Driver && Support Assistant (HKLM-x32\...\{3EAAD5EA-1D87-442D-8426-FD4FCE62119D}) (Version: 19.12.50.5 - Intel) Hidden

Intel® Computing Improvement Program (HKLM\...\{A9133872-C9FE-45CC-8F01-D1947B0F09EA}) (Version: 2.4.04755 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.2.1002 - Intel Corporation)

Intel® Wireless Bluetooth® (HKLM-x32\...\{00000060-0210-1033-84C8-B8D95FA3C8C3}) (Version: 21.60.0.4 - Intel Corporation)

Intel® Driver & Support Assistant (HKLM-x32\...\{8d174f37-ea1a-4e4d-be82-c10521a3c687}) (Version: 19.12.50.5 - Intel)

Intel® Software Installer (HKLM-x32\...\{91984066-e894-49de-ac7d-b2ef4fe7b446}) (Version: 21.60.2.1 - Intel Corporation) Hidden

iSunshare Windows Password Genius Standard Trial 6.1.3 (HKLM-x32\...\iSunshare Windows Password Genius Standard Trial) (Version: 6.1.3 - iSunshare)

Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.12325.20344 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1276120112-1206609660-3957714281-1001\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.20.27508 (HKLM-x32\...\{7b178cda-9740-4701-a92a-f168d213b343}) (Version: 14.20.27508.1 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.20.27508 (HKLM-x32\...\{8c3f057e-d6a6-4338-ac6a-f1c795a6577b}) (Version: 14.20.27508.1 - Microsoft Corporation)

Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)

Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1276120112-1206609660-3957714281-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.40.2 - Microsoft Corporation)

Mozilla Firefox 68.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 68.0.2 (x64 en-GB)) (Version: 68.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.5 - Mozilla)

MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden

MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)

Nmap 7.80 (HKLM-x32\...\Nmap) (Version: 7.80 - Nmap Project)

Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.8.1 - Notepad++ Team)

Npcap (HKLM-x32\...\NpcapInst) (Version: 0.9984 - Nmap Project)

NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12325.20344 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12325.20344 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12325.20344 - Microsoft Corporation) Hidden

OpenVPN Connect (HKLM\...\{AA492A62-7C1E-4C28-8D0E-2BD2D99B72BC}) (Version: 3.1.0 - OpenVPN Technologies)

PostgreSQL 12 (HKLM\...\PostgreSQL 12) (Version: 12 - PostgreSQL Global Development Group)

PuTTY release 0.71 (64-bit) (HKLM\...\{B27534DB-4F72-4F49-A3AD-5EC1B6901E5E}) (Version: 0.71.0.0 - Simon Tatham)

Python 3.2.3 (64-bit) (HKLM\...\{789C9644-9F82-44d3-B4CA-AC31F46F5883}) (Version: 3.2.3150 - Python Software Foundation)

Python 3.7.3 (32-bit) (HKU\S-1-5-21-1276120112-1206609660-3957714281-1001\...\{24ac8299-2abd-4ddd-8be3-031debb6093c}) (Version: 3.7.3150.0 - Python Software Foundation)

Python 3.7.3 Core Interpreter (32-bit) (HKLM-x32\...\{33AB9CEA-621E-4064-9FB0-7048E79DB5B5}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden

Python 3.7.3 Development Libraries (32-bit) (HKLM-x32\...\{52DDE5D8-B45C-4C1D-81DD-D72317DE8B08}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden

Python 3.7.3 Documentation (32-bit) (HKLM-x32\...\{2BC067C0-B392-49C0-988B-C839C62D8B65}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden

Python 3.7.3 Executables (32-bit) (HKLM-x32\...\{E3E61712-C062-45E7-8348-D7DBF66FACFD}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden

Python 3.7.3 pip Bootstrap (32-bit) (HKLM-x32\...\{9846DC93-4A39-496F-8AE3-0E3AB4EF4385}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden

Python 3.7.3 Standard Library (32-bit) (HKLM-x32\...\{DC6190E7-D05E-465A-9FB6-7418BC901991}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden

Python 3.7.3 Tcl/Tk Support (32-bit) (HKLM-x32\...\{1341418F-C713-4943-ACB2-9F4D4743D193}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden

Python 3.7.3 Test Suite (32-bit) (HKLM-x32\...\{FE5E4BF9-7487-4CE8-A2AC-F78C6B4BE487}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden

Python 3.7.3 Utility Scripts (32-bit) (HKLM-x32\...\{AE9303AD-EBD0-4C85-A9D0-55B1BA972D11}) (Version: 3.7.3150.0 - Python Software Foundation) Hidden

Python Launcher (HKLM-x32\...\{A28C27E4-A725-482A-9C65-61EDC0E4D583}) (Version: 3.7.6657.0 - Python Software Foundation)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.36.701.2019 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8555 - Realtek Semiconductor Corp.)

Syncios 6.6.5 (HKLM-x32\...\Syncios) (Version: 6.6.5 - Anvsoft)

TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.1.3937 - TeamViewer)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)

USBPcap 1.3.0.0 (HKLM\...\USBPcap) (Version: 1.3.0.0 - Tomasz Mon)

VMware Workstation (HKLM\...\{C975449F-C205-4CBF-9911-680F2E5F810B}) (Version: 15.5.1 - VMware, Inc.)

Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)

Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22807 - Microsoft Corporation)

Windows 7 USB/DVD Download Tool (HKLM-x32\...\{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}) (Version: 1.0.30 - Microsoft Corporation)

WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

Wireshark 3.0.7 64-bit (HKLM-x32\...\Wireshark) (Version: 3.0.7 - The Wireshark developer community, hxxps://www.wireshark.org)

Packages:

=========

Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-08-31] (Adobe Systems Incorporated)

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-05-17] (Microsoft Corporation) [MS Ad]

Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-05-17] (Microsoft Corporation) [MS Ad]

Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Studios) [MS Ad]

MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-23] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1276120112-1206609660-3957714281-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0

CustomCLSID: HKU\S-1-5-21-1276120112-1206609660-3957714281-1001_Classes\CLSID\{04271989-C4D2-4AC4-DD6B-3264C0364E37} -> [OneDrive - The Manchester College] => C:\Users\User\OneDrive - The Manchester College [2019-05-20 18:41]

CustomCLSID: HKU\S-1-5-21-1276120112-1206609660-3957714281-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5} -> [Creative Cloud Files] => C:\Users\User\Creative Cloud Files [2019-08-31 12:45]

CustomCLSID: HKU\S-1-5-21-1276120112-1206609660-3957714281-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)

CustomCLSID: HKU\S-1-5-21-1276120112-1206609660-3957714281-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\User\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.201\743E272006\GrammarlyShim64.dll (Grammarly, Inc. -> CompanyName)

CustomCLSID: HKU\S-1-5-21-1276120112-1206609660-3957714281-1001_Classes\CLSID\{4BE56754-B616-4998-B825-D16983AEE1B2}\InprocServer32 -> C:\Users\User\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.7.201\743E272006\Grammarly.AddIn.Connect.ActiveX.dll (Grammarly, Inc. -> Grammarly)

CustomCLSID: HKU\S-1-5-21-1276120112-1206609660-3957714281-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2019-10-06] (Notepad++ -> )

ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2019-11-04] (VMware, Inc. -> VMware, Inc.)

ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2019-11-04] (VMware, Inc. -> VMware, Inc.)

ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_420c659363620fe7\igfxDTCM.dll [2017-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-19] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll -> No File

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2019-11-13 01:38 - 2019-11-13 01:38 - 000100352 _____ () [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\driverMgr4Transfer.dll

2019-11-14 06:39 - 2019-11-14 06:39 - 001515008 _____ () [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\DuiLib.dll

2019-11-14 05:55 - 2019-11-14 05:55 - 002081792 _____ () [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\exiv0.27.2.dll

2018-03-15 00:55 - 2018-03-15 00:55 - 001487360 _____ () [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\exiv2.dll

2018-03-15 00:55 - 2018-03-15 00:55 - 000104448 _____ () [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\expat.dll

2019-11-13 01:38 - 2019-11-13 01:38 - 000034304 _____ () [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\generalFunc.dll

2018-12-29 02:51 - 2018-12-29 02:51 - 001042432 _____ () [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\libandroidrecovery.dll

2019-11-14 05:55 - 2019-11-14 05:55 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\libexiv2json.dll

2019-11-13 01:38 - 2019-11-13 01:38 - 000769024 _____ () [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\libheic.dll

2017-10-30 00:42 - 2017-10-30 00:42 - 001970688 _____ () [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\libplist.dll

2019-11-13 01:38 - 2019-11-13 01:38 - 000605184 _____ () [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\libsscan.dll

2019-07-09 06:09 - 2019-07-09 06:09 - 000791552 _____ () [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\sqlite3.dll

2017-10-30 00:41 - 2017-10-30 00:41 - 000066048 _____ () [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\zlib1.dll

2019-12-16 14:40 - 2019-11-14 04:07 - 000293888 _____ () [File not signed] C:\Program Files\PostgreSQL\12\bin\LIBPQ.dll

2019-12-16 14:33 - 2019-11-14 04:07 - 002269696 _____ () [File not signed] C:\Program Files\PostgreSQL\12\bin\libxml2.dll

2019-12-16 14:33 - 2019-11-14 04:07 - 001872271 _____ (Free Software Foundation) [File not signed] C:\Program Files\PostgreSQL\12\bin\libiconv-2.dll

2019-12-16 14:33 - 2019-11-14 04:07 - 000829175 _____ (Free Software Foundation) [File not signed] C:\Program Files\PostgreSQL\12\bin\libintl-8.dll

2018-12-26 08:00 - 2018-12-26 08:00 - 000086070 _____ (Open Source Software community project) [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\pthreadVC2.dll

2017-10-30 00:39 - 2017-10-30 00:39 - 001374720 _____ (Pizzolato Davide - www.xdp.it) [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\cximage.dll

2019-08-16 14:29 - 2019-08-16 14:29 - 001635840 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll

2017-02-13 13:54 - 2017-02-13 13:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll

2009-10-21 16:39 - 2009-10-21 16:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll

2019-02-22 16:01 - 2019-02-22 16:01 - 000704512 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Configration_00000171\MepCfg.dll

2019-02-22 14:09 - 2019-02-22 14:09 - 000475136 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON\MyEpson Portal\Online Manual_00000013\MepFAQ.dll

2016-09-14 13:31 - 2016-09-14 13:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll

2019-08-16 14:29 - 2019-08-16 14:29 - 001902080 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\sqlite3.DLL

2019-08-16 14:29 - 2019-08-16 14:29 - 001902080 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

2018-12-26 08:00 - 2018-12-26 08:00 - 000360448 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\libcurl.dll

2019-12-16 14:33 - 2019-11-14 04:07 - 021529088 _____ (The ICU Project) [File not signed] C:\Program Files\PostgreSQL\12\bin\icudt53.dll

2019-12-16 14:33 - 2019-11-14 04:07 - 001844224 _____ (The ICU Project) [File not signed] C:\Program Files\PostgreSQL\12\bin\icuin53.dll

2019-12-16 14:33 - 2019-11-14 04:07 - 001317376 _____ (The ICU Project) [File not signed] C:\Program Files\PostgreSQL\12\bin\icuuc53.dll

2018-12-26 08:00 - 2018-12-26 08:00 - 002106880 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\libcrypto-1_1.dll

2018-12-26 08:00 - 2018-12-26 08:00 - 000370176 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\libssl-1_1.dll

2019-12-16 14:33 - 2019-11-14 04:07 - 002831872 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\PostgreSQL\12\bin\libcrypto-1_1-x64.dll

2019-12-16 14:33 - 2019-11-14 04:07 - 000681984 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files\PostgreSQL\12\bin\libssl-1_1-x64.dll

2019-11-13 01:38 - 2019-11-13 01:38 - 001327616 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\androidSyncCore.dll

2019-11-13 01:38 - 2019-11-13 01:38 - 000016896 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\Anvsoft\Syncios\geneLog.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1276120112-1206609660-3957714281-1001\...\sharepoint.com -> hxxps://mancoll-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-05-17 21:38 - 2019-12-02 11:40 - 000000873 _____ C:\WINDOWS\system32\drivers\etc\hosts

40.89.161.88 crimecoast.com

2019-06-17 18:10 - 2019-11-12 10:42 - 000000717 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

192.168.235.113 carls-acer.mshome.net # 2024 11 0 10 10 42 50 46

172.17.139.51 kali.mshome.net # 2019 11 1 18 19 35 10 433

172.17.11.38 WIN-I4UK6TVIM4D.mshome.net # 2019 11 2 19 9 31 33 408

172.17.11.42 WIN-K9AQ9E3VGO2.mshome.net # 2019 11 2 19 9 31 33 499

18 0 446

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1276120112-1206609660-3957714281-1001\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 172.16.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

Windows Firewall is enabled.

Network Binding:

=============

Ethernet 2: VMware Bridge Protocol -> vmware_bridge (enabled)

Ethernet 2: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled)

Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled)

Ethernet: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled)

Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

WiFi: VMware Bridge Protocol -> vmware_bridge (enabled)

WiFi: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled)

WiFi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

Npcap Loopback Adapter: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

Npcap Loopback Adapter: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled)

Npcap Loopback Adapter: VMware Bridge Protocol -> vmware_bridge (enabled)

VMware Network Adapter VMnet11: VMware Bridge Protocol -> vmware_bridge (disabled)

VMware Network Adapter VMnet11: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

VMware Network Adapter VMnet11: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled)

VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled)

VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

VMware Network Adapter VMnet8: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled)

Bluetooth Network Connection: VMware Bridge Protocol -> vmware_bridge (enabled)

Bluetooth Network Connection: Npcap Packet Driver (NPF) -> INSECURE_NPF (enabled)

Bluetooth Network Connection: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"

HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"

HKU\S-1-5-21-1276120112-1206609660-3957714281-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

HKU\S-1-5-21-1276120112-1206609660-3957714281-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5C9D3BA0-FBE3-4127-956D-B1FC1B946011}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

FirewallRules: [{C6CEFF81-107D-4BD9-B017-F822662585CF}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)

FirewallRules: [{23479EBC-74A7-4405-BCA8-2FEFF97B4C11}] => (Allow) C:\Users\User\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File

FirewallRules: [{E0F0238B-D12E-4602-B6BC-00E377404CEA}] => (Allow) C:\Users\User\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe No File

FirewallRules: [{8579F471-EB14-4DBE-B498-A67FE2342F85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win64\BlackSquadGame.exe No File

FirewallRules: [{60C8E2DB-5AE2-4CC5-B39F-4B16AA5D5462}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Black Squad\binaries\win64\BlackSquadGame.exe No File

FirewallRules: [{5B01D34B-55C9-49A4-B364-196A954B97F9}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File

FirewallRules: [{EBB1B986-30E5-4019-A84D-F20578A198C2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File

FirewallRules: [{43298DC0-82E3-414C-8379-455BE52A56C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File

FirewallRules: [{88225106-9BD8-4500-9748-14A2686975A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File

FirewallRules: [{23637E6A-5FD8-424D-AFD3-228B57F5C961}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{B47EF8EE-5CEC-4AB9-A8DE-A77C05EBCC94}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{CDFC80AA-D926-4E0B-ABD4-6BBBA08E1077}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{030AF0D5-E03C-4BE3-9247-8F4C671B130B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{FA65D806-653E-4489-B624-DB6DA9E15608}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{49F087B0-6493-4552-BDF5-C9C9A2AC3FCD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [TCP Query User{E0DE2B93-3455-4E05-BF4B-3F87EFFDBBE9}C:\program files\windowsapps\15191peakplayer.50533f9b98293_3.0.2.0_x64__y5c4dfz5b21fm\player\apps\vlc\vlc.exe] => (Block) C:\program files\windowsapps\15191peakplayer.50533f9b98293_3.0.2.0_x64__y5c4dfz5b21fm\player\apps\vlc\vlc.exe No File

FirewallRules: [UDP Query User{A1E174EF-A71C-4C19-8B5E-021CDB3F5C86}C:\program files\windowsapps\15191peakplayer.50533f9b98293_3.0.2.0_x64__y5c4dfz5b21fm\player\apps\vlc\vlc.exe] => (Block) C:\program files\windowsapps\15191peakplayer.50533f9b98293_3.0.2.0_x64__y5c4dfz5b21fm\player\apps\vlc\vlc.exe No File

FirewallRules: [TCP Query User{0D9EC6E9-7C89-435A-A5E1-8AE3DE2DA9FA}C:\program files (x86)\vmware\vmware workstation\x64\vmware-vmx.exe] => (Allow) C:\program files (x86)\vmware\vmware workstation\x64\vmware-vmx.exe (VMware, Inc. -> VMware, Inc.)

FirewallRules: [UDP Query User{7BE379C0-5F10-448C-935B-EE69CA161706}C:\program files (x86)\vmware\vmware workstation\x64\vmware-vmx.exe] => (Allow) C:\program files (x86)\vmware\vmware workstation\x64\vmware-vmx.exe (VMware, Inc. -> VMware, Inc.)

FirewallRules: [{5656F304-E317-4C68-B5C9-8835D08DBB45}] => (Block) C:\program files (x86)\vmware\vmware workstation\x64\vmware-vmx.exe (VMware, Inc. -> VMware, Inc.)

FirewallRules: [{B326C59D-3D9D-4A5C-B2F4-4A4F881FCAF3}] => (Block) C:\program files (x86)\vmware\vmware workstation\x64\vmware-vmx.exe (VMware, Inc. -> VMware, Inc.)

FirewallRules: [{871FA9C1-8601-4549-A2AF-3AEAB74FCC09}] => (Allow) LPort=5900

FirewallRules: [{B9D77A8D-5521-4001-8877-24DD68124F90}] => (Allow) LPort=9

FirewallRules: [OpenSSH-Server-In-TCP] => (Allow) %SystemRoot%\system32\OpenSSH\sshd.exe No File

FirewallRules: [sshd] => (Allow) LPort=22

FirewallRules: [{8945BBDA-1246-4486-92A6-5AC247A51B9C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{2F43951F-34B8-4816-9615-072D5AAD0E8E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{B3AB9E78-6907-4796-B030-F7BD55FD2709}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{9AA3067B-43A0-4DAD-8707-A18C35BECD9F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{7CAD809F-163C-45A4-83B4-E75CB6E934F9}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )

FirewallRules: [{F3384411-894C-4E2F-9FF4-2E22BB438ACE}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )

FirewallRules: [{C2E9AA20-2C1C-4851-A157-381EA024575B}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )

FirewallRules: [{BE9CC033-011F-4209-BBFA-C3C030A81B1E}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )

FirewallRules: [{2BC73D69-9190-4460-9245-A81D7AC4730B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [HNS Container Networking - DNS (UDP-In) - 45FE92A6-3448-499A-9F23-71E410F4EC27 - 0] => (Allow) LPort=53

FirewallRules: [{D28A0031-7245-4615-B581-5C0385B6B999}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File

FirewallRules: [{3406874F-F433-43C2-8604-CD4217BCCF43}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe No File

FirewallRules: [{9CB3C96A-7031-4B54-8F68-F3DDE497EFEC}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)

FirewallRules: [{2D3995CD-6CB0-4ADC-AFC3-5288B52F69A6}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)

FirewallRules: [{651C6C42-A652-4D5A-AD2A-07EC08ABA112}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )

FirewallRules: [{11007618-BC6D-4378-8699-86D10A184D47}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (VMware, Inc. -> )

FirewallRules: [{E765F168-BFC3-4CF7-A739-4E91B65C19B4}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)

FirewallRules: [{13F8BDF0-0057-447C-AB61-6FCDF843FAE4}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)

FirewallRules: [{3A2CB0E8-ADE6-4BC4-BFC3-E6C8AF730429}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)

FirewallRules: [{F5000406-79D1-4F0D-BC95-EFC82C9DFFFA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{7FD92AD5-7251-4FDB-BAF5-1F7F6682A37B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{EBA1B5D9-6994-4EE6-8E7C-50F5C8573442}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{CD38760D-D8D0-495F-BDA2-6710E6B5E36C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{F59BE477-F761-4EA3-9803-E4EDFC7CBE8E}] => (Allow) C:\Program Files (x86)\Anvsoft\Syncios\pdt_syncios.exe (ANVSOFT TECHNOLOGY CO., LIMITED -> Syncios Data Transfer)

FirewallRules: [{CA978148-C04E-4024-AE75-9293EA74D813}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)

FirewallRules: [{18CAE9CD-ECA1-4D72-BE77-F5CDD65C1C0D}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG -> WIBU-SYSTEMS AG)

FirewallRules: [{42159410-6C3F-4118-85BE-0C6814EA3E09}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Restore Points =========================

07-01-2020 20:19:45 Scheduled Checkpoint

16-01-2020 22:22:56 Installed Intel® Wireless Bluetooth®

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

Error: (02/03/2020 01:09:05 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (2232,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/03/2020 12:42:53 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (15412,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/03/2020 11:59:15 AM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (15356,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/28/2020 02:04:14 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (6108,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/28/2020 01:48:03 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: CARLS-ACER)

Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (01/27/2020 02:56:23 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (16292,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/27/2020 01:43:37 PM) (Source: ESENT) (EventID: 455) (User: )

Description: svchost (13988,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (01/27/2020 01:35:18 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)

Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 19232 and the required size was 46656.

System errors:

=============

Error: (02/03/2020 11:47:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.

Error: (02/03/2020 11:45:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9WZDNCRFJ364-MICROSOFT.SKYPEAPP.

Error: (02/03/2020 11:44:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NZKPSTSNW4P-Microsoft.XboxGamingOverlay.

Error: (01/28/2020 01:47:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Energy Server Service queencreek service did not respond on starting.

Error: (01/28/2020 01:44:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

Error: (01/28/2020 01:44:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (01/28/2020 01:41:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The OpenSSH SSH Server service terminated unexpectedly. It has done this 1 time(s).

Error: (01/28/2020 01:41:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Windows Defender:

===================================

Date: 2020-02-03 12:56:42.229

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {C1CC57C8-27F9-4977-BE9C-C6E03C03F4BE}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-12-17 10:35:02.501

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {36250FC3-CE3B-472D-8F3B-F63B82EA41F1}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-12-13 02:46:05.503

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {EA47A4B2-2D60-443D-92A8-B2B61AD03059}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-11-07 13:26:36.778

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {781E42A0-3751-440F-9501-D8B8176B48A4}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-11-07 13:04:02.067

Description:

Windows Defender Antivirus scan has been stopped before completion.

Scan ID: {C96FBB12-3081-4FA6-9CDB-84EAB6F419EA}

Scan Type: Antimalware

Scan Parameters: Quick Scan

Date: 2019-12-08 21:11:33.385

Description:

Windows Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.305.3285.0

Update Source: Microsoft Malware Protection Center

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16500.1

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Date: 2019-12-08 21:11:33.385

Description:

Windows Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.305.3285.0

Update Source: Microsoft Malware Protection Center

Security intelligence Type: AntiSpyware

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16500.1

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Date: 2019-12-08 21:11:33.384

Description:

Windows Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.305.3285.0

Update Source: Microsoft Malware Protection Center

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16500.1

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Date: 2019-12-08 21:11:33.375

Description:

Windows Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.305.3285.0

Update Source: Microsoft Malware Protection Center

Security intelligence Type: AntiVirus

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16500.1

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

Date: 2019-12-08 21:11:33.375

Description:

Windows Defender Antivirus has encountered an error trying to update security intelligence.

New security intelligence Version:

Previous security intelligence Version: 1.305.3285.0

Update Source: Microsoft Malware Protection Center

Security intelligence Type: AntiSpyware

Update Type: Full

Current Engine Version:

Previous Engine Version: 1.1.16500.1

Error code: 0x80072ee7

Error description: The server name or address could not be resolved

CodeIntegrity:

===================================

Date: 2020-01-15 21:29:22.885

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-01-15 21:29:22.874

Description:

Date: 2020-01-15 21:29:22.716

Description:

Date: 2020-01-15 21:29:22.704

Description:

Date: 2020-01-15 21:29:22.691

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-01-15 21:29:22.678

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-01-15 21:29:22.357

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-01-15 21:29:22.331

Description:

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Insyde Corp. V1.08 06/15/2017

Motherboard: KBL Dragonite_KL

Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz

Percentage of memory in use: 37%

Total physical RAM: 16259.6 MB

Available physical RAM: 10174.41 MB

Total Virtual: 18691.6 MB

Available Virtual: 11742.25 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:930.4 GB) (Free:709.43 GB) NTFS

\\?\Volume{87165229-f631-4a09-8e4d-1ec4087bcc30}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.54 GB) NTFS

\\?\Volume{4c4db02a-5b8e-413c-b0d0-accb90faa16a}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 9A91E1C3)

Partition: GPT.

==================== End of Addition.txt =======================

#2
RKinner

Posted 03 February 2020 - 04:31 PM

Malware Expert

Expert
24,625 posts

Uninstall:

Intel® Computing Improvement Program (HKLM\...\{A9133872-C9FE-45CC-8F01-D1947B0F09EA}) (Version: 2.4.04755 - Intel Corporation)

Intel® Driver & Support Assistant (HKLM-x32\...\{8d174f37-ea1a-4e4d-be82-c10521a3c687}) (Version: 19.12.50.5 - Intel)

Did you just install TeamViewer?

Did you install Wireshark?

Do you need: Syncios 6.6.5?

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name.   Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER.    Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin. It will install and then start the program.
It will tell you to click on the Start button but there isn't one.
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds. Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.

#3
CarlM24

Posted 03 February 2020 - 06:04 PM

Member

Topic Starter
Member
13 posts

I uninstalled both the programmes you stated plus TeamViewer and Syncios. I've not used TeamViewer for a while and Syncios didn't even do what I downloaded it for. As for Wireshark, I use that alot for my studies.

Thanks again for your help. Please see the requested logs below.

Process Explorer - RKinner.exe:

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

System Idle Process 82.74 60 K 8 K 0

chrome.exe 6.06 71,284 K 100,928 K 10680 Google Chrome Google LLC (Verified) Google LLC

procexp64.exe 2.92 31,364 K 59,372 K 14700 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

chrome.exe 2.52 101,248 K 118,716 K 12576 Google Chrome Google LLC (Verified) Google LLC

dwm.exe 1.82 61,968 K 93,812 K 7936

Interrupts 1.18 0 K 0 K n/a Hardware Interrupts and DPCs

svchost.exe 1.01 33,728 K 40,684 K 4392 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

System 1.00 204 K 2,396 K 4

csrss.exe 0.29 2,564 K 6,016 K 5576

explorer.exe 0.15 83,764 K 171,748 K 15440 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows

MsMpEng.exe 0.11 198,380 K 256,084 K 5112 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Windows Publisher

NVDisplay.Container.exe 0.08 23,356 K 25,196 K 13212

chrome.exe 0.04 75,128 K 142,752 K 10068 Google Chrome Google LLC (Verified) Google LLC

chrome.exe 0.02 18,160 K 34,848 K 6788 Google Chrome Google LLC (Verified) Google LLC

svchost.exe 0.02 7,388 K 17,116 K 3332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

chrome.exe 0.01 27,164 K 46,984 K 9296 Google Chrome Google LLC (Verified) Google LLC

svchost.exe 0.01 10,988 K 18,412 K 360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

RuntimeBroker.exe 0.01 1,828 K 7,632 K 13628 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 0.01 9,668 K 31,016 K 12712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

chrome.exe 0.01 59,504 K 90,864 K 13236 Google Chrome Google LLC (Verified) Google LLC

AGMService.exe < 0.01 2,440 K 12,140 K 4180 Adobe Genuine Software Service Adobe Systems, Incorporated (Verified) Adobe Inc.

vmware-hostd.exe < 0.01 34,164 K 62,188 K 5320 (Verified) VMware, Inc.

conhost.exe < 0.01 6,712 K 10,620 K 5748

OfficeClickToRun.exe < 0.01 36,288 K 64,008 K 4232 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation

svchost.exe < 0.01 11,220 K 40,668 K 6212 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 3,216 K 9,668 K 532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

lsass.exe < 0.01 8,808 K 19,288 K 816 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher

vmnat.exe < 0.01 2,448 K 6,808 K 4884 VMware NAT Service VMware, Inc. (Verified) VMware, Inc.

vmware-usbarbitrator64.exe < 0.01 2,880 K 9,716 K 4840 VMware USB Arbitration Service VMware, Inc. (Verified) VMware, Inc.

svchost.exe < 0.01 15,728 K 34,888 K 948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 142,400 K 143,080 K 2500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 5,728 K 18,748 K 8080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 8,588 K 17,368 K 3700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

YourPhoneServer.exe 2,980 K 13,060 K 8344 (No signature was present in the subject)

YourPhone.exe Suspended 12,792 K 16,604 K 16164 (No signature was present in the subject)

WmiPrvSE.exe 25,840 K 34,224 K 14712

wlanext.exe 1,212 K 3,932 K 4164

WinStore.App.exe Suspended 43,820 K 732 K 10376 Store Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

winlogon.exe 2,420 K 9,852 K 14580

wininit.exe 1,432 K 4,420 K 724

vmware-authd.exe 6,544 K 11,740 K 4780 VMware Authorization Service VMware, Inc. (Verified) VMware, Inc.

vmnetdhcp.exe 7,824 K 4,456 K 4804 VMware VMnet DHCP service VMware, Inc. (Verified) VMware, Inc.

unsecapp.exe 1,352 K 4,768 K 5552

Time.exe Suspended 14,772 K 3,820 K 11736 (No signature was present in the subject)

taskhostw.exe 6,900 K 17,416 K 11992 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 3,056 K 7,644 K 2836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,140 K 11,552 K 3872 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 15,160 K 31,404 K 4376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,044 K 10,324 K 5288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,104 K 7,256 K 2552 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 12,600 K 19,972 K 3376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,892 K 10,660 K 2488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,472 K 5,804 K 2164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,900 K 9,184 K 2028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,808 K 6,088 K 4516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 9,024 K 17,668 K 4368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,216 K 17,636 K 3644 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,060 K 5,984 K 3048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,108 K 9,096 K 3232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,088 K 6,284 K 2424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,616 K 9,208 K 1296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,236 K 10,884 K 1528 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,756 K 19,316 K 4960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,280 K 17,636 K 5368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 9,404 K 29,652 K 10572 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 16,804 K 19,056 K 1776 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,768 K 12,420 K 3740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,328 K 20,280 K 7908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,992 K 9,244 K 1740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,856 K 14,612 K 1328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 9,916 K 17,012 K 2068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,392 K 3,988 K 2520 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,532 K 9,804 K 7888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,136 K 6,488 K 2508 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,544 K 14,596 K 3064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,836 K 5,104 K 3216 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,012 K 10,440 K 7700 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,796 K 4,512 K 1748 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,772 K 7,724 K 9500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,432 K 7,028 K 4656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,596 K 13,128 K 2272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,588 K 11,088 K 1156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,232 K 5,468 K 3920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,632 K 10,392 K 8992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,748 K 9,632 K 10896 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,904 K 8,172 K 10380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,024 K 7,536 K 2900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,432 K 12,332 K 7024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,592 K 9,908 K 1376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,904 K 11,480 K 1440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,716 K 18,672 K 9916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 968 K 2,180 K 924 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,868 K 9,812 K 1348 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,464 K 3,596 K 1356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,892 K 6,048 K 1364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,288 K 7,428 K 1564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,808 K 5,624 K 1816 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,500 K 5,612 K 1988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,740 K 4,800 K 2208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,924 K 6,488 K 2220 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,044 K 7,064 K 2708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,236 K 6,616 K 2736 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,916 K 5,892 K 2880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,372 K 6,012 K 3152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,688 K 4,532 K 4628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,192 K 10,308 K 4724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,288 K 3,428 K 4756 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,616 K 3,940 K 4976 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,640 K 4,452 K 5920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3,612 K 10,648 K 5928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,848 K 5,668 K 6392 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,824 K 6,096 K 8044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,244 K 8,124 K 9036 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,344 K 4,820 K 10624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 4,892 K 15,628 K 13368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,832 K 6,928 K 13524 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

StartMenuExperienceHost.exe 25,216 K 74,044 K 13164 (Verified) Microsoft Windows

sshd.exe 1,544 K 5,376 K 4684 (Verified) Microsoft Windows

ssh-agent.exe 1,164 K 3,348 K 4648 (Verified) Microsoft Windows

spoolsv.exe 6,832 K 18,324 K 3844 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows

smss.exe 1,192 K 652 K 392

smartscreen.exe 9,144 K 25,408 K 11716 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows

sihost.exe 7,072 K 27,996 K 10172 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows

ShellExperienceHost.exe 24,956 K 73,672 K 12100 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows

SgrmBroker.exe 3,936 K 5,628 K 14000 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher

SettingSyncHost.exe 6,540 K 16,508 K 11408 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows

services.exe 5,868 K 9,692 K 796

SecurityHealthSystray.exe 1,876 K 12,240 K 11548 Windows Security notification icon Microsoft Corporation (Verified) Microsoft Windows

SecurityHealthService.exe 5,368 K 16,476 K 6560 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher

SecurityHealthHost.exe 2,416 K 14,480 K 4896 Windows Security Health Host Microsoft Corporation (Verified) Microsoft Windows

SearchUI.exe Suspended 145,940 K 235,588 K 1052 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows

SearchIndexer.exe 54,068 K 68,432 K 4304 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 18,820 K 51,952 K 10736 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 6,052 K 25,500 K 10316 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 6,136 K 24,728 K 9052 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 5,532 K 21,108 K 4912 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 1,644 K 7,508 K 8372 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 2,516 K 13,668 K 8052 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 3,164 K 19,584 K 7240 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 5,188 K 26,828 K 11964 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RemindersServer.exe Suspended 7,512 K 21,180 K 6916 Reminders WinRT OOP Server Microsoft Corporation (Verified) Microsoft Windows

Registry 16,712 K 65,692 K 96

procexp.exe 4,536 K 10,760 K 10724 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

PresentationFontCache.exe 25,548 K 17,608 K 7776 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation

postgres.exe 2,116 K 5,076 K 6492

postgres.exe 2,424 K 6,368 K 6468

postgres.exe 2,392 K 9,328 K 6476

postgres.exe 2,600 K 24,324 K 5664

postgres.exe 3,012 K 6,932 K 6484

postgres.exe 2,972 K 5,804 K 6500

postgres.exe 2,132 K 4,912 K 6188

postgres.exe 2,456 K 6,528 K 6460

pg_ctl.exe 1,532 K 5,016 K 4636 pg_ctl - starts/stops/restarts the PostgreSQL server PostgreSQL Global Development Group (No signature was present in the subject) PostgreSQL Global Development Group

OneDrive.exe 16,864 K 53,296 K 1668 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation

OneDrive.exe 23,928 K 55,612 K 7016 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation

NVDisplay.Container.exe 3,096 K 10,376 K 2340 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation

NisSrv.exe 5,968 K 9,488 K 8492 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Windows Publisher

msdtc.exe 3,856 K 8,484 K 13788 Microsoft Distributed Transaction Coordinator Service Microsoft Corporation (Verified) Microsoft Windows

MicrosoftEdgeSH.exe Suspended 3,864 K 13,492 K 9780 Microsoft Edge Web Platform Microsoft Corporation (Verified) Microsoft Windows

MicrosoftEdgeCP.exe Suspended 5,744 K 25,508 K 220 Microsoft Edge Content Process Microsoft Corporation (Verified) Microsoft Windows

MicrosoftEdge.exe Suspended 22,360 K 20,232 K 4000 Microsoft Edge Microsoft Corporation (Verified) Microsoft Corporation

Memory Compression 232 K 17,272 K 2676

IntelCpHeciSvc.exe 3,712 K 10,192 K 5424 IntelCpHeciSvc Executable Intel Corporation (Verified) Intel® pGFX

IntelCpHDCPSvc.exe 1,604 K 5,568 K 4316 Intel HD Graphics Drivers for Windows® Intel Corporation (Verified) Intel® pGFX

igfxEM.exe 3,456 K 13,904 K 13556 igfxEM Module Intel Corporation (Verified) Intel® pGFX

igfxCUIService.exe 1,756 K 6,784 K 2764 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX

ibtsiva.exe 1,144 K 3,256 K 4508 Intel® Wireless Bluetooth® iBtSiva Service Intel Corporation (Verified) Intel® Wireless Connectivity Solutions

IAStorIcon.exe 34,076 K 39,180 K 9776 IAStorIcon Intel Corporation (Verified) Intel® Rapid Storage Technology

IAStorDataMgrSvc.exe 54,832 K 66,588 K 4536 IAStorDataSvc Intel Corporation (Verified) Intel® Rapid Storage Technology

HxTsr.exe Suspended 14,328 K 11,464 K 10416 Microsoft Outlook Communications Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

HxOutlook.exe Suspended 38,928 K 2,068 K 6888 Microsoft Outlook Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

GoogleCrashHandler64.exe 1,748 K 560 K 11148

GoogleCrashHandler.exe 1,800 K 432 K 960

fontdrvhost.exe 4,172 K 10,044 K 12920

fontdrvhost.exe 1,608 K 2,900 K 968

dllhost.exe 5,612 K 13,076 K 12616 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows

dllhost.exe 3,068 K 8,228 K 7468

dasHost.exe 4,816 K 13,088 K 2356

ctfmon.exe 7,044 K 18,220 K 1288

csrss.exe 1,816 K 3,996 K 624

conhost.exe 6,460 K 9,528 K 4200

chrome.exe 13,144 K 20,700 K 11900 Google Chrome Google LLC (Verified) Google LLC

chrome.exe 30,272 K 51,344 K 15252 Google Chrome Google LLC (Verified) Google LLC

chrome.exe 39,908 K 62,920 K 11152 Google Chrome Google LLC (Verified) Google LLC

chrome.exe 27,548 K 48,388 K 5176 Google Chrome Google LLC (Verified) Google LLC

chrome.exe 1,696 K 6,596 K 7424 Google Chrome Google LLC (Verified) Google LLC

chrome.exe 1,984 K 8,756 K 10052 Google Chrome Google LLC (Verified) Google LLC

Calculator.exe Suspended 20,780 K 2,704 K 1196 (No signature was present in the subject)

browser_broker.exe 1,664 K 8,268 K 6332 Browser_Broker Microsoft Corporation (Verified) Microsoft Windows

backgroundTaskHost.exe Suspended 4,876 K 22,620 K 13048 Background Task Host Microsoft Corporation (Verified) Microsoft Windows

audiodg.exe 18,752 K 26,300 K 1704

armsvc.exe 1,472 K 6,128 K 4100 Adobe Acrobat Update Service Adobe Systems (Verified) Adobe Inc.

ApplicationFrameHost.exe 24,728 K 43,592 K 9644 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows

AGSService.exe 2,052 K 12,172 K 4208 Adobe Genuine Software Integrity Service Adobe Systems, Incorporated (Verified) Adobe Inc.

agent_ovpnconnect_1572521543794.exe 1,648 K 5,672 K 4148

Junk.txt:

Image Name PID Services

========================= ======== ============================================

System Idle Process 0 N/A

System 4 N/A

Registry 96 N/A

smss.exe 392 N/A

csrss.exe 624 N/A

wininit.exe 724 N/A

services.exe 796 N/A

lsass.exe 816 KeyIso, SamSs, VaultSvc

svchost.exe 924 PlugPlay

svchost.exe 948 BrokerInfrastructure, DcomLaunch, Power,

SystemEventsBroker

fontdrvhost.exe 968 N/A

svchost.exe 360 RpcEptMapper, RpcSs

svchost.exe 532 LSM

svchost.exe 1156 TermService

svchost.exe 1296 NcbService

svchost.exe 1328 Schedule

svchost.exe 1348 BthAvctpSvc

svchost.exe 1356 lmhosts

svchost.exe 1364 BTAGService

svchost.exe 1376 bthserv

svchost.exe 1440 ProfSvc

svchost.exe 1528 TimeBrokerSvc

svchost.exe 1564 DisplayEnhancementService

svchost.exe 1740 UserManager

svchost.exe 1748 CoreMessagingRegistrar

svchost.exe 1776 EventLog

svchost.exe 1816 UmRdpService

svchost.exe 1988 DispBrokerDesktopSvc

svchost.exe 2028 nsi

svchost.exe 2068 StateRepository

svchost.exe 2164 Dhcp

svchost.exe 2208 DeviceAssociationService

svchost.exe 2220 CertPropSvc

NVDisplay.Container.exe 2340 NVDisplay.ContainerLocalSystem

dasHost.exe 2356 N/A

svchost.exe 2424 LanmanWorkstation

svchost.exe 2488 NlaSvc

svchost.exe 2500 SysMain

svchost.exe 2508 EventSystem

svchost.exe 2520 Themes

svchost.exe 2552 Dnscache

Memory Compression 2676 N/A

svchost.exe 2708 SENS

svchost.exe 2736 SessionEnv

igfxCUIService.exe 2764 igfxCUIService2.0.0.0

svchost.exe 2836 netprofm

svchost.exe 2880 AudioEndpointBuilder

svchost.exe 2900 FontCache

svchost.exe 3048 WinHttpAutoProxySvc

svchost.exe 3064 lfsvc

svchost.exe 2272 Audiosrv

svchost.exe 3152 SSDPSRV

svchost.exe 3216 DusmSvc

svchost.exe 3232 Wcmsvc

svchost.exe 3332 DoSvc

svchost.exe 3376 BFE, mpssvc

svchost.exe 3644 WlanSvc

svchost.exe 3700 Winmgmt

svchost.exe 3740 ShellHWDetection

spoolsv.exe 3844 Spooler

svchost.exe 3872 iphlpsvc

armsvc.exe 4100 AdobeARMservice

agent_ovpnconnect_1572521 4148 agent_ovpnconnect

wlanext.exe 4164 N/A

AGMService.exe 4180 AGMService

conhost.exe 4200 N/A

AGSService.exe 4208 AGSService

OfficeClickToRun.exe 4232 ClickToRunSvc

IntelCpHDCPSvc.exe 4316 cplspcon

svchost.exe 4368 CryptSvc

svchost.exe 4376 DiagTrack

svchost.exe 4392 DPS

ibtsiva.exe 4508 ibtsiva

svchost.exe 4516 IKEEXT

svchost.exe 4628 SstpSvc

pg_ctl.exe 4636 postgresql-x64-12

ssh-agent.exe 4648 ssh-agent

svchost.exe 4656 LanmanServer

sshd.exe 4684 sshd

svchost.exe 4724 stisvc

svchost.exe 4756 TrkWks

vmware-authd.exe 4780 VMAuthdService

vmnetdhcp.exe 4804 VMnetDHCP

vmware-usbarbitrator64.ex 4840 VMUSBArbService

vmnat.exe 4884 VMware NAT Service

svchost.exe 4960 WpnService

svchost.exe 4976 WdiSystemHost

MsMpEng.exe 5112 WinDefend

svchost.exe 3920 TapiSrv

svchost.exe 5288 StorSvc

IntelCpHeciSvc.exe 5424 cphs

unsecapp.exe 5552 N/A

postgres.exe 5664 N/A

conhost.exe 5748 N/A

svchost.exe 5920 WdiServiceHost

svchost.exe 5928 RasMan

vmware-hostd.exe 5320 VMwareHostd

postgres.exe 6188 N/A

svchost.exe 6392 PolicyAgent

postgres.exe 6460 N/A

postgres.exe 6468 N/A

postgres.exe 6476 N/A

postgres.exe 6484 N/A

postgres.exe 6492 N/A

postgres.exe 6500 N/A

dllhost.exe 7468 N/A

PresentationFontCache.exe 7776 FontCache3.0.0.0

svchost.exe 7908 TokenBroker

svchost.exe 8044 TabletInputService

svchost.exe 8080 CDPSvc

svchost.exe 9036 NgcCtnrSvc

NisSrv.exe 8492 WdNisSvc

SearchIndexer.exe 4304 WSearch

svchost.exe 7024 LicenseManager

svchost.exe 9916 InstallService

SecurityHealthService.exe 6560 SecurityHealthService

svchost.exe 10624 seclogon

svchost.exe 10896 PcaSvc

svchost.exe 10380 Appinfo

GoogleCrashHandler.exe 960 N/A

GoogleCrashHandler64.exe 11148 N/A

IAStorDataMgrSvc.exe 4536 IAStorDataMgrSvc

msdtc.exe 13788 MSDTC

SgrmBroker.exe 14000 SgrmBroker

svchost.exe 13368 UsoSvc

svchost.exe 8992 wscsvc

svchost.exe 7700 WbioSrvc

svchost.exe 7888 camsvc

audiodg.exe 1704 N/A

WmiPrvSE.exe 14712 N/A

csrss.exe 5576 N/A

winlogon.exe 14580 N/A

fontdrvhost.exe 12920 N/A

dwm.exe 7936 N/A

NVDisplay.Container.exe 13212 N/A

svchost.exe 9500 NgcSvc

sihost.exe 10172 N/A

svchost.exe 12712 CDPUserSvc_1289f53

svchost.exe 6212 WpnUserService_1289f53

taskhostw.exe 11992 N/A

explorer.exe 15440 N/A

igfxEM.exe 13556 N/A

svchost.exe 5368 cbdhsvc_1289f53

svchost.exe 10572 OneSyncSvc_1289f53,

PimIndexMaintenanceSvc_1289f53,

UnistoreSvc_1289f53, UserDataSvc_1289f53

StartMenuExperienceHost.e 13164 N/A

RuntimeBroker.exe 10316 N/A

SearchUI.exe 1052 N/A

RuntimeBroker.exe 10736 N/A

RemindersServer.exe 6916 N/A

ctfmon.exe 1288 N/A

YourPhone.exe 16164 N/A

SettingSyncHost.exe 11408 N/A

RuntimeBroker.exe 13628 N/A

YourPhoneServer.exe 8344 N/A

SecurityHealthSystray.exe 11548 N/A

OneDrive.exe 1668 N/A

OneDrive.exe 7016 N/A

ApplicationFrameHost.exe 9644 N/A

WinStore.App.exe 10376 N/A

RuntimeBroker.exe 4912 N/A

dllhost.exe 12616 N/A

RuntimeBroker.exe 11964 N/A

IAStorIcon.exe 9776 N/A

Calculator.exe 1196 N/A

HxOutlook.exe 6888 N/A

RuntimeBroker.exe 7240 N/A

HxTsr.exe 10416 N/A

Time.exe 11736 N/A

RuntimeBroker.exe 8052 N/A

MicrosoftEdge.exe 4000 N/A

browser_broker.exe 6332 N/A

RuntimeBroker.exe 8372 N/A

MicrosoftEdgeCP.exe 220 N/A

MicrosoftEdgeSH.exe 9780 N/A

smartscreen.exe 11716 N/A

chrome.exe 10068 N/A

chrome.exe 7424 N/A

chrome.exe 10052 N/A

chrome.exe 12576 N/A

chrome.exe 6788 N/A

chrome.exe 11152 N/A

chrome.exe 13236 N/A

chrome.exe 15252 N/A

chrome.exe 5176 N/A

chrome.exe 9296 N/A

SecurityHealthHost.exe 4896 N/A

ShellExperienceHost.exe 12100 N/A

RuntimeBroker.exe 9052 N/A

chrome.exe 11900 N/A

SearchProtocolHost.exe 5792 N/A

SearchFilterHost.exe 2916 N/A

SystemSettings.exe 5824 N/A

svchost.exe 13176 wlidsvc

svchost.exe 12784 AppXSvc

SearchProtocolHost.exe 14924 N/A

WindowsInternal.Composabl 9948 N/A

cmd.exe 13992 N/A

conhost.exe 10448 N/A

backgroundTaskHost.exe 11696 N/A

tasklist.exe 14644 N/A

WmiPrvSE.exe 15936 N/A

Speccy:

I was unable to locate my OS serial number, unfortunately.

LatencyMon:

_________________________________________________________________________________________________________

CONCLUSION

_________________________________________________________________________________________________________

Your system appears to be suitable for handling real-time audio and other tasks without dropouts.

LatencyMon has been analyzing your system for 0:00:33 (h:mm:ss) on all processors.

_________________________________________________________________________________________________________

SYSTEM INFORMATION

_________________________________________________________________________________________________________

Computer name: CARLS-ACER

OS version: Windows 10 , 10.0, build: 18363 (x64)

Hardware: Aspire A517-51G, Acer, KBL, Dragonite_KL

CPU: GenuineIntel Intel® Core™ i5-7200U CPU @ 2.50GHz

Logical processors: 4

Processor groups: 1

RAM: 16259 MB total

_________________________________________________________________________________________________________

CPU SPEED

_________________________________________________________________________________________________________

Reported CPU speed: 2712 MHz

Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.

WARNING: the CPU speed that was measured is only a fraction of the CPU speed reported. Your CPUs may be throttled back due to variable speed settings and thermal issues. It is suggested that you run a utility which reports your actual CPU frequency and temperature.

_________________________________________________________________________________________________________

MEASURED INTERRUPT TO USER PROCESS LATENCIES

_________________________________________________________________________________________________________

The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.

Highest measured interrupt to process latency (µs): 455.80

Average measured interrupt to process latency (µs): 3.885109

Highest measured interrupt to DPC latency (µs): 424.90

Average measured interrupt to DPC latency (µs): 0.990247

_________________________________________________________________________________________________________

REPORTED ISRs

_________________________________________________________________________________________________________

Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.

Highest ISR routine execution time (µs): 29.648599

Driver with highest ISR routine execution time: Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation

Highest reported total ISR routine time (%): 0.004775

Driver with highest ISR total time: Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation

Total time spent in ISRs (%) 0.004775

ISR count (execution time <250 µs): 765

ISR count (execution time 250-500 µs): 0

ISR count (execution time 500-999 µs): 0

ISR count (execution time 1000-1999 µs): 0

ISR count (execution time 2000-3999 µs): 0

ISR count (execution time >=4000 µs): 0

_________________________________________________________________________________________________________

REPORTED DPCs

_________________________________________________________________________________________________________

DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.

Highest DPC routine execution time (µs): 454.735988

Driver with highest DPC routine execution time: ntoskrnl.exe - NT Kernel & System, Microsoft Corporation

Highest reported total DPC routine time (%): 0.017273

Driver with highest DPC total execution time: iaStorAC.sys - Intel® Rapid Storage Technology driver - x64, Intel Corporation

Total time spent in DPCs (%) 0.077859

DPC count (execution time <250 µs): 37928

DPC count (execution time 250-500 µs): 0

DPC count (execution time 500-999 µs): 1

DPC count (execution time 1000-1999 µs): 0

DPC count (execution time 2000-3999 µs): 0

DPC count (execution time >=4000 µs): 0

_________________________________________________________________________________________________________

REPORTED HARD PAGEFAULTS

_________________________________________________________________________________________________________

Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.

NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.

Process with highest pagefault count: system

Total number of hard pagefaults 14

Hard pagefault count of hardest hit process: 7

Number of processes hit: 5

_________________________________________________________________________________________________________

PER CPU DATA

_________________________________________________________________________________________________________

CPU 0 Interrupt cycle time (s): 0.265035

CPU 0 ISR highest execution time (µs): 29.648599

CPU 0 ISR total execution time (s): 0.006302

CPU 0 ISR count: 765

CPU 0 DPC highest execution time (µs): 454.735988

CPU 0 DPC total execution time (s): 0.072601

CPU 0 DPC count: 32444

_________________________________________________________________________________________________________

CPU 1 Interrupt cycle time (s): 0.126404

CPU 1 ISR highest execution time (µs): 0.0

CPU 1 ISR total execution time (s): 0.0

CPU 1 ISR count: 0

CPU 1 DPC highest execution time (µs): 103.529867

CPU 1 DPC total execution time (s): 0.008921

CPU 1 DPC count: 1842

_________________________________________________________________________________________________________

CPU 2 Interrupt cycle time (s): 0.096917

CPU 2 ISR highest execution time (µs): 0.0

CPU 2 ISR total execution time (s): 0.0

CPU 2 ISR count: 0

CPU 2 DPC highest execution time (µs): 85.99410

CPU 2 DPC total execution time (s): 0.008893

CPU 2 DPC count: 1567

_________________________________________________________________________________________________________

CPU 3 Interrupt cycle time (s): 0.107057

CPU 3 ISR highest execution time (µs): 0.0

CPU 3 ISR total execution time (s): 0.0

CPU 3 ISR count: 0

CPU 3 DPC highest execution time (µs): 110.623525

CPU 3 DPC total execution time (s): 0.012359

CPU 3 DPC count: 2076

_________________________________________________________________________________________________________

Attached Files

Speccy - RKinner.txt 153.08KB 372 downloads

Edited by CarlM24, 03 February 2020 - 06:42 PM.

#4
RKinner

Posted 04 February 2020 - 09:35 AM

Malware Expert

Expert
24,625 posts

Go to

chrome://settings/

Find:

On Startup

Click on

Open The New Tab Page.

Find:

Search engine
Search engine used in the address bar - change to Google

Click on Manage search engines

For each search engine except Google under Default Search Engines, click on the three bars and select Remove From List.

Scroll to the bottom and click on Advanced.

Now scroll to where it says System and turn off

Continue running background apps when Google Chrome is closed

Under

Privacy and security

turn off:

Preload pages for faster browsing and searching

That should cut down the number of Chrome.exe programs running. Restart Chrome so that the changes take effect.

Get Ublock Origin for Chrome:

https://chrome.googl...hjbkeiagm?hl=en

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)

Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

(I use two spaces so you can be sure to see where one space goes.)
Hit Enter. This will take a while (10-20 minutes) to complete. Once the prompt returns:

Reboot. Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow

This will also take a few minutes.

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt

Hit Enter. Then type:

notepad %UserProfile%\desktop\junk.txt

Hit Enter.

Copy the text from notepad and paste it into a reply.

After you finish SFC, regardless of the result:

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Search for:

msconfig

hit Enter.

Under the Boot Tab make sure Boot Log is unchecked. OK

No need to reboot yet.

Download the attached fixlist.txt to the same location as FRST

fixlist.txt 7.19KB 175 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

Run Process Explorer as before and post the log.

Speccy (apparently they have stopped putting in the serial number. Sorry for the confusion) says your hard drive has problems:

BB
                                           Attribute name   Reported Uncorrectable Errors
                                           Real value   9,706,626,351,136
                                           Current   100
                                           Worst   99
                                           Threshold   0
                                           Raw Value   0000040020
                                           Status   Good

Errors like these will cause commands to be repeated which will slow down response besides it's a possible indicator of upcoming failure:

https://www.backblaz...drive-failures/

It also says your drive has been dropped:

BF
                                           Attribute name   G-sense error rate
                                           Real value   1,544
                                           Current   94
                                           Worst   94
                                           Threshold   0
                                           Raw Value   0000000608
                                           Status   Good

You should consider cloning it before it dies. The drive is a laptop (2.5") 1 TB SATA. I recommend either a Western Digital Black or a Samsung EVO (SSD). You will get the best performance with an SSD but unfortunately the Samsung cloning software that really works well won't work with most USB-SATA adapters.

#5
CarlM24

Posted 05 February 2020 - 03:21 PM

Member

Topic Starter
Member
13 posts

I'm not sure if it matters, but I ran VEW.exe last night but forgot to save the logs, so I have had to run them again today after I had already completed all the listed steps. Also, there was an error in the 1st VEW.exe - System log which showed there was an issue with my hard drive and stated I should replace asap; further supporting your theory on my hard drive being on it's way out. Funnily enough, I was looking at replacing the HDD for an SSD, so I appreciate the recommendation

I done as directed with Chrome, but Process Explorer still shows a high number of processes being run by Chrome - as you will see further down.

The sfc scan found and fixed corrupted files successfully; so thank you for that

VEW - System Log:

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 05/02/2020 20:59:24

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 05/02/2020 05:05:30

Type: Error Category: 0

Event: 7034 Source: Service Control Manager

The OpenSSH SSH Server service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 05/02/2020 05:05:28

Type: Error Category: 0

Event: 7031 Source: Service Control Manager

The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 05/02/2020 20:50:55

Type: Warning Category: 0

Event: 0 Source: hcmon

Detected unrecognized USB driver (\Driver\USBPcap).

Log: 'System' Date/Time: 05/02/2020 20:40:55

Type: Warning Category: 0

Event: 0 Source: hcmon

Detected unrecognized USB driver (\Driver\USBPcap).

Log: 'System' Date/Time: 05/02/2020 20:32:39

Type: Warning Category: 0

Event: 0 Source: hcmon

Detected unrecognized USB driver (\Driver\USBPcap).

Log: 'System' Date/Time: 05/02/2020 20:32:25

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user CARLS-ACER\User SID (S-1-5-21-1276120112-1206609660-3957714281-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 05/02/2020 20:31:02

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {0358B920-0AC7-461F-98F4-58E32CD89148} and APPID {3EB3C877-1F16-487C-9050-104DBCD66683} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 05/02/2020 20:31:02

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 05/02/2020 20:31:01

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 05/02/2020 20:30:54

Type: Warning Category: 0

Event: 0 Source: hcmon

Detected unrecognized USB driver (\Driver\USBPcap).

Log: 'System' Date/Time: 05/02/2020 07:11:19

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user CARLS-ACER\User SID (S-1-5-21-1276120112-1206609660-3957714281-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18362.449_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 05/02/2020 07:07:34

Type: Warning Category: 0

Event: 0 Source: hcmon

Detected unrecognized USB driver (\Driver\USBPcap).

Log: 'System' Date/Time: 05/02/2020 07:05:23

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 05/02/2020 07:04:07

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 05/02/2020 07:03:10

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 05/02/2020 06:57:34

Type: Warning Category: 0

Event: 0 Source: hcmon

Detected unrecognized USB driver (\Driver\USBPcap).

Log: 'System' Date/Time: 05/02/2020 06:56:22

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 05/02/2020 06:47:34

Type: Warning Category: 0

Event: 0 Source: hcmon

Detected unrecognized USB driver (\Driver\USBPcap).

Log: 'System' Date/Time: 05/02/2020 06:44:48

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 05/02/2020 06:38:22

Type: Warning Category: 0

Event: 0 Source: hcmon

Detected unrecognized USB driver (\Driver\USBPcap).

Log: 'System' Date/Time: 05/02/2020 06:38:09

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 05/02/2020 06:37:34

Type: Warning Category: 0

Event: 0 Source: hcmon

Detected unrecognized USB driver (\Driver\USBPcap).

VEW - Application:

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 05/02/2020 20:48:16

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 05/02/2020 20:48:15

Type: Error Category: 0

Event: 16385 Source: Microsoft-Windows-Security-SPP

Failed to schedule Software Protection service for re-start at 2120-01-12T20:48:15Z. Error Code: 0x80070005.

Log: 'Application' Date/Time: 05/02/2020 20:48:13

Type: Error Category: 1

Event: 490 Source: ESENT

svchost (4440,R,98) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRU.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 05/02/2020 20:48:03

Type: Error Category: 3

Event: 455 Source: ESENT

svchost (4440,R,98) SRUJet: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU.log.

Log: 'Application' Date/Time: 05/02/2020 20:48:03

Type: Error Category: 1

Event: 490 Source: ESENT

svchost (4440,R,98) SRUJet: An attempt to open the file "C:\WINDOWS\system32\SRU\SRU.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 05/02/2020 20:47:53

Type: Error Category: 1

Event: 490 Source: ESENT

Log: 'Application' Date/Time: 05/02/2020 20:47:45

Type: Error Category: 0

Event: 16385 Source: Microsoft-Windows-Security-SPP

Failed to schedule Software Protection service for re-start at 2120-01-12T20:47:45Z. Error Code: 0x80070005.

Log: 'Application' Date/Time: 05/02/2020 20:47:43

Type: Error Category: 3

Event: 455 Source: ESENT

svchost (4440,R,98) SRUJet: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU.log.

Log: 'Application' Date/Time: 05/02/2020 20:47:43

Type: Error Category: 1

Event: 490 Source: ESENT

Log: 'Application' Date/Time: 05/02/2020 20:47:33

Type: Error Category: 1

Event: 490 Source: ESENT

Log: 'Application' Date/Time: 05/02/2020 20:47:23

Type: Error Category: 3

Event: 455 Source: ESENT

svchost (4440,R,98) SRUJet: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU.log.

Log: 'Application' Date/Time: 05/02/2020 20:47:23

Type: Error Category: 1

Event: 490 Source: ESENT

Log: 'Application' Date/Time: 05/02/2020 20:47:15

Type: Error Category: 0

Event: 16385 Source: Microsoft-Windows-Security-SPP

Failed to schedule Software Protection service for re-start at 2120-01-12T20:47:14Z. Error Code: 0x80070005.

Log: 'Application' Date/Time: 05/02/2020 20:47:13

Type: Error Category: 1

Event: 490 Source: ESENT

Log: 'Application' Date/Time: 05/02/2020 20:47:03

Type: Error Category: 3

Event: 455 Source: ESENT

svchost (4440,R,98) SRUJet: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU.log.

Log: 'Application' Date/Time: 05/02/2020 20:47:03

Type: Error Category: 1

Event: 490 Source: ESENT

Log: 'Application' Date/Time: 05/02/2020 20:46:53

Type: Error Category: 1

Event: 490 Source: ESENT

Log: 'Application' Date/Time: 05/02/2020 20:46:44

Type: Error Category: 0

Event: 16385 Source: Microsoft-Windows-Security-SPP

Failed to schedule Software Protection service for re-start at 2120-01-12T20:46:44Z. Error Code: 0x80070005.

Log: 'Application' Date/Time: 05/02/2020 20:46:43

Type: Error Category: 3

Event: 455 Source: ESENT

svchost (4440,R,98) SRUJet: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU.log.

Log: 'Application' Date/Time: 05/02/2020 20:46:43

Type: Error Category: 1

Event: 490 Source: ESENT

Log: 'Application' Date/Time: 05/02/2020 20:46:33

Type: Error Category: 1

Event: 490 Source: ESENT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2020 02

Ran by User (administrator) on CARLS-ACER (Acer Aspire A517-51G) (05-02-2020 20:33:36)

Running from C:\Users\User\Desktop

Loaded Profiles: User (Available Profiles: User & rach_)

Platform: Windows 10 Pro Version 1909 18363.592 (X64) Language: English (United Kingdom)

Default browser: Chrome

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1572521543794.exe

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe

(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe