Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow Laptop- Windows 10

Started by dbrupp , Apr 06 2020 07:46 PM

  • Please log in to reply

#1
dbrupp
Posted 06 April 2020 - 07:46 PM

dbrupp

    Member

  • Member
  • PipPip
  • 49 posts

Hello and thank you for reading my post.

 

First, please let me apologize if I am posting this on the wrong forum.

 

My wife's laptop Is a Lenovo ThinkPad R400 with 2 GB or RAM & about 58% of it's 148GB storage used on the Windows 10 o/s and is running slow.  It takes time to boot up; and launching apps & internet browsers can sometimes take what seems like a couple of minutes to open.

 

I regularly clean the temp files, cache and old registry.  I clean the registry via Ccleaner and Super antispyware scans.

 

I did the cleanup before running a FRST log and looking at task manager.  Task manager is showing Memory toggle between 75%-81%.  CPU & Disk started off with high numbers but after a couple of minutes togged between 3% and 30%.

 

The FRST Addition log mentions a trojan virus, but I believe that occurred because Microsoft Windows Security was preventing FRST 32-bit from downloading, because it thought it was a virus.  I couldn't download it in safe mode either so turned off Windows Security temporarily. 

 

Anyhow, I attached the FRST logs incase it helps and if there are any tips on speeding up the laptop response rate, it's greatly appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-04-2020
Ran by Chrissy (administrator) on CHRISSY-PC (LENOVO 7439W6R) (05-04-2020 19:06:19)
Running from C:\Users\Chrissy\Downloads
Loaded Profiles: Chrissy (Available Profiles: Chrissy & DefaultAppPool)
Platform: Microsoft Windows 10 Home Version 1909 18363.720 (X86) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\AcroCEF.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Canon Inc. -> CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Chrissy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\94.4.384\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\94.4.384\QtWebEngineProcess.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\Hp\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(LENOVO -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Numedia Soft, Inc. -> ) C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Sage Software, Inc. -> Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files\Sage\Peachtree\PeachtreePrefetcher.exe [30576 2012-10-22] (Sage Software, Inc. -> Sage Software, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-04-24] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8065456 2019-05-16] (Support.com, Inc. -> SUPERAntiSpyware)
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Run: [Dropbox Update] => C:\Users\Chrissy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\Hp\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5557296 2020-03-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [134656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-02] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk [2013-02-03]
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe () [File not signed]
Startup: C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2020-03-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
Startup: C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk [2016-05-20]
ShortcutAndArgument: Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN0BIBM07J;CONNECTION=NW;MONITOR=1;
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {019B1734-9A1F-44C9-80A1-BF0F6F3D5D51} - System32\Tasks\G2MUpdateTask-S-1-5-21-2695042837-3831575686-1124767896-1000 => C:\Users\Chrissy\AppData\Local\GoToMeeting\10996\g2mupdate.exe [29736 2018-11-05] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {083394AD-6359-4D99-A698-4D39EFF506F7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {086C110A-7312-4F66-8819-25E8FA59C1CB} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0A408543-E330-4650-94E5-11A2BE8E98E5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0A8D55D6-6C76-4D4A-85BA-5701C080EDD3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {10770654-CCA1-472E-A689-4DBC284EEEAD} - System32\Tasks\{C9C95A7E-7402-4E72-A146-52439EE4D0AE} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {17D4C3EC-14D8-48AD-9006-C171A20E58CF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [414672 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B5E8312-C9B2-40D3-BDF7-B4B6696FE663} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [414672 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1DA7281F-CDC9-4BFA-8C45-31DE76C9CDBD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1EDA3DBE-C7C5-41FA-AFEC-159B1159DF8E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {24FA84A0-E087-48EC-BC51-2B9C4C815D78} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {285131B2-AA08-4EBD-8533-B43A8459E2CD} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe <==== ATTENTION
Task: {2C2DDEB9-03A5-41AE-8069-8E0F197CCF85} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {33BDE6BF-ABF5-4F3B-B9D9-6D904D77DA30} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {367F930A-A3DB-4112-B1F1-50E92A171C88} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {3DCA53B7-36BA-4C67-B01E-6E267AB26264} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {46669C31-2CF0-4C09-8092-9DA9A23931B8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {4777AB01-1A99-4B87-B667-52F9C3A8B221} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {4DB4F9E7-AEFA-4E5F-B558-606131D54724} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {51FA9D83-065B-44FB-8F4B-1A2673A73EFC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {526687E3-AAFA-4505-BFF0-C3947A22A8BB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [414672 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5316FCA6-1FEF-42A6-81FD-26CAF22181F6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5917FDCC-CE3E-4CDF-996A-091EC9E5BDB7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2695042837-3831575686-1124767896-1000UA => C:\Users\Chrissy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {5ADA10C1-C5E0-4166-89D7-30F123BFF115} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5DB76FCC-D48D-4BCF-A7C7-EAE6BDE06D9D} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {5E446D22-8301-431F-A914-1AD864A231B8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5F260D6D-586C-4E61-99D2-E29D638FEF40} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6A1E4049-678A-4A5E-B578-9338F74ADCA4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {6A22689E-15DF-4B8A-A106-835F9B7DDB0E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6B7FDBF0-8404-4EA9-AF3F-BC46F9D66519} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {6B86FF1C-5A1B-46AB-A4AA-ED956C5F301A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {797C258E-093D-4146-A232-26B123F14D12} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7BEA7311-7C95-4D53-8989-0A1EAF589D52} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7E78F1B2-5B9D-4AC3-ACF4-217D58CBB55B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7EDA44D2-34C9-4300-A498-CC6398E727C5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8037A1A9-753C-496D-92FF-A562AEF2876F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1443424 2020-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {81762D5C-EC96-47A6-8735-1B5834187293} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {83EF3333-90BF-4849-B579-67B7893CBF76} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2695042837-3831575686-1124767896-1000Core => C:\Users\Chrissy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc -> Dropbox, Inc.)
Task: {898161CD-2C55-42C6-8E15-3C8F7AD63B11} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [414672 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9132A2FC-A7C2-4C38-9B83-1E134DFEB44B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9A25FEDF-9241-47C1-9A21-C75503EE5B4F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9C1D7626-9270-4A9B-AD09-E8A1DFE1B16F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A1141C2A-4463-46C9-A4A9-26369B5ED8A3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A76D933D-AC92-4D21-972D-B7A37FAB4A46} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe
Task: {A8C8BD40-F318-4159-A3C5-DF867359C5A2} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AE071D1D-2B8B-460D-AF1A-CF8D7EAFC3DD} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [18871600 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {AEC6F720-D19B-4CDE-8D25-22BC11215A84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {B3A30CBC-0E40-4F36-B7A9-EE1DCDC7BC4C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B546E45A-5535-47EE-B5B4-C428031E35E7} - System32\Tasks\G2MUploadTask-S-1-5-21-2695042837-3831575686-1124767896-1000 => C:\Users\Chrissy\AppData\Local\GoToMeeting\10996\g2mupload.exe [29736 2018-11-05] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {BF97CB34-3029-48F7-BDBB-FB952D720991} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {C31647BE-4792-4BBE-B54C-2E2FCD7E38B3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6BA0F0C-D292-456D-9072-9C48E866BDB0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C8BB0AEC-5AA3-4329-B695-B1D8C31C87B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [18871600 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {C99528D5-7F41-4D2A-83B3-DDE9972DF16A} - System32\Tasks\4922 => wscript.exe C:\Users\Chrissy\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {CDBE7605-8F60-4F79-AEC2-1F1ABC779DFF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {CE412AF3-BB4F-4801-8D06-D32A2E8F7E46} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [115032 2020-03-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {D1688704-6142-45B2-AD3F-1B0D3FBC34A6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D624231D-CEDE-4F25-A0A5-14CF598C82C4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D66C28C3-C99E-47CB-94EA-8086B6ED824D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D989BDBD-BC6A-4B4C-A09E-88DCF1546107} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [269504 2016-05-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DA5E393E-A18C-4CDC-B9A0-61D824261436} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {DB67E9E2-7A43-4A62-8197-69383BDC3814} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {DC1AD582-78E6-4E24-9722-D9EDAFB15A33} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DDC2ED3B-58B2-4004-B330-595E7EA3CFB8} - System32\Tasks\DTReg => C:\Windows\system32\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {E20C0141-41C2-49C4-8D18-2DE08E6BB110} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {E65593E3-7D3B-4DFC-96D2-32B08F7EE9BD} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {E7AF8EDD-83B0-4AF7-B146-38DE487DED64} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {E9241184-65A8-4D90-BEB5-0DC9664DD6AA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {F3555FBD-C63A-471E-9E3C-890A37B1F9BE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F42CBAEA-93BE-43E9-8774-3DCEAAA1CE82} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F589C275-4654-42DB-B404-D243D0606D2D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {F908A273-E82E-4629-853A-92F40A7AAEE2} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2695042837-3831575686-1124767896-1000Core.job => C:\Users\Chrissy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2695042837-3831575686-1124767896-1000UA.job => C:\Users\Chrissy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2695042837-3831575686-1124767896-1000.job => C:\Users\Chrissy\AppData\Local\GoToMeeting\10996\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2695042837-3831575686-1124767896-1000.job => C:\Users\Chrissy\AppData\Local\GoToMeeting\10996\g2mupload.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{072620ba-7083-4d9e-b4b6-9da50f9d0f8b}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{29ea32ab-d579-422f-9305-96d856445e85}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6fb389c2-2b28-481d-8e9e-4bd3eb9a80d3}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b8632072-9b1e-40ac-9bb9-9b4b1783b2de}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000 -> {3FC5EC2D-7212-4C6B-99E8-393ADDB9FBC3} URL = hxxp://www.mysearchresults.com/search?&c=4200&t=11&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-12-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-25] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-12-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-12-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-03-08] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-06-10] (Adobe Systems, Inc.) [File not signed]
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default [2020-04-05]
CHR NewTab: Default ->  Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/ntp1.html"
CHR Extension: (Docs) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-12]
CHR Extension: (Xfinity) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2014-02-25]
CHR Extension: (FromDocToPDF) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2019-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-07]
CHR Extension: (Gmail) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-06-01] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88648 2020-02-25] (Adobe Inc. -> Adobe Systems)
R2 AGMService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7219272 2020-03-05] (Microsoft Corporation -> Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-05] (Numedia Soft, Inc. -> )
S3 Peachtree SmartPosting 2012; C:\Program Files\Sage\Peachtree\SmartPostingService2012.exe [44400 2012-10-22] (Sage Software, Inc. -> Sage Software, Inc.)
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [52736 2009-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435528 2011-04-07] (Sage Software, Inc. -> Pervasive Software Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [2297256 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [85544 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [28824 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [165376 2019-09-12] (Microsoft Corporation) [File not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] (Intel® Graphics DSS -> )
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [132520 2015-03-10] (BoiseTest -> Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [17320 2015-03-10] (BoiseTest -> Windows ® Win 7 DDK provider)
S3 dot4usb; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [37800 2015-03-10] (BoiseTest -> Microsoft Corporation)
R3 Eplpdx02; C:\WINDOWS\system32\Drivers\EPLPDX02.SYS [70084 2001-08-10] (MK Systems CO., LTD.) [File not signed]
S3 NETw5s32; C:\WINDOWS\System32\DRIVERS\NETw5s32.sys [6114816 2009-09-15] (Intel Corporation) [File not signed]
R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7530736 2013-05-02] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [38640 2013-04-24] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SrvHsfHDA; C:\WINDOWS\system32\DRIVERS\VSTAZL3.SYS [207360 2019-03-18] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\WINDOWS\system32\DRIVERS\VSTDPV3.SYS [980992 2019-03-18] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\WINDOWS\system32\DRIVERS\VSTCNXT3.SYS [661504 2019-03-18] (Microsoft Windows -> Conexant Systems, Inc.)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [37768 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [303840 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [41696 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [207360 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-05 19:06 - 2020-04-05 19:09 - 000035137 _____ C:\Users\Chrissy\Downloads\FRST.txt
2020-04-05 19:05 - 2020-04-05 19:08 - 000000000 ____D C:\FRST
2020-04-05 19:04 - 2020-04-05 19:04 - 002009088 _____ (Farbar) C:\Users\Chrissy\Downloads\FRST.exe
2020-04-05 16:30 - 2020-04-05 16:30 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-04-05 16:23 - 2020-04-05 16:23 - 000000000 ____D C:\WINDOWS\Panther
2020-04-05 15:10 - 2020-04-05 15:10 - 000000267 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2020-04-05 14:28 - 2020-04-05 14:28 - 000000000 ____D C:\ProgramData\Intel
2020-04-04 19:37 - 2020-04-04 19:39 - 001993489 _____ C:\Users\Chrissy\Documents\Savannah Sousa 2020-21.pdf
2020-04-04 19:31 - 2020-04-04 19:33 - 002313479 _____ C:\Users\Chrissy\Documents\Griffin Sousa 2019-20.pdf
2020-04-04 19:23 - 2020-04-04 19:26 - 003259887 _____ C:\Users\Chrissy\Documents\Savannah Sousa 2019-20.pdf
2020-04-03 10:48 - 2020-04-03 10:48 - 000429175 _____ C:\Users\Chrissy\Desktop\UI Monetary Determination.pdf
2020-04-03 10:46 - 2020-04-03 10:46 - 000428390 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200403104628.pdf
2020-04-03 08:35 - 2020-04-03 08:35 - 000255320 _____ (Asurvio, LP) C:\Users\Chrissy\Downloads\DSOne.exe
2020-04-03 07:55 - 2020-04-03 07:55 - 000007605 _____ C:\Users\Chrissy\AppData\Local\Resmon.ResmonCfg
2020-04-02 19:24 - 2020-04-02 19:24 - 000000000 ____D C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-04-02 19:08 - 2020-04-05 15:11 - 000000000 ____D C:\ProgramData\Lenovo
2020-04-02 19:08 - 2020-04-05 15:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2020-04-02 19:05 - 2020-04-05 15:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2020-04-02 19:02 - 2020-04-05 15:12 - 000000000 ____D C:\WINDOWS\TempInst
2020-04-02 15:13 - 2020-04-02 15:13 - 000004987 _____ C:\Users\Chrissy\Downloads\Dynamic Email List - Parent & Child Classes (2019-2020).xlsx
2020-04-02 15:11 - 2020-04-02 15:11 - 000004346 _____ C:\Users\Chrissy\Downloads\Dynamic Email List - Transitional Preschool (2019-20).xlsx
2020-04-02 15:06 - 2020-04-02 15:08 - 000010235 _____ C:\Users\Chrissy\Downloads\Dynamic Email List - Preschool (2019-20).xlsx
2020-04-02 14:58 - 2020-04-02 15:00 - 000009429 _____ C:\Users\Chrissy\Downloads\Dynamic Email List - Multi-Track Kindergarten (2019-20).xlsx
2020-04-02 14:56 - 2020-04-02 14:56 - 000004915 _____ C:\Users\Chrissy\Downloads\Dynamic Email List - Summer 2020.xlsx
2020-04-02 14:47 - 2020-04-02 14:47 - 000086093 _____ C:\Users\Chrissy\Downloads\members_export_8e7b28e9c4.zip
2020-04-02 14:32 - 2020-04-02 14:33 - 000002158 _____ C:\Users\Chrissy\Downloads\members_export_5e4b740e45.zip
2020-04-01 20:11 - 2020-04-01 20:11 - 005747077 _____ C:\Users\Chrissy\Documents\Dependents.pdf
2020-04-01 19:35 - 2020-04-01 19:35 - 000546775 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200401193509.pdf
2020-04-01 19:35 - 2020-04-01 19:35 - 000546775 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200401193500.pdf
2020-04-01 19:25 - 2020-04-01 19:25 - 000546772 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200401192522.pdf
2020-04-01 19:24 - 2020-04-01 19:24 - 000024058 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200401192406.pdf
2020-04-01 19:20 - 2020-04-01 19:20 - 000546772 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200401192043.pdf
2020-03-31 20:37 - 2020-03-31 20:37 - 000024058 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200331203718.pdf
2020-03-28 20:10 - 2020-03-28 20:10 - 000025238 _____ C:\Users\Chrissy\Documents\Quarterly Reports 4.1.pdf
2020-03-28 19:49 - 2020-03-28 19:49 - 000947023 _____ C:\Users\Chrissy\Documents\Payroll 4.3.pdf
2020-03-18 08:23 - 2020-03-18 08:23 - 000079669 _____ C:\Users\Chrissy\Downloads\ACTIVE Account Statement March 1 - 15, 2020.xlsx
2020-03-16 00:46 - 2020-03-16 00:46 - 006520776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-03-16 00:46 - 2020-03-16 00:46 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-03-16 00:46 - 2020-03-16 00:46 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-03-16 00:46 - 2020-03-16 00:46 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-03-16 00:46 - 2020-03-16 00:46 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2020-03-15 20:01 - 2020-03-15 20:02 - 000503672 _____ C:\Users\Chrissy\Documents\Hana Philcrantz.pdf
2020-03-15 14:11 - 2020-03-15 14:11 - 000002483 _____ C:\Users\Chrissy\Downloads\Colored-College-Ruled-Paper1.zip
2020-03-14 11:24 - 2020-03-14 11:24 - 009711616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 003243296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 002315680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001874328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001867816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001792312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001616912 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001555904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001474048 _____ C:\WINDOWS\system32\rdpnano.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001417976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001400320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001108040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000757632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000446232 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2020-03-14 11:24 - 2020-03-14 11:24 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacEncoder.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-03-14 11:24 - 2020-03-14 11:24 - 000079672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2020-03-14 11:24 - 2020-03-14 11:24 - 000023864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2020-03-14 11:24 - 2020-03-14 11:24 - 000018448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 018027008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 005911040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 003819520 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 003488768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 002999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-03-14 11:23 - 2020-03-14 11:23 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 002259872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 002235408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 002077880 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001429096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001402880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001223680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001157120 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001077632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 001071120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 001031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001018552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000746352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000713728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbc32.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetup.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000478792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000362000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000356368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000331280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-03-14 11:23 - 2020-03-14 11:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000267280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000205840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000136328 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000130112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000102760 _____ (Microsoft Corporation) C:\WINDOWS\system32\profapi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000097592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000080912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmRes.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlrmdr.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000054800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000051512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afunix.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msauserext.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpnotify.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MUILanguageCleanup.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LangCleanupSysprepAction.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetupproxyserv.dll
2020-03-14 11:22 - 2020-03-14 11:23 - 007070736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 006084344 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 005112832 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 004868184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 004755968 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 003971808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 003560960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 003131392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 003037696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002985984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002875904 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 002797568 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002761016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 002740736 _____ (Microsoft Corporation) C:\WINDOWS\system32\directml.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002203664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 002058240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 002021888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001985104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001661952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001659528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001539888 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001484600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001454400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001264128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001257984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001150464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 001101312 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001054376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001007672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000935040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000786040 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000776488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000769552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000741376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000689976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000668296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000627216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000622592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000551824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxs.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000538128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000531672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000415976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2020-03-14 11:22 - 2020-03-14 11:22 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000402528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000400440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000344376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountExtension.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Acx01000.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000213984 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountCloudAP.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000152080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000142648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000120560 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000108856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000105384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000104976 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000068408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000046928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000042336 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAProfileNotificationHandler.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxstrace.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000023864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tbs.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wci.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchTM.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUserRes.dll
2020-03-14 11:21 - 2020-03-14 11:21 - 001091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000425272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2020-03-14 11:21 - 2020-03-14 11:21 - 000319976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000173880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000167224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000160568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\viac7.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000144400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000133432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000109072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2020-03-14 11:21 - 2020-03-14 11:21 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000041784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2020-03-14 11:21 - 2020-03-14 11:21 - 000023952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2020-03-14 11:21 - 2020-03-14 11:21 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000017208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelide.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000014648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys
2020-03-14 10:55 - 2020-02-11 00:48 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-03-12 09:49 - 2020-03-12 09:49 - 000308548 _____ C:\Users\Chrissy\Downloads\Reese Baran.pdf
2020-03-10 17:29 - 2020-03-10 17:30 - 000479940 _____ C:\Users\Chrissy\Downloads\67newburyseptic Model (1).pdf
2020-03-10 09:12 - 2020-03-10 09:12 - 003281211 _____ C:\Users\Chrissy\Downloads\C1 - Drainage Modification-C1.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-05 19:00 - 2019-10-01 19:40 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-04-05 19:00 - 2019-10-01 19:40 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-04-05 18:34 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-05 18:34 - 2019-03-18 22:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-05 16:33 - 2019-08-20 20:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-05 16:32 - 2019-03-18 22:35 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-04-05 16:26 - 2019-03-18 22:44 - 000000000 ____D C:\WINDOWS\INF
2020-04-05 16:19 - 2019-05-28 20:36 - 000000000 ____D C:\Users\Chrissy\AppData\Local\D3DSCache
2020-04-05 15:11 - 2019-01-08 11:14 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-05 15:11 - 2013-02-28 09:04 - 000000000 ____D C:\Program Files\Intel
2020-04-05 14:36 - 2019-08-20 19:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-05 14:22 - 2019-08-20 20:01 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B76945DF-72EF-4988-9332-2D50101B113A}
2020-04-05 14:07 - 2018-06-28 13:38 - 000000000 ____D C:\Users\Chrissy\AppData\Local\Adobe
2020-04-03 11:12 - 2018-01-14 23:59 - 000000000 ____D C:\Users\Chrissy\AppData\Local\Packages
2020-04-03 11:01 - 2016-03-07 13:43 - 000131584 _____ C:\Users\Chrissy\Desktop\Deposit Account.xls
2020-04-03 09:24 - 2012-12-29 09:16 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-03 08:56 - 2019-03-18 22:35 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-02 19:35 - 2020-01-30 10:05 - 000609128 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-04-02 19:26 - 2012-10-02 19:52 - 000000000 ____D C:\Users\Chrissy\AppData\Roaming\Dropbox
2020-04-02 15:17 - 2013-08-29 09:20 - 000000000 ___RD C:\Users\Chrissy\Dropbox
2020-04-02 13:35 - 2012-06-19 20:44 - 000000000 ____D C:\Users\Chrissy\AppData\Local\CutePDF Writer
2020-04-02 10:45 - 2019-03-18 22:46 - 000000000 ___HD C:\Program Files\WindowsApps
2020-03-27 12:15 - 2016-07-22 10:27 - 000000000 ____D C:\Users\Chrissy\AppData\Local\ElevatedDiagnostics
2020-03-25 21:03 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-03-25 08:26 - 2018-02-24 21:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-03-23 08:23 - 2019-08-20 20:01 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2695042837-3831575686-1124767896-1000
2020-03-23 08:23 - 2019-08-20 19:36 - 000002421 _____ C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-23 08:23 - 2016-05-22 12:17 - 000000000 ___RD C:\Users\Chrissy\OneDrive
2020-03-20 19:12 - 2019-08-20 20:01 - 000003408 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-20 19:11 - 2019-08-20 20:01 - 000003284 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-20 19:01 - 2019-08-20 20:01 - 000004550 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-03-20 18:59 - 2019-01-08 11:55 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2020-03-20 18:59 - 2019-01-08 11:55 - 000002091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2020-03-20 10:22 - 2019-10-01 19:41 - 000003506 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2020-03-18 14:54 - 2016-03-13 20:35 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-03-17 20:55 - 2019-08-20 19:36 - 000000000 ____D C:\Users\Chrissy
2020-03-16 01:16 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-03-16 01:16 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-03-15 21:31 - 2020-02-08 15:19 - 000000000 ____D C:\Users\Chrissy\Desktop\Home School
2020-03-15 17:48 - 2013-05-29 07:03 - 000000000 ____D C:\Users\Chrissy\Documents\Property Files
2020-03-15 12:52 - 2019-08-20 19:49 - 000950252 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-03-15 00:15 - 2018-01-15 00:25 - 000000000 ___RD C:\Users\Chrissy\3D Objects
2020-03-15 00:15 - 2016-02-13 08:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-03-15 00:14 - 2019-08-20 19:24 - 000490432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\SystemResources
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\system32\setup
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ____D C:\Program Files\Windows Defender
2020-03-15 00:08 - 2019-03-18 22:35 - 000000000 ____D C:\WINDOWS\servicing
2020-03-14 17:36 - 2013-07-12 06:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-03-14 17:29 - 2012-12-04 08:10 - 118379832 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-03-13 12:40 - 2019-03-18 22:46 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2020-03-13 12:36 - 2012-06-16 21:34 - 000000000 ____D C:\Program Files\Microsoft Office

==================== Files in the root of some directories ========

2013-05-14 13:55 - 2013-05-14 13:55 - 000033193 _____ () C:\Users\Chrissy\AppData\Roaming\UserTile.png
2017-12-14 16:33 - 2017-12-14 16:33 - 000004096 ____H () C:\Users\Chrissy\AppData\Local\keyfile3.drm
2019-01-08 11:09 - 2019-01-08 11:09 - 000000615 _____ () C:\Users\Chrissy\AppData\Local\oobelibMkey.log
2020-04-03 07:55 - 2020-04-03 07:55 - 000007605 _____ () C:\Users\Chrissy\AppData\Local\Resmon.ResmonCfg
2015-01-05 16:50 - 2015-01-05 16:50 - 000000000 _____ () C:\Users\Chrissy\AppData\Local\{F2E88783-AFFE-446F-B21E-F98399405CA3}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-04-2020
Ran by Chrissy (05-04-2020 19:11:00)
Running from C:\Users\Chrissy\Downloads
Microsoft Windows 10 Home Version 1909 18363.720 (X86) (2019-08-21 00:03:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2695042837-3831575686-1124767896-500 - Administrator - Disabled)
Chrissy (S-1-5-21-2695042837-3831575686-1124767896-1000 - Administrator - Enabled) => C:\Users\Chrissy
DefaultAccount (S-1-5-21-2695042837-3831575686-1124767896-503 - Limited - Disabled)
Guest (S-1-5-21-2695042837-3831575686-1124767896-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2695042837-3831575686-1124767896-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2695042837-3831575686-1124767896-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat DC (HKLM\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Canon IJ Network Scanner Selector EX2 (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.2.0.18 - Canon Inc.)
Canon MB2700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MB2700_series) (Version: 1.02 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.1.2101 - CDBurnerXP)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Combined Community Codec Pack 2009-09-09 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2009.09.09.0 - CCCP Project)
Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dot4 (HKLM\...\{FF359AAB-AA6A-449F-B75F-21201CD86495}) (Version: 1.0.0.0 - HP)
Dropbox (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Dropbox) (Version: 94.4.384 - Dropbox, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM\...\{665DF231-32BE-46BA-ABD2-B0D69F8314FF}) (Version: 1.0.494 - LogMeIn, Inc.)
GoToMeeting 8.41.0.12127 (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\GoToMeeting) (Version: 8.41.0.12127 - LogMeIn, Inc.)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{14BEBF02-A501-4A68-ABEB-286CCB28AE9F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
ImageMixer3 (HKLM\...\{AB19A235-66D4-47F7-9904-BAF84ED25BB6}) (Version: 3.00.005 - PIXELA)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Neoteris_Host_Checker) (Version: 7.4.0.31481 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Juniper_Term_Services) (Version: 7.4.0.31481 - Juniper Networks)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12527.20278 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
MyLiveChat (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\4435c09f5cdefce5) (Version: 1.0.2.51 - MyLiveChat)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM\...\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR) Hidden
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Peachtree Accounting 2012 (HKLM\...\{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}) (Version: 19.00.00 - Sage Software, Inc.) Hidden
Peachtree Accounting 2012 (HKLM\...\InstallShield_{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}) (Version: 19.00.00 - Sage Software, Inc.)
Peachtree Signature Ready Forms (HKLM\...\{BA1EF4A7-AB67-492B-9C7D-4AEE43F5A3C6}) (Version: 6.14.24 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v10 SP2 Workgroup (32-bit) (HKLM\...\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}) (Version: 10.20.034 - Pervasive Software) Hidden
Pervasive PSQL v10 SP2 Workgroup (32-bit) (HKLM\...\Pervasive PSQL v10 SP2 Workgroup (32-bit)) (Version: 10.10.126 - Pervasive Software)
PHOTOfunSTUDIO -viewer- (HKLM\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 1.00.000 - )
Sage Integration Services (HKLM\...\Integration Services) (Version: 2.2.2240 - Sage Technology)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Universal Document Converter Server Edition (HKLM\...\Universal Document Converter_is1) (Version: 5.5 - fCoder Group, Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-01-08] (Adobe Systems Incorporated)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.165.800.0_x86__kgqvnymyfvs32 [2020-04-02] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.671.0_x86__v10z8vjag6ke6 [2020-02-05] (HP Inc.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-26] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x86__8wekyb3d8bbwe [2020-01-31] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x86__8wekyb3d8bbwe [2020-01-12] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-01-08] (Adobe Systems Incorporated)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0 [2020-04-01] (Spotify AB) [Startup Task]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-10] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x86__8wekyb3d8bbwe [2016-05-24] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E4A4737B4AD9} -> [Creative Cloud Files] => C:\Users\Chrissy\Creative Cloud Files [2019-01-08 12:13]
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Chrissy\AppData\Local\GoToMeeting\12127\G2MOutlookAddin.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\DropboxUpdateOnDemand.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\DropboxUpdateOnDemand.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{A659F7AF-C6B4-40FD-BF17-35CED2DA8C8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\psuser.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\DropboxUpdateOnDemand.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\DropboxUpdateOnDemand.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Chrissy\Dropbox [2013-08-29 09:20]
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [dropbox-NamespaceExtensionRole.Business] => 0
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\psuser.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SUPERAntiSpyware.com -> SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1_S-1-5-21-2695042837-3831575686-1124767896-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2695042837-3831575686-1124767896-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2695042837-3831575686-1124767896-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.ffds] => C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll [85504 2009-08-31] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) =============

2008-12-29 18:13 - 2008-12-29 18:13 - 000204800 _____ () [File not signed] C:\Program Files\NETGEAR\WG111v3\KJLog.dll
2009-03-04 10:52 - 2009-03-04 10:52 - 000372736 _____ () [File not signed] C:\Program Files\NETGEAR\WG111v3\WlanDll.dll
2020-02-22 16:22 - 2015-09-15 17:07 - 000318464 _____ (CANON INC) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2020-02-22 16:22 - 2015-09-01 19:11 - 000194560 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2020-02-22 16:22 - 2015-06-17 17:03 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2020-02-22 16:22 - 2015-06-17 17:00 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2020-02-22 16:22 - 2015-05-26 10:44 - 000141312 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\cnwidsd.dll
2000-09-13 06:00 - 2000-09-13 06:00 - 000032768 _____ (MK Systems CO.,LTD.) [File not signed] C:\WINDOWS\System32\Eplplx02.dll
2002-06-21 06:04 - 2002-06-21 06:04 - 000079872 _____ (MK Systems CO.,LTD.) [File not signed] C:\WINDOWS\System32\Eplpmx02.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Pervasive Software\PSQL\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1BAB5892-140F-448E-920D-980B907CDA14}] => (Allow) LPort=1583
FirewallRules: [{CEC8D2C1-73EC-4176-B212-86CB84605F07}] => (Allow) LPort=3351
FirewallRules: [{B40B6A1F-6E56-46D5-87A8-3164F2822D18}] => (Allow) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Sage Software, Inc. -> Pervasive Software Inc.)
FirewallRules: [{D5403EC3-5302-42CD-9751-1AA5B7BD530A}] => (Allow) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Sage Software, Inc. -> Pervasive Software Inc.)
FirewallRules: [{19A9C98F-E89D-4695-BA16-9E8CDF9F3B5D}] => (Allow) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{BDA28771-F93B-49A8-BB37-C6111EDEB4D0}] => (Allow) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{F03EAF5E-9ED5-464D-877F-2B7651EB52C9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{FBBB15BA-FC5E-48C7-B479-FC66CE912062}C:\users\chrissy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\chrissy\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [UDP Query User{488A720B-0B63-484E-8041-DB4316130A24}C:\users\chrissy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\chrissy\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{A6FFDB5E-895B-4F4F-AF06-1599D39FB79D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{61D242F6-5AFA-41A5-800A-6563F7A1AD6C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{74C50345-F115-45F2-9410-D8B966F7E59F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C70921FE-350A-4959-B15E-6323B6FAA85F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{BF853CAC-7579-42C7-92AF-7DA1CD7B0B6C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{30D8FD6B-0D55-4237-9756-AEF39C802444}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{FA6BC2F3-4EFE-4127-8FF7-368D3C0EBB61}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2C20420E-2235-4D99-A88C-759DC700D767}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{210096C6-93D6-4E54-A7B0-7E7153E240E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{888CBAEF-12F6-413A-B65D-97BF769D993C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B4B0D6DF-3A45-4F82-9AFF-725ACFCA568F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0EF65287-2BFF-42CC-B0FB-F66780DF9984}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{229AFFC1-8D89-4D26-8CD5-80E7473342CE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1BC5E894-1004-4AAE-98AF-F3F23C15E851}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D35FD8D4-6406-435B-A61D-A7A4E3D7EBB2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.129.592.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5B6395E8-5A38-4ADC-9586-9EB15E908ACD}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

23-03-2020 10:48:11 Scheduled Checkpoint
02-04-2020 09:47:43 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/05/2020 07:02:43 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8388,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/05/2020 05:10:32 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6616,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/05/2020 04:43:54 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4168,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (04/05/2020 04:35:52 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: Chrissy-PC)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (04/05/2020 04:31:16 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: NT AUTHORITY)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (04/05/2020 04:28:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (04/05/2020 04:28:38 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (04/05/2020 04:26:11 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: Chrissy-PC)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (04/05/2020 06:35:15 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/05/2020 04:32:52 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/05/2020 04:32:35 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/05/2020 04:32:08 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/05/2020 04:32:08 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (04/05/2020 04:32:02 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (04/05/2020 04:32:01 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (04/05/2020 04:32:01 PM) (Source: DCOM) (EventID: 10005) (User: Chrissy-PC)
Description: DCOM got error "1084" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}


Windows Defender:
===================================
Date: 2020-04-05 16:32:11.089
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...72&enterprise=0
Name: Trojan:Win32/Wacatac.C!ml
ID: 2147749372
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Chrissy\Downloads\FRST.exe; webfile:_C:\Users\Chrissy\Downloads\FRST.exe|http://www.geekstogo...305922517181381
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.313.839.0, AS: 1.313.839.0, NIS: 1.313.839.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-04-05 16:03:36.703
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...72&enterprise=0
Name: Trojan:Win32/Wacatac.C!ml
ID: 2147749372
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Chrissy\Downloads\FRST.exe; webfile:_C:\Users\Chrissy\Downloads\FRST.exe|https://download.ble...305877243129930
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.313.839.0, AS: 1.313.839.0, NIS: 1.313.839.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-04-05 15:52:23.613
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...72&enterprise=0
Name: Trojan:Win32/Wacatac.C!ml
ID: 2147749372
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Chrissy\Downloads\FRST.exe; webfile:_C:\Users\Chrissy\Downloads\FRST.exe|http://www.geekstogo...305877243129930
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.313.839.0, AS: 1.313.839.0, NIS: 1.313.839.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-04-05 15:49:34.535
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...72&enterprise=0
Name: Trojan:Win32/Wacatac.C!ml
ID: 2147749372
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Chrissy\Downloads\FRST.exe; webfile:_C:\Users\Chrissy\Downloads\FRST.exe|http://www.geekstogo...305877243129930
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.313.839.0, AS: 1.313.839.0, NIS: 1.313.839.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-04-05 15:48:59.069
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...72&enterprise=0
Name: Trojan:Win32/Wacatac.C!ml
ID: 2147749372
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Chrissy\Downloads\FRST.exe; webfile:_C:\Users\Chrissy\Downloads\FRST.exe|http://www.geekstogo...305877243129930
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.313.839.0, AS: 1.313.839.0, NIS: 1.313.839.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4

Date: 2020-04-05 16:29:49.248
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-04-03 09:02:40.642
Description:
Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.313.642.0;1.313.642.0
Engine version: 1.1.16900.4

Date: 2020-04-03 09:02:38.264
Description:
Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted
Security intelligence version: 1.313.680.0;1.313.680.0
Engine version: 1.1.16900.4

Date: 2020-03-23 07:56:42.073
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.311.1615.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80070102
Error description: The wait operation timed out.

Date: 2020-03-15 00:33:03.862
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.311.1231.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16800.2
Error code: 0x80070102
Error description: The wait operation timed out.

CodeIntegrity:
===================================

Date: 2020-04-05 16:35:45.807
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2020-04-05 16:25:28.501
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2020-04-05 14:55:31.648
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.

Date: 2020-04-03 17:33:31.833
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-03 17:33:31.704
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-03 17:33:31.609
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-03 17:33:31.070
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-03 17:33:30.982
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 7UET79WW (3.09 ) 10/13/2009
Motherboard: LENOVO 7439W6R
Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 86%
Total physical RAM: 1944.02 MB
Available physical RAM: 260.13 MB
Total Virtual: 4760.02 MB
Available Virtual: 1639.94 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:148.35 GB) (Free:62.13 GB) NTFS

\\?\Volume{73b17344-af71-11e1-a62f-806e6f6e6963}\ (System) (Fixed) (Total:0.2 GB) (Free:0.15 GB) NTFS
\\?\Volume{8d91f07f-0000-0000-0000-402325000000}\ () (Fixed) (Total:0.5 GB) (Free:0.15 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 8D91F07F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=510 MB) - (Type=27)

==================== End of Addition.txt =======================

 

 

Thanks and have a wonderful week ahead.

 

-Doug

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 06 April 2020 - 08:45 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


 


  • 0

#3
dbrupp
Posted 07 April 2020 - 06:37 PM

dbrupp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Hello,

Thank you for your reply and for your request for additional information.  I appreciate the well formulated steps that you provided.  Below (and attached) is the information that you requested.

 

With sincere gratitude,

 

 

1. Details from Procexp:

 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 43.56 40 K 4 K 0
procexp (1).exe 19.01 31,784 K 56,840 K 16224 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 8.39 58,892 K 28,844 K 17068 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 3.38 0 K 0 K n/a Hardware Interrupts and DPCs
chrome.exe 3.13 91,276 K 94,492 K 10228 Google Chrome Google LLC (Verified) Google LLC
SynTPEnh.exe 3.09 4,200 K 5,860 K 4564 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
CNMNSST2.exe 2.07 2,652 K 8,904 K 6828 Canon IJ Network Scanner Selector EX2 CANON INC. (Verified) Canon Inc.
csrss.exe 1.95 1,412 K 4,692 K 16912 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
MsMpEng.exe 1.92 273,692 K 112,380 K 2764 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Windows Publisher
System 1.58 76 K 2,684 K 4
svchost.exe 1.04 37,240 K 33,544 K 1228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Dropbox.exe 0.83 255,764 K 125,204 K 7520 Dropbox Dropbox, Inc. (Verified) Dropbox, Inc
chrome.exe 0.75 49,096 K 79,108 K 17768 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.63 22,280 K 26,772 K 16604 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.58 141,312 K 114,416 K 2200 Google Chrome Google LLC (Verified) Google LLC
AdobeCollabSync.exe 0.52 5,356 K 4,336 K 876 Adobe Collaboration Synchronizer 20.6 Adobe Systems Incorporated (Verified) Adobe Inc.
chrome.exe 0.40 175,300 K 128,952 K 984 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.25 19,908 K 27,608 K 14436 Google Chrome Google LLC (Verified) Google LLC
explorer.exe 0.21 57,916 K 72,460 K 10356 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.08 62,424 K 17,384 K 9896 Google Chrome Google LLC (Verified) Google LLC
QtWebEngineProcess.exe 0.05 39,100 K 19,980 K 12596 Qt Qtwebengineprocess The Qt Company Ltd. (Verified) Dropbox, Inc
AGMService.exe 0.04 3,712 K 6,296 K 2272 Adobe Genuine Software Service Adobe Systems, Incorporated (Verified) Adobe Inc.
svchost.exe 0.04 4,948 K 9,776 K 64 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.03 15,484 K 32,656 K 5336 Google Chrome Google LLC (Verified) Google LLC
QtWebEngineProcess.exe 0.03 37,344 K 8,712 K 16636 Qt Qtwebengineprocess The Qt Company Ltd. (Verified) Dropbox, Inc
chrome.exe 0.03 17,452 K 35,332 K 16112 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.03 13,944 K 28,740 K 8756 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.03 7,384 K 8,700 K 4036 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.03 99,652 K 46,364 K 17716 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.03 11,756 K 18,188 K 2148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.03 8,688 K 16,352 K 748 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
CCleaner.exe 0.02 17,568 K 16,916 K 1200 CCleaner Piriform Software Ltd (Verified) Piriform Software Ltd
SASCORE.EXE 0.02 1,012 K 5,300 K 1824 Core Service SUPERAntiSpyware.com (Verified) SUPERAntiSpyware.com
svchost.exe 0.01 2,300 K 8,176 K 1856 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 5,228 K 11,820 K 932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Dropbox.exe 0.01 2,464 K 6,160 K 1908 Dropbox Dropbox, Inc. (Verified) Dropbox, Inc
svchost.exe 0.01 44,420 K 39,796 K 1120 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
RuntimeBroker.exe 0.01 27,760 K 6,124 K 604 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
peachw.exe < 0.01 137,584 K 45,304 K 6080 Peachtree Accounting Sage Software, Inc. (Verified) Sage Software, Inc.
svchost.exe < 0.01 3,052 K 6,596 K 2884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
YourPhone.exe Suspended 11,148 K 3,420 K 6368 (No signature was present in the subject)
WmiPrvSE.exe 5,272 K 9,652 K 4252 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 1,760 K 7,328 K 8672 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,124 K 7,196 K 9560 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WinStore.App.exe Suspended 16,244 K 1,056 K 840 Store Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
winlogon.exe 2,132 K 8,248 K 7744 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,128 K 5,500 K 572 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe 8,612 K 10,192 K 13224 WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe Microsoft Corporation (Verified) Microsoft Windows
WG111v3.exe 3,780 K 9,376 K 7548 NetgearCUv2 MFC Application (No signature was present in the subject)
w3dbsmgr.exe 296,320 K 42,448 K 2496 Database Service Manager Pervasive Software Inc. (Verified) Sage Software, Inc.
unsecapp.exe 1,228 K 6,488 K 3724 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 4,344 K 9,044 K 2124 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SystemSettings.exe Suspended 16,480 K 632 K 15392 Settings Microsoft Corporation (Verified) Microsoft Windows
SynTPLpr.exe 1,264 K 5,192 K 7904 TouchPad Driver Helper Application Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPHelper.exe 756 K 3,756 K 11852 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe 11,944 K 16,516 K 1272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,984 K 16,820 K 6904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,144 K 6,980 K 2516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12,828 K 14,488 K 1140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 19,776 K 14,492 K 1284 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,900 K 6,560 K 7580 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,964 K 14,356 K 1488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,288 K 14,412 K 1920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,620 K 7,368 K 1752 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,780 K 6,268 K 3452 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,008 K 7,700 K 2080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,056 K 7,700 K 2284 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,344 K 7,140 K 10756 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,584 K 7,628 K 800 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,120 K 11,376 K 7660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,632 K 5,432 K 9996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,308 K 5,504 K 1848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,372 K 5,636 K 3460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,320 K 6,264 K 12060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe 17,336 K 19,216 K 6604 (Verified) Microsoft Windows
spoolsv.exe 12,308 K 11,332 K 716 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SMSvcHost.exe 16,752 K 8,156 K 2320 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
SMSvcHost.exe 14,992 K 7,800 K 2168 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
smss.exe 324 K 816 K 372 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 8,724 K 22,016 K 17676 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 4,740 K 14,384 K 1932 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 9,564 K 8,116 K 11012 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,108 K 5,920 K 640 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SecurityHealthSystray.exe 1,268 K 7,392 K 5028 Windows Security notification icon Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 4,860 K 4,884 K 6216 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 54,360 K 1,172 K 4760 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 30,528 K 25,516 K 4716 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
ScanToPCActivationApp.exe 2,768 K 6,300 K 6092 ScanToPCActivationApp Hewlett-Packard Co. (Verified) Hewlett Packard
RuntimeBroker.exe 1,772 K 7,280 K 7372 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 2,096 K 6,444 K 16744 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,284 K 12,732 K 5996 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 2,884 K 2,020 K 2844 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
Registry 7,144 K 57,508 K 88
OfficeClickToRun.exe 23,968 K 10,152 K 2096 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
NMSAccessU.exe 888 K 4,476 K 2312 (Verified) Numedia Soft, Inc.
NisSrv.exe 4,252 K 7,136 K 11132 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Windows Publisher
mqsvc.exe 3,404 K 3,224 K 2296 Message Queuing Service Microsoft Corporation (Verified) Microsoft Windows
Memory Compression 968 K 27,244 K 1696
lsass.exe 5,416 K 13,052 K 648 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
ibmpmsvc.exe 1,020 K 4,416 K 1620 Lenovo Power Management Service Lenovo. (Verified) LENOVO
HPSupportSolutionsFrameworkService.exe 14,396 K 3,128 K 2184 SolutionsFrameworkService Hewlett-Packard Company (Verified) Hewlett-Packard Company
fontdrvhost.exe 5,744 K 4,088 K 16908 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 1,268 K 2,432 K 756 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
DropboxUpdate.exe 1,912 K 4,016 K 6952 Dropbox Update Dropbox, Inc. (Verified) Dropbox, Inc
Dropbox.exe 1,484 K 6,800 K 6400 Dropbox Dropbox, Inc. (Verified) Dropbox, Inc
dllhost.exe 3,052 K 3,428 K 4440 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 5,084 K 8,924 K 2340 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 648 K 3,176 K 2480 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe 2,768 K 11,528 K 5640 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,168 K 4,532 K 500 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 1,224 K 5,652 K 8892 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 1,480 K 7,260 K 8444 Google Chrome Google LLC (Verified) Google LLC
armsvc.exe 1,024 K 5,208 K 2052 Adobe Acrobat Update Service Adobe Systems (Verified) Adobe Inc.
ApplicationFrameHost.exe 9,356 K 5,828 K 11148 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
AGSService.exe 1,940 K 5,412 K 2304 Adobe Genuine Software Integrity Service Adobe Systems, Incorporated (Verified) Adobe Inc.
AdobeCollabSync.exe 2,512 K 8,596 K 8524 Adobe Collaboration Synchronizer 20.6 Adobe Systems Incorporated (Verified) Adobe Inc.
acrotray.exe 1,988 K 4,636 K 8740 AcroTray Adobe Systems Inc. (Verified) Adobe Inc.
AcrobatNotificationClient.exe Suspended 6,532 K 848 K 14648 (Verified) Adobe Systems, Incorporated
 
 
 
2. Command Prompt Result:
 
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                        88 N/A                                         
smss.exe                       372 N/A                                         
csrss.exe                      500 N/A                                         
wininit.exe                    572 N/A                                         
services.exe                   640 N/A                                         
lsass.exe                      648 KeyIso, SamSs, VaultSvc                     
svchost.exe                    748 BrokerInfrastructure, DcomLaunch, LSM,      
                                   PlugPlay, Power, SystemEventsBroker         
fontdrvhost.exe                756 N/A                                         
svchost.exe                    932 RpcEptMapper, RpcSs                         
svchost.exe                   1120 Appinfo, Browser, iphlpsvc, LanmanServer,   
                                   lfsvc, ProfSvc, Schedule, SENS,             
                                   ShellHWDetection, Themes, TokenBroker,      
                                   UserManager, UsoSvc, winmgmt, WpnService    
svchost.exe                   1140 CoreMessagingRegistrar, DPS                 
svchost.exe                   1228 AudioEndpointBuilder,                       
                                   DeviceAssociationService,                   
                                   DisplayEnhancementService, DsSvc,           
                                   NcbService, PcaSvc, StorSvc, SysMain,       
                                   TabletInputService, TrkWks, WdiSystemHost   
svchost.exe                   1272 BthAvctpSvc, bthserv, CDPSvc,               
                                   DispBrokerDesktopSvc, EventSystem,          
                                   FontCache, LicenseManager, netprofm, nsi,   
                                   SstpSvc, WdiServiceHost, WebClient          
svchost.exe                   1284 Dhcp, EventLog, lmhosts, NgcCtnrSvc,        
                                   SmsRouter, TimeBrokerSvc,                   
                                   WinHttpAutoProxySvc                         
svchost.exe                   1488 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc, tapisrv                             
ibmpmsvc.exe                  1620 IBMPMSVC                                    
Memory Compression            1696 N/A                                         
svchost.exe                   1752 Audiosrv                                    
svchost.exe                   1848 DusmSvc                                     
svchost.exe                   1856 Wcmsvc                                      
svchost.exe                   1920 camsvc, StateRepository                     
svchost.exe                     64 Wlansvc                                     
spoolsv.exe                    716 Spooler                                     
svchost.exe                    800 BFE, mpssvc                                 
SASCORE.EXE                   1824 !SASCORE                                    
armsvc.exe                    2052 AdobeARMservice                             
svchost.exe                   2080 AppHostSvc                                  
OfficeClickToRun.exe          2096 ClickToRunSvc                               
svchost.exe                   2148 DiagTrack                                   
HPSupportSolutionsFramewo     2184 HPSupportSolutionsFrameworkService          
AGMService.exe                2272 AGMService                                  
svchost.exe                   2284 W3SVC, WAS                                  
mqsvc.exe                     2296 MSMQ                                        
AGSService.exe                2304 AGSService                                  
NMSAccessU.exe                2312 NMSAccess                                   
SMSvcHost.exe                 2320 NetPipeActivator, NetTcpActivator,          
                                   NetTcpPortSharing                           
dasHost.exe                   2340 N/A                                         
w3dbsmgr.exe                  2496 psqlWGE                                     
svchost.exe                   2516 StiSvc                                      
MsMpEng.exe                   2764 WinDefend                                   
svchost.exe                   2884 RasMan                                      
svchost.exe                   3452 SSDPSRV                                     
svchost.exe                   3460 PolicyAgent                                 
unsecapp.exe                  3724 N/A                                         
dasHost.exe                   2480 N/A                                         
SMSvcHost.exe                 2168 NetMsmqActivator                            
dllhost.exe                   4440 N/A                                         
SearchIndexer.exe             4716 WSearch                                     
SecurityHealthService.exe     6216 SecurityHealthService                       
svchost.exe                   7580 wscsvc                                      
svchost.exe                   7660 InstallService                              
svchost.exe                  10756 WbioSrvc                                    
NisSrv.exe                   11132 WdNisSvc                                    
csrss.exe                    16912 N/A                                         
winlogon.exe                  7744 N/A                                         
fontdrvhost.exe              16908 N/A                                         
dwm.exe                      17068 N/A                                         
ctfmon.exe                    5640 N/A                                         
sihost.exe                    1932 N/A                                         
svchost.exe                   6904 CDPUserSvc_1c87546, OneSyncSvc_1c87546,     
                                   WpnUserService_1c87546                      
taskhostw.exe                 2124 N/A                                         
explorer.exe                 10356 N/A                                         
svchost.exe                   9996 cbdhsvc_1c87546                             
StartMenuExperienceHost.e     6604 N/A                                         
RuntimeBroker.exe             5996 N/A                                         
RuntimeBroker.exe              604 N/A                                         
YourPhone.exe                 6368 N/A                                         
SettingSyncHost.exe          11012 N/A                                         
SecurityHealthSystray.exe     5028 N/A                                         
RuntimeBroker.exe            16744 N/A                                         
acrotray.exe                  8740 N/A                                         
SearchUI.exe                  4760 N/A                                         
SynTPEnh.exe                  4564 N/A                                         
CNMNSST2.exe                  6828 N/A                                         
DropboxUpdate.exe             6952 N/A                                         
ScanToPCActivationApp.exe     6092 N/A                                         
AdobeCollabSync.exe           8524 N/A                                         
SynTPHelper.exe              11852 N/A                                         
SynTPLpr.exe                  7904 N/A                                         
CCleaner.exe                  1200 N/A                                         
AdobeCollabSync.exe            876 N/A                                         
WG111v3.exe                   7548 N/A                                         
Dropbox.exe                   7520 N/A                                         
Dropbox.exe                   6400 N/A                                         
Dropbox.exe                   1908 N/A                                         
QtWebEngineProcess.exe       12596 N/A                                         
AcrobatNotificationClient    14648 N/A                                         
QtWebEngineProcess.exe       16636 N/A                                         
ApplicationFrameHost.exe     11148 N/A                                         
WinStore.App.exe               840 N/A                                         
RuntimeBroker.exe             7372 N/A                                         
peachw.exe                    6080 N/A                                         
chrome.exe                   10228 N/A                                         
chrome.exe                    8892 N/A                                         
chrome.exe                    8444 N/A                                         
chrome.exe                   17716 N/A                                         
chrome.exe                   16604 N/A                                         
chrome.exe                    9896 N/A                                         
svchost.exe                  12060 PrintWorkflowUserSvc_1c87546                
RuntimeBroker.exe             2844 N/A                                         
chrome.exe                    2200 N/A                                         
chrome.exe                   14436 N/A                                         
chrome.exe                    4036 N/A                                         
chrome.exe                     984 N/A                                         
WindowsInternal.Composabl    13224 N/A                                         
WmiPrvSE.exe                  4252 N/A                                         
chrome.exe                   17768 N/A                                         
chrome.exe                    5336 N/A                                         
chrome.exe                   16112 N/A                                         
chrome.exe                    8756 N/A                                         
WmiPrvSE.exe                  9560 N/A                                         
procexp (1).exe              16224 N/A                                         
notepad.exe                  14196 N/A                                         
chrome.exe                   17300 N/A                                         
audiodg.exe                  19132 N/A                                         
smartscreen.exe              19892 N/A                                         
powershell.exe               19824 N/A                                         
conhost.exe                  19140 N/A                                         
tasklist.exe                 19504 N/A                                         
 
 
3. Speccy log:  attached
 

Attached Files


  • 0

#4
RKinner
Posted 07 April 2020 - 09:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Speccy seems to think your hard drive is dying.  The drive is a SATA 1 which is much slower than what we use nowadays but may be all that the laptop can handle.  (SATA III drives will work but will fall back to the SATA 1 speed.)  Let's get a second opinion ont he drive.

 

See if you can get Speedfan to work:

http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it  from the icon on the desktop (Win 7+ or Vista right click and Run As Admin.).


click on the S.M.A.R.T. tab.  Click on the down arrow to the right of the Hard Disk box.  Select your hard drive.  Click on Perform an In-depth Online Analysis of this hard disk.  Your browser will open.

At the bottom of the new page will be a line:  

The link to get back and see a new report about this hard disk in the future is this.

Right click on the underlined "this" and select Copy Link Address.  Move to a Reply and Paste (Ctrl + v).

 

 

2 GB isn't really enough for Win 10 especially since your PC uses some of the RAM for the Video.  We recommend 8 GB but the max your PC can have is 3 GB.  Can't tell if there is a spare slot to add the missing 1 GB.

 

Also your laptop is EOL as far as Lenovo goes so no new drivers available and nothing for Win 10 at all so it's going to be a challenge to find drivers judging by the high Interrupts in Process Explorer it really needs some.

 

Uninstall

SUPERAntiSpyware (Worthless)

Java 8 Update 31 (Obsolete and a liability.  Most people do not need Java but if you do you need to have the newest version not an older version)

 

Do you pay for Dropbox?  If not uninstall.

 

In Chrome go to:

Go to

chrome://settings/


Find:

On Startup

 Click on

Open The New Tab Page.


Find:

Search engine
Search engine used in the address bar - change to Google


Click on Manage search engines

For each search engine except Google under Default Search Engines, click on the three bars and select Remove From List.




Scroll to the bottom and click on Advanced.

 

Now scroll to where it says System and turn off

 

Continue running background apps when Google Chrome is closed
 

Under

Privacy and security

 

turn off:

 

Preload pages for faster browsing and searching

 

That should cut down the number of Chrome.exe programs running.  Restart Chrome so that the changes take effect.

 

Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.


  • 0

#5
dbrupp
Posted 08 April 2020 - 06:54 PM

dbrupp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Hello and thank you again for another well detailed response.

 

1.  Here is the link to the  In-depth Online Analysis of this hard disk. 

http://www.hddstatus...cation=F0EB6031

 

 

2.  Thank you for letting me know that I can install up to 1GB more RAM.  I ran a scan on Crucial.com and the results indicated that I have one empty slot.  I'll look further into that.

 

3.  I uninstalled Super AnitSpyware & thank you for letting me know that java was obsolete.  I was under the impression that java was set for auto updates.  I uninstalled it and if I run into any issues I will look into installing the newest version or adding it as a browser plug-in.

 

4.  My wife is using dropbox as paid service with her work and needs it.  It would be nice to uninstall it; it seems to suck up resources.

 

5.  I updated the Chrome settings as stated.  Thank you for providing the steps.

 

6.  LatencyMon 6.71 Free Home Edition Report:

 

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be having trouble handling real-time audio and other tasks. You are likely to experience buffer underruns appearing as drop outs, clicks or pops. One or more DPC routines that belong to a driver running in your system appear to be executing for too long. At least one detected problem appears to be network related. In case you are using a WLAN adapter, try disabling it to get better results. One problem may be related to power management, disable CPU throttling settings in Control Panel and BIOS setup. Check for BIOS updates. 
LatencyMon has been analyzing your system for  0:01:02  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        CHRISSY-PC
OS version:                                           Windows 10 , 10.0, build: 18363 (x86)
Hardware:                                             7439W6R, LENOVO
CPU:                                                  GenuineIntel Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Logical processors:                                   2
Processor groups:                                     1
RAM:                                                  1944 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   2394 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
WARNING: the CPU speed that was measured is only a fraction of the CPU speed reported. Your CPUs may be throttled back due to variable speed settings and thermal issues. It is suggested that you run a utility which reports your actual CPU frequency and temperature. 
 
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   981.30
Average measured interrupt to process latency (µs):   12.503237
 
Highest measured interrupt to DPC latency (µs):       799.90
Average measured interrupt to DPC latency (µs):       3.495725
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              78.135338
Driver with highest ISR routine execution time:       i8042prt.sys - i8042 Port Driver, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.027818
Driver with highest ISR total time:                   i8042prt.sys - i8042 Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.028378
 
ISR count (execution time <250 µs):                   2713
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              6737.503759
Driver with highest DPC routine execution time:       ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.364483
Driver with highest DPC total execution time:         rspLLL32.sys - Resplendence Latency Monitoring and Auxiliary Kernel Library, Resplendence Software Projects Sp.
 
Total time spent in DPCs (%)                          0.832724
 
DPC count (execution time <250 µs):                   151320
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                377
DPC count (execution time 1000-1999 µs):              2
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 qtwebengineprocess.exe
 
Total number of hard pagefaults                       301
Hard pagefault count of hardest hit process:          107
Number of processes hit:                              18
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       2.706720
CPU 0 ISR highest execution time (µs):                78.135338
CPU 0 ISR total execution time (s):                   0.034416
CPU 0 ISR count:                                      2207
CPU 0 DPC highest execution time (µs):                1103.789474
CPU 0 DPC total execution time (s):                   0.989763
CPU 0 DPC count:                                      150407
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       1.360199
CPU 1 ISR highest execution time (µs):                6.368421
CPU 1 ISR total execution time (s):                   0.000782
CPU 1 ISR count:                                      506
CPU 1 DPC highest execution time (µs):                6737.503759
CPU 1 DPC total execution time (s):                   0.043081
CPU 1 DPC count:                                      1293
_________________________________________________________________________________________________________
 

 


  • 0

#6
RKinner
Posted 08 April 2020 - 10:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

This will clean up some unused tasks and 2 suspicious entries.  It will also run some test of your system files so will take about 30 minutes to complete.  Be patient.

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   21.14KB   192 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.


 


  • 0

#7
dbrupp
Posted 10 April 2020 - 03:54 PM

dbrupp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Hello,

Apologies for not responding sooner.  The laptop was immediately giving a "Fan Error" message I powered it on.

I blew some compressed air into the vent and it then powered on.  So, I uninstalled speed fan and the other programs, but am still getting the "Fan Error" after running the FRST fixlog.  

 

I'll try to sort out the fan issue later.

 

Below are the logs that you requested.

 

Thanks again for all of your assistance.

 

1). Fixlog: (attached due to size)

 
 
2.  FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-04-2020
Ran by Chrissy (administrator) on CHRISSY-PC (LENOVO 7439W6R) (10-04-2020 16:57:33)
Running from C:\Users\Chrissy\Desktop
Loaded Profiles: Chrissy (Available Profiles: Chrissy & DefaultAppPool)
Platform: Microsoft Windows 10 Home Version 1909 18363.720 (X86) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() [File not signed] C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Canon Inc. -> CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Chrissy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\94.4.384\QtWebEngineProcess.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\94.4.384\QtWebEngineProcess.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\Hp\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(LENOVO -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19081.28230.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x86__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(Numedia Soft, Inc. -> ) C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Sage Software, Inc. -> Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files\Sage\Peachtree\PeachtreePrefetcher.exe [30576 2012-10-22] (Sage Software, Inc. -> Sage Software, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2379504 2013-04-24] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Run: [Dropbox Update] => C:\Users\Chrissy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\Hp\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5557296 2020-03-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [134656 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\81.0.4044.92\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk [2013-02-03]
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG111v3\WG111v3.exe () [File not signed]
Startup: C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2020-03-20]
ShortcutTarget: Dropbox.lnk -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
Startup: C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk [2016-05-20]
ShortcutAndArgument: Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk -> C:\Windows\system32\RunDll32.exe => "C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN0BIBM07J;CONNECTION=NW;MONITOR=1;
GroupPolicy\User: Restriction ? <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {019B1734-9A1F-44C9-80A1-BF0F6F3D5D51} - System32\Tasks\G2MUpdateTask-S-1-5-21-2695042837-3831575686-1124767896-1000 => C:\Users\Chrissy\AppData\Local\GoToMeeting\10996\g2mupdate.exe [29736 2018-11-05] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {01A33907-AAD8-4B7B-919D-8A125A5CD928} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [115448 2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {0A7B29DB-737A-4163-92C3-11BA8F6D0C84} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [18936176 2020-03-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {18DF004C-148C-4A35-BFFF-9C84DA5B5F0E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [414672 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {41899EF8-A97F-4F74-B2C4-166C82A32A04} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [18936176 2020-03-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {7A396496-FDCB-4106-8937-E4EDAC91BBD6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [414672 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8F5F2B7A-C153-437D-911F-4BA6A122EC9E} - \Microsoft\Office\Office Feature Updates Logon -> No File <==== ATTENTION
Task: {9A25FEDF-9241-47C1-9A21-C75503EE5B4F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9D92C405-171A-4315-B215-B828B146F21C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [414672 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A76D933D-AC92-4D21-972D-B7A37FAB4A46} - System32\Tasks\0 => c:\program files\internet explorer\iexplore.exe 
Task: {AEC6F720-D19B-4CDE-8D25-22BC11215A84} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {BF97CB34-3029-48F7-BDBB-FB952D720991} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {CDBE7605-8F60-4F79-AEC2-1F1ABC779DFF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {D1688704-6142-45B2-AD3F-1B0D3FBC34A6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D989BDBD-BC6A-4B4C-A09E-88DCF1546107} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [269504 2016-05-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DB67E9E2-7A43-4A62-8197-69383BDC3814} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {DFC23A96-CDAE-47A7-A51C-1B1D6F9730DC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [414672 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E20C0141-41C2-49C4-8D18-2DE08E6BB110} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {E79B2998-8F63-451A-A56D-26EDC0A5098A} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {E7AF8EDD-83B0-4AF7-B146-38DE487DED64} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc -> Google Inc.)
Task: {E9241184-65A8-4D90-BEB5-0DC9664DD6AA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {F908A273-E82E-4629-853A-92F40A7AAEE2} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3022416 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{072620ba-7083-4d9e-b4b6-9da50f9d0f8b}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{29ea32ab-d579-422f-9305-96d856445e85}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6fb389c2-2b28-481d-8e9e-4bd3eb9a80d3}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{b8632072-9b1e-40ac-9bb9-9b4b1783b2de}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = hxxp://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000 -> {3FC5EC2D-7212-4C6B-99E8-393ADDB9FBC3} URL = hxxp://www.mysearchresults.com/search?&c=4200&t=11&q={searchTerms}
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-12-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-12-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2018-12-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-06-10] (Adobe Systems, Inc.) [File not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-05] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default [2020-04-10]
CHR NewTab: Default ->  Not-active:"chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/ntp1.html"
CHR Extension: (Docs) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-03-04]
CHR Extension: (Google Docs Offline) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-12]
CHR Extension: (Xfinity) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2014-02-25]
CHR Extension: (FromDocToPDF) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk [2019-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-07]
CHR Extension: (Gmail) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Chrissy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-09]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88648 2020-02-25] (Adobe Inc. -> Adobe Systems)
R2 AGMService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGMService.exe [3374160 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [3103824 2020-03-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7597120 2020-03-28] (Microsoft Corporation -> Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-05] (Numedia Soft, Inc. -> )
S3 Peachtree SmartPosting 2012; C:\Program Files\Sage\Peachtree\SmartPostingService2012.exe [44400 2012-10-22] (Sage Software, Inc. -> Sage Software, Inc.)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [52736 2009-06-22] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435528 2011-04-07] (Sage Software, Inc. -> Pervasive Software Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [2297256 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [85544 2020-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [28824 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] (Intel® Graphics DSS -> )
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [132520 2015-03-10] (BoiseTest -> Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [17320 2015-03-10] (BoiseTest -> Windows ® Win 7 DDK provider)
S3 dot4usb; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [37800 2015-03-10] (BoiseTest -> Microsoft Corporation)
R3 Eplpdx02; C:\WINDOWS\system32\Drivers\EPLPDX02.SYS [70084 2001-08-10] (MK Systems CO., LTD.) [File not signed]
S3 NETw5s32; C:\WINDOWS\System32\DRIVERS\NETw5s32.sys [6114816 2009-09-15] (Intel Corporation) [File not signed]
R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7530736 2013-05-02] (Intel Corporation-Mobile Wireless Group -> Intel Corporation)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL32.sys [24832 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [38640 2013-04-24] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SrvHsfHDA; C:\WINDOWS\system32\DRIVERS\VSTAZL3.SYS [207360 2019-03-18] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\WINDOWS\system32\DRIVERS\VSTDPV3.SYS [980992 2019-03-18] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\WINDOWS\system32\DRIVERS\VSTCNXT3.SYS [661504 2019-03-18] (Microsoft Windows -> Conexant Systems, Inc.)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [37768 2020-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [303840 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [41696 2020-03-25] (Microsoft Windows -> Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [207360 2019-03-18] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-10 16:57 - 2020-04-10 17:00 - 000024128 _____ C:\Users\Chrissy\Desktop\FRST.txt
2020-04-10 16:48 - 2020-04-10 16:48 - 002009088 _____ (Farbar) C:\Users\Chrissy\Desktop\FRST.exe
2020-04-10 15:23 - 2020-03-14 11:21 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2dp.sys
2020-04-10 14:42 - 2020-04-10 15:25 - 000171787 _____ C:\Users\Chrissy\Desktop\Fixlog.txt
2020-04-09 14:57 - 2020-04-09 14:58 - 002868054 _____ C:\Users\Chrissy\Downloads\941.pdf
2020-04-09 14:43 - 2020-04-09 14:43 - 000606391 _____ C:\Users\Chrissy\Desktop\Q 3 941.pdf
2020-04-09 14:42 - 2020-04-09 14:42 - 000608855 _____ C:\Users\Chrissy\Desktop\Q 3 941 II.pdf
2020-04-09 10:09 - 2020-04-09 10:52 - 000000026 _____ C:\WINDOWS\AatrixForms.INI
2020-04-09 10:09 - 2020-04-09 10:09 - 000000000 ____D C:\Users\Chrissy\AppData\Roaming\Aatrix Software
2020-04-09 10:09 - 2020-04-09 10:09 - 000000000 ____D C:\Users\Chrissy\AppData\Local\Aatrix Software
2020-04-08 20:44 - 2015-07-13 11:16 - 000024832 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL32.sys
2020-04-08 20:06 - 2020-04-08 20:06 - 000000045 _____ C:\WINDOWS\system32\initdebug.nfo
2020-04-07 20:07 - 2020-04-07 20:07 - 000022524 _____ C:\junk.txt
2020-04-07 19:54 - 2020-04-07 19:54 - 000030048 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2020-04-06 14:00 - 2020-04-06 14:01 - 000078168 _____ (Zoom Video Communications, Inc.) C:\Users\Chrissy\Downloads\Zoom_ca54e9ef2f18a90a.exe
2020-04-05 19:05 - 2020-04-10 16:59 - 000000000 ____D C:\FRST
2020-04-05 16:23 - 2020-04-05 16:23 - 000000000 ____D C:\WINDOWS\Panther
2020-04-05 15:10 - 2020-04-05 15:10 - 000000267 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2020-04-05 14:28 - 2020-04-05 14:28 - 000000000 ____D C:\ProgramData\Intel
2020-04-04 19:37 - 2020-04-04 19:39 - 001993489 _____ C:\Users\Chrissy\Documents\Savannah Sousa 2020-21.pdf
2020-04-04 19:31 - 2020-04-04 19:33 - 002313479 _____ C:\Users\Chrissy\Documents\Griffin Sousa 2019-20.pdf
2020-04-04 19:23 - 2020-04-04 19:26 - 003259887 _____ C:\Users\Chrissy\Documents\Savannah Sousa 2019-20.pdf
2020-04-03 10:46 - 2020-04-03 10:46 - 000428390 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200403104628.pdf
2020-04-03 08:35 - 2020-04-03 08:35 - 000255320 _____ (Asurvio, LP) C:\Users\Chrissy\Downloads\DSOne.exe
2020-04-03 07:55 - 2020-04-03 07:55 - 000007605 _____ C:\Users\Chrissy\AppData\Local\Resmon.ResmonCfg
2020-04-02 19:24 - 2020-04-02 19:24 - 000000000 ____D C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2020-04-02 19:08 - 2020-04-05 15:11 - 000000000 ____D C:\ProgramData\Lenovo
2020-04-02 19:08 - 2020-04-05 15:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2020-04-02 19:05 - 2020-04-05 15:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2020-04-02 19:02 - 2020-04-05 15:12 - 000000000 ____D C:\WINDOWS\TempInst
2020-04-02 15:13 - 2020-04-02 15:13 - 000004987 _____ C:\Users\Chrissy\Downloads\Dynamic Email List - Parent & Child Classes (2019-2020).xlsx
2020-04-02 15:11 - 2020-04-02 15:11 - 000004346 _____ C:\Users\Chrissy\Downloads\Dynamic Email List - Transitional Preschool (2019-20).xlsx
2020-04-02 15:06 - 2020-04-02 15:08 - 000010235 _____ C:\Users\Chrissy\Downloads\Dynamic Email List - Preschool (2019-20).xlsx
2020-04-02 14:58 - 2020-04-02 15:00 - 000009429 _____ C:\Users\Chrissy\Downloads\Dynamic Email List - Multi-Track Kindergarten (2019-20).xlsx
2020-04-02 14:56 - 2020-04-02 14:56 - 000004915 _____ C:\Users\Chrissy\Downloads\Dynamic Email List - Summer 2020.xlsx
2020-04-02 14:47 - 2020-04-02 14:47 - 000086093 _____ C:\Users\Chrissy\Downloads\members_export_8e7b28e9c4.zip
2020-04-02 14:32 - 2020-04-02 14:33 - 000002158 _____ C:\Users\Chrissy\Downloads\members_export_5e4b740e45.zip
2020-04-01 20:11 - 2020-04-01 20:11 - 005747077 _____ C:\Users\Chrissy\Documents\Dependents.pdf
2020-04-01 19:35 - 2020-04-01 19:35 - 000546775 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200401193509.pdf
2020-04-01 19:35 - 2020-04-01 19:35 - 000546775 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200401193500.pdf
2020-04-01 19:25 - 2020-04-01 19:25 - 000546772 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200401192522.pdf
2020-04-01 19:24 - 2020-04-01 19:24 - 000024058 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200401192406.pdf
2020-04-01 19:20 - 2020-04-01 19:20 - 000546772 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200401192043.pdf
2020-03-31 20:37 - 2020-03-31 20:37 - 000024058 _____ C:\Users\Chrissy\Downloads\UI Online - Doc_20200331203718.pdf
2020-03-18 08:23 - 2020-03-18 08:23 - 000079669 _____ C:\Users\Chrissy\Downloads\ACTIVE Account Statement March 1 - 15, 2020.xlsx
2020-03-16 00:46 - 2020-03-16 00:46 - 006520776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-03-16 00:46 - 2020-03-16 00:46 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2020-03-16 00:46 - 2020-03-16 00:46 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-03-16 00:46 - 2020-03-16 00:46 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2020-03-16 00:46 - 2020-03-16 00:46 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2020-03-15 20:01 - 2020-03-15 20:02 - 000503672 _____ C:\Users\Chrissy\Documents\Hana Philcrantz.pdf
2020-03-15 14:11 - 2020-03-15 14:11 - 000002483 _____ C:\Users\Chrissy\Downloads\Colored-College-Ruled-Paper1.zip
2020-03-14 11:24 - 2020-03-14 11:24 - 009711616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 003243296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 002315680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001874328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001867816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001792312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001616912 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001555904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001474048 _____ C:\WINDOWS\system32\rdpnano.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001417976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001400320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001108040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001080832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000757632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000446232 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2020-03-14 11:24 - 2020-03-14 11:24 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacEncoder.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngOnline.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2020-03-14 11:24 - 2020-03-14 11:24 - 000079672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2020-03-14 11:24 - 2020-03-14 11:24 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2020-03-14 11:24 - 2020-03-14 11:24 - 000023864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2020-03-14 11:24 - 2020-03-14 11:24 - 000018448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 019850240 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 018027008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 006285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 005911040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 005764664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 004538880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 003819520 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 003488768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 002999808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-03-14 11:23 - 2020-03-14 11:23 - 002307584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 002259872 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 002235408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 002077880 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001684992 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001458688 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001429096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001402880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001223680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001157120 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001077632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 001071120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 001031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 001018552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000843776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000746352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000713728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MdmDiagnostics.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbc32.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetup.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000525312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000478792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000362000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000356368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000331280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-03-14 11:23 - 2020-03-14 11:23 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnphost.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000267280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000205840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000136328 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000130112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceMetadataRetrievalClient.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000105832 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000102760 _____ (Microsoft Corporation) C:\WINDOWS\system32\profapi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000097592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstSv.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000080912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseresourcemanager.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmRes.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlrmdr.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\udhisapi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000054800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000051512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmprovhost.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\upnpcont.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afunix.sys
2020-03-14 11:23 - 2020-03-14 11:23 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msauserext.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpnotify.exe
2020-03-14 11:23 - 2020-03-14 11:23 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MUILanguageCleanup.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LangCleanupSysprepAction.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAlertListener.ProxyStub.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2020-03-14 11:23 - 2020-03-14 11:23 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetupproxyserv.dll
2020-03-14 11:22 - 2020-03-14 11:23 - 007070736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 006084344 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 005112832 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 004868184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 004755968 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 003971808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 003560960 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 003131392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 003037696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002985984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002875904 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002800640 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 002797568 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002761016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 002740736 _____ (Microsoft Corporation) C:\WINDOWS\system32\directml.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002584008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002561536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002305536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 002203664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 002058240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 002021888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001985104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001661952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001659528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001539888 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001484600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001454400 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001264128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpsharercom.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001257984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001150464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 001101312 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001054376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001007672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 001000960 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000935040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000892696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000786040 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000785920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000776488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000769552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000741376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000689976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000680184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000668296 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000627216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000622592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Service.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Language.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000551824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxs.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000538128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000531672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000478720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000415976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2020-03-14 11:22 - 2020-03-14 11:22 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000402528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000400440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000344376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountExtension.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Acx01000.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnservice.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000213984 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000199480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountCloudAP.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000193592 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringMgr.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountTokenProvider.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000152080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000142648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000120560 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000108856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GraphicsCapture.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000105384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000104976 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3api.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3msm.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000068408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000046928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsManagementServiceWinRt.ProxyStub.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000042336 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiredNetworkCSP.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAProfileNotificationHandler.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxstrace.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilotdiag.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000023864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tbs.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-03-14 11:22 - 2020-03-14 11:22 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wci.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\pacjsworker.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchTM.exe
2020-03-14 11:22 - 2020-03-14 11:22 - 000003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tier2punctuations.dll
2020-03-14 11:22 - 2020-03-14 11:22 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUserRes.dll
2020-03-14 11:21 - 2020-03-14 11:21 - 001091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000425272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2020-03-14 11:21 - 2020-03-14 11:21 - 000319976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000192016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000173880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000167224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000160568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000156984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\viac7.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000144400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000133432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000109072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2020-03-14 11:21 - 2020-03-14 11:21 - 000053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000041784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthMini.SYS
2020-03-14 11:21 - 2020-03-14 11:21 - 000023952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2020-03-14 11:21 - 2020-03-14 11:21 - 000022840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000017208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelide.sys
2020-03-14 11:21 - 2020-03-14 11:21 - 000014648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys
2020-03-14 10:55 - 2020-02-11 00:48 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-03-12 09:49 - 2020-03-12 09:49 - 000308548 _____ C:\Users\Chrissy\Downloads\Reese Baran.pdf
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-10 16:53 - 2019-03-18 22:44 - 000000000 ____D C:\WINDOWS\INF
2020-04-10 16:49 - 2019-03-18 22:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-10 16:38 - 2019-08-20 19:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-10 16:09 - 2019-10-01 19:40 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-04-10 16:09 - 2019-10-01 19:40 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-04-10 16:03 - 2018-06-28 13:38 - 000000000 ____D C:\Users\Chrissy\AppData\Local\Adobe
2020-04-10 16:01 - 2019-08-20 20:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-10 15:56 - 2019-03-18 22:35 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-04-10 15:28 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-10 15:06 - 2019-03-18 22:35 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-10 14:07 - 2019-08-20 20:01 - 000004162 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{B76945DF-72EF-4988-9332-2D50101B113A}
2020-04-09 19:51 - 2019-03-18 22:46 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-09 09:41 - 2019-03-18 22:46 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2020-04-09 09:39 - 2012-06-16 21:34 - 000000000 ____D C:\Program Files\Microsoft Office
2020-04-08 20:37 - 2012-12-29 09:16 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-08 20:27 - 2013-07-05 15:34 - 000000000 ____D C:\Program Files\Java
2020-04-08 20:22 - 2014-03-09 21:33 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2020-04-06 20:01 - 2019-08-20 19:36 - 000000000 ____D C:\Users\Chrissy
2020-04-06 19:44 - 2018-01-14 23:59 - 000000000 ____D C:\Users\Chrissy\AppData\Local\Packages
2020-04-05 19:57 - 2019-05-28 20:36 - 000000000 ____D C:\Users\Chrissy\AppData\Local\D3DSCache
2020-04-05 15:11 - 2019-01-08 11:14 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-05 15:11 - 2013-02-28 09:04 - 000000000 ____D C:\Program Files\Intel
2020-04-02 19:35 - 2020-01-30 10:05 - 000609128 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-04-02 19:26 - 2012-10-02 19:52 - 000000000 ____D C:\Users\Chrissy\AppData\Roaming\Dropbox
2020-04-02 15:17 - 2013-08-29 09:20 - 000000000 ___RD C:\Users\Chrissy\Dropbox
2020-04-02 13:35 - 2012-06-19 20:44 - 000000000 ____D C:\Users\Chrissy\AppData\Local\CutePDF Writer
2020-03-27 12:15 - 2016-07-22 10:27 - 000000000 ____D C:\Users\Chrissy\AppData\Local\ElevatedDiagnostics
2020-03-25 21:03 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-03-25 08:26 - 2018-02-24 21:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-03-23 08:23 - 2019-08-20 20:01 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2695042837-3831575686-1124767896-1000
2020-03-23 08:23 - 2019-08-20 19:36 - 000002421 _____ C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-23 08:23 - 2016-05-22 12:17 - 000000000 ___RD C:\Users\Chrissy\OneDrive
2020-03-20 19:12 - 2019-08-20 20:01 - 000003408 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-20 19:11 - 2019-08-20 20:01 - 000003284 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-20 18:59 - 2019-01-08 11:55 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2020-03-20 18:59 - 2019-01-08 11:55 - 000002091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2020-03-20 10:22 - 2019-10-01 19:41 - 000003506 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2020-03-18 14:54 - 2016-03-13 20:35 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-03-16 01:16 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-03-16 01:16 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-03-15 12:52 - 2019-08-20 19:49 - 000950252 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-03-15 00:15 - 2018-01-15 00:25 - 000000000 ___RD C:\Users\Chrissy\3D Objects
2020-03-15 00:15 - 2016-02-13 08:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-03-15 00:14 - 2019-08-20 19:24 - 000490432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\SystemResources
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\system32\setup
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-03-15 00:08 - 2019-03-18 22:46 - 000000000 ____D C:\Program Files\Windows Defender
2020-03-15 00:08 - 2019-03-18 22:35 - 000000000 ____D C:\WINDOWS\servicing
2020-03-14 17:36 - 2013-07-12 06:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-03-14 17:29 - 2012-12-04 08:10 - 118379832 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories ========
 
2013-05-14 13:55 - 2013-05-14 13:55 - 000033193 _____ () C:\Users\Chrissy\AppData\Roaming\UserTile.png
2017-12-14 16:33 - 2017-12-14 16:33 - 000004096 ____H () C:\Users\Chrissy\AppData\Local\keyfile3.drm
2019-01-08 11:09 - 2019-01-08 11:09 - 000000615 _____ () C:\Users\Chrissy\AppData\Local\oobelibMkey.log
2020-04-03 07:55 - 2020-04-03 07:55 - 000007605 _____ () C:\Users\Chrissy\AppData\Local\Resmon.ResmonCfg
2015-01-05 16:50 - 2015-01-05 16:50 - 000000000 _____ () C:\Users\Chrissy\AppData\Local\{F2E88783-AFFE-446F-B21E-F98399405CA3}
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
3. Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-04-2020
Ran by Chrissy (10-04-2020 17:02:52)
Running from C:\Users\Chrissy\Desktop
Microsoft Windows 10 Home Version 1909 18363.720 (X86) (2019-08-21 00:03:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2695042837-3831575686-1124767896-500 - Administrator - Disabled)
Chrissy (S-1-5-21-2695042837-3831575686-1124767896-1000 - Administrator - Enabled) => C:\Users\Chrissy
DefaultAccount (S-1-5-21-2695042837-3831575686-1124767896-503 - Limited - Disabled)
Guest (S-1-5-21-2695042837-3831575686-1124767896-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2695042837-3831575686-1124767896-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2695042837-3831575686-1124767896-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat DC (HKLM\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Canon IJ Network Scanner Selector EX2 (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.2.0.18 - Canon Inc.)
Canon MB2700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MB2700_series) (Version: 1.02 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.1.2101 - CDBurnerXP)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Combined Community Codec Pack 2009-09-09 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2009.09.09.0 - CCCP Project)
Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dot4 (HKLM\...\{FF359AAB-AA6A-449F-B75F-21201CD86495}) (Version: 1.0.0.0 - HP)
Dropbox (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Dropbox) (Version: 94.4.384 - Dropbox, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 81.0.4044.92 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM\...\{665DF231-32BE-46BA-ABD2-B0D69F8314FF}) (Version: 1.0.494 - LogMeIn, Inc.)
GoToMeeting 8.41.0.12127 (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\GoToMeeting) (Version: 8.41.0.12127 - LogMeIn, Inc.)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{14BEBF02-A501-4A68-ABEB-286CCB28AE9F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
ImageMixer3 (HKLM\...\{AB19A235-66D4-47F7-9904-BAF84ED25BB6}) (Version: 3.00.005 - PIXELA)
Juniper Networks Host Checker (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Neoteris_Host_Checker) (Version: 7.4.0.31481 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\Juniper_Term_Services) (Version: 7.4.0.31481 - Juniper Networks)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.12624.20382 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
MyLiveChat (HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\4435c09f5cdefce5) (Version: 1.0.2.51 - MyLiveChat)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM\...\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR) Hidden
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.12624.20382 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12624.20320 - Microsoft Corporation) Hidden
Peachtree Accounting 2012 (HKLM\...\{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}) (Version: 19.00.00 - Sage Software, Inc.) Hidden
Peachtree Accounting 2012 (HKLM\...\InstallShield_{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}) (Version: 19.00.00 - Sage Software, Inc.)
Peachtree Signature Ready Forms (HKLM\...\{BA1EF4A7-AB67-492B-9C7D-4AEE43F5A3C6}) (Version: 6.14.24 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v10 SP2 Workgroup (32-bit) (HKLM\...\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}) (Version: 10.20.034 - Pervasive Software) Hidden
Pervasive PSQL v10 SP2 Workgroup (32-bit) (HKLM\...\Pervasive PSQL v10 SP2 Workgroup (32-bit)) (Version: 10.10.126 - Pervasive Software)
PHOTOfunSTUDIO -viewer- (HKLM\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 1.00.000 - )
Sage Integration Services (HKLM\...\Integration Services) (Version: 2.2.2240 - Sage Technology)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Universal Document Converter Server Edition (HKLM\...\Universal Document Converter_is1) (Version: 5.5 - fCoder Group, Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
 
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-01-08] (Adobe Systems Incorporated)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.165.800.0_x86__kgqvnymyfvs32 [2020-04-02] (king.com)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.671.0_x86__v10z8vjag6ke6 [2020-02-05] (HP Inc.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.27.32.0_x86__k1h2ywk1493x8 [2019-03-26] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x86__8wekyb3d8bbwe [2020-01-31] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x86__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x86__8wekyb3d8bbwe [2020-01-12] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-01-08] (Adobe Systems Incorporated)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0 [2020-04-09] (Spotify AB) [Startup Task]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-10] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x86__8wekyb3d8bbwe [2016-05-24] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E4A4737B4AD9} -> [Creative Cloud Files] => C:\Users\Chrissy\Creative Cloud Files [2019-01-08 12:13]
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Chrissy\AppData\Local\GoToMeeting\12127\G2MOutlookAddin.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\DropboxUpdateOnDemand.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\DropboxUpdateOnDemand.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{A659F7AF-C6B4-40FD-BF17-35CED2DA8C8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\psuser.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\DropboxUpdateOnDemand.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\DropboxUpdateOnDemand.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Chrissy\Dropbox [2013-08-29 09:20]
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [dropbox-NamespaceExtensionRole.Business] => 0
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2695042837-3831575686-1124767896-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Chrissy\AppData\Local\Dropbox\Update\1.3.295.1\psuser.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellExecuteHooks: No Name - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  -> No File
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files\Common Files\Adobe\CoreSyncExtension\CoreSync_x86.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1_S-1-5-21-2695042837-3831575686-1124767896-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2695042837-3831575686-1124767896-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2695042837-3831575686-1124767896-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\DropboxExt.37.0.dll [2020-04-01] (Dropbox, Inc -> Dropbox, Inc.)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.ffds] => C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll [85504 2009-08-31] () [File not signed]
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
Shortcut: C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
 
==================== Loaded Modules (Whitelisted) =============
 
2008-12-29 18:13 - 2008-12-29 18:13 - 000204800 _____ () [File not signed] C:\Program Files\NETGEAR\WG111v3\KJLog.dll
2009-03-04 10:52 - 2009-03-04 10:52 - 000372736 _____ () [File not signed] C:\Program Files\NETGEAR\WG111v3\WlanDll.dll
2020-02-22 16:22 - 2015-09-15 17:07 - 000318464 _____ (CANON INC) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\scchmpm.dll
2020-02-22 16:22 - 2015-09-01 19:11 - 000194560 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll
2020-02-22 16:22 - 2015-06-17 17:03 - 000008192 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNS2_ENU.DLL
2020-02-22 16:22 - 2015-06-17 17:00 - 000104960 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2020-02-22 16:22 - 2015-05-26 10:44 - 000141312 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\IJ Network Scanner Selector EX2\cnwidsd.dll
2009-02-03 03:09 - 2009-02-03 03:09 - 000069632 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2000-09-13 06:00 - 2000-09-13 06:00 - 000032768 _____ (MK Systems CO.,LTD.) [File not signed] C:\WINDOWS\System32\Eplplx02.dll
2002-06-21 06:04 - 2002-06-21 06:04 - 000079872 _____ (MK Systems CO.,LTD.) [File not signed] C:\WINDOWS\System32\Eplpmx02.DLL
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2009-06-10 17:39 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Pervasive Software\PSQL\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chrissy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2695042837-3831575686-1124767896-1000\...\StartupApproved\Run: => "SUPERAntiSpyware"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1BAB5892-140F-448E-920D-980B907CDA14}] => (Allow) LPort=1583
FirewallRules: [{CEC8D2C1-73EC-4176-B212-86CB84605F07}] => (Allow) LPort=3351
FirewallRules: [{B40B6A1F-6E56-46D5-87A8-3164F2822D18}] => (Allow) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Sage Software, Inc. -> Pervasive Software Inc.)
FirewallRules: [{D5403EC3-5302-42CD-9751-1AA5B7BD530A}] => (Allow) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Sage Software, Inc. -> Pervasive Software Inc.)
FirewallRules: [{19A9C98F-E89D-4695-BA16-9E8CDF9F3B5D}] => (Allow) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{BDA28771-F93B-49A8-BB37-C6111EDEB4D0}] => (Allow) C:\Users\Chrissy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{F03EAF5E-9ED5-464D-877F-2B7651EB52C9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{FBBB15BA-FC5E-48C7-B479-FC66CE912062}C:\users\chrissy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\chrissy\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [UDP Query User{488A720B-0B63-484E-8041-DB4316130A24}C:\users\chrissy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\chrissy\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{A6FFDB5E-895B-4F4F-AF06-1599D39FB79D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{61D242F6-5AFA-41A5-800A-6563F7A1AD6C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{74C50345-F115-45F2-9410-D8B966F7E59F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C70921FE-350A-4959-B15E-6323B6FAA85F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{BF853CAC-7579-42C7-92AF-7DA1CD7B0B6C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{30D8FD6B-0D55-4237-9756-AEF39C802444}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{6FFD155E-DD9A-46CE-B94C-8E09A1A286EB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AE88631B-5FE0-4CFD-84B8-8D279903D15A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2605F714-6057-4C3A-9116-EDF3CC34258D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{08960DC2-8B52-4B6C-BAF6-4A4CE7D7A7FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B765CE57-9899-47F6-8F85-BC92C15D0B45}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{26BE53EC-75F4-4595-B581-4001516A7490}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{14B96270-9E63-4098-9958-1D01850DA1F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{343065C6-048C-4904-8F1E-D337AC1D425D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{56CF1D03-3E9F-4C93-ADD3-1D1ED9E538A8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{61EDE857-5691-4A53-92F8-6DB9FDECE9CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.130.658.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
 
==================== Restore Points =========================
 
02-04-2020 09:47:43 Scheduled Checkpoint
08-04-2020 20:23:06 Removed Java 8 Update 31
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/10/2020 04:03:22 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: Chrissy-PC)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
 
System errors:
=============
Error: (04/10/2020 04:53:02 PM) (Source: DCOM) (EventID: 10000) (User: Chrissy-PC)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
 
Error: (04/10/2020 04:07:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service hung on starting.
 
Error: (04/10/2020 03:56:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
 
 
Windows Defender:
===================================
Date: 2020-04-10 16:08:03.741
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.C!ml
ID: 2147749372
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Chrissy\Desktop\FRST.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.313.1201.0, AS: 1.313.1201.0, NIS: 1.313.1201.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
 
Date: 2020-04-10 16:08:00.295
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.C!ml
ID: 2147749372
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Chrissy\Desktop\FRST.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.313.1201.0, AS: 1.313.1201.0, NIS: 1.313.1201.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
 
Date: 2020-04-10 16:02:40.118
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Trojan:Win32/Wacatac.C!ml
ID: 2147749372
Severity: Severe
Category: Trojan
Path: file:_C:\Users\Chrissy\Desktop\FRST.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Security intelligence Version: AV: 1.313.1201.0, AS: 1.313.1201.0, NIS: 1.313.1201.0
Engine Version: AM: 1.1.16900.4, NIS: 1.1.16900.4
 
CodeIntegrity:
===================================
 
Date: 2020-04-10 16:03:28.213
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\AdobePDF.dll that did not meet the Unchecked signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: LENOVO 7UET79WW (3.09 ) 10/13/2009
Motherboard: LENOVO 7439W6R
Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 90%
Total physical RAM: 1944.02 MB
Available physical RAM: 177.56 MB
Total Virtual: 4632.02 MB
Available Virtual: 1783.33 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:148.35 GB) (Free:60.58 GB) NTFS
 
\\?\Volume{73b17344-af71-11e1-a62f-806e6f6e6963}\ (System) (Fixed) (Total:0.2 GB) (Free:0.15 GB) NTFS
\\?\Volume{8d91f07f-0000-0000-0000-402325000000}\ () (Fixed) (Total:0.5 GB) (Free:0.15 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 8D91F07F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=510 MB) - (Type=27)
 
==================== End of Addition.txt =======================

 

Attached Files


  • 0

#8
RKinner
Posted 10 April 2020 - 05:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

I've never seen speedfan cause any problems with the fans.  It does monitor them and there is an option that turns them on but as far as I know it only works when the program is running.

 

I'm afraid fan failure on old laptops are not uncommon.  You can usually find a replacement on Amazon but changing the fan can be a major job and if you need to remove the heatpipe/heatsink you will need to replace the thermal paste.

 

You might go into the BIOS/CMOS setup and reset everything to default and save & exit and see if that helps tho it would be wise to go through and write down the options in case it won't boot afterward.

 

Dangerous to run very long without a fan.  Perhaps you can find a fan tray to set it on?

 

Go to Control Panel, Programs & Features then find Office 365.  Right click on it and Repair.

 

Search for

 

task scheduler

 

Hit Enter. 

 

Click on the arrow in front of Task Scheduler Library.  Then click on Task Scheduler Library. In the next pane to the right should be a list of tasks.  The top one is probably called 0

If you find 0, right click on it and Disable.

 

Now Click on the arrow in front of

Microsoft

then on the arrow for Windows.

 

Scroll down to Wininet and click on it.  In the pane to the right should be CacheTask.  Right click on it and Disable.

 

Since we are in Task Scheduler, scroll up to Customer Experience Improvement Program.  Click on it then look in the pane to the right.  Right click on each task and Disable.

 

Do the same for Application Experience.

 

Download OOSU10.exe:

https://www.oo-softw...com/en/shutup10

Download and Save it (You will get a popup while it's downloading.  You can X out of it)
then Right click and Run As Admin.
Allow it to make a System Restore Point.
Click on Actions then on Apply Recommended Settings.

Close the program and reboot.

After each major update it's wise to rerun the program and Revert the changes.

 

Reboot and make a new Process Explorer log after things settle. 


  • 0

#9
dbrupp
Posted 13 April 2020 - 06:10 PM

dbrupp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Hello,

I apologize for my delay in responding.

 

Assuming that I should be following your steps in the order that you presented them, I just want to make sure that I'm taking the correct and wanted to ask you a question before I begin.

 

For "Go to Control Panel, Programs & Features then find Office 365.  Right click on it and Repair."

 

I'm not sure why, but my right click is not working.

 

If I left click, I see the options Modify/Uninstall.  I then left click on "Modify" and a Microsoft Box pops up that says:

"How would you like to repair your Office programs?"

- Quick Repair 

Fixes most issues quickly without the need for an internet connection.

 

- Online Repair

Fixes all issues, but takes a little longer and requires an internet connection throughout. You can select this option if you are still having problems after Quick Repair.

 

Can you please tell me if I should be choosing one of these and if there is some issue that you noticed in the logs?

 

 

Thank you again for all of your help!


  • 0

#10
RKinner
Posted 13 April 2020 - 08:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Do the Online Repair

 

I saw this:

 

 
Error: (04/10/2020 03:56:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
 
 
Also do Control Panel, Troubleshooting, Fix problems with Windows Updates (under System & Security) because of this one:
 
Error: (04/10/2020 04:07:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Update Orchestrator Service service hung on starting.

  • 0

Advertisements

#11
dbrupp
Posted 15 April 2020 - 09:04 PM

dbrupp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Hello,

Thank you for your expert help.  I have completed the steps that you advised me to take.

Here is the Process Explorer Log.  I apologize if I did not sort the CPU column correctly.

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
AcrobatNotificationClient.exe Suspended 6,556 K 18,364 K 10228 (Verified) Adobe Systems, Incorporated
acrotray.exe 2,024 K 8,916 K 8140 AcroTray Adobe Systems Inc. (Verified) Adobe Inc.
AdobeCollabSync.exe 2,608 K 11,712 K 4388 Adobe Collaboration Synchronizer 20.6 Adobe Systems Incorporated (Verified) Adobe Inc.
AGSService.exe 1,680 K 8,144 K 568 Adobe Genuine Software Integrity Service Adobe Systems, Incorporated (Verified) Adobe Inc.
ApplicationFrameHost.exe 10,656 K 24,748 K 1144 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1,084 K 5,324 K 876 Adobe Acrobat Update Service Adobe Systems (Verified) Adobe Inc.
audiodg.exe 6,476 K 9,252 K 8256 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 4,984 K 19,684 K 9212 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 7,180 K 25,372 K 8748 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 1,216 K 5,472 K 10084 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 1,464 K 7,432 K 10232 Google Chrome Google LLC (Verified) Google LLC
ctfmon.exe 2,608 K 12,028 K 4712 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 728 K 3,484 K 3400 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 3,536 K 11,092 K 1900 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,600 K 9,000 K 3840 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 3,168 K 10,384 K 1140 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 1,572 K 7,728 K 4108 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
Dropbox.exe 1,484 K 7,064 K 7652 Dropbox Dropbox, Inc. (Verified) Dropbox, Inc
DropboxUpdate.exe 1,924 K 4,188 K 1116 Dropbox Update Dropbox, Inc. (Verified) Dropbox, Inc
fontdrvhost.exe 1,516 K 2,880 K 752 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 7,116 K 13,256 K 880 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
HPSupportSolutionsFrameworkService.exe 14,380 K 7,792 K 1588 SolutionsFrameworkService Hewlett-Packard Company (Verified) Hewlett-Packard Company
ibmpmsvc.exe 1,060 K 4,624 K 1456 Lenovo Power Management Service Lenovo. (Verified) LENOVO
mqsvc.exe 3,532 K 6,152 K 488 Message Queuing Service Microsoft Corporation (Verified) Microsoft Windows
NisSrv.exe 3,236 K 7,916 K 4412 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Windows Publisher
NMSAccessU.exe 908 K 4,680 K 2160 (Verified) Numedia Soft, Inc.
Registry 10,688 K 34,000 K 88
RuntimeBroker.exe 2,232 K 11,804 K 7888 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 5,160 K 8,724 K 5512 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1,992 K 8,624 K 9676 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
ScanToPCActivationApp.exe 2,444 K 11,392 K 7096 ScanToPCActivationApp Hewlett-Packard Co. (Verified) Hewlett Packard
SearchUI.exe Suspended 52,072 K 29,100 K 4348 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 3,488 K 14,440 K 8028 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SecurityHealthSystray.exe 1,328 K 7,728 K 7960 Windows Security notification icon Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,288 K 6,700 K 636 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
sihost.exe 4,640 K 14,576 K 4468 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
SkypeBackgroundHost.exe Suspended 1,528 K 4,072 K 6956 Microsoft Skype Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
smartscreen.exe 1,928 K 6,732 K 8208 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
smss.exe 352 K 908 K 376 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
SMSvcHost.exe 16,652 K 11,124 K 2116 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
SMSvcHost.exe 15,000 K 9,024 K 4044 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
spoolsv.exe 10,716 K 20,272 K 1980 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
StartMenuExperienceHost.exe 26,140 K 34,236 K 5400 (Verified) Microsoft Windows
svchost.exe 960 K 4,628 K 2200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,992 K 5,828 K 2556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,120 K 6,628 K 2764 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,420 K 6,192 K 3272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,380 K 5,580 K 1656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,028 K 8,768 K 940 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,008 K 8,560 K 2076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,512 K 11,580 K 1624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,632 K 11,184 K 2024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,012 K 8,536 K 7720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,596 K 10,356 K 8992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,036 K 10,528 K 1356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,692 K 14,316 K 1784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,464 K 6,720 K 7672 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,640 K 9,920 K 2404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SynTPHelper.exe 740 K 4,040 K 7064 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Synaptics Incorporated
SynTPLpr.exe 1,280 K 5,668 K 5616 TouchPad Driver Helper Application Synaptics Incorporated (Verified) Synaptics Incorporated
SystemSettings.exe Suspended 14,936 K 49,252 K 4828 Settings Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 1,228 K 6,136 K 4572 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,152 K 6,688 K 3852 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
w3dbsmgr.exe 284,972 K 35,784 K 2240 Database Service Manager Pervasive Software Inc. (Verified) Sage Software, Inc.
wininit.exe 1,148 K 5,528 K 572 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
winlogon.exe 2,184 K 8,204 K 836 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WinStore.App.exe Suspended 14,156 K 37,076 K 9476 Store Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
WmiPrvSE.exe 1,968 K 7,208 K 1740 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,048 K 7,620 K 9812 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
YourPhone.exe Suspended 11,808 K 17,188 K 7180 (No signature was present in the subject)
svchost.exe < 0.01 3,056 K 13,372 K 7424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe < 0.01 1,148 K 4,172 K 500 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
OfficeClickToRun.exe < 0.01 10,124 K 12,484 K 448 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 8,368 K 26,952 K 4532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Memory Compression 0.01 228 K 17,272 K 1548
chrome.exe 0.01 65,388 K 49,392 K 3280 Google Chrome Google LLC (Verified) Google LLC
Dropbox.exe 0.01 2,492 K 9,892 K 7796 Dropbox Dropbox, Inc. (Verified) Dropbox, Inc
lsass.exe 0.01 4,476 K 11,984 K 644 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.02 17,764 K 38,272 K 7816 Google Chrome Google LLC (Verified) Google LLC
RuntimeBroker.exe 0.02 4,136 K 15,584 K 6800 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.02 15,564 K 34,092 K 8444 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.02 36,372 K 66,072 K 1080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
QtWebEngineProcess.exe 0.02 31,640 K 53,104 K 9092 Qt Qtwebengineprocess The Qt Company Ltd. (Verified) Dropbox, Inc
svchost.exe 0.03 30,064 K 39,268 K 1120 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe 0.03 29,120 K 20,468 K 5256 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
WG111v3.exe 0.03 3,612 K 11,248 K 5712 NetgearCUv2 MFC Application (No signature was present in the subject)
QtWebEngineProcess.exe 0.03 30,936 K 51,048 K 7776 Qt Qtwebengineprocess The Qt Company Ltd. (Verified) Dropbox, Inc
svchost.exe 0.03 2,512 K 8,400 K 1664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.03 19,344 K 40,272 K 7496 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.04 8,220 K 19,632 K 744 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AGMService.exe 0.05 3,420 K 12,304 K 792 Adobe Genuine Software Service Adobe Systems, Incorporated (Verified) Adobe Inc.
CCleaner.exe 0.07 9,612 K 21,696 K 6532 CCleaner Piriform Software Ltd (Verified) Piriform Software Ltd
svchost.exe 0.07 4,752 K 9,120 K 1884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
CNMNSST2.exe 0.08 1,996 K 8,688 K 5488 Canon IJ Network Scanner Selector EX2 CANON INC. (Verified) Canon Inc.
svchost.exe 0.16 4,252 K 9,872 K 920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.17 12,360 K 26,684 K 7132 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.23 53,852 K 85,464 K 7000 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.27 16,480 K 37,564 K 2108 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.33 41,436 K 89,392 K 10012 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.36 17,872 K 18,552 K 1224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.45 8,836 K 14,580 K 1296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AdobeCollabSync.exe 0.69 5,188 K 18,220 K 7768 Adobe Collaboration Synchronizer 20.6 Adobe Systems Incorporated (Verified) Adobe Inc.
Dropbox.exe 0.83 268,340 K 287,228 K 2604 Dropbox Dropbox, Inc. (Verified) Dropbox, Inc
csrss.exe 0.88 1,404 K 4,452 K 592 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 1.08 30,572 K 63,876 K 4888 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 1.20 114,060 K 103,424 K 8948 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Windows Publisher
System 1.93 68 K 176 K 4
SynTPEnh.exe 2.78 4,092 K 13,656 K 3884 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
dwm.exe 4.04 55,800 K 36,824 K 1012 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 3.77 0 K 0 K n/a Hardware Interrupts and DPCs
svchost.exe 7.72 7,648 K 18,188 K 1416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
procexp.exe 16.52 31,580 K 56,932 K 9336 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 49.49 40 K 4 K 0
 

  • 0

#12
RKinner
Posted 15 April 2020 - 09:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Do you have a newish USB drive that you are not using?  Windows should offer to  use it to upgrade your memory when you plug it in.  That's probably cheaper and easier than trying to add the 1 GB. 

https://fossbytes.co...oost-usb-drive/

 

 

Can you disable your Wireless.  Either go to Airplane mode or search for

device manager then find the Wifi network driver and right click and Disable?  Then run a new Latency Monitor for 20 seconds.  Post the summary and then go to Drivers tab.  Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top then take a screen shot and post it.  Click on the Processes tab then click on the column header once or twice until the big numbers are at the top.  Take a screen shot and post it.  (You will have to reenable your wireless in order to post so save the screenshot where you can find them again.)  https://www.cnet.com/how-to/8-ways-you-can-take-screenshots-in-windows-10/ Make sure you save your screenshot as .jpg or the forum may not let you attach them.


  • 0

#13
dbrupp
Posted 16 April 2020 - 06:35 PM

dbrupp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Thanks for letting me know about the USB Drive trick.  I'll look in to that further.

 

 

I've attached the screen captures from latency monitor and here is the summary:

 

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:20  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        CHRISSY-PC
OS version:                                           Windows 10 , 10.0, build: 18363 (x86)
Hardware:                                             7439W6R, LENOVO
CPU:                                                  GenuineIntel Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Logical processors:                                   2
Processor groups:                                     1
RAM:                                                  1944 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   2394 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
WARNING: the CPU speed that was measured is only a fraction of the CPU speed reported. Your CPUs may be throttled back due to variable speed settings and thermal issues. It is suggested that you run a utility which reports your actual CPU frequency and temperature. 
 
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   198.20
Average measured interrupt to process latency (µs):   13.030368
 
Highest measured interrupt to DPC latency (µs):       176.60
Average measured interrupt to DPC latency (µs):       3.487671
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              43.157895
Driver with highest ISR routine execution time:       i8042prt.sys - i8042 Port Driver, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.113157
Driver with highest ISR total time:                   i8042prt.sys - i8042 Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.113816
 
ISR count (execution time <250 µs):                   3263
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              255.721805
Driver with highest DPC routine execution time:       tcpip.sys - TCP/IP Driver, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.403066
Driver with highest DPC total execution time:         rspLLL32.sys - Resplendence Latency Monitoring and Auxiliary Kernel Library, Resplendence Software Projects Sp.
 
Total time spent in DPCs (%)                          0.662453
 
DPC count (execution time <250 µs):                   48908
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                1
DPC count (execution time 1000-1999 µs):              0
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 dropboxupdate.exe
 
Total number of hard pagefaults                       347
Hard pagefault count of hardest hit process:          100
Number of processes hit:                              13
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.817488
CPU 0 ISR highest execution time (µs):                43.157895
CPU 0 ISR total execution time (s):                   0.044561
CPU 0 ISR count:                                      2662
CPU 0 DPC highest execution time (µs):                255.721805
CPU 0 DPC total execution time (s):                   0.247082
CPU 0 DPC count:                                      48264
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.473473
CPU 1 ISR highest execution time (µs):                18.526316
CPU 1 ISR total execution time (s):                   0.001072
CPU 1 ISR count:                                      601
CPU 1 DPC highest execution time (µs):                163.842105
CPU 1 DPC total execution time (s):                   0.018521
CPU 1 DPC count:                                      645
_________________________________________________________________________________________________________
 

Attached Thumbnails

  • capture_drivers.JPG
  • capture_process.JPG

  • 0

#14
RKinner
Posted 17 April 2020 - 10:10 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

What does a process explorer log look like with the Wireless disabled the same way?


  • 0

#15
dbrupp
Posted 18 April 2020 - 01:06 PM

dbrupp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Hello,

 

I hope that this message finds you well.

 

I apologize if I took incorrect steps with process explorer the last time.

 

I set the laptop to 'airplane' mode only and ran the program.

 

I've attached the .jpg's and here's the log from Process Explorer with my WiFi turned off.

 

* just some notes:

1.  I turned off Wi-Fi from the right corner of the laptop clicked on the WiFi icon and it turned-off my WiFi Connection.

2.  I sorted the Drivers tab of Process Explorer, w/ highest numbers on top by column "Total exectution (ms)"

3, I sorted the Processes tab of Process Explorer w/ highest numbers on top by column "Hard pagefaults"

 

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:24  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        CHRISSY-PC
OS version:                                           Windows 10 , 10.0, build: 18363 (x86)
Hardware:                                             7439W6R, LENOVO
CPU:                                                  GenuineIntel Intel® Core™2 Duo CPU P8600 @ 2.40GHz
Logical processors:                                   2
Processor groups:                                     1
RAM:                                                  1944 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   2394 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
WARNING: the CPU speed that was measured is only a fraction of the CPU speed reported. Your CPUs may be throttled back due to variable speed settings and thermal issues. It is suggested that you run a utility which reports your actual CPU frequency and temperature. 
 
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   717.70
Average measured interrupt to process latency (µs):   10.775014
 
Highest measured interrupt to DPC latency (µs):       705.90
Average measured interrupt to DPC latency (µs):       3.421870
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              44.492481
Driver with highest ISR routine execution time:       i8042prt.sys - i8042 Port Driver, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.091195
Driver with highest ISR total time:                   i8042prt.sys - i8042 Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.091939
 
ISR count (execution time <250 µs):                   4571
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                0
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              176.255639
Driver with highest DPC routine execution time:       tcpip.sys - TCP/IP Driver, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.165708
Driver with highest DPC total execution time:         storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in DPCs (%)                          0.329185
 
DPC count (execution time <250 µs):                   12661
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                0
DPC count (execution time 1000-1999 µs):              0
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 svchost.exe
 
Total number of hard pagefaults                       1678
Hard pagefault count of hardest hit process:          713
Number of processes hit:                              32
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.331696
CPU 0 ISR highest execution time (µs):                44.492481
CPU 0 ISR total execution time (s):                   0.042489
CPU 0 ISR count:                                      3160
CPU 0 DPC highest execution time (µs):                176.255639
CPU 0 DPC total execution time (s):                   0.093997
CPU 0 DPC count:                                      9184
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.213302
CPU 1 ISR highest execution time (µs):                5.492481
CPU 1 ISR total execution time (s):                   0.001872
CPU 1 ISR count:                                      1411
CPU 1 DPC highest execution time (µs):                146.421053
CPU 1 DPC total execution time (s):                   0.064835
CPU 1 DPC count:                                      3477
_________________________________________________________________________________________________________
 

  

Attached Thumbnails

  • process_2.JPG
  • Drivers2.JPG

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP