Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with sluggish computer not rendering images properly

rendering Revit GPU Dell AMD graphics

  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,944 posts
  • MVP

Uninstall Bonjour.

Your version is ancient and doesn't work correctly on Win 10.

 

If you need it you can download iTunes or "download the current iTunes installer and unpack its components. One of them is Bonjour. Double- Bonjour64.msi file to install it."

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   8.74KB   201 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

 

 

After the fix list has run, go to Control Panel, Programs & Features and you should find:

 

Worksharing Monitor for Autodesk Revit 2019
Worksharing Monitor for Autodesk Revit 2020

 

Attempt to uninstall both of them.

 

You are one version behind in your Windows.  Easiest way to update is to go to

https://www.microsof...nload/windows10

Click on Update Now and follow the instructions.  That will probably give you a new version of kernelbase.dll

You can now reinstall Revit.
 

The bluescreenview program says you have a bad driver.

 

Open an Elevated Command Prompt:
win 10: http://www.howtogeek...-in-windows-10/

 

Type:

sigverif

hit Enter.

 

It should show you a list of files which are not signed.  Can you take a screenshot or just write down the names if it's not too many.

 

Run FRST as before (right click and Run As Admin) but do not hit SCAN.  Instead put

netaapl64.sys

in the search box and hit  Search Files

 

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.


 

 




 


  • 0

Advertisements


#32
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Ok, I've said "au revoir" to bonjour. iPhone app appears to be working without it, so it can stay gone as far as I'm concerned. Unless I have to DFU mode my phone (only ever had to do that once, 12 years ago, after a failed jailbreak), and so long as i3tools recognises my phone it's unnecessary. Cool story, Tracy :popcorn:

Windows updated itself this morning. How would I test for the replacement kernel file?

 

Both worksharing monitor copies are deleted. It's not a necessary component to me, so there is no need to reinstall just for it. I have reinstalled Revit already as I needed to use it.

 

FRST and Driver report/list below.

 

I am about to reboot and run FRST again.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2020
Ran by tracy (11-04-2020 03:25:08) Run:1
Running from C:\Users\tracy\Downloads
Loaded Profiles: tracy (Available Profiles: tracy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\MountPoints2: {1d9c011f-1f49-11ea-aa21-b0c090a3360c} - "F:\AutoRun.exe"
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\MountPoints2: {1d9c0208-1f49-11ea-aa21-b0c090a3360c} - "E:\AutoRun.exe"
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\MountPoints2: {b03b418e-2519-11ea-aa25-b0c090a3360c} - "F:\AutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2019-12-23]
ShortcutTarget: Virtual Router Manager.lnk -> C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe () [File not signed]
Startup: C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk [2020-02-16]
ShortcutTarget: GenuineService.lnk -> C:\Users\tracy\Autodesk\Genuine Service\GenuineService.exe (No File)
S4 Virtual Router; "L:\VirtualRouterService.exe" [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\System32\drivers\ew_juwwanecm.sys [X]
2020-04-06 18:13 - 2019-10-30 02:47 - 000000000 ____D C:\Users\tracy\AppData\Roaming\iFunbox_UserCache
Worksharing Monitor for Autodesk Revit 2019 (HKLM\...\{5063E738-1901-0010-0000-7B7B9AB0B696}) (Version: 19.0.1.1 - Autodesk) Hidden
Worksharing Monitor for Autodesk Revit 2020 (HKLM\...\{5063E738-2001-0010-0000-7B7B9AB0B696}) (Version: 20.0.0.377 - Autodesk) Hidden
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
HKLM\...\StartupApproved\StartupFolder: => "Virtual Router Manager.lnk"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\StartupApproved\Run: => "Web Companion"
C:\Program Files (x86)\i-Funbox DevTeam
C:\PROGRA~1\PAINTS~1
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:


*****************

"HKU\S-1-5-21-792678858-599442959-1286739730-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully
HKU\S-1-5-21-792678858-599442959-1286739730-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9c011f-1f49-11ea-aa21-b0c090a3360c} => removed successfully
HKU\S-1-5-21-792678858-599442959-1286739730-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9c0208-1f49-11ea-aa21-b0c090a3360c} => removed successfully
HKU\S-1-5-21-792678858-599442959-1286739730-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b03b418e-2519-11ea-aa25-b0c090a3360c} => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk => moved successfully
C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe => moved successfully
C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GenuineService.lnk => moved successfully
C:\Users\tracy\Autodesk\Genuine Service\GenuineService.exe => moved successfully
HKLM\System\CurrentControlSet\Services\Virtual Router => removed successfully
Virtual Router => service removed successfully
HKLM\System\CurrentControlSet\Services\ew_hwusbdev => removed successfully
ew_hwusbdev => service removed successfully
HKLM\System\CurrentControlSet\Services\ew_usbenumfilter => removed successfully
ew_usbenumfilter => service removed successfully
HKLM\System\CurrentControlSet\Services\huawei_cdcacm => removed successfully
huawei_cdcacm => service removed successfully
HKLM\System\CurrentControlSet\Services\huawei_enumerator => removed successfully
huawei_enumerator => service removed successfully
HKLM\System\CurrentControlSet\Services\huawei_ext_ctrl => removed successfully
huawei_ext_ctrl => service removed successfully
HKLM\System\CurrentControlSet\Services\huawei_wwanecm => removed successfully
huawei_wwanecm => service removed successfully
C:\Users\tracy\AppData\Roaming\iFunbox_UserCache => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5063E738-1901-0010-0000-7B7B9AB0B696}\\SystemComponent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5063E738-2001-0010-0000-7B7B9AB0B696}\\SystemComponent" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\Virtual Router Manager.lnk" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Autodesk Desktop App" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Autodesk Desktop App" => removed successfully
"HKU\S-1-5-21-792678858-599442959-1286739730-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Web Companion" => removed successfully
"HKU\S-1-5-21-792678858-599442959-1286739730-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => not found
"C:\Program Files (x86)\i-Funbox DevTeam" => not found
C:\PROGRA~1\PAINTS~1 => moved successfully

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-LiveId/Analytic.
Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational.
Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic.
The instance name passed was not recognized as valid by a WMI data provider.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 03:26:08 ====

 

---------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Signature verification results:

The following files have not been digitally signed:

t-base_client_api.dll  C://Windows/System32

netaapl64.sys   C://Windows/System32/drivers  version 1.8.5.1

t-base_client_api.dll  C://Windows/Syswow64


  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,944 posts
  • MVP

Can I see a new FRST scan log and Addition.txt?

 

Also in FRST put

 

t-base_client_api.dll;netaapl64.sys

 

in the Search Box and hit Search Files.  You will get one file please post.


  • 0

#34
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Of course you can :) I just had to reboot because of the fix scan.

 

FRST first, Addition in next post.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2020
Ran by tracy (administrator) on RIFFRAFFDELL (Dell Inc. Inspiron 5555) (11-04-2020 06:24:32)
Running from C:\Users\tracy\Downloads
Loaded Profiles: tracy (Available Profiles: tracy)
Platform: Windows 10 Home Version 1903 18362.720 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0320000.inf_amd64_9a52392e17f36376\atiesrxx.exe
(Antibody Software Limited -> Antibody Software) C:\Program Files\WizFile\WizFile64.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\9.0.1.1462\AdskLicensingService\AdskLicensingService.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\atiw.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19111.24110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20022.82.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.710_none_5f52d84058d0677f\TiWorker.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1402\DSAPI.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\Windscribe.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\wsappcontrol.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ProdLib] => "C:\ProgramData\Autodesk\ApplicationPlugins\ProdLib.bundle\ProdLib.SystemTray.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9226752 2017-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [223544 2019-02-01] (Autodesk, Inc. -> Autodesk)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\tracy\AppData\Local\Microsoft\Teams\Update.exe [1790704 2019-10-31] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-09-25] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10106544 2019-01-19] (Windscribe Limited -> Windscribe Limited)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A9819B-59FF-4ADD-941E-27120797AFD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-31] (Google Inc -> Google LLC)
Task: {0992B72E-174F-48CA-833F-F8CBDC38797E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2350176 2020-03-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {0A7CBBFB-CE22-4DCB-BFB9-01A394E11D95} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [150272 2020-03-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {20D7BAC1-F6BF-4BAB-868C-676E1AC3F740} - System32\Tasks\WizFile => C:\Program Files\WizFile\WizFile64.exe [10498360 2018-11-14] (Antibody Software Limited -> Antibody Software)
Task: {2B5E7A41-28F7-4225-B55C-2C96B220593B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2167920 2020-03-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {3111A92D-B48E-488E-B9AD-70F583B767BE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [150272 2020-03-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {417F14FE-5529-4559-97A7-B8332CE0A838} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49032 2017-10-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {57799EA9-DD95-41FD-BEE5-61AC0482C1BB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2167920 2020-03-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {6082365E-FAE7-4BB0-9AFB-F9D7FE381748} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-31] (Google Inc -> Google LLC)
Task: {68DCA834-5F60-4F7E-AD9C-5E84F4FA3063} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {6A43038A-9DB1-45B6-BA73-EFE7D244B727} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6292336 2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C2E678B-A184-4A46-A6B8-489C8DD121B7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27369752 2020-03-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D936876-97DC-4979-8C09-C8A6138424D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6292336 2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {75881C69-037E-4851-877C-8B80CA12AC12} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9A64E87F-213F-450D-8E1C-89196F1056F3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A9614F83-434C-460B-944F-BD78C10736C2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [566592 2008-07-30] (Apple Inc. -> Apple Inc.)
Task: {B15069F7-4C98-40D4-B48C-88AC7C223F94} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1553880 2020-03-12] (Dell Inc. -> Dell Inc.)
Task: {D379E68F-0028-4F21-941F-3A2DC603AA02} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {D6CABBB9-6629-4934-9B99-D3ABC2D6B537} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27369752 2020-03-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {FAA2DC38-94F1-4700-BC06-91B230022546} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{70286a1a-7108-46ed-aae9-2fd660d97285}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ab58ebd0-bed3-4a6b-bbf0-dcac49b068a4}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{c53578d0-f2f7-4140-9d8c-9c7649bb356a}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-792678858-599442959-1286739730-1001 -> {6070aaf0-4487-49b5-9583-c51f7316c6ff} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\tracy\Downloads

FireFox:
========
FF DefaultProfile: bjghe92c.default
FF ProfilePath: C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1 [2020-04-11]
FF Session Restore: Mozilla\Firefox\Profiles\ygzux85d.default-release-1 -> is enabled.
FF Extension: (Facebook Container) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\@contain-facebook.xpi [2020-03-06]
FF Extension: (YouTube Adblocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (AdBlocker Ultimate) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (Best Proxy Switcher) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (CatBlock) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (Enhancer for YouTube™) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-03-31]
FF Extension: (OneTab) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-14]
FF Extension: (FoxyProxy Standard) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-02-16]
FF Extension: (ProxTube) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-02-04]
FF Extension: (Video Blocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (download-helper) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (Mate Translate – translator, dictionary) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-03-20]
FF Extension: (Show my Password) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (Show/Hide passwords) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (Skip Redirect) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (TinEye Reverse Image Search) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (uBlock Origin) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-04-07]
FF Extension: (YouTube Video Downloader/YouTube HD Download) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-31]
FF Extension: (Social Video Downloader) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{00e68183-fc7d-4a91-b5cc-f7f8272386db}.xpi [2020-02-02]
FF Extension: (Lookup in Oxford Dictionary) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{0aa583da-e323-42f2-b4d2-0bc61b493171}.xpi [2020-01-12]
FF Extension: (Search by image on Aliexpress) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{125dc5f0-45f5-429d-93a6-e865d67efbee}.xpi [2020-01-12]
FF Extension: (Definition Dictionary) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{43027219-e275-4219-acbe-4a92fce4324a}.xpi [2020-03-10]
FF Extension: (You No Cards) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{450542d6-67d0-4975-aee1-ca1464e1ff6f}.xpi [2020-01-12]
FF Extension: (BlockTube) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{58204f8b-01c2-4bbc-98f8-9a90458fd9ef}.xpi [2020-04-07]
FF Extension: (Online PDF Editor (pdf2go.com)) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{5fe0e3b1-ef04-41af-aae8-4653d2dbd0eb}.xpi [2020-01-12]
FF Extension: (Popup Blocker Ultimate) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2020-03-09]
FF Extension: (ANIMATED CAT LICKING YOUR SCREEN) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{6a21e28f-b023-41bb-aad9-7db3a398599f}.xpi [2020-01-12]
FF Extension: (Don't touch my tabs! (rel=noopener)) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{6b938c0c-fc53-4f27-805f-619778631082}.xpi [2020-03-23]
FF Extension: (English Popup Dictionary) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{74e2e3a5-6d4f-4766-b870-51b301cedb9b}.xpi [2020-01-12]
FF Extension: (Cats on the Couch by MaDonna) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{77d6617c-ad08-4413-9373-e04e0c4b937d}.xpi [2020-01-18]
FF Extension: (Google Translator with Right Click) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{92047279-0910-4abb-beb7-a7f2cd6cf04b}.xpi [2020-01-12]
FF Extension: (Channels Blocker for Youtube) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{92d2b334-60b5-4f82-8239-9fc7b542174d}.xpi [2020-01-12]
FF Extension: (Definitions.net) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{97851884-5432-4131-9f46-841755bb0e73}.xpi [2020-03-08]
FF Extension: (see-password) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{9fc6ffbd-fbc4-43ac-9376-f6d789bea76d}.xpi [2020-01-12]
FF Extension: (Adblocker for YouTube™) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{ab2186b0-8c0b-4921-a2d4-95e6e05c0e3c}.xpi [2020-01-12]
FF Extension: (Flash and Video Download) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{adeadebb-fedc-4180-a7f4-cfdd87496551}.xpi [2020-02-14]
FF Extension: (Create a new script) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{aecec67f-0d10-4fa7-b7c7-609a2db280cf}.xpi [2020-02-13]
FF Extension: (Cats shapes) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{b26c3856-d617-4503-8c5e-83af3b37c68d}.xpi [2020-01-12]
FF Extension: (Tree of Cats by MaDonna) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{b37caf98-8582-410b-943c-efa21a20ee07}.xpi [2020-01-12]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-01-19]
FF Extension: (Simple Night Mode for Quantum) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{c1b085de-157e-4521-a06f-c39f5c698216}.xpi [2020-01-12]
FF Extension: (ANIMATED changing eyes of black cat) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{c46898bc-7204-4398-b5a8-3ba41ff93080}.xpi [2020-01-12]
FF Extension: (Night Reader for Firefox) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{d464c6fa-2976-4e0a-a2d8-8a9a372c5dd8}.xpi [2020-01-12]
FF Extension: (Translate Menu) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{dac8a935-4775-4918-9205-5c0600087dc4}.xpi [2020-03-20]
FF Extension: (ANIMATED KITTY CAT) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{eab93f67-9aab-4a1e-923c-4000abe0e509}.xpi [2020-01-12]
FF Extension: (animated cat walking on roofs by candelora) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{f19ce2b0-4a67-49d0-8c09-797d294b8834}.xpi [2020-01-12]
FF ProfilePath: C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\bjghe92c.default [2020-04-04]
FF NewTab: Mozilla\Firefox\Profiles\bjghe92c.default -> hxxp://www.bing.com/?pc=COS2&ptag=D112119-N0600ABBFDD158E6&form=CONMHP&conlogo=CT3334487
FF ProfilePath: C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release [2020-04-02]
FF NewTab: Mozilla\Firefox\Profiles\ys9wk741.default-release -> hxxp://www.bing.com/?pc=COS2&ptag=D112119-N0600ABBFDD158E6&form=CONMHP&conlogo=CT3334487
FF Session Restore: Mozilla\Firefox\Profiles\ys9wk741.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\ys9wk741.default-release -> hxxps://www.facebook.com
FF Extension: (Facebook Container) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\@contain-facebook.xpi [2019-10-30]
FF Extension: (YouTube Adblocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2020-01-11]
FF Extension: (AdBlocker Ultimate) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2020-01-11]
FF Extension: (Best Proxy Switcher) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-12-10]
FF Extension: (CatBlock) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (Enhancer for YouTube™) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-12-14]
FF Extension: (OneTab) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-12-23]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-11-22]
FF Extension: (ProxTube) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-12-20]
FF Extension: (Video Blocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (download-helper) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (Show my Password) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (JavaScript-Java Bridge) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (Show/Hide passwords) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (Skip Redirect) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-11-16]
FF Extension: (TinEye Reverse Image Search) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (uBlock Origin) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-11-25]
FF Extension: (YouTube Video Downloader/YouTube HD Download) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (Social Video Downloader) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{00e68183-fc7d-4a91-b5cc-f7f8272386db}.xpi [2019-12-29]
FF Extension: (Lookup in Oxford Dictionary) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{0aa583da-e323-42f2-b4d2-0bc61b493171}.xpi [2019-12-15]
FF Extension: (Search by image on Aliexpress) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{125dc5f0-45f5-429d-93a6-e865d67efbee}.xpi [2019-11-12]
FF Extension: (Easy Ad Blocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{407e413d-d53c-44d2-864c-e0163513f9fb}.xpi [2019-11-13]
FF Extension: (You No Cards) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{450542d6-67d0-4975-aee1-ca1464e1ff6f}.xpi [2020-01-11]
FF Extension: (BlockTube) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{58204f8b-01c2-4bbc-98f8-9a90458fd9ef}.xpi [2019-12-28]
FF Extension: (Online PDF Editor (pdf2go.com)) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{5fe0e3b1-ef04-41af-aae8-4653d2dbd0eb}.xpi [2019-12-19]
FF Extension: (Popup Blocker Ultimate) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2020-01-03]
FF Extension: (ANIMATED CAT LICKING YOUR SCREEN) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{6a21e28f-b023-41bb-aad9-7db3a398599f}.xpi [2019-10-30]
FF Extension: (Don't touch my tabs! (rel=noopener)) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{6b938c0c-fc53-4f27-805f-619778631082}.xpi [2019-12-23]
FF Extension: (English Popup Dictionary) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{74e2e3a5-6d4f-4766-b870-51b301cedb9b}.xpi [2019-10-30]
FF Extension: (Cats on the Couch by MaDonna) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{77d6617c-ad08-4413-9373-e04e0c4b937d}.xpi [2019-10-30]
FF Extension: (YouTube Converter Button) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{8f4bbf79-5514-4d04-a901-d5fabfe91d73}.xpi [2019-12-28]
FF Extension: (Google Translator with Right Click) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{92047279-0910-4abb-beb7-a7f2cd6cf04b}.xpi [2019-11-29]
FF Extension: (Channels Blocker for Youtube) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{92d2b334-60b5-4f82-8239-9fc7b542174d}.xpi [2019-12-28]
FF Extension: (see-password) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{9fc6ffbd-fbc4-43ac-9376-f6d789bea76d}.xpi [2019-10-30]
FF Extension: (Adblocker for YouTube™) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{ab2186b0-8c0b-4921-a2d4-95e6e05c0e3c}.xpi [2020-01-11]
FF Extension: (Flash and Video Download) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{adeadebb-fedc-4180-a7f4-cfdd87496551}.xpi [2020-01-06]
FF Extension: (Create a new script) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{aecec67f-0d10-4fa7-b7c7-609a2db280cf}.xpi [2019-12-24]
FF Extension: (Cats shapes) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{b26c3856-d617-4503-8c5e-83af3b37c68d}.xpi [2019-10-30]
FF Extension: (Tree of Cats by MaDonna) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{b37caf98-8582-410b-943c-efa21a20ee07}.xpi [2019-10-30]
FF Extension: (Simple Night Mode for Quantum) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{c1b085de-157e-4521-a06f-c39f5c698216}.xpi [2019-10-30]
FF Extension: (ANIMATED changing eyes of black cat) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{c46898bc-7204-4398-b5a8-3ba41ff93080}.xpi [2019-10-30]
FF Extension: (Night Reader for Firefox) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{d464c6fa-2976-4e0a-a2d8-8a9a372c5dd8}.xpi [2019-10-30]
FF Extension: (ANIMATED KITTY CAT) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{eab93f67-9aab-4a1e-923c-4000abe0e509}.xpi [2019-10-30]
FF Extension: (animated cat walking on roofs by candelora) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{f19ce2b0-4a67-49d0-8c09-797d294b8834}.xpi [2019-10-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-27] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-27] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2018-12-26] () [File not signed]
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2018-12-26] () [File not signed]

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default [2020-04-02]
CHR Notifications: Default -> hxxps://www.reddit.com
CHR HomePage: Default -> hxxp://www.google.com
CHR DefaultSearchURL: Default -> hxxps://www.startpage.com/do/dsearch?query={searchTerms}&cat=web&pl=ext-chrome&language=english&extVersion=1.1.0
CHR DefaultSearchKeyword: Default -> startpage.com
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-31]
CHR Extension: (Popup Blocker (strict)) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aefkmifgmaafnojlojpnekbpbmjiiogg [2019-12-23]
CHR Extension: (Speed Test) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeghledigokaedmpimgnfplidhdhlchg [2020-03-03]
CHR Extension: (Docs) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-31]
CHR Extension: (Google Drive) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-31]
CHR Extension: (Dark Night Mode) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhbekkddpbpbibiknkcjamlkhoghieie [2019-10-31]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2019-12-23]
CHR Extension: (YouTube) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-31]
CHR Extension: (Adblock for Youtube™) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2019-12-23]
CHR Extension: (Proxy SwitchySharp) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2020-03-25]
CHR Extension: (Adobe Acrobat) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-02]
CHR Extension: (Sheets) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-31]
CHR Extension: (Startpage - English) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmjlmbojbkmdpofahffgcpkhkngfpef [2020-01-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-02]
CHR Extension: (Etymonline) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\giehjnnlopapngdjbjjgddpaagoimmgl [2019-10-31]
CHR Extension: (uVPN - free and unlimited VPN for everyone) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpieacagdjdfbifodokiccinpbacemjf [2020-02-16]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2020-04-02]
CHR Extension: (Voice to Text) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcdafhjjjfnkoeilnjmnadadaoehgdc [2020-01-09]
CHR Extension: (Free VPN - the fastest VPN in the house) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkomfibbgccdjcahcpleidblgknecfhh [2020-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-31]
CHR Extension: (Speedtest by Ookla) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2020-02-08]
CHR Extension: (Gmail) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-02]
CHR Profile: C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-04]
CHR Extension: (Slides) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-02]
CHR Extension: (Docs) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-02]
CHR Extension: (Google Drive) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-02]
CHR Extension: (YouTube) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-02]
CHR Extension: (Adobe Acrobat) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-02]
CHR Extension: (Sheets) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-02]
CHR Extension: (Google Docs Offline) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-02]
CHR Extension: (Gmail) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-02]
CHR Profile: C:\Users\tracy\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1046904 2020-03-04] (Autodesk, Inc. -> Autodesk Inc.)
S4 AdaptiveSleepService; C:\Program Files\AMD\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2017-10-26] (Advanced Micro Devices, Inc. -> )
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16939312 2019-01-09] (Autodesk, Inc. -> Autodesk)
R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0320000.inf_amd64_9a52392e17f36376\atiesrxx.exe [489888 2017-11-07] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11600672 2020-03-03] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [244280 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3339824 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [271416 2020-01-14] (Dell Technologies Inc. -> Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7106.1402\DSAPI.exe [965104 2020-04-04] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [36032 2020-02-12] (Dell Inc -> )
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38360 2020-03-12] (Dell Inc. -> Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [615384 2017-02-07] (Waves Inc -> Waves Audio Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [27016 2017-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0320000.inf_amd64_9a52392e17f36376\atikmdag.sys [40051104 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0320000.inf_amd64_9a52392e17f36376\atikmpag.sys [553888 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [102832 2019-09-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [137104 2017-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325808 2016-07-28] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [118960 2017-10-13] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2019-12-12] (Bluestack Systems, Inc -> Bluestack System Inc. )
R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [601616 2016-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
R3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [35704 2019-12-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [22864 2016-10-27] (WDKTestCert Andy_Chen6,131219483243550933 -> OSR Open Systems Resources, Inc.)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [23040 2020-01-10] (Apple Inc.) [File not signed]
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspWhySoSlow; C:\Windows\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [662528 2019-03-19] (Microsoft Windows -> Realtek )
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [8206848 2019-03-19] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [412400 2015-09-11] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [45664 2019-12-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [355760 2019-12-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-08] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-11 04:43 - 2020-04-11 04:44 - 005281873 _____ C:\Users\tracy\Downloads\saliva_drug_test_drugwipe_en_180413.pdf
2020-04-11 04:41 - 2020-04-11 04:41 - 000407508 _____ C:\Users\tracy\Downloads\flyer_drugwipe_5min_70534_v01_en_email.pdf
2020-04-11 04:29 - 2020-04-11 04:29 - 000082920 _____ C:\Users\tracy\Downloads\email-account-10117733.pdf
2020-04-11 04:27 - 2020-04-11 04:27 - 000407721 _____ C:\Users\tracy\Downloads\121213.pdf
2020-04-11 04:02 - 2020-04-11 04:02 - 000896279 _____ C:\Users\tracy\Downloads\09-095sr.pdf
2020-04-11 03:25 - 2020-04-11 03:26 - 000011275 _____ C:\Users\tracy\Downloads\Fixlog.txt
2020-04-11 03:21 - 2020-04-11 03:21 - 000116468 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2020-04-11 03:21 - 2020-04-11 03:21 - 000116468 _____ C:\ProgramData\Documents\SIGVERIF.TXT
2020-04-11 00:57 - 2020-04-11 03:03 - 000000000 ____D C:\Program Files (x86)\Windscribe
2020-04-11 00:57 - 2020-04-11 00:57 - 000000000 ____D C:\Users\tracy\AppData\Local\Windscribe
2020-04-11 00:57 - 2020-04-11 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2020-04-11 00:57 - 2018-07-06 17:22 - 000054896 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys
2020-04-11 00:50 - 2020-04-11 00:50 - 016899544 _____ (Windscribe Limited ) C:\Users\tracy\Downloads\Windscribe.exe
2020-04-11 00:00 - 2020-04-11 00:02 - 138677304 _____ C:\Users\tracy\Downloads\indi-licking-lukass-face_446wno4S_2JbM.mp4
2020-04-10 23:17 - 2020-04-10 23:17 - 005192280 _____ (Husdawg, LLC) C:\Users\tracy\Downloads\Detection.exe
2020-04-10 19:48 - 2020-04-10 19:48 - 000136508 _____ C:\Users\tracy\Downloads\Reason-season-lifetime.pdf
2020-04-10 18:05 - 2020-04-10 18:50 - 000000000 ____D C:\Users\tracy\Desktop\Indi
2020-04-09 00:54 - 2020-04-09 01:37 - 000000000 ____D C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\British Broadcasting Corporation
2020-04-09 00:54 - 2020-04-09 01:37 - 000000000 ____D C:\Users\tracy\AppData\Roaming\BBCiPlayerDownloads
2020-04-09 00:54 - 2020-04-09 01:37 - 000000000 ____D C:\Users\tracy\AppData\Local\bbciplayerdownloads
2020-04-08 23:56 - 2020-04-09 00:54 - 071879440 _____ (British Broadcasting Corporation) C:\Users\tracy\Downloads\BBCiPlayerDownloadsSetup-2.11.2.exe
2020-04-07 18:56 - 2020-04-07 19:18 - 150773760 _____ C:\Users\tracy\Downloads\TLCDESIGNS_SITE PLAN_LAYELLErvt.rvt
2020-04-07 18:56 - 2020-04-07 19:02 - 150573056 _____ C:\Users\tracy\Downloads\TLCDESIGNS_SITE PLAN_LAYELLErvt.0001.rvt
2020-04-07 04:46 - 2020-04-07 04:46 - 000000000 ____D C:\Users\tracy\AppData\Local\RaaSForRevitAddin
2020-04-07 04:45 - 2020-04-07 04:45 - 000000000 ____D C:\Users\tracy\AppData\Local\AdSSO
2020-04-07 03:12 - 2020-04-09 20:11 - 000000000 ____D C:\ProgramData\RevitInterProcess
2020-04-06 22:57 - 2020-04-06 23:01 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2020-04-06 22:54 - 2020-04-06 22:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Licensing
2020-04-06 22:52 - 2020-04-06 22:52 - 000632448 _____ C:\Users\tracy\Downloads\Border-2019.PDF
2020-04-06 21:16 - 2020-04-06 21:17 - 085295864 _____ C:\Users\tracy\Downloads\Revit_2020_G1_Win_64bit_wi_en-US_Setup.exe
2020-04-06 21:15 - 2020-04-06 21:15 - 001143032 _____ (Autodesk Inc.) C:\Users\tracy\Downloads\Revit_2020_G1_Win_64bit_wi_en-US_Setup_webinstall.exe
2020-04-06 18:50 - 2020-04-06 18:50 - 000000000 ____D C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2020-04-06 18:50 - 2020-04-06 18:50 - 000000000 ____D C:\Program Files (x86)\NirSoft
2020-04-06 18:49 - 2020-04-06 18:52 - 000048947 _____ C:\Users\tracy\Downloads\Addition.txt
2020-04-06 18:46 - 2020-04-11 06:26 - 000049055 _____ C:\Users\tracy\Downloads\FRST.txt
2020-04-06 18:45 - 2020-04-11 06:26 - 000000000 ____D C:\FRST
2020-04-06 18:44 - 2020-04-06 18:45 - 002281472 _____ (Farbar) C:\Users\tracy\Downloads\FRST64.exe
2020-04-06 18:44 - 2020-04-06 18:44 - 000141864 _____ C:\Users\tracy\Downloads\bluescreenview_setup.exe
2020-04-06 18:06 - 2020-04-11 03:12 - 000000000 ____D C:\Program Files (x86)\3uTools
2020-04-06 18:06 - 2020-04-06 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3uTools
2020-04-06 18:04 - 2020-04-06 18:05 - 105709528 _____ C:\Users\tracy\Downloads\3uTools_v2.38.010_Setup_.exe
2020-04-06 17:36 - 2020-04-06 17:36 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2020-04-06 17:36 - 2020-04-06 17:36 - 000000000 ____D C:\Windows\system32\Tasks\Apple
2020-04-06 17:36 - 2020-04-06 17:36 - 000000000 ____D C:\Users\tracy\AppData\Local\Apple
2020-04-06 17:36 - 2020-04-06 17:36 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2020-04-06 17:35 - 2020-04-06 17:35 - 002151720 _____ (Apple Inc.) C:\Users\tracy\Downloads\BonjourSetup.exe
2020-04-06 05:32 - 2020-04-11 05:36 - 000002634 _____ C:\Windows\system32\Tasks\WizFile
2020-04-06 01:35 - 2020-04-06 01:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WizFile
2020-04-06 01:35 - 2020-04-06 01:35 - 000000000 ____D C:\Program Files\WizFile
2020-04-06 01:30 - 2020-04-06 01:30 - 004319272 _____ (Antibody Software ) C:\Users\tracy\Downloads\wizfile_2_06_setup.exe
2020-04-05 00:18 - 2020-04-05 00:18 - 000061440 _____ ( ) C:\Users\tracy\Downloads\VEW.exe
2020-04-04 23:55 - 2020-04-04 23:56 - 045161395 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_01-55-13PM.zip
2020-04-04 23:45 - 2020-04-04 23:46 - 000000000 ____D C:\Windows\system32\RTCOM
2020-04-04 23:45 - 2020-04-04 23:45 - 000000000 ____D C:\Program Files\Waves
2020-04-04 23:44 - 2017-05-04 05:23 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2020-04-04 23:44 - 2017-05-04 05:23 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2020-04-04 23:44 - 2017-05-04 05:23 - 000209536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2020-04-04 23:44 - 2017-05-04 05:23 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 003506632 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 003502536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 001353272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000691672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000214824 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000164424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkXInterface64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2020-04-04 23:44 - 2017-05-04 05:16 - 072520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCORES64.dat
2020-04-04 23:44 - 2017-05-04 05:16 - 005753856 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2020-04-04 23:44 - 2017-05-04 05:16 - 003677184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2020-04-04 23:44 - 2017-05-04 05:16 - 003205120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2020-04-04 23:44 - 2017-05-04 05:16 - 000023696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2020-04-04 23:44 - 2017-05-04 05:15 - 002209792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2020-04-04 23:44 - 2017-05-04 01:33 - 012671647 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2020-04-04 23:44 - 2017-05-04 01:33 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2020-04-04 23:43 - 2020-04-04 23:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-04-04 23:43 - 2017-05-04 05:19 - 013122576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 012988344 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 012016264 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 002291304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 001422920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 000999856 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 000677664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 000447712 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 000151776 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 000134192 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 000084608 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2020-04-04 23:43 - 2017-05-04 05:18 - 001213656 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2020-04-04 23:43 - 2017-05-04 05:18 - 001166152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2020-04-04 23:43 - 2017-05-04 05:18 - 000678176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2020-04-04 23:43 - 2017-05-04 05:18 - 000330560 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 001780616 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 001591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 001508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000727424 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000708304 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000504304 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000445392 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000441256 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000253856 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2020-04-04 23:43 - 2017-05-04 05:16 - 001965808 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2020-04-04 23:43 - 2017-05-04 05:16 - 000327448 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2020-04-04 23:43 - 2017-05-04 05:16 - 000272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2020-04-04 23:43 - 2017-05-04 05:15 - 007172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2020-04-04 23:43 - 2017-05-04 05:15 - 003786704 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe
2020-04-04 23:43 - 2017-05-04 05:15 - 002050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2020-04-04 23:43 - 2017-05-04 05:15 - 000203552 _____ (Waves Audio) C:\Windows\system32\MaxxAudioVienna264.dll
2020-04-04 23:43 - 2017-05-04 05:14 - 007096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2020-04-04 23:43 - 2017-05-04 05:14 - 000122312 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2020-04-04 23:43 - 2016-09-22 13:55 - 002839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2020-04-04 23:39 - 2020-04-04 23:46 - 000000000 ___HD C:\Program Files (x86)\Temp
2020-04-04 23:39 - 2020-04-04 23:39 - 000001536 _____ C:\Windows\SysWOW64\RtkMsgs.dll
2020-04-04 23:37 - 2020-04-04 23:37 - 000003160 _____ C:\Windows\system32\Tasks\StartCN
2020-04-04 23:37 - 2020-04-04 23:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2020-04-04 23:37 - 2020-04-04 23:37 - 000000000 ____D C:\Program Files (x86)\AMD
2020-04-04 23:35 - 2020-04-04 23:35 - 000000000 ____D C:\Users\tracy\AppData\Roaming\ATI
2020-04-04 23:35 - 2020-04-04 23:35 - 000000000 ____D C:\Users\tracy\AppData\Local\ATI
2020-04-04 23:35 - 2020-04-04 23:35 - 000000000 ____D C:\ProgramData\ATI
2020-04-04 23:35 - 2020-04-04 23:35 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2020-04-04 23:34 - 2020-04-04 23:34 - 000000000 ____D C:\Users\tracy\AppData\Local\RadeonInstaller
2020-04-04 22:56 - 2020-04-04 23:12 - 559913072 _____ (Dell Inc.) C:\Users\tracy\Downloads\AMD-Radeon-R2-R3-R4-R5-R6-and-AMD-Radeon-R5-M335_0WMC2_WIN_17.100.2901_A06.EXE
2020-04-04 22:54 - 2020-04-04 22:58 - 283765456 _____ (Dell Inc.) C:\Users\tracy\Downloads\Realtek-High-Definition-Audio-Driver_51T6N_WIN_6.0.1.8142_A07_01.EXE
2020-04-04 22:53 - 2020-04-04 23:45 - 000000000 ____D C:\ProgramData\PCDr
2020-04-04 22:52 - 2020-04-04 23:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2020-04-04 22:52 - 2020-04-04 22:52 - 000000000 ____D C:\Dell
2020-04-04 22:52 - 2020-04-04 22:52 - 000000000 _____ C:\Windows\invcol.tmp
2020-04-04 22:50 - 2020-04-04 23:34 - 000000000 ____D C:\ProgramData\Dell
2020-04-04 22:50 - 2020-04-04 22:52 - 000000000 ____D C:\Program Files\Dell
2020-04-04 22:50 - 2020-04-04 22:50 - 000003918 _____ C:\Windows\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2020-04-04 22:50 - 2020-04-04 22:50 - 000000000 ____D C:\Users\tracy\AppData\Local\Dell Inc
2020-04-04 22:50 - 2020-04-04 22:50 - 000000000 ____D C:\ProgramData\Dell Inc
2020-04-04 22:50 - 2020-04-04 22:50 - 000000000 ____D C:\Program Files (x86)\Dell
2020-04-04 22:49 - 2020-04-04 22:50 - 000000000 ____D C:\ProgramData\SupportAssist
2020-04-04 22:49 - 2020-04-04 22:49 - 000521552 _____ (Dell Inc.) C:\Users\tracy\Downloads\SupportAssistLauncher.exe
2020-04-04 15:06 - 2020-04-04 15:06 - 007124070 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_05-05-56AM.zip
2020-04-04 15:06 - 2020-04-04 15:06 - 005251312 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_05-06-15AM.zip
2020-04-04 15:05 - 2020-04-04 15:05 - 005130633 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_05-05-13AM.zip
2020-04-04 15:05 - 2020-04-04 15:05 - 004744799 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_05-05-37AM.zip
2020-04-04 15:04 - 2020-04-04 15:05 - 005130633 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_05-04-49AM.zip
2020-04-04 15:02 - 2020-04-04 15:02 - 021513749 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_05-01-52AM.zip
2020-04-04 14:53 - 2020-04-04 14:53 - 004744799 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_04-52-52AM.zip
2020-04-04 02:34 - 2020-04-04 02:37 - 000080544 _____ C:\Users\tracy\Downloads\MTB.txt
2020-04-04 02:32 - 2020-04-04 02:32 - 000892416 _____ (Farbar) C:\Users\tracy\Downloads\MiniToolBox.exe
2020-04-04 02:24 - 2020-04-04 02:24 - 000000846 _____ C:\Users\tracy\Desktop\In Depth Latency Tests.lnk
2020-04-04 01:56 - 2020-04-04 02:24 - 000000000 ____D C:\Program Files\LatencyMon
2020-04-04 01:56 - 2020-04-04 01:56 - 002323432 _____ (Resplendence Software Projects Sp. ) C:\Users\tracy\Downloads\LatencyMon.exe
2020-04-04 01:56 - 2015-07-13 10:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers\rspLLL64.sys
2020-04-04 01:43 - 2020-04-04 01:53 - 000139965 _____ C:\Users\tracy\Desktop\RIFFRAFFDELL.txt
2020-04-04 01:41 - 2020-04-04 01:41 - 000015068 _____ C:\junk.txt
2020-04-04 01:37 - 2020-04-04 01:37 - 000022242 _____ C:\Users\tracy\Desktop\Registry.txt
2020-04-04 01:32 - 2020-04-04 01:32 - 000036192 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2020-04-04 00:28 - 2020-04-04 00:28 - 000339968 _____ C:\Users\tracy\Downloads\john-cullen-lighting_lucca-led-uplight-downlight-and-steplight_bim_0_lucca.rfa
2020-04-03 01:59 - 2020-04-03 01:59 - 000000000 ____D C:\Windows\ShellComponents
2020-04-02 16:37 - 2020-04-02 16:37 - 006889184 _____ (Piriform Ltd) C:\Users\tracy\Downloads\spsetup132.exe
2020-04-02 16:37 - 2020-04-02 16:37 - 000000840 _____ C:\Users\Public\Desktop\Speccy.lnk
2020-04-02 16:37 - 2020-04-02 16:37 - 000000840 _____ C:\ProgramData\Desktop\Speccy.lnk
2020-04-02 16:37 - 2020-04-02 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2020-04-02 16:37 - 2020-04-02 16:37 - 000000000 ____D C:\Program Files\Speccy
2020-04-02 15:46 - 2020-04-02 15:46 - 000491388 _____ C:\Users\tracy\Downloads\bookmarks.html
2020-04-01 22:32 - 2020-04-01 22:32 - 000303104 _____ C:\Users\tracy\Downloads\Helical_BUlb_7503.rfa
2020-04-01 22:32 - 2020-04-01 22:32 - 000278528 _____ C:\Users\tracy\Downloads\Bulb_Fiction_Pendant_15732.rfa
2020-04-01 16:16 - 2020-04-01 16:16 - 000327680 _____ C:\Users\tracy\Downloads\Zombie_Thug_20372.rfa
2020-04-01 16:12 - 2020-04-01 16:12 - 000327680 _____ C:\Users\tracy\Downloads\Zombie_Thug_20373.rfa
2020-03-31 21:47 - 2020-03-31 21:47 - 000137978 _____ C:\Users\tracy\Downloads\Animal-Surrender-Form.pdf
2020-03-31 21:47 - 2020-03-31 21:47 - 000105661 _____ C:\Users\tracy\Downloads\Street-Furniture-Application.pdf
2020-03-31 21:46 - 2020-03-31 21:46 - 000250537 _____ C:\Users\tracy\Downloads\Livestock-Grazing-Application-Form.pdf
2020-03-31 21:46 - 2020-03-31 21:46 - 000209183 _____ C:\Users\tracy\Downloads\Livestock-Grazing-in-Drought-Conditions-Application-Form.pdf
2020-03-31 21:46 - 2020-03-31 21:46 - 000052271 _____ C:\Users\tracy\Downloads\Excessive_Animals_Application_other_than_cats__dogs.pdf
2020-03-30 22:31 - 2020-03-30 22:35 - 1054938573 _____ C:\Users\tracy\Downloads\Dogs In Space - 1986 with Michael Hutchence [720p].mp4
2020-03-30 02:52 - 2020-03-30 02:52 - 000012281 _____ C:\Users\tracy\Downloads\Forrest-Facebook.mp4
2020-03-30 02:51 - 2020-03-30 02:51 - 000731266 _____ C:\Users\tracy\Downloads\Tracy-Wilson.mp4
2020-03-30 02:43 - 2020-03-30 02:43 - 006631103 _____ C:\Users\tracy\Downloads\Forrest Facebook.html
2020-03-30 02:43 - 2020-03-30 02:43 - 000000000 ____D C:\Users\tracy\Downloads\Forrest Facebook_files
2020-03-29 23:09 - 2020-03-29 23:09 - 000171698 _____ C:\Users\tracy\Downloads\invoice_52237175.pdf
2020-03-29 23:09 - 2020-03-29 23:09 - 000171685 _____ C:\Users\tracy\Downloads\invoice_51603010(1).pdf
2020-03-29 23:09 - 2020-03-29 23:09 - 000156126 _____ C:\Users\tracy\Downloads\invoice_52264923.pdf
2020-03-29 23:09 - 2020-03-29 23:09 - 000156126 _____ C:\Users\tracy\Downloads\invoice_52264923(1).pdf
2020-03-28 14:25 - 2020-03-28 14:25 - 000424891 _____ C:\Users\tracy\Downloads\LO-4F6767354P20A_FT.pdf
2020-03-28 03:11 - 2020-03-28 03:11 - 002070180 _____ C:\Users\tracy\Downloads\inspiron-15-5555-laptop_reference guide_en-us.pdf
2020-03-27 18:43 - 2020-03-27 18:43 - 000731266 _____ C:\Users\tracy\Downloads\(1)-Tracy-Wilson--Tracy-Wilson-shared-a-memory--with-Lukas-Michael....mp4
2020-03-27 15:38 - 2020-03-27 15:38 - 014562400 _____ (ESET spol. s r.o.) C:\Users\tracy\Downloads\esetonlinescanner_enu.exe
2020-03-27 15:38 - 2020-03-27 15:38 - 002660528 _____ (Trend Micro Inc.) C:\Users\tracy\Downloads\HousecallLauncher64.exe
2020-03-27 15:38 - 2020-03-27 15:38 - 000000772 _____ C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-03-27 02:00 - 2020-03-27 02:00 - 000221184 _____ C:\Users\tracy\Downloads\Fully_Parametric_Mirror_wboarder_12026.rfa
2020-03-26 19:18 - 2020-03-26 19:18 - 000007606 _____ C:\Users\tracy\AppData\Local\Resmon.ResmonCfg
2020-03-26 12:15 - 2020-03-26 12:15 - 000234304 _____ C:\Users\tracy\Downloads\CrucialScan.exe
2020-03-26 12:04 - 2020-03-26 12:04 - 000172032 _____ C:\Users\tracy\Downloads\Skylight_7801400_10187.rfa
2020-03-26 11:28 - 2020-03-26 11:28 - 000159744 _____ C:\Users\tracy\Downloads\skylight_3835.rfa
2020-03-26 11:26 - 2020-03-26 11:26 - 000132096 _____ C:\Users\tracy\Downloads\Generic_Skylight_Component_1900.rfa
2020-03-26 00:25 - 2020-03-26 00:25 - 000504110 _____ C:\Users\tracy\Downloads\NBS_VisionAGILtd_FrmdRflghts_TheOpeningRoofWindow_Electric_Revit(1).zip
2020-03-26 00:16 - 2020-03-26 00:16 - 000504110 _____ C:\Users\tracy\Downloads\NBS_VisionAGILtd_FrmdRflghts_TheOpeningRoofWindow_Electric_Revit.zip
2020-03-26 00:11 - 2020-03-26 00:11 - 003655574 _____ C:\Users\tracy\Downloads\NBS_VeluxCompanyLtd_FrmdRflghts_Longlight5-25_Revit.zip
2020-03-26 00:09 - 2020-03-26 00:09 - 000663903 _____ C:\Users\tracy\Downloads\_NBS_VisionAGILtd_FrmdRflghts_TheMultiPanelRooflightWithOpeningSections_Revit.zip
2020-03-25 23:41 - 2020-03-25 23:41 - 001450413 _____ C:\Users\tracy\Downloads\NBS_GlazingVisionLtd_FrmdRflghts_SkyhatchElectricRooflight_Revit.zip
2020-03-25 23:41 - 2020-03-25 23:41 - 000684375 _____ C:\Users\tracy\Downloads\_NBS_VisionAGILtd_FrmdRflghts_TheFramelessMultiPanelRooflight_Fixed_Revit.zip
2020-03-25 21:30 - 2020-03-25 21:30 - 001526258 _____ C:\Users\tracy\Downloads\NBS_GlazingVisionLtd_FrmdRflghts_VisionVentPoweredOperationRooflight_Revit.zip
2020-03-25 19:13 - 2020-03-25 19:13 - 001688002 _____ C:\Users\tracy\Downloads\NBS_VeluxCompanyLtd_WoodFrmRfWndwUnits_GDL_Cabrio_Revit.zip
2020-03-24 22:43 - 2020-03-24 22:43 - 000171557 _____ C:\Users\tracy\Downloads\invoice_51574902.pdf
2020-03-24 22:35 - 2020-03-24 22:35 - 000171685 _____ C:\Users\tracy\Downloads\invoice_51603010.pdf
2020-03-24 19:11 - 2020-03-24 19:11 - 000801330 _____ C:\Users\tracy\Downloads\SEW__11198743_20200324.pdf
2020-03-24 01:49 - 2020-03-24 01:49 - 000027855 _____ C:\Users\tracy\Downloads\HWEND4N0.pat
2020-03-24 01:49 - 2020-03-24 01:49 - 000024035 _____ C:\Users\tracy\Downloads\HWEND2N0.pat
2020-03-24 01:49 - 2020-03-24 01:49 - 000018536 _____ C:\Users\tracy\Downloads\HWOOD8E1.pat
2020-03-24 01:48 - 2020-03-24 01:48 - 000077464 _____ C:\Users\tracy\Downloads\HWOOD6E1.pat
2020-03-23 03:41 - 2020-03-23 03:41 - 001052672 _____ C:\Users\tracy\Downloads\Door_Barn_Cube.rfa
2020-03-22 16:59 - 2020-03-22 16:59 - 002786263 _____ C:\Users\tracy\Downloads\ScarletFever.pdf
2020-03-21 21:34 - 2020-03-21 21:34 - 003538944 _____ C:\Users\tracy\Downloads\hewi_push_pull_handle_set_162xadg06.rfa
2020-03-21 21:06 - 2020-03-21 21:06 - 000401408 _____ C:\Users\tracy\Downloads\Doors-Hardware- BRICARD-BRC010119.rfa
2020-03-21 20:45 - 2020-03-21 20:45 - 002183168 _____ C:\Users\tracy\Downloads\Doors_Sliding_Avanti_Systems_Eclipse-Sliding-Single-Glass-Barn-Doors-Dbl-Glazed.rfa
2020-03-21 20:43 - 2020-03-21 20:43 - 000004990 _____ C:\Users\tracy\Downloads\Doors_Sliding_Avanti_Systems_Eclipse-Sliding-Pair-Glass-Barn-Doors-Sgl-Glazed.txt
2020-03-21 20:43 - 2020-03-21 20:43 - 000004986 _____ C:\Users\tracy\Downloads\Doors_Sliding_Avanti_Systems_Eclipse-Sliding-Pair-Glass-Barn-Doors-Dbl-Glazed.txt
2020-03-20 18:50 - 2020-03-20 18:50 - 001126151 _____ C:\Users\tracy\Downloads\Act-1937-031(2).pdf
2020-03-20 18:50 - 2020-03-20 18:50 - 000571051 _____ C:\Users\tracy\Downloads\11AC041.pdf
2020-03-20 18:46 - 2020-03-20 18:46 - 000648126 _____ C:\Users\tracy\Downloads\act-1937-031(1).pdf
2020-03-20 18:44 - 2020-03-20 18:44 - 000648126 _____ C:\Users\tracy\Downloads\act-1937-031.pdf
2020-03-20 18:05 - 2020-03-20 18:05 - 002908426 _____ C:\Users\tracy\Downloads\act-2005-048.pdf
2020-03-19 21:32 - 2020-03-19 21:35 - 067641044 _____ (BIM&CO ) C:\Users\tracy\Downloads\BACUniversalInstaller.exe
2020-03-19 18:21 - 2020-03-19 18:21 - 000381966 _____ C:\Users\tracy\Downloads\dd_080909.pdf
2020-03-19 18:21 - 2020-03-19 18:21 - 000381966 _____ C:\Users\tracy\Downloads\dd_080909(1).pdf
2020-03-19 00:42 - 2020-03-19 00:42 - 000000000 ____D C:\Users\tracy\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2020-03-19 00:26 - 2020-03-19 00:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProdLib
2020-03-19 00:08 - 2020-03-19 00:08 - 000000000 ____D C:\Program Files\Bimandco
2020-03-19 00:07 - 2020-03-19 00:08 - 066524335 _____ (BIM&CO ) C:\Users\tracy\Downloads\BACUniversalInstaller3-1_30.exe
2020-03-19 00:06 - 2020-03-19 00:07 - 098124696 _____ (ProdLib Oy ) C:\Users\tracy\Downloads\ProdLibSetup.exe
2020-03-18 23:06 - 2020-03-18 23:06 - 006270329 _____ C:\Users\tracy\Downloads\Renders.zip
2020-03-17 23:49 - 2020-03-17 23:49 - 000696320 _____ C:\Users\tracy\Downloads\BRUCK_VA_CALO_SPOTII_10484.rfa
2020-03-17 23:11 - 2020-03-17 23:12 - 000299008 _____ C:\Users\tracy\Downloads\3D_Tree_-_Acacia_8161.rfa
2020-03-17 16:47 - 2020-04-03 17:09 - 000512000 _____ C:\Users\tracy\Downloads\Cube_Pendant_10985.rfa
2020-03-17 16:47 - 2020-04-01 15:44 - 000503808 _____ C:\Users\tracy\Downloads\Cube_Pendant_10985.0004.rfa
2020-03-17 16:47 - 2020-04-01 03:00 - 000495616 _____ C:\Users\tracy\Downloads\Cube_Pendant_10985.0003.rfa
2020-03-17 16:47 - 2020-03-31 22:38 - 000491520 _____ C:\Users\tracy\Downloads\Cube_Pendant_10985.0002.rfa
2020-03-17 16:13 - 2020-03-17 16:13 - 001519616 _____ C:\Users\tracy\Downloads\Lighting-Pendant_Mount-Tech_Lighting-K-HELLO.rfa
2020-03-17 16:12 - 2020-03-17 16:12 - 000000000 ____D C:\Windows\SysWOW64\Skins
2020-03-17 16:12 - 2020-03-17 16:12 - 000000000 ____D C:\Windows\SysWOW64\Sfxs
2020-03-17 16:12 - 2020-03-17 16:12 - 000000000 ____D C:\Windows\SysWOW64\lang
2020-03-17 16:12 - 2020-03-17 16:12 - 000000000 ____D C:\Windows\SysWOW64\Icons
2020-03-17 16:12 - 2020-03-17 16:12 - 000000000 ____D C:\Windows\SysWOW64\HELP
2020-03-17 16:12 - 2020-03-17 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2020-03-17 16:12 - 2020-03-17 16:12 - 000000000 ____D C:\ProgramData\Ashampoo
2020-03-17 16:12 - 2020-03-17 16:12 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2020-03-17 16:01 - 2020-03-17 16:01 - 027248072 _____ (Ashampoo GmbH & Co. KG ) C:\Users\tracy\Downloads\ashampoo_zip_free_18811.exe
2020-03-17 15:57 - 2020-03-17 15:57 - 000000000 ____D C:\Users\tracy\Desktop\Scene 1x4 Recessed - [SCE_SCEM]
2020-03-17 15:56 - 2020-03-17 15:56 - 000287635 _____ C:\Users\tracy\Downloads\Scene 1x4 Recessed - [SCE_SCEM].zip
2020-03-17 15:52 - 2020-03-17 15:52 - 000000000 ____D C:\Users\tracy\Desktop\Lumaris LED Linear Lighting(1)
2020-03-17 01:31 - 2020-03-17 01:31 - 000574347 _____ C:\Users\tracy\Downloads\Lumaris LED Linear Lighting(1).zip
2020-03-17 01:30 - 2020-03-17 01:30 - 000574347 _____ C:\Users\tracy\Downloads\Lumaris LED Linear Lighting.zip
2020-03-17 01:26 - 2020-03-17 01:26 - 000515437 _____ C:\Users\tracy\Downloads\G2 Linear Cove Light.zip
2020-03-17 01:20 - 2020-03-17 01:20 - 000487424 _____ C:\Users\tracy\Downloads\Decorative_Pendant_Light_15411.rfa
2020-03-17 00:43 - 2020-03-17 00:43 - 000618496 _____ C:\Users\tracy\Downloads\Chandelier_-_Rectangular_-_Murray_Feiss_18408.rfa
2020-03-17 00:42 - 2020-03-17 00:43 - 000458752 _____ C:\Users\tracy\Downloads\Chandelier_17198.rfa
2020-03-16 21:10 - 2020-03-16 21:12 - 486050279 _____ C:\Users\tracy\Downloads\3D-Revit-files.zip
2020-03-16 20:44 - 2020-03-16 20:44 - 000315392 _____ C:\Users\tracy\Downloads\Double_Hung_Window_with_Optional_Trim_5367.rfa
2020-03-16 17:10 - 2020-04-07 05:02 - 000372736 _____ C:\Users\tracy\Downloads\fixed_trapezoidal_window_11265.rfa
2020-03-16 17:10 - 2020-03-23 05:40 - 000368640 _____ C:\Users\tracy\Downloads\fixed_trapezoidal_window_11265.0003.rfa
2020-03-16 17:10 - 2020-03-16 21:14 - 000323584 _____ C:\Users\tracy\Downloads\fixed_trapezoidal_window_11265.0002.rfa
2020-03-16 17:10 - 2020-03-16 17:10 - 000266240 _____ C:\Users\tracy\Downloads\fixed_trapezoidal_window_11265.0001.rfa
2020-03-16 17:10 - 2020-03-16 17:10 - 000117248 _____ C:\Users\tracy\Downloads\Fixed_Round_Top_921.rfa
2020-03-16 17:09 - 2020-03-16 17:09 - 000108544 _____ C:\Users\tracy\Downloads\Double_Quarter_Round_Top_918.rfa
2020-03-16 17:05 - 2020-03-16 17:05 - 000278528 _____ C:\Users\tracy\Downloads\Strip_Roof_Lighting_6174.rfa
2020-03-16 17:04 - 2020-03-26 12:03 - 000212992 _____ C:\Users\tracy\Downloads\Simple_adjustable_skylight_8300.rfa
2020-03-16 17:04 - 2020-03-16 17:04 - 000200704 _____ C:\Users\tracy\Downloads\SkyLite_2861.rfa
2020-03-16 17:03 - 2020-03-16 17:03 - 000184320 _____ C:\Users\tracy\Downloads\Roof_window_VELUX_C04_3663.rfa
2020-03-16 17:02 - 2020-03-26 11:22 - 000090112 _____ C:\Users\tracy\Downloads\Operable_Skylight_911.rfa
2020-03-16 17:02 - 2020-03-16 17:02 - 000000000 _____ C:\Users\tracy\Downloads\Multiple_Pyramid_Skylights_in_a_Common_Frame_1x_any_amount_of_units_14444.rfa
2020-03-16 17:01 - 2020-03-16 17:01 - 000737280 _____ C:\Users\tracy\Downloads\Adjustable_Skylights_in_a_Common_Frame-_4x4_Unit-_Updated_15221.rfa
2020-03-16 16:59 - 2020-03-16 16:59 - 007246656 _____ C:\Users\tracy\Downloads\woven_image_mura_dune_9997_revit_modlar.zip
2020-03-16 16:58 - 2020-03-16 16:58 - 002462756 _____ C:\Users\tracy\Downloads\woven_image_echopanel_10020_revit_modlar.zip
2020-03-16 16:57 - 2020-03-16 16:57 - 003293583 _____ C:\Users\tracy\Downloads\woven_image_echopanel_10319_revit_modlar.zip
2020-03-16 00:46 - 2020-03-16 00:46 - 025444352 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2020-03-16 00:46 - 2020-03-16 00:46 - 009930552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-03-16 00:46 - 2020-03-16 00:46 - 007604584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-03-16 00:46 - 2020-03-16 00:46 - 006520776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-03-16 00:46 - 2020-03-16 00:46 - 004563416 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2020-03-16 00:46 - 2020-03-16 00:46 - 001610240 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2020-03-16 00:46 - 2020-03-16 00:46 - 001398584 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-03-16 00:46 - 2020-03-16 00:46 - 001077048 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-03-16 00:46 - 2020-03-16 00:46 - 000772096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2020-03-16 00:46 - 2020-03-16 00:46 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2020-03-16 00:46 - 2020-03-16 00:46 - 000561464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2020-03-15 17:16 - 2020-03-15 17:16 - 000132837 _____ C:\Users\tracy\Downloads\coronavirus-covid-19-isolation-guidance(2).pdf
2020-03-15 13:47 - 2020-03-15 13:47 - 000401408 _____ C:\Users\tracy\Downloads\Outdoor_Dining_Chair_-_Seaside_Casual_quotCharleston_Side_Chairquot_20663.rfa
2020-03-15 13:33 - 2020-03-15 13:33 - 000462848 _____ C:\Users\tracy\Downloads\Outdoor_Bar_Chair_-_Seaside_Casual_quotCharleston_Bar_Chairquot_20664.rfa
2020-03-15 13:28 - 2020-04-06 00:49 - 000372736 _____ C:\Users\tracy\Downloads\Square_Dining_Table_17923.rfa
2020-03-15 13:28 - 2020-03-15 13:28 - 000372736 _____ C:\Users\tracy\Downloads\Square_Dining_Table_17923.0001.rfa
2020-03-14 23:47 - 2020-03-15 01:46 - 000417792 _____ C:\Users\tracy\Downloads\Couch_-_Soft_Bench_Berto_Salotti_9473.rfa
2020-03-14 23:47 - 2020-03-14 23:47 - 000266240 _____ C:\Users\tracy\Downloads\Couch_-_Soft_Bench_Berto_Salotti_9473.0001.rfa
2020-03-14 22:47 - 2020-03-14 22:47 - 000507904 _____ C:\Users\tracy\Downloads\Metal_Shelves_4135.rfa
2020-03-14 21:07 - 2020-03-14 21:07 - 000311296 _____ C:\Users\tracy\Downloads\Bar_StoolCocktail_19349.rfa
2020-03-14 20:33 - 2020-03-14 20:33 - 000311296 _____ C:\Users\tracy\Downloads\ADA_Handrail_20313.rfa
2020-03-14 19:41 - 2020-03-14 19:41 - 000315392 _____ C:\Users\tracy\Downloads\Cabinet_handle_12374.rfa
2020-03-14 19:07 - 2020-04-01 23:25 - 000471040 _____ C:\Users\tracy\Downloads\Pocket_Slider_Door_5851.rfa
2020-03-14 19:07 - 2020-03-21 21:42 - 000471040 _____ C:\Users\tracy\Downloads\Pocket_Slider_Door_5851.0004.rfa
2020-03-14 19:07 - 2020-03-16 23:17 - 000471040 _____ C:\Users\tracy\Downloads\Pocket_Slider_Door_5851.0003.rfa
2020-03-14 19:07 - 2020-03-14 20:38 - 000442368 _____ C:\Users\tracy\Downloads\Pocket_Slider_Door_5851.0002.rfa
2020-03-14 19:05 - 2020-03-14 19:05 - 000585728 _____ C:\Users\tracy\Downloads\Pocket_Door_20151.rfa
2020-03-14 18:42 - 2020-03-14 18:42 - 000282624 _____ C:\Users\tracy\Downloads\Booth_Standard_Corner_9036.rfa
2020-03-14 18:41 - 2020-03-14 18:41 - 000249856 _____ C:\Users\tracy\Downloads\Corner_Booth_w_Pad_4427.rfa
2020-03-14 18:29 - 2020-03-14 18:29 - 000466944 _____ C:\Users\tracy\Downloads\Booth_with_Curved_Top_single.rfa
2020-03-14 18:28 - 2020-03-14 18:28 - 002531328 _____ C:\Users\tracy\Downloads\Bar_restaurant_16073.rfa
2020-03-14 18:28 - 2020-03-14 18:28 - 000458752 _____ C:\Users\tracy\Downloads\4_Top_Round_3039_Diameter_Fast_Food_Restaurant_Table_amp_Chairs_15017.rfa
2020-03-14 18:26 - 2020-03-14 18:26 - 000233472 _____ C:\Users\tracy\Downloads\Booth_w_Pad_4428.rfa
2020-03-14 18:16 - 2020-03-14 18:16 - 000303104 _____ C:\Users\tracy\Downloads\Wall_mounted_shelves__shelf_16692.rfa
2020-03-14 13:18 - 2020-03-14 13:18 - 000801330 _____ C:\Users\tracy\Downloads\SEW__11198743_20200314(1).pdf
2020-03-14 01:16 - 2020-03-14 01:16 - 000606208 _____ C:\Users\tracy\Downloads\Sofa_6855.rfa
2020-03-14 00:32 - 2020-03-14 00:32 - 000909312 _____ C:\Users\tracy\Downloads\Ambulant_Disabled_WC_4001.rfa
2020-03-13 23:46 - 2020-03-13 23:46 - 000801330 _____ C:\Users\tracy\Downloads\SEW__11198743_20200314.pdf
2020-03-13 22:54 - 2020-03-13 22:54 - 000801330 _____ C:\Users\tracy\Downloads\SEW__11198743_20200313(1).pdf
2020-03-13 22:53 - 2020-03-13 22:53 - 000801330 _____ C:\Users\tracy\Downloads\SEW__11198743_20200313.pdf
2020-03-13 22:44 - 2020-03-13 22:44 - 001425408 _____ C:\Users\tracy\Downloads\Boat_-_Wake_board_ski_boat_13420.rfa
2020-03-13 22:43 - 2020-03-13 22:43 - 000290816 _____ C:\Users\tracy\Downloads\Boat_Lift_Assembly_18343.rfa
2020-03-13 20:09 - 2020-03-15 20:39 - 000557056 _____ C:\Users\tracy\Downloads\COALESSE_Metro_BIX_-_OccWrk_Booth_Table_Rect_7375.rfa
2020-03-13 20:09 - 2020-03-13 20:09 - 000450560 _____ C:\Users\tracy\Downloads\COALESSE_Metro_BIX_-_OccWrk_Booth_Table_Rect_7375.0001.rfa
2020-03-13 20:08 - 2020-03-13 20:08 - 000430080 _____ C:\Users\tracy\Downloads\Single_Booth_17921.rfa
2020-03-13 20:07 - 2020-03-13 20:07 - 000421888 _____ C:\Users\tracy\Downloads\Double_Booth_17922.rfa
2020-03-13 19:46 - 2020-04-01 22:34 - 000401408 _____ C:\Users\tracy\Downloads\Shelf_cubes_15524.rfa
2020-03-13 19:46 - 2020-03-13 19:46 - 000327680 _____ C:\Users\tracy\Downloads\Shelf_cubes_15524.0001.rfa
2020-03-13 19:29 - 2020-03-13 19:29 - 000454656 _____ C:\Users\tracy\Downloads\Modern_Garage_Door_19739.rfa
2020-03-13 19:28 - 2020-03-13 19:28 - 000266240 _____ C:\Users\tracy\Downloads\garage_door_8590.rfa
2020-03-13 19:27 - 2020-03-13 19:27 - 000954368 _____ C:\Users\tracy\Downloads\Garage_Door_12x14_with_windows_12763.rfa
2020-03-13 18:29 - 2020-03-13 18:29 - 000749568 _____ C:\Users\tracy\Downloads\Book_Display_9119.rfa
2020-03-13 17:46 - 2020-04-06 01:15 - 001200128 _____ C:\Users\tracy\Downloads\Cake_Display_Unit_-_Stivi_6181.rfa
2020-03-13 17:46 - 2020-04-05 16:32 - 001212416 _____ C:\Users\tracy\Downloads\Cake_Display_Unit_-_Stivi_6181.0004.rfa
2020-03-13 17:46 - 2020-04-04 00:17 - 001208320 _____ C:\Users\tracy\Downloads\Cake_Display_Unit_-_Stivi_6181.0003.rfa
2020-03-13 17:46 - 2020-03-19 03:30 - 001183744 _____ C:\Users\tracy\Downloads\Cake_Display_Unit_-_Stivi_6181.0002.rfa
2020-03-13 17:44 - 2020-03-13 17:44 - 001028096 _____ C:\Users\tracy\Downloads\Chilled_Multideck_Display_with_Chilled_Well_17434.rfa
2020-03-13 17:43 - 2020-03-13 17:43 - 000368640 _____ C:\Users\tracy\Downloads\Chilled_Multideck_Display_17378.rfa
2020-03-13 14:11 - 2020-03-13 14:11 - 000234594 _____ C:\Users\tracy\Downloads\10-64671-2-A_Specification_Sheet1.pdf
2020-03-13 14:10 - 2020-03-13 14:10 - 000203481 _____ C:\Users\tracy\Downloads\10-64672-2_SSheet.pdf
2020-03-13 13:15 - 2020-03-13 13:15 - 004078942 _____ C:\Users\tracy\Downloads\http___www.aphref.aph.gov.au_house_committee_laca_disabilitystandards_exhibits_exhibit09.pdf
2020-03-13 13:08 - 2020-03-13 13:08 - 000074523 _____ C:\Users\tracy\Downloads\http___www.aphref.aph.gov.au_house_committee_laca_disabilitystandards_exhibits_exhibit02.pdf
2020-03-13 10:47 - 2020-03-13 10:48 - 000003032 _____ C:\Users\tracy\Downloads\HWOOD7E1.pat
2020-03-13 01:03 - 2020-03-13 01:04 - 000208896 _____ C:\Users\tracy\Downloads\Coffee_Table_-_Mulit-Level_Colored_Glass_9320.rfa
2020-03-13 01:03 - 2020-03-13 01:03 - 002011136 _____ C:\Users\tracy\Downloads\Colored_Tetris_Shelves_4446.rvt
2020-03-12 01:44 - 2020-03-12 01:46 - 000266240 _____ C:\Users\tracy\Downloads\Deli_Display_Case_4147.rfa
2020-03-12 01:44 - 2020-03-12 01:44 - 000111104 _____ C:\Users\tracy\Downloads\Display_Case_462.rfa
2020-03-12 01:41 - 2020-03-12 01:41 - 000372736 _____ C:\Users\tracy\Downloads\Display_Case_10925.rfa
2020-03-12 01:15 - 2020-03-12 01:15 - 001093632 _____ C:\Users\tracy\Downloads\Kitchen_Counter_with_Base_Cabinets_16596.rfa
2020-03-12 01:13 - 2020-03-12 01:51 - 000360448 _____ C:\Users\tracy\Downloads\Bar_Counter_14938.rfa
2020-03-12 01:13 - 2020-03-12 01:14 - 000454656 _____ C:\Users\tracy\Downloads\Reception_Counter_15497.rfa
2020-03-12 01:13 - 2020-03-12 01:13 - 000290816 _____ C:\Users\tracy\Downloads\Bar_Counter_14938.0001.rfa

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-11 06:23 - 2019-03-19 14:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-11 05:42 - 2019-10-30 00:17 - 000000000 ____D C:\Users\tracy\AppData\Local\Packages
2020-04-11 05:40 - 2019-10-30 00:13 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-11 05:40 - 2019-03-19 14:50 - 000000000 ____D C:\Windows\INF
2020-04-11 05:38 - 2019-11-01 18:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-04-11 05:38 - 2019-10-30 01:08 - 000001008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-04-11 05:38 - 2019-10-30 01:08 - 000000000 ____D C:\Users\tracy\AppData\LocalLow\Mozilla
2020-04-11 05:38 - 2019-10-30 01:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-11 05:38 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\Registration
2020-04-11 05:35 - 2019-10-30 10:55 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-11 05:33 - 2019-03-19 14:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-04-11 05:32 - 2019-10-30 00:23 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-04-11 03:06 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\AppReadiness
2020-04-11 03:03 - 2019-10-30 10:55 - 000459728 _____ C:\Windows\system32\FNTCACHE.DAT
2020-04-11 02:14 - 2019-07-07 10:22 - 000001845 _____ C:\Users\tracy\Desktop\New ramblings.txt
2020-04-11 01:53 - 2019-10-30 10:55 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-04-10 22:33 - 2019-11-13 18:40 - 000000000 ____D C:\Users\tracy\AppData\Roaming\vlc
2020-04-10 21:52 - 2019-03-19 14:37 - 000000000 ____D C:\Windows\CbsTemp
2020-04-10 21:38 - 2020-01-11 01:08 - 000002044 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2020-04-10 21:38 - 2020-01-11 01:08 - 000002044 _____ C:\ProgramData\Desktop\HP Print and Scan Doctor.lnk
2020-04-10 02:24 - 2019-03-19 14:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-09 20:11 - 2019-11-02 06:14 - 000000000 ____D C:\ProgramData\Autodesk
2020-04-09 00:55 - 2019-10-31 23:07 - 000000000 ____D C:\Users\tracy\AppData\Local\SquirrelTemp
2020-04-09 00:49 - 2019-11-02 01:45 - 000000000 ____D C:\Users\tracy\Desktop\Tempix
2020-04-08 15:29 - 2019-10-31 03:29 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-07 03:28 - 2019-11-02 07:09 - 000000000 ____D C:\Users\tracy\AppData\Roaming\Autodesk
2020-04-07 03:28 - 2019-11-02 06:57 - 000000000 ____D C:\Users\tracy\AppData\Local\Autodesk
2020-04-07 03:16 - 2019-11-02 07:14 - 000098240 _____ C:\Users\tracy\AppData\Local\GDIPFONTCACHEV1.DAT
2020-04-06 23:13 - 2020-02-16 23:59 - 000000000 ____D C:\Users\tracy\Autodesk
2020-04-06 23:12 - 2019-11-02 06:51 - 000000000 ____D C:\Program Files (x86)\Autodesk
2020-04-06 23:12 - 2019-11-02 06:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2020-04-06 23:07 - 2019-11-02 07:03 - 000000000 ____D C:\Users\Public\Documents\Autodesk
2020-04-06 23:07 - 2019-11-02 07:03 - 000000000 ____D C:\ProgramData\Documents\Autodesk
2020-04-06 23:07 - 2019-11-02 06:23 - 000000000 ____D C:\Program Files\Autodesk
2020-04-06 22:15 - 2019-10-30 00:24 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-06 21:17 - 2019-06-11 23:36 - 000000000 ____D C:\Autodesk
2020-04-06 17:55 - 2019-10-30 11:09 - 000000000 ____D C:\Windows\minidump
2020-04-06 17:55 - 2019-07-01 22:37 - 000540497 ____N C:\Windows\Minidump\040620-81921-01.dmp
2020-04-06 17:17 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\LiveKernelReports
2020-04-06 17:16 - 2019-11-02 06:09 - 000000000 ____D C:\Program Files\Common Files\Apple
2020-04-06 06:34 - 2020-02-29 21:35 - 000000000 ____D C:\ProgramData\Zipware
2020-04-05 17:44 - 2019-10-30 17:29 - 000000000 ____D C:\Users\tracy\AppData\LocalLow\AMD
2020-04-05 00:30 - 2019-10-30 00:17 - 000000000 ____D C:\Users\tracy\AppData\Local\VirtualStore
2020-04-04 23:46 - 2019-10-30 00:31 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2020-04-04 23:37 - 2020-01-04 12:04 - 000000000 ____D C:\ProgramData\AMD
2020-04-04 23:37 - 2019-10-30 00:23 - 000000000 ____D C:\Program Files\AMD
2020-04-04 23:37 - 2019-07-01 06:00 - 000000000 ____D C:\AMD
2020-04-04 22:53 - 2019-10-30 00:28 - 000000000 ____D C:\ProgramData\Packages
2020-04-04 22:07 - 2019-10-30 00:14 - 000000000 ____D C:\Users\tracy
2020-03-28 17:18 - 2019-07-01 22:37 - 000441908 ____N C:\Windows\Minidump\032820-77609-01.dmp
2020-03-28 09:43 - 2019-03-19 14:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-03-27 22:26 - 2019-10-30 00:18 - 000000000 ____D C:\Users\tracy\AppData\Local\Publishers
2020-03-27 15:44 - 2019-12-27 02:14 - 000000010 _____ C:\Users\tracy\AppData\Local\sponge.last.runtime.cache
2020-03-24 17:06 - 2019-10-30 00:21 - 000000000 ____D C:\Users\tracy\AppData\Local\PlaceholderTileLogoFolder
2020-03-23 01:56 - 2019-10-31 04:14 - 000000000 ___RD C:\Users\tracy\OneDrive - The Gordon
2020-03-23 01:56 - 2019-10-30 00:22 - 000003370 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-792678858-599442959-1286739730-1001
2020-03-23 01:56 - 2019-10-30 00:22 - 000000000 ___RD C:\Users\tracy\OneDrive
2020-03-23 01:56 - 2019-10-30 00:14 - 000002366 _____ C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-21 18:02 - 2019-03-19 14:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-03-21 18:00 - 2019-10-30 21:16 - 000000000 ____D C:\Program Files\Microsoft Office
2020-03-21 11:23 - 2019-10-31 03:28 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-21 11:23 - 2019-10-31 03:28 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-20 17:23 - 2019-11-02 04:36 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-03-20 17:23 - 2019-11-02 04:36 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-03-19 22:29 - 2019-11-14 00:12 - 000000000 ____D C:\Users\tracy\AppData\Local\Autodesk,_Inc
2020-03-19 00:27 - 2019-10-30 17:31 - 000000000 ____D C:\Users\tracy\AppData\Local\D3DSCache
2020-03-18 01:53 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\ShellExperiences
2020-03-18 01:53 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\bcastdvr
2020-03-16 00:46 - 2015-07-10 23:20 - 000410830 __RSH C:\bootmgr
2020-03-14 13:16 - 2019-10-30 00:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-03-14 13:16 - 2019-10-30 00:17 - 000000000 ___RD C:\Users\tracy\3D Objects
2020-03-14 01:59 - 2019-03-19 14:52 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2020-03-14 01:59 - 2019-03-19 14:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-03-14 01:59 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\SysWOW64\setup
2020-03-14 01:59 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\SysWOW64\Dism
2020-03-14 01:59 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\SystemResources
2020-03-14 01:59 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2020-03-14 01:59 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\system32\setup
2020-03-14 01:59 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\system32\oobe
2020-03-14 01:59 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\system32\Dism
2020-03-14 01:59 - 2019-03-19 14:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-03-14 01:59 - 2019-03-19 14:37 - 000000000 ____D C:\Windows\servicing
2020-03-14 01:57 - 2019-09-27 00:39 - 000000000 ___HD C:\OneDriveTemp
2020-03-14 01:56 - 2020-03-04 20:14 - 000000000 ____D C:\Users\tracy\Desktop\Holden
2020-03-12 00:08 - 2019-11-11 14:54 - 000000000 ____D C:\Users\tracy\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories ========

2019-12-27 04:25 - 2019-12-27 04:25 - 000439380 _____ () C:\Users\tracy\AppData\Local\ars.cache
2019-12-27 04:26 - 2019-12-27 04:26 - 001124599 _____ () C:\Users\tracy\AppData\Local\census.cache
2020-03-26 19:18 - 2020-03-26 19:18 - 000007606 _____ () C:\Users\tracy\AppData\Local\Resmon.ResmonCfg
2019-12-27 02:14 - 2020-03-27 15:44 - 000000010 _____ () C:\Users\tracy\AppData\Local\sponge.last.runtime.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


  • 0

#35
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2020
Ran by tracy (11-04-2020 06:28:51)
Running from C:\Users\tracy\Downloads
Windows 10 Home Version 1903 18362.720 (X64) (2019-10-30 01:09:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-792678858-599442959-1286739730-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-792678858-599442959-1286739730-503 - Limited - Disabled)
Guest (S-1-5-21-792678858-599442959-1286739730-501 - Limited - Disabled)
tracy (S-1-5-21-792678858-599442959-1286739730-1001 - Administrator - Enabled) => C:\Users\tracy
WDAGUtilityAccount (S-1-5-21-792678858-599442959-1286739730-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3uTools (HKLM-x32\...\3uTools) (Version: 2.38.010 - ShangHai ZhangZheng Network Technology Co., Ltd.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_7) (Version: 20.0.7 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{A7039CC9-4669-4799-92B1-C5CE346DBE3D}) (Version: 8.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DA78A9DC-3599-4D81-A960-B679687A6C14}) (Version: 8.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Ashampoo ZIP Free (HKLM-x32\...\{0A11EA01-5173-F4C2-0973-35C932D5C674}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG)
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
Autodesk Advanced Material Library Base Resolution Image Library 2020 (HKLM-x32\...\{FF27FA47-6E0F-4654-A435-19916B297565}) (Version: 18.11.1.0 - Autodesk)
Autodesk Advanced Material Library Low Resolution Image Library 2020 (HKLM-x32\...\{042B92EF-929A-40B1-9578-DA8363208D02}) (Version: 18.11.1.0 - Autodesk)
Autodesk Advanced Material Library Medium Resolution Image Library 2020 (HKLM-x32\...\{0F682C15-79B0-4E6F-A2F4-56BC8CD43F1F}) (Version: 18.11.1.0 - Autodesk)
Autodesk Cloud Models for Revit 2020 (HKLM\...\{AA384BE4-2001-0010-0000-97E7D7D00B17}) (Version: 20.0.0.377 - Autodesk) Hidden
Autodesk Cloud Models for Revit 2020 (HKLM\...\Autodesk Cloud Models for Revit 2020) (Version: 20.0.0.377 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 8.0.0.46 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{317D67F2-9027-4E85-9ED1-ADF4D765AE02}) (Version: 3.0.11 - Autodesk)
Autodesk Material Library 2020 (HKLM-x32\...\{B9312A51-41B5-479D-9F72-E7448A2D89AF}) (Version: 18.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2020 (HKLM-x32\...\{0E976988-E753-4C81-BD96-434CE305B176}) (Version: 18.11.1.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2020 (HKLM-x32\...\{7979E1F2-682E-4A3C-B674-B3336F35D472}) (Version: 18.11.1.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2020 (HKLM-x32\...\{B52B3C0C-F56D-44CB-AC81-F86BCBB7550F}) (Version: 18.11.1.0 - Autodesk)
Autodesk Revit 2020 (HKLM\...\Revit 2020) (Version: 20.0.0.377 - Autodesk)
Autodesk Revit 2020 Revit MEP Imperial Content (HKLM\...\{38AEB114-D437-4695-B390-6D03723F32E0}) (Version: 2.2 - Autodesk)
Autodesk Revit 2020 Revit MEP Metric Content (HKLM\...\{6504036D-FF6D-41E0-B3FE-3193E9BC2047}) (Version: 2.2 - Autodesk)
Autodesk Revit Content Libraries 2020 (HKLM\...\Revit Content Libraries 2020) (Version: 20.0.0.377 - Autodesk)
Autodesk Revit Model Review 2020 (HKLM\...\{715812E8-2001-0010-0000-BBB894911B46}) (Version: 20.0.0.377 - Autodesk) Hidden
Autodesk Revit Model Review 2020 (HKLM\...\Autodesk Revit Model Review 2020) (Version: 20.0.0.377 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{E3807FC8-DD0A-4D6D-89E9-EAADE00C845C}) (Version: 10.22.00.1800 - Autodesk)
Batch Print for Autodesk Revit 2020 (HKLM\...\{82AF00E4-2001-0010-0000-FCE0F87063F9}) (Version: 20.0.0.377 - Autodesk) Hidden
Batch Print for Autodesk Revit 2020 (HKLM\...\Batch Print for Autodesk Revit 2020) (Version: 20.0.0.377 - Autodesk)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.150.11.1001 - BlueStack Systems, Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
CloneSpy 3.43 - 64 bit (HKLM\...\CloneSpy) (Version: 3.43 - The CloneSpy Team)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\CopyTrans Suite) (Version: 4.100 - WindSolutions)
Dell SupportAssist (HKLM\...\{17F0E5C2-638A-4645-A341-03E9C2FDCFF4}) (Version: 3.4.5.366 - Dell Inc.)
DevID Agent (HKLM-x32\...\DevID_Agent) (Version: 4.48 - DevID)
Duplicate Cleaner Free 4.1.2 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 4.1.2 - DigitalVolcano Software Ltd) <==== ATTENTION
eTransmit for Autodesk Revit 2020 (HKLM\...\{4477F08B-2001-0010-0000-9A09D834DFF5}) (Version: 20.0.0.377 - Autodesk) Hidden
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 6.28 - NCH Software)
Fast Duplicate File Finder 3.7.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 3.7.0.1 - MindGems, Inc.)
Font Viewer 2.0 (HKLM-x32\...\Font Viewer_is1) (Version:  - Thinking BIG Information Technology Inc.)
FormIt Converter For Revit 2020 (HKLM\...\{7A22DBAA-79A6-4C7B-98FA-9157A97EF6DA}) (Version: 1.9.6.0 - Autodesk)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Macgo iPhone Explorer (HKLM-x32\...\{4DA57BEC-D8C1-4A23-9C4E-0285857B6A58}_is1) (Version: 1.4.0.1886 - Macgo Inc.)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11929.20648 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{52EBC484-44A1-4DC5-824A-0A503735ABD8}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 75.0 (x64 en-US) (HKLM\...\Mozilla Firefox 75.0 (x64 en-US)) (Version: 75.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0 - Mozilla)
NetSurveillance (HKLM-x32\...\NetSurveillance) (Version:  - )
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20648 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20648 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11929.20648 - Microsoft Corporation) Hidden
OpenShot Video Editor version 2.4.4 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.4.4 - OpenShot Studios, LLC)
Personal Accelerator for Revit (HKLM\...\{533DE806-7EC5-4A73-841B-007110126A75}) (Version: 21.0.4.0 - Autodesk)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 5.28 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
Revit 2020 (HKLM\...\{7346B4A0-2000-0510-0000-705C0D862004}) (Version: 20.0.0.377 - Autodesk) Hidden
Revit Content Libraries 2020 (HKLM\...\{941030D0-2000-0410-0000-818BB38A95FC}) (Version: 20.0.0.377 - Autodesk) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version: 19.10.20 - Meltytech, LLC)
SnapBackup (HKLM\...\{9F1035F5-C4B1-4618-BFB8-2826E68210ED}) (Version: 1.0 - Snap Backup)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Sweet Home 3D version 6.2 (HKLM\...\Sweet Home 3D_is1) (Version: 6.2 - eTeks)
VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Virtual Router v1.0 (HKLM-x32\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VSDC Free Video Editor version 6.4.1.69 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.4.1.69 - Flash-Integro LLC)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Wave Editor 3.1.0.0 (HKLM-x32\...\Wave Editor_is1) (Version: 3.1.0.0 - AbyssMedia.com)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 9.61 - NCH Software)
WhySoSlow 1.51 (HKLM\...\WhySoSlowHome_is1) (Version:  - Resplendence Software Projects Sp.)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
WizFile v2.06 (HKLM\...\WizFile_is1) (Version: 2.06 - Antibody Software)
WizTree v3.29 (HKLM\...\WizTree_is1) (Version: 3.29 - Antibody Software)

Packages:
=========
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.5.4.0_x64__htrsf667h5kn2 [2020-04-04] (Dell Inc)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.671.0_x64__v10z8vjag6ke6 [2020-02-06] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa [2020-03-27] (Apple Inc.) [Startup Task]
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_440.9.118.0_x64__8xx8rvfyw5nnt [2020-04-03] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-30] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-31] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-03-13] (Adobe Systems Incorporated)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.10.61.0_x64__43tkc6nmykmb6 [2020-04-09] (Ookla)
WinDbg Preview -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2001.2001.0_neutral__8wekyb3d8bbwe [2020-01-05] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-792678858-599442959-1286739730-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
CustomCLSID: HKU\S-1-5-21-792678858-599442959-1286739730-1001_Classes\CLSID\{04271989-C4D2-DEB0-A5D7-91328C290E46} -> [OneDrive - The Gordon] => C:\Users\tracy\OneDrive - The Gordon [2019-10-31 04:14]
ContextMenuHandlers1-x32: [ASZipF] -> {e03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT.DLL [2017-10-10] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [ASZipF64] -> {e03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT64.DLL [2017-10-10] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-12-16] () [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-10-26] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6-x32: [ASZipF] -> {e03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT.DLL [2017-10-10] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [ASZipF64] -> {e03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT64.DLL [2017-10-10] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-12-16] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( ) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetSurveillance\reg.lnk -> C:\Program Files (x86)\NetSurveillance\CMS\reg.bat ()
ShortcutWithArgument: C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\tracy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2019-12-16 14:40 - 2019-12-16 14:40 - 000105984 _____ () [File not signed] C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2020-04-11 00:57 - 2018-07-06 17:22 - 001603072 _____ () [File not signed] C:\Program Files (x86)\Windscribe\libGLESv2.dll
2020-04-11 00:57 - 2018-07-06 17:22 - 000071168 _____ () [File not signed] C:\Program Files (x86)\Windscribe\zlib1.dll
2017-10-26 18:23 - 2017-10-26 18:23 - 000017408 _____ () [File not signed] C:\Program Files\AMD\ATI.ACE\a4\AS4.NativeProxy.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2017-06-05 03:33 - 2017-06-05 03:33 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-03-10 14:20 - 2017-03-10 14:20 - 000179200 _____ () [File not signed] C:\Program Files\Autodesk\Personal Accelerator for Revit\Autodesk.C4R.AdWebServicesInterop.dll
2019-08-16 10:37 - 2019-08-16 10:37 - 000158208 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Windows\system32\amdihk64.dll
2019-10-30 21:17 - 2019-10-30 21:17 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2019-10-30 21:16 - 2019-10-30 21:16 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2019-10-30 21:16 - 2019-10-30 21:16 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2020-02-27 13:51 - 2020-02-27 13:51 - 001899008 _____ (SQLite Development Team) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\sqlite3.dll
2020-04-11 00:57 - 2018-07-06 17:22 - 000058368 _____ (The c-ares library, hxxps://c-ares.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\cares.dll
2020-04-11 00:57 - 2018-09-13 23:56 - 000350208 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\Windscribe\libcurl.dll
2020-04-11 00:57 - 2018-07-06 17:22 - 001212928 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\LIBEAY32.dll
2020-04-11 00:57 - 2018-07-06 17:22 - 000276480 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Windscribe\SSLEAY32.dll
2020-04-11 00:57 - 2018-07-06 17:22 - 000024576 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qgif.dll
2020-04-11 00:57 - 2018-07-06 17:22 - 000025088 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\imageformats\qico.dll
2020-04-11 00:57 - 2018-07-06 17:22 - 000986624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\platforms\qwindows.dll
2020-04-11 00:57 - 2018-07-06 17:22 - 004694016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Core.dll
2020-04-11 00:57 - 2018-07-06 17:22 - 003677184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Gui.dll
2020-04-11 00:57 - 2018-07-06 17:22 - 000856064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Network.dll
2020-04-11 00:57 - 2018-07-06 17:22 - 004483072 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Windscribe\Qt5Widgets.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000034816 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000237568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 001336832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2017-06-05 03:32 - 2017-06-05 03:32 - 001136128 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2017-10-26 18:20 - 2017-10-26 18:20 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2017-06-05 03:32 - 2017-06-05 03:32 - 006045696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2017-06-05 03:32 - 2017-06-05 03:32 - 001204736 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2017-06-05 03:32 - 2017-06-05 03:32 - 003234304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000283136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000139264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2017-06-05 03:33 - 2017-06-05 03:33 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:Easy$Duplicate$Finder [125]
AlternateDataStreams: C:\Users\All Users:Easy$Duplicate$Finder [125]
AlternateDataStreams: C:\ProgramData\Application Data:Easy$Duplicate$Finder [125]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\sharepoint.com -> hxxps://thegordon-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 14:49 - 2019-03-19 14:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2020-02-04 16:32 - 2020-02-04 16:41 - 000000440 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-792678858-599442959-1286739730-1001\Control Panel\Desktop\\Wallpaper -> c:\users\tracy\appdata\local\microsoft\windows\themes\roamedthemefiles\desktopbackground\flippyflippedflippier.png
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "ProdLib"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData"
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\StartupApproved\StartupFolder: => "GenuineService.lnk"
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\StartupApproved\Run: => "CCXProcess"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{50437D83-25E8-4343-9F50-35BB047B3E38}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0D64B562-CD56-4332-B9F5-8480EA275FC0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8E48935A-3C85-4164-BC8A-5655E287C279}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5423C79-5C41-4D75-A5B9-DEAE366EE420}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1347ED35-2901-459D-B1A2-AC11337A67F8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{DA77E04B-B364-44AD-B392-B4AD022D0B1F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{7AF921ED-B861-4F4F-8BE8-78239F3B888F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{46885675-2554-4032-BBE6-A8CF608C8044}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Flash-Integro LLC) [File not signed]
FirewallRules: [{AFA2EDCE-3EAE-41AF-95E9-172297F63BC2}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Flash-Integro LLC) [File not signed]
FirewallRules: [{16F345E6-5AD7-4299-B5D1-B0E25C15455B}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Flash-Integro LLC) [File not signed]
FirewallRules: [{A9FB7220-773D-49FB-9A2A-0F883F472B6E}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Flash-Integro LLC) [File not signed]
FirewallRules: [{FCB4AA98-BB95-41DB-B61F-9768C9720691}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Flash-Integro LLC) [File not signed]
FirewallRules: [{B0162D49-E99F-435E-8D22-24533A213FB4}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Flash-Integro LLC) [File not signed]
FirewallRules: [{52BB412B-D298-4265-B27B-98B7A10C1E82}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{913857BF-7579-41D1-A324-9344B7E4696E}] => (Allow) C:\Users\tracy\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe No File
FirewallRules: [{10F52F68-BAC4-47B3-869D-83CB1B232B08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5D3637E7-CFB8-4BFF-B232-9EDA98FBAABC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EF844437-3405-409A-9E69-3EA0A91E54CC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0AB9B55B-1376-459B-9C6D-DF37C9E9D87E}] => (Allow) C:\Users\tracy\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe No File
FirewallRules: [{0BABCE91-9977-4C85-8526-C9F42BE0AAA7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BD907F2F-D04D-4131-9BF6-4E94B517B052}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9CAE1192-E64A-418E-B253-C1AA0D164039}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E821DE98-2B12-4F64-98A5-A44DA5852C81}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F89141B-797C-4C77-9AEE-32A994E5C42A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EFB7C923-EBD1-42D6-BF10-E74EDC5D1CA2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{18770CA2-AB39-4444-A1D9-5393BC401894}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{46FEF00F-041B-48BB-B83F-5E1152CEF142}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C80A6631-B202-49FC-ADC0-F60C783032F0}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{61B032CB-2617-430F-A716-95AE75AA9A4A}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{8523A1D1-7BC9-4929-A460-3FC060DD28E7}] => (Allow) LPort=80
FirewallRules: [{482366C8-0D1E-4EA3-8536-9D841ADBFFBD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

26-03-2020 00:34:32 Scheduled Checkpoint
28-03-2020 09:45:07 Removed Autodesk Workflows 2019
04-04-2020 22:18:56 Scheduled Checkpoint
06-04-2020 01:26:06 Removed Bonjour
06-04-2020 05:30:25 Revit Removal
10-04-2020 21:50:45 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/11/2020 05:38:34 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 29312 and the required size was 31384.


System errors:
=============
Error: (04/11/2020 05:34:20 AM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.


CodeIntegrity:
===================================

Date: 2020-04-11 06:23:19.205
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\netaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-11 06:21:43.687
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\netaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-11 05:36:19.404
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\netaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. A12 08/30/2016
Motherboard: Dell Inc. 0FXF2C
Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 34%
Total physical RAM: 11200.24 MB
Available physical RAM: 7327.7 MB
Total Virtual: 12100.24 MB
Available Virtual: 6822.8 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:238.47 GB) (Free:106.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (ORIGINAL HDD) (Fixed) (Total:929.66 GB) (Free:426.97 GB) NTFS
Drive f: (SCHOOL) (Removable) (Total:30 GB) (Free:15.66 GB) FAT32

\\?\Volume{9923554b-9ad2-4d8d-8cca-4b22cb27de71}\ (WinRETOOLS) (Fixed) (Total:0.78 GB) (Free:0.76 GB) NTFS
\\?\Volume{140233df-a3b6-46d6-89db-13be3461f8ea}\ () (Fixed) (Total:0.85 GB) (Free:0.4 GB) NTFS
\\?\Volume{a9409e46-0860-4422-8d7a-e52801f9c2c5}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 34706B48)
Partition 1: (Active) - (Size=238.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: A739D2F0)

Partition: GPT.

==========================================================
Disk: 2 (Size: 30 GB) (Disk ID: 500A0DFF)
No partition Table on disk 2.

==================== End of Addition.txt =======================


  • 0

#36
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

On a side note:

I used a proxy server the other day which put me in France. I succesfully disconnected from the French IP and returned to Australia, verified by whatismyipaddress.com. I cleared my internet cache and site data and have rebooted numerous times. Since then however, I have been plagued with websites appearing in French and prices appearing in €. Clearly, somewhere in Computerland I'm still in France. I have used this proxy app many, many times in the past and never experienced this problem until now. How do I fix this?

Thanks!


Edited by RiffRaffMama, 10 April 2020 - 02:59 PM.

  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,944 posts
  • MVP

See if this helps:

 

Download OOSU10.exe:

https://www.oo-softw...com/en/shutup10

Download and Save it (You will get a popup while it's downloading.  You can X out of it)
then Right click and Run As Admin.
Allow it to make a System Restore Point.
Click on Actions then on Apply Recommended Settings.

Close the program and reboot.

After each major update it's wise to rerun the program and Revert the changes.


  • 0

#38
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Thank you, so far, so good on the location issue. I'll let you know if it all goes south again (or North, really, isn't it?)

 

There's a newer AMD APU driver than what I have. Should I update to it?

 

How are things looking after the last FRST tests?

 

Thanks!


  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,944 posts
  • MVP

The logs look OK.  There are two errors but they are trivial.  Of course you hadn't tried to run your Revit yet so I don't know if it is still crashing.  Probably best to install the newest AMD driver.

Reboot.

Then try using Revit a bit and then run VEW for both System & Applications.

 

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 


  • 0

#40
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Hi again. Before I get into the latest processes to perform, I have developed a problem out of the blue. I have changed/installed nothing other than the apps you have instructed and performed the system/options alterations where appropriate and suddenly my browser is being hijacked. Not all the time, but every couple of hours or so I'll click on a perfectly normal website link and instead of going there I'll get an ad for Express VPN or a rather nasty looking game called "C*nt Wars", (only they're not as discreet with the title. It's really something else, believe me!). How do I make the nasty naked animated women doing indescribable things go away?

Thanks!!


  • 0

Advertisements


#41
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,944 posts
  • MVP

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs, pause your anti-virus and right click on the AdwCleaner icon and select Run As Admin.

Click on I agree
Click on Scan  and follow the prompts. Let it run unhindered.
When done, click on the Clean & Repair button, and follow the prompts. Allow the system to reboot. After Reboot, AdwCleaner will popup.  Hit View Log File. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

 


  • 0

#42
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

The Dell ones were legitimate - they come from the Dell website. Dell makes you install them if you want to download drivers etc from their site. I've uninstalled it before, but you have to put it back every time you go there.  As for the others... evidently they piggybacked their way in on something in recent days, but it's almost impossible for me to pinpoint what since there has been several programs necessary to us installed in that time to generate reports, etc.

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build:    04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-13-2020
# Duration: 00:00:03
# OS:       Windows 10 Home
# Cleaned:  14
# Failed:   3


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted       C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6070aaf0-4487-49b5-9583-c51f7316c6ff}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.DellSupportAssistAgent   Folder   C:\ProgramData\SUPPORTASSIST\CLIENT\TECHNICIANTOOLKIT
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B15069F7-4C98-40D4-B48C-88AC7C223F94}
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B15069F7-4C98-40D4-B48C-88AC7C223F94}
Deleted       Preinstalled.DellSupportAssistAgent   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate
Deleted       Preinstalled.DellSupportAssistAgent   Task   C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE
Not Deleted   Preinstalled.DellSupportAssistAgent   Folder   C:\Program Files\DELL\SUPPORTASSISTAGENT
Not Deleted   Preinstalled.DellUpdateforWindows10   Folder   C:\Program Files (x86)\DELL\UPDATESERVICE
Not Deleted   Preinstalled.DellUpdateforWindows10   Folder   C:\ProgramData\DELL\UPDATESERVICE


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [17716 octets] - [13/04/2020 06:17:48]
AdwCleaner[S00].txt - [3520 octets] - [13/04/2020 06:18:48]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 


  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,944 posts
  • MVP

Don't know why it picked on the Dell stuff but the dotomi.com stuff appears to be worth removing.  Did it help?


  • 0

#44
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

I upgraded the AMD file. I never know what upgrading those does... I mean, my GPU can only do what it can do, as fast as it can do it, right? If it could be improved just with software, I wouldn't be in this situation. Anyway the flashy new version 20 is installed.

 

 

Windows saw need to update something again this morning. What do I need to do to tidy that up again?

I know it is in a lot of ways probably ill-advised, but is there an effective way of preventing Windows automatic updates for longer than the 28 days it lets you suspend them for at a time? Years ago there was a great little tiny app I found online that ran in the background that stopped them completely. I don't remember its name, because I ran it on a different computer, but it was something simple like "update stop" or something. That computer was rocking Windows 7, so I don't know if it would be usable now anyway, but after trying numerous little apps and registry edits over the years, I'm yet to find something that stops the insidious little surprise attacks from happening.

 

 

I have been running Revit a bit since the reinstall. I think it has been less sluggish. It's by no means lightning fast, but using the same files I had been, which had been painful to use because of all the thumb twiddling while it performed basic tasks, it is clearly performing requests faster. There have been noticeably fewer faded screen "(not responding) menu bar" moments, and no crashes. It came close last night at one stage though. I was editing a component of my design at the time. What that involves is within a design of a building there are components like doors, furniture, steel framing beams, etc, etc, each of which is its own file and can be altered individually in size, shape, parts removed/added, etc by opening them up as their own design, making the alterations, saving the altered part as its own file and then re-inserting it to the main design (for example you might want to remove the lower pane of glass from a glass door so it doesn't break if you kick the door closed behind you when your hands are full, or the stock bathroom vanity is too wide for where you want to put it, etc). I was doing this with some steel beams and a warning dialog box appeared telling me (paraphrased because I can't remember the exact wording) a serious error had occurred and to save my file.

 

I have encountered this style of error and its accompanying dialog box many times with different project files. When you hit save it then saves the file as "filename(recovery).rvt". It does not crash and you can continue going about your business and save the file again when you're done and everything seems fine. The recovery file opens just like a normal one and I've never encountered a problem with just continuing to use it. I have always found this process mysterious. There was a dump file in the revit journals folder, but it contained only one line which was "*** CP: ElementCutting: canCopyElementsFromFamilyToFamily failed!", which is what I was doing when it did this - I had asked it to copy/paste something and it didn't want to.

 

While I was in the journals folder, I noticed that there was a dump file dated March 9. I did not receive the "Revit has lost its keys and can't drive you to soccer practice, save your file" dialog box that day, and the program did not crash or do anything weird that I recall, so I don't know why this dump was generated. I opened it in WinDbg and it generated the following report. Where it says "For analysis of this file, run !analyze -v " I did that, which generated the second part of the report. Thoughts? Thanks.

 

Report:

 

Microsoft ® Windows Debugger Version 10.0.19528.1000 AMD64
Copyright © Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\tracy\AppData\Local\Autodesk\Revit\Autodesk Revit 2020\Journals\journal.0002.0001.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available


************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Version 18362 MP (4 procs) Free x64
Product: WinNt, suite: SingleUserTS Personal
Machine Name:
Debug session time: Thu Apr 9 02:14:50.000 2020 (UTC + 10:00)
System Uptime: not available
Process Uptime: 1 days 7:32:57.000
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
................................................................
......................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(366c.10fc): C++ EH exception - code e06d7363 (first/second chance not available)
For analysis of this file, run
!analyze -v
ntdll!NtGetContextThread+0x14:
00007ffc`9be3de54 c3 ret
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************

*** WARNING: Unable to verify checksum for libcef.dll
*** WARNING: Unable to verify timestamp for amdihk64.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\13f4543f755b32b6ebe0edeb92bb52a8\mscorlib.ni.dll, Win32 error 0n2
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\6228d402fdebfae866e84fdfe08773bf\PresentationCore.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for PresentationCore.ni.dll
*** WARNING: Unable to verify timestamp for atidxx64.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\System\01a3608d87251d7ea99342a88d079c23\System.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for System.ni.dll
*** WARNING: Unable to verify timestamp for atiumd64.dll
*** WARNING: Unable to verify timestamp for atiumd6a.dll

KEY_VALUES_STRING: 1

Key : Analysis.CPU.Sec
Value: 374

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on RIFFRAFFDELL

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.Sec
Value: 761

Key : Analysis.Memory.CommitPeak.Mb
Value: 519

Key : Analysis.System
Value: CreateObject

Key : CLR.Engine
Value: CLR

Key : CLR.Version
Value: 4.0.30319.0

Key : Timeline.Process.Start.DeltaSec
Value: 113577


ADDITIONAL_XML: 1

CONTEXT:
(.ecxr)
rax=00007ffc5eee2094 rbx=00007ffc3a7c8620 rcx=fffffffffffffffe
rdx=00007ffc37ea6a95 rsi=0000000000000000 rdi=00000045f192ea90
rip=00007ffc992ba859 rsp=00000045f192e8e0 rbp=00000045f192ea20
r8=00007ffc380e8d12 r9=00007ffc99e65ed0 r10=fffffffffffffffe
r11=000001ee4b878600 r12=0000000000000000 r13=00000045f192edc8
r14=00000045f192eba8 r15=00000045f192edc0
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
KERNELBASE!RaiseException+0x69:
00007ffc`992ba859 0f1f440000 nop dword ptr [rax+rax]
Resetting default scope

EXCEPTION_RECORD:
(.exr -1)
ExceptionAddress: 00007ffc992ba859 (KERNELBASE!RaiseException+0x0000000000000069)
ExceptionCode: e06d7363 (C++ EH exception)
ExceptionFlags: 00000001
NumberParameters: 4
Parameter[0]: 0000000019930520
Parameter[1]: 00000045f192ea90
Parameter[2]: 00007ffc3a7c8620
Parameter[3]: 00007ffc39c10000

PROCESS_NAME: Revit.exe

ERROR_CODE: (NTSTATUS) 0xe06d7363 - <Unable to get error code text>

EXCEPTION_CODE_STR: e06d7363

EXCEPTION_PARAMETER1: 0000000019930520

EXCEPTION_PARAMETER2: 00000045f192ea90

EXCEPTION_PARAMETER3: 00007ffc3a7c8620

EXCEPTION_PARAMETER4: 7ffc39c10000

MISSING_CLR_SYMBOL: 0

STACK_TEXT:
00000045`f192e8e0 00007ffc`7c4242cd : 00000000`030d0747 000001ee`03110000 000001ee`031102a4 00007ffc`992b96d0 : KERNELBASE!RaiseException+0x69
00000045`f192e9c0 00007ffc`39ce05c6 : 00007ffc`39c10000 00000000`00000000 000001ee`0329c830 00000000`00000002 : VCRUNTIME140!_CxxThrowException+0xad
00000045`f192ea30 00007ffc`39ce03c8 : 00000045`f192eba8 00000000`00000000 00000000`00000000 00000000`00000000 : Utility!ManageDumpFiles::createMiniDump+0x246
00000045`f192ea80 00007ffc`39ce029c : 00000045`f192eda8 00007ffc`39ed4b1c 00000045`f192edb8 00000000`00000000 : Utility!ManageDumpFiles::createMiniDump+0x48
00000045`f192eb70 00007ffc`39dcd9f3 : 000001ee`00000000 00000000`00000000 00000045`f192eda8 00000000`00000001 : Utility!ManageDumpFiles::capturePrimaryMiniDumpUnlessExistsAlready+0xbc
00000045`f192ebf0 00007ffc`39dce8c3 : 00000000`00000607 00007ffc`39c35e2b 000001ee`bd2d3bf0 00007ffc`39da2896 : Utility!ApplicationException::ApplicationException+0x103
00000045`f192ecd0 00007ffc`378372e8 : 00000045`f192edc0 000001ee`7c112fb0 00000045`f192eea0 00007ffc`5ecdd0b5 : Utility!InternalException::InternalException+0x23
00000045`f192ed20 00007ffc`5eece9e8 : 000001ee`7c112fb0 ffffffff`fffffffe 000001ee`7c112fb0 00000000`0c16aa50 : RevitDB!MFCView::OnDraw+0x548
00000045`f192ee70 00007ffc`6a0d0a8e : 000001ee`7c112fb0 00000000`ffffffff 00000000`00000000 000001ee`00000000 : mfc140u!CView::OnPaint+0x68
00000045`f192ef30 00007ffc`5eee4b63 : 00000000`0000014f 00007ffc`6a0d0950 00000000`00000000 00000000`00000000 : DesktopMFC!DesktopMFCView::OnPaint+0x13e
00000045`f192efb0 00007ffc`5eee441f : 000001ee`7c112fb0 00000000`00000000 00000000`00000000 00000000`00000000 : mfc140u!CWnd::OnWndMsg+0x703
00000045`f192f130 00007ffc`6a0c2369 : 00000000`00000000 000001ee`bd2d3bf0 00000045`f192f1f9 000001ee`7c112fb0 : mfc140u!CWnd::WindowProc+0x3f
00000045`f192f170 00007ffc`5eee1ca5 : 00000000`001907cc 00007ffc`5f046830 00000000`00000000 00000000`00030000 : DesktopMFC!DesktopMFCView::WindowProc+0x1d9
00000045`f192f260 00007ffc`5eee2094 : 00000000`0000000f 00000000`001907cc 00000045`f192f3b8 00004c8a`3a8ffecd : mfc140u!AfxCallWndProc+0x135
00000045`f192f350 00007ffc`5ed88aa1 : 00000000`00000000 00000000`001907cc 00000000`0000000f 00000000`00000000 : mfc140u!AfxWndProc+0x54
00000045`f192f390 00007ffc`99e65c0d : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : mfc140u!AfxWndProcBase+0x51
00000045`f192f3e0 00007ffc`99e658de : 00000000`001907cc 00007ffc`5ed88a50 00000000`001907cc 00000000`0000000f : user32!UserCallWinProcCheckWow+0x2bd
00000045`f192f570 00007ffc`6a13c4c5 : 00000000`001907cc 00000045`f192f671 00000000`0000000f ffffffff`fffffffe : user32!CallWindowProcW+0x8e
00000045`f192f5c0 00007ffc`6a12fd16 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : DesktopMFC!ManagePropertiesPalette::updateTypeSelector+0x255
00000045`f192f6d0 00007ffc`99e65c0d : 00000000`00000001 000001ee`0327d358 00000000`00000000 00000000`00000000 : DesktopMFC!ManageAlerts::batchCheckWindowsResourcesForNearExhaustion+0xe6
00000045`f192f710 00007ffc`99e657dc : 00000000`00000388 00007ffc`6a12fcd0 00000000`001907cc 00000000`80000000 : user32!UserCallWinProcCheckWow+0x2bd
00000045`f192f8a0 00007ffc`99e71f73 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`000f042e : user32!DispatchClientMessage+0x9c
00000045`f192f900 00007ffc`9be3fe34 : ffffffff`fffffffe 00000000`000f042e 00007ff6`e1ec5070 000001ee`0327d300 : user32!_fnDWORD+0x33
00000045`f192f960 00007ffc`98eb1764 : 00007ffc`99e656ec 000001ee`07118660 00007ff6`e1ec5070 000001ee`07118660 : ntdll!KiUserCallbackDispatcherContinue
00000045`f192f9e8 00007ffc`99e656ec : 000001ee`07118660 00007ff6`e1ec5070 000001ee`07118660 00007ffc`5eee1f03 : win32u!NtUserDispatchMessage+0x14
00000045`f192f9f0 00007ffc`5eecaad2 : 00007ffc`6a12fcd0 000001ee`0327d358 00000000`00000000 00007ff6`e1ec5070 : user32!DispatchMessageWorker+0x2cc
00000045`f192fa70 00007ffc`5eecb417 : 00000000`00000001 000001ee`0327d358 00000000`00000000 000001ee`0327d358 : mfc140u!AfxInternalPumpMessage+0x52
00000045`f192faa0 00007ffc`5eefdd90 : 00000000`00000001 00007ff6`e1ec0000 00000000`00000000 00000000`00010001 : mfc140u!CWinThread::Run+0x77
00000045`f192fae0 00007ff6`e1ec126a : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : mfc140u!AfxWinMain+0xc0
00000045`f192fb20 00007ffc`9a167bd4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Revit_exe+0x126a
00000045`f192fb60 00007ffc`9be0ced1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
00000045`f192fb90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21


SYMBOL_NAME: utility!ManageDumpFiles::createMiniDump+246

MODULE_NAME:
Utility

IMAGE_NAME: Utility.dll

STACK_COMMAND: ~0s ; .ecxr ; kb

FAILURE_BUCKET_ID: CPP_EXCEPTION_e06d7363_Utility.dll!ManageDumpFiles::createMiniDump

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {89ff795e-cac9-da24-a20d-40ebb7f51f88}

Followup: MachineOwner
---------

0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************


KEY_VALUES_STRING: 1

Key : Analysis.CPU.Sec
Value: 362

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on RIFFRAFFDELL

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.Sec
Value: 368

Key : Analysis.Memory.CommitPeak.Mb
Value: 526

Key : Analysis.System
Value: CreateObject

Key : CLR.Engine
Value: CLR

Key : CLR.Version
Value: 4.0.30319.0

Key : Timeline.Process.Start.DeltaSec
Value: 113577


ADDITIONAL_XML: 1

CONTEXT:
(.ecxr)
rax=00007ffc5eee2094 rbx=00007ffc3a7c8620 rcx=fffffffffffffffe
rdx=00007ffc37ea6a95 rsi=0000000000000000 rdi=00000045f192ea90
rip=00007ffc992ba859 rsp=00000045f192e8e0 rbp=00000045f192ea20
r8=00007ffc380e8d12 r9=00007ffc99e65ed0 r10=fffffffffffffffe
r11=000001ee4b878600 r12=0000000000000000 r13=00000045f192edc8
r14=00000045f192eba8 r15=00000045f192edc0
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
KERNELBASE!RaiseException+0x69:
00007ffc`992ba859 0f1f440000 nop dword ptr [rax+rax]
Resetting default scope

EXCEPTION_RECORD:
(.exr -1)
ExceptionAddress: 00007ffc992ba859 (KERNELBASE!RaiseException+0x0000000000000069)
ExceptionCode: e06d7363 (C++ EH exception)
ExceptionFlags: 00000001
NumberParameters: 4
Parameter[0]: 0000000019930520
Parameter[1]: 00000045f192ea90
Parameter[2]: 00007ffc3a7c8620
Parameter[3]: 00007ffc39c10000

PROCESS_NAME: Revit.exe

ERROR_CODE: (NTSTATUS) 0xe06d7363 - <Unable to get error code text>

EXCEPTION_CODE_STR: e06d7363

EXCEPTION_PARAMETER1: 0000000019930520

EXCEPTION_PARAMETER2: 00000045f192ea90

EXCEPTION_PARAMETER3: 00007ffc3a7c8620

EXCEPTION_PARAMETER4: 7ffc39c10000

MISSING_CLR_SYMBOL: 0

STACK_TEXT:
00000045`f192e8e0 00007ffc`7c4242cd : 00000000`030d0747 000001ee`03110000 000001ee`031102a4 00007ffc`992b96d0 : KERNELBASE!RaiseException+0x69
00000045`f192e9c0 00007ffc`39ce05c6 : 00007ffc`39c10000 00000000`00000000 000001ee`0329c830 00000000`00000002 : VCRUNTIME140!_CxxThrowException+0xad
00000045`f192ea30 00007ffc`39ce03c8 : 00000045`f192eba8 00000000`00000000 00000000`00000000 00000000`00000000 : Utility!ManageDumpFiles::createMiniDump+0x246
00000045`f192ea80 00007ffc`39ce029c : 00000045`f192eda8 00007ffc`39ed4b1c 00000045`f192edb8 00000000`00000000 : Utility!ManageDumpFiles::createMiniDump+0x48
00000045`f192eb70 00007ffc`39dcd9f3 : 000001ee`00000000 00000000`00000000 00000045`f192eda8 00000000`00000001 : Utility!ManageDumpFiles::capturePrimaryMiniDumpUnlessExistsAlready+0xbc
00000045`f192ebf0 00007ffc`39dce8c3 : 00000000`00000607 00007ffc`39c35e2b 000001ee`bd2d3bf0 00007ffc`39da2896 : Utility!ApplicationException::ApplicationException+0x103
00000045`f192ecd0 00007ffc`378372e8 : 00000045`f192edc0 000001ee`7c112fb0 00000045`f192eea0 00007ffc`5ecdd0b5 : Utility!InternalException::InternalException+0x23
00000045`f192ed20 00007ffc`5eece9e8 : 000001ee`7c112fb0 ffffffff`fffffffe 000001ee`7c112fb0 00000000`0c16aa50 : RevitDB!MFCView::OnDraw+0x548
00000045`f192ee70 00007ffc`6a0d0a8e : 000001ee`7c112fb0 00000000`ffffffff 00000000`00000000 000001ee`00000000 : mfc140u!CView::OnPaint+0x68
00000045`f192ef30 00007ffc`5eee4b63 : 00000000`0000014f 00007ffc`6a0d0950 00000000`00000000 00000000`00000000 : DesktopMFC!DesktopMFCView::OnPaint+0x13e
00000045`f192efb0 00007ffc`5eee441f : 000001ee`7c112fb0 00000000`00000000 00000000`00000000 00000000`00000000 : mfc140u!CWnd::OnWndMsg+0x703
00000045`f192f130 00007ffc`6a0c2369 : 00000000`00000000 000001ee`bd2d3bf0 00000045`f192f1f9 000001ee`7c112fb0 : mfc140u!CWnd::WindowProc+0x3f
00000045`f192f170 00007ffc`5eee1ca5 : 00000000`001907cc 00007ffc`5f046830 00000000`00000000 00000000`00030000 : DesktopMFC!DesktopMFCView::WindowProc+0x1d9
00000045`f192f260 00007ffc`5eee2094 : 00000000`0000000f 00000000`001907cc 00000045`f192f3b8 00004c8a`3a8ffecd : mfc140u!AfxCallWndProc+0x135
00000045`f192f350 00007ffc`5ed88aa1 : 00000000`00000000 00000000`001907cc 00000000`0000000f 00000000`00000000 : mfc140u!AfxWndProc+0x54
00000045`f192f390 00007ffc`99e65c0d : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : mfc140u!AfxWndProcBase+0x51
00000045`f192f3e0 00007ffc`99e658de : 00000000`001907cc 00007ffc`5ed88a50 00000000`001907cc 00000000`0000000f : user32!UserCallWinProcCheckWow+0x2bd
00000045`f192f570 00007ffc`6a13c4c5 : 00000000`001907cc 00000045`f192f671 00000000`0000000f ffffffff`fffffffe : user32!CallWindowProcW+0x8e
00000045`f192f5c0 00007ffc`6a12fd16 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : DesktopMFC!ManagePropertiesPalette::updateTypeSelector+0x255
00000045`f192f6d0 00007ffc`99e65c0d : 00000000`00000001 000001ee`0327d358 00000000`00000000 00000000`00000000 : DesktopMFC!ManageAlerts::batchCheckWindowsResourcesForNearExhaustion+0xe6
00000045`f192f710 00007ffc`99e657dc : 00000000`00000388 00007ffc`6a12fcd0 00000000`001907cc 00000000`80000000 : user32!UserCallWinProcCheckWow+0x2bd
00000045`f192f8a0 00007ffc`99e71f73 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`000f042e : user32!DispatchClientMessage+0x9c
00000045`f192f900 00007ffc`9be3fe34 : ffffffff`fffffffe 00000000`000f042e 00007ff6`e1ec5070 000001ee`0327d300 : user32!_fnDWORD+0x33
00000045`f192f960 00007ffc`98eb1764 : 00007ffc`99e656ec 000001ee`07118660 00007ff6`e1ec5070 000001ee`07118660 : ntdll!KiUserCallbackDispatcherContinue
00000045`f192f9e8 00007ffc`99e656ec : 000001ee`07118660 00007ff6`e1ec5070 000001ee`07118660 00007ffc`5eee1f03 : win32u!NtUserDispatchMessage+0x14
00000045`f192f9f0 00007ffc`5eecaad2 : 00007ffc`6a12fcd0 000001ee`0327d358 00000000`00000000 00007ff6`e1ec5070 : user32!DispatchMessageWorker+0x2cc
00000045`f192fa70 00007ffc`5eecb417 : 00000000`00000001 000001ee`0327d358 00000000`00000000 000001ee`0327d358 : mfc140u!AfxInternalPumpMessage+0x52
00000045`f192faa0 00007ffc`5eefdd90 : 00000000`00000001 00007ff6`e1ec0000 00000000`00000000 00000000`00010001 : mfc140u!CWinThread::Run+0x77
00000045`f192fae0 00007ff6`e1ec126a : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : mfc140u!AfxWinMain+0xc0
00000045`f192fb20 00007ffc`9a167bd4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Revit_exe+0x126a
00000045`f192fb60 00007ffc`9be0ced1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
00000045`f192fb90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21


SYMBOL_NAME: utility!ManageDumpFiles::createMiniDump+246

MODULE_NAME:
Utility

IMAGE_NAME: Utility.dll

STACK_COMMAND: ~0s ; .ecxr ; kb

FAILURE_BUCKET_ID: CPP_EXCEPTION_e06d7363_Utility.dll!ManageDumpFiles::createMiniDump

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {89ff795e-cac9-da24-a20d-40ebb7f51f88}

Followup: MachineOwner
---------


  • 0

#45
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Deleted as duplicate post. My bad.


Edited by RiffRaffMama, 13 April 2020 - 04:58 AM.

  • 0






Similar Topics


Also tagged with one or more of these keywords: rendering, Revit, GPU, Dell, AMD, graphics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP