Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HP Laptop really slow

Started by fonzy , May 04 2021 12:24 PM

  • Please log in to reply

#1
fonzy
Posted 04 May 2021 - 12:24 PM

fonzy

    Member

  • Member
  • PipPip
  • 76 posts

Hi,

 

My sons laptop is really slow. Possibly due to a virus but I am not sure. Even typing this I am having to wait for the text to catch up with me. The laptop takes ages to load and the load times of apps or things like Word is really slow. Please can someone try to help me speed this up?

 

Things tried:

Malwarebytes scan

Disk cleanup

Have applied all available Windows updates

Uninstalled some programs that are not needed

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by cstar (administrator) on CHARLIE-LAPTOP (HP HP Pavilion Laptop 15-cc5xx) (04-05-2021 19:02:21)
Running from C:\Users\charl\OneDrive\Desktop
Loaded Profiles: cstar & charl & defaultuser1
Platform: Windows 10 Home Version 2004 19041.867 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(0) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(0) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(0) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(0) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20688.0_x64__8wekyb3d8bbwe\HxTsr.exe
(0) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21021.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe <2>
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe <2>
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <25>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\Install\{912C5626-5A46-4D12-B7A1-F3D95E7229F6}\90.0.4430.93_89.0.4389.128_chrome_updater.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\Install\{912C5626-5A46-4D12-B7A1-F3D95E7229F6}\CR_7A86C.tmp\setup.exe <2>
(Google LLC -> Google) C:\Users\charl\AppData\Local\Google\Chrome\User Data\SwReporter\90.260.200\software_reporter_tool.exe <2>
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe <2>
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe <2>
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\igfxEM.exe <2>
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.13929.20296\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\charl\AppData\Local\Microsoft\OneDrive\21.062.0328.0001\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\charl\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\charl\AppData\Local\Microsoft\Teams\current\Teams.exe <10>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\cstar\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\UpdateAssistant\UpdateAssistant.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe <2>
Failed to access process -> LocalBridge.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3657408 2017-06-05] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [1062392 2017-03-15] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-3915671219-3013150676-4290985535-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32350096 2020-07-02] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\Run: [SmileboxTray] => C:\Users\charl\AppData\Roaming\Smilebox\SmileboxTray.exe [378760 2019-03-12] (Smilebox,Inc. -> Smilebox, Inc.)
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32350096 2020-07-02] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3144760 2021-04-25] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\charl\AppData\Local\Microsoft\Teams\Update.exe [2453728 2021-04-10] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-15] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05B86CAC-2314-457B-99EC-0E833D039DC5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-01] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0AD985B1-F1E9-4E44-B965-50FFBCE95AD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1148448 2016-12-07] (HP Inc. -> HP Inc.)
Task: {141DEC14-8613-44D0-82FE-CB98522F56DE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1A6A18B7-CFC9-4463-B65A-3A6C403A79F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-13] (Google LLC -> Google LLC)
Task: {2040C6E8-2D26-455B-A212-8AEE31B561BF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269296 2018-10-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {3B70CF12-13A3-4DA2-AAF7-B976D3867EDF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {3C58CC93-8FEB-4819-BCE3-69ACCFD96047} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {41E283D9-5215-4088-8A2D-10B8E254340D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4A0FD709-4370-4927-835C-9CBF9914A474} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [621600 2016-12-06] (HP Inc. -> HP Inc.)
Task: {5353205E-9559-4AFB-A1C2-C3EB1F4D0D1F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {56C4C716-A684-4337-9869-A07B2C38AB4D} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1356648 2017-01-12] (HP Inc. -> HP Development Company, L.P.)
Task: {62A5FBBC-BE8F-4C5B-9211-104B60701F78} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {694185E9-B992-479C-832C-247A08E795F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1075744 2016-12-06] (HP Inc. -> HP Inc.)
Task: {6FC5439A-7EFB-40AC-8B07-CE88EC2A0CFE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1148448 2016-12-07] (HP Inc. -> HP Inc.)
Task: {6FD64561-B55B-4489-BA69-896572DA9E1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-12-06] (HP Inc. -> HP Inc.)
Task: {74B67022-ABA8-4E40-820F-4EFFB6A41A9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [196968 2016-12-06] (HP Inc. -> HP Inc.)
Task: {7CDD2930-3ABA-4E50-8D25-A22FC178A4C1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {858FCAFE-FE73-403B-8A6E-947AC8A37DFB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {98365D60-770B-4518-A637-340FB6B62A9B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-12-06] (HP Inc. -> HP Inc.)
Task: {B39562A4-B3D9-423C-B250-0693CCA6341C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1120696 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4982C01-F36E-4221-BD47-B79A0989D4E3} - System32\Tasks\DropboxUpdateTaskMachineCore1d489842837318d => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-01] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B79E59FF-8948-4D6B-A9FF-90632A1DA9A0} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {D9D1092E-C075-47B9-AC56-5C1FB63A7EDA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-01] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E188EA89-2509-4E6D-A53B-42D425C32727} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [616232 2016-11-28] (Dropbox, Inc -> DropboxOEM)
Task: {E3479766-BD70-4ACB-AF62-3D99ECC63565} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1075744 2016-12-06] (HP Inc. -> HP Inc.)
Task: {F57A4491-280A-4EC6-9750-B9D8AB5E3A67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-13] (Google LLC -> Google LLC)
Task: {F952D223-6C14-4777-AEAF-AAC5395CEB64} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {FAD7AE50-AF1D-4B4A-9F9C-9FDEE072976D} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459264 2017-02-01] (HP Inc. -> )
Task: {FAD7AE50-AF1D-4B4A-9F9C-9FDEE072976D} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459264 2017-02-01] (HP Inc. -> )
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d489842837318d.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{075670c8-69b9-4fd9-90fd-de7e9764d89f}: [DhcpNameServer] 192.168.0.1
 
Edge: 
=======
Edge Notifications: HKU\S-1-5-21-3915671219-3013150676-4290985535-1003 -> hxxps://blox.land
Edge Profile: C:\Users\cstar\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-04]
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-23] (WildTangent Inc -> )
FF Plugin HKU\S-1-5-21-3915671219-3013150676-4290985535-1003: @zoom.us/ZoomVideoPlugin -> C:\Users\charl\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-12] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default [2021-05-04]
CHR Extension: (Slides) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-01-13]
CHR Extension: (Docs) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-01-13]
CHR Extension: (Google Drive) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-04]
CHR Extension: (YouTube) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-13]
CHR Extension: (Sheets) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-04]
CHR Extension: (Gmail) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-04]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8469592 2020-03-31] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798600 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-01] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-01] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2020-03-31] (EasyAntiCheat Oy -> Epic Games, Inc)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-23] (WildTangent Inc -> WildTangent)
S2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3394072 2017-03-01] (HP Inc. -> HP Inc.)
S2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-03] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc. -> HP Inc.)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2397816 2017-04-27] (Intel Corporation - pGFX -> Intel Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2545752 2021-04-25] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3485784 2021-04-25] (Electronic Arts, Inc. -> Electronic Arts)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 MpKsl74307dde; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{316B8356-428A-448A-9D7A-DEECDA5447AF}\MpKslDrv.sys [47336 2021-05-04] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-13] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-13] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
U3 aspnet_state; no ImagePath
S3 MpKsl35cc6f79; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{444792BC-0C90-4EBA-8D98-86D23147C132}\MpKslDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-04 19:01 - 2021-05-04 19:17 - 000023737 _____ C:\Users\cstar\Desktop\Addition.txt
2021-05-04 18:47 - 2021-05-04 19:01 - 000028738 _____ C:\Users\cstar\Desktop\FRST.txt
2021-05-04 18:44 - 2021-05-04 19:09 - 000000000 ____D C:\FRST
2021-05-04 18:43 - 2021-05-04 18:42 - 002298368 _____ (Farbar) C:\Users\cstar\Desktop\FRST64.exe
2021-05-04 18:42 - 2021-05-04 18:42 - 002298368 _____ (Farbar) C:\Users\cstar\Downloads\FRST64.exe
2021-05-04 18:15 - 2021-05-04 18:15 - 000000020 ___SH C:\Users\cstar\ntuser.ini
2021-05-04 18:12 - 2021-05-04 18:12 - 000000000 ___HD C:\ProgramData\temp
2021-04-15 20:54 - 2021-04-15 21:14 - 087628984 _____ C:\Users\charl\Downloads\Taylor Swift-1989 World Tour (3).zip
2021-04-15 20:53 - 2021-04-15 21:11 - 087910734 _____ C:\Users\charl\Downloads\Taylor Swift-1989 World Tour (4).zip
2021-04-15 20:49 - 2021-04-15 21:15 - 083020536 _____ C:\Users\charl\Downloads\Taylor Swift-1989 World Tour (1).zip
2021-04-15 20:43 - 2021-04-15 21:14 - 082168861 _____ C:\Users\charl\Downloads\Taylor Swift-1989 World Tour.zip
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-04 19:16 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-04 19:14 - 2020-03-31 19:08 - 000000000 ____D C:\Users\cstar\AppData\Local\NVIDIA Corporation
2021-05-04 19:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-04 19:04 - 2017-06-13 07:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-05-04 19:00 - 2017-12-26 13:54 - 000000000 ___RD C:\Users\charl\OneDrive
2021-05-04 18:59 - 2020-05-05 18:44 - 000000000 ____D C:\ProgramData\Origin
2021-05-04 18:57 - 2020-05-05 18:44 - 000000000 ____D C:\Users\charl\AppData\Roaming\Origin
2021-05-04 18:53 - 2020-05-05 18:44 - 000000000 ____D C:\Users\charl\AppData\Local\Origin
2021-05-04 18:51 - 2019-07-06 12:29 - 000000000 ____D C:\Users\cstar\AppData\Local\packages
2021-05-04 18:51 - 2017-12-26 13:43 - 000000000 __SHD C:\Users\charl\IntelGraphicsProfiles
2021-05-04 18:49 - 2021-02-10 19:15 - 000000000 ____D C:\Users\charl
2021-05-04 18:46 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-04 18:40 - 2021-02-10 20:23 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3915671219-3013150676-4290985535-1001
2021-05-04 18:40 - 2021-02-10 19:15 - 000002374 _____ C:\Users\cstar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-04 18:40 - 2020-06-26 09:06 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-04 18:40 - 2020-06-26 09:06 - 000002266 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-04 18:40 - 2020-06-26 09:06 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-04 18:40 - 2017-12-26 12:53 - 000000000 ___RD C:\Users\cstar\OneDrive
2021-05-04 18:33 - 2020-03-31 13:04 - 000000000 ____D C:\Users\cstar\AppData\Local\D3DSCache
2021-05-04 18:22 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-04 18:20 - 2020-01-13 20:41 - 000000000 ___RD C:\Users\cstar\3D Objects
2021-05-04 18:20 - 2017-03-18 04:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-05-04 18:16 - 2017-12-26 12:48 - 000000000 __SHD C:\Users\cstar\IntelGraphicsProfiles
2021-05-04 18:15 - 2021-02-10 19:15 - 000000000 ____D C:\Users\cstar
2021-05-04 18:15 - 2021-02-10 19:14 - 000885796 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-04 18:15 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-04 18:10 - 2021-02-10 20:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-04 18:10 - 2021-02-10 19:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-04 18:10 - 2021-02-10 19:05 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-04 18:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-05-02 14:29 - 2021-02-10 19:15 - 000002374 _____ C:\Users\charl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-02 14:08 - 2018-12-02 10:03 - 000000000 ____D C:\Users\charl\AppData\Local\Packages
2021-05-02 14:01 - 2021-03-04 09:48 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6ffda8fc60eaf
2021-05-02 14:01 - 2021-02-10 20:23 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-25 21:12 - 2018-12-17 17:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-25 20:33 - 2020-05-05 18:45 - 000000000 ____D C:\Program Files (x86)\Origin
2021-04-25 20:31 - 2018-12-17 17:28 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-21 15:45 - 2021-02-10 20:23 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-21 15:45 - 2021-02-10 20:23 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-15 19:59 - 2020-01-13 20:55 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-15 19:59 - 2020-01-13 20:55 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-15 19:59 - 2020-01-13 20:55 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-15 19:44 - 2017-12-26 15:47 - 000000000 ____D C:\Users\charl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-04-13 21:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-13 14:08 - 2019-02-02 14:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-10 15:37 - 2017-12-26 15:47 - 000000252 _____ C:\Users\charl\AppData\LocalLow\rbxcsettings.rbx
2021-04-10 14:53 - 2021-01-04 12:28 - 000002375 _____ C:\Users\charl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-04-10 14:28 - 2021-02-10 20:23 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3915671219-3013150676-4290985535-1003
2021-04-07 14:03 - 2020-05-05 18:47 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-04-06 10:15 - 2019-03-22 21:47 - 000000000 ____D C:\Users\charl\AppData\Local\PlaceholderTileLogoFolder
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by cstar (04-05-2021 19:17:55)
Running from C:\Users\charl\OneDrive\Desktop
Windows 10 Home Version 2004 19041.867 (X64) (2021-02-10 19:25:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3915671219-3013150676-4290985535-500 - Administrator - Disabled)
charl (S-1-5-21-3915671219-3013150676-4290985535-1003 - Limited - Enabled) => C:\Users\charl
cstar (S-1-5-21-3915671219-3013150676-4290985535-1001 - Administrator - Enabled) => C:\Users\cstar
DefaultAccount (S-1-5-21-3915671219-3013150676-4290985535-503 - Limited - Disabled)
defaultuser1 (S-1-5-21-3915671219-3013150676-4290985535-1007 - Limited - Enabled) => C:\Users\defaultuser1.CHARLIE-LAPTOP
Guest (S-1-5-21-3915671219-3013150676-4290985535-501 - Limited - Disabled)
holly (S-1-5-21-3915671219-3013150676-4290985535-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3915671219-3013150676-4290985535-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (HKLM-x32\...\WTA-a77e5c69-8230-4eb6-aa02-65002b4b86cb) (Version: 3.0.2.59 - WildTangent) Hidden
Crazy Chicken Soccer (HKLM-x32\...\WTA-4932acc3-ccaa-461b-afa1-b952769bfca6) (Version: 2.2.0.110 - WildTangent) Hidden
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden
ELAN Touchpad 18.2.13.1_X64_WHQL (HKLM\...\Elantech) (Version: 18.2.13.1 - ELAN Microelectronic Corp.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{1D4EB18B-0FEE-444E-B4D1-6F2CFBC363E6}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Express Animate (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\ExpressAnimate) (Version: 4.06 - NCH Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.128 - Google LLC)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{20CC03C7-7B48-4130-B7FA-39BC128E3A9E}) (Version: 2.21.5 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{23D5C1E8-0442-4D70-9280-927EF36657CB}) (Version: 1.1.0.378 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7}) (Version: 1.1.275.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{04ec2b32-255d-418f-b6ca-dec62b872f5d}) (Version: 1.3.60.240 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.3.50.9 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.5.32.203 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.19 - HP Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11003.3588 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1004 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.5.0.1051 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{05f918ac-9392-4f5d-8399-68c4c70550b0}) (Version: 19.60.1 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-cc693ae0-2c2f-4377-96d3-bdc78b0cc31e) (Version: 3.0.2.59 - WildTangent) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13929.20296 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3915671219-3013150676-4290985535-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\Teams) (Version: 1.4.00.8872 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\MixPad) (Version: 5.98 - NCH Software)
Movavi Video Editor 15 Plus (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\Movavi Video Editor 15 Plus) (Version: 15.4.0 - Movavi)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.97.47554 - Electronic Arts, Inc.)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-27266199-ac8c-4915-ad18-0107864fc9e4) (Version: 3.0.2.59 - WildTangent) Hidden
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-fa0826e4-b676-4470-82bf-533487b89040) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.150 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8554 - Realtek Semiconductor Corp.)
Roblox Player for charl (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Studio for charl (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\roblox-studio) (Version:  - Roblox Corporation)
Runefall (HKLM-x32\...\WTA-fd856dda-843f-4844-b994-d3b60de3f367) (Version: 3.0.2.126 - WildTangent) Hidden
Smilebox (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\Smilebox) (Version: 1.0.0.33152 - Smilebox, Inc.)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.72.28.1030 - Electronic Arts Inc.)
Trinklit Supreme (HKLM-x32\...\WTA-b66ab1db-4610-4b63-8522-58c4254277ad) (Version: 2.2.0.98 - WildTangent) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VideoPad Video Editor (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\VideoPad) (Version: 7.24 - NCH Software)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-4) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Zoom (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
 
Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.33.4.0_x86__kgqvnymyfvs32 [2020-03-31] (king.com)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.378.0_x64__v10z8vjag6ke6 [2019-07-06] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-10] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-31] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3915671219-3013150676-4290985535-1003_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\charl\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3915671219-3013150676-4290985535-1003_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\charl\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\igfxDTCM.dll [2018-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=booking&refclickid=square
 
==================== Loaded Modules (Whitelisted) =============
 
2020-03-31 11:24 - 2020-03-31 11:24 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2020-03-31 11:24 - 2020-03-31 11:24 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2020-03-31 11:24 - 2020-03-31 11:24 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2021-02-17 14:04 - 2021-02-17 14:04 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\19ba9be726e8dce51892174a30840398\Interop.IWshRuntimeLibrary.ni.dll
2021-02-17 14:04 - 2021-02-17 14:04 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\b7c7bfa93546fa2cc82d70c005cb0a01\Hardcodet.Wpf.TaskbarNotification.ni.dll
2021-04-13 14:34 - 2021-04-13 14:35 - 091346432 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_126.2.222.0_x64__v10z8vjag6ke6\HP.Smart.dll
2021-04-06 10:19 - 2021-04-06 10:20 - 007068672 _____ (HP Development Company, L.P.) [File not signed] C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_126.2.222.0_x64__v10z8vjag6ke6\HPPageLift.UWP.dll
2021-02-17 14:04 - 2021-02-17 14:04 - 001585664 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\c357577684f89e2e7eb092042ac7105d\NAudio.ni.dll
2020-04-21 10:48 - 2020-04-21 10:48 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2020-04-21 10:48 - 2020-04-21 10:48 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2021-02-17 14:01 - 2021-02-17 14:01 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\07fe9165a3593cb64a943a8b34855409\Newtonsoft.Json.ni.dll
2021-02-17 14:04 - 2021-02-17 14:04 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\da11c135f4fc3f7190041b0b0935c564\log4net.ni.dll
2020-03-31 11:23 - 2020-03-31 11:23 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [488]
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-3915671219-3013150676-4290985535-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3915671219-3013150676-4290985535-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.google.com
hxxp://hp13.msn.com
SearchScopes: HKLM -> {BD7622EA-8221-42CA-A62A-F55EDA40F894} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {BD7622EA-8221-42CA-A62A-F55EDA40F894} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\sharepoint.com -> hxxps://denefieldschool-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 22:03 - 2017-03-18 22:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3915671219-3013150676-4290985535-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cstar\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\backgrounddefault.jpg
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\charl\OneDrive\Desktop\Taylor-Swift (1).jpg
HKU\S-1-5-21-3915671219-3013150676-4290985535-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-3915671219-3013150676-4290985535-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\StartupApproved\Run: => "SmileboxTray"
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\StartupApproved\Run: => "EADM"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5C8C0DC5-F39B-429D-8B24-3BAA2A2BA41B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6D84BE4B-8CD6-4E61-95A4-A302D46D9B6B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{811E943C-5CC5-4B31-9C06-EE65A46A7B7E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9916855E-EF73-4E9E-9627-343ABC884E64}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{C9931502-6755-4852-A4C8-84D07242FA67}C:\users\charl\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\charl\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{B55BB93A-C47E-419C-973A-0B9A2A43856C}C:\users\charl\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\charl\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F4C6D24-F41E-45D3-8BD8-76618B80AE03}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AA6BE6D3-7319-4506-9207-05CF1F6A2BAA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{27EAB973-BEF8-4DEB-A2CA-71CE33F44590}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E058B430-ABD2-4F8F-B974-499764295096}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{55E1819D-3D09-4ED4-9428-5143167BD6E6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EF2FD6C9-7A27-454A-B364-2B0EEA1806A2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB40CE3D-9F3B-4D19-911D-497F36396BD0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2BDECEC6-5A70-4F06-9D2B-DFCC95232810}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{64D4649A-DE11-4719-9240-CC809A962B3E}C:\users\charl\appdata\roaming\zoom\bin\airhost.exe] => (Block) C:\users\charl\appdata\roaming\zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{C94BC659-569A-4A0D-97FB-98B80B3C0A82}C:\users\charl\appdata\roaming\zoom\bin\airhost.exe] => (Block) C:\users\charl\appdata\roaming\zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A50E895A-F116-4848-A1F7-792E6A3C35EA}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{CC26F3C3-EC66-40BF-AEFF-0083D8C86594}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{F4947508-67DC-4E43-8F13-DA95D78E655E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5738489F-3F84-49B1-A97E-37DFF2AA2E19}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{38260D83-C0F2-49F7-A1AE-0E5AB6929FDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0EBF9E09-B494-42F2-A424-5D61B23AD468}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3E6269A-9943-4AE0-B127-D1837838A72E}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (HP Inc. -> HP Inc.)
FirewallRules: [{6E34DDF9-81E6-4487-8FE9-9F934E8C9A5B}] => (Allow) LPort=13148
FirewallRules: [{40E25B42-91C2-439C-8E8F-5AB78EFC4A1C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{4188A434-EE3B-4CEB-AF0A-A75B6A884AAB}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{08A5DE64-BEBE-49FA-9415-4E35C9E5A553}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{1B24180D-3DCF-4E25-8D89-085465A41424}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{EAC8DF82-9151-4F13-8C55-5E90F3EE47C3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{772A79BB-A546-4413-BB44-CDE336FD7AFC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{35CF74DA-9A94-427F-94B4-FA4987843BD0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{26841DA4-4FBA-47FC-A0FE-25F32B8A2B56}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{061D5E60-B039-4B4F-A148-8A437CD5773E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{263C1E71-D903-44A3-A232-973EE92C2439}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{34D384C4-3760-4856-8D32-CD7592F74D23}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F817C6A7-C4D8-4244-AE80-4A103D692BFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.156.595.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5D8F59E7-9F00-4E9F-9016-BE7B7EAE970C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B13B35E2-B963-4A79-B49B-8BD9C28669CD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.51\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A79D20E-27AB-4CAC-9A6F-2BB534B3A07E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
26-04-2021 15:52:55 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (05/04/2021 07:11:55 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialised for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Context:  Application, SystemIndex Catalogue
 
Error: (05/04/2021 07:11:40 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x8007045b, "winrt://{S-1-5-21-3915671219-3013150676-4290985535-1007}/">.
 
Error: (05/04/2021 07:11:40 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x8007045b, "winrt://{S-1-5-21-3915671219-3013150676-4290985535-1006}/">.
 
Error: (05/04/2021 07:11:40 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x8007045b, "winrt://{S-1-5-21-3915671219-3013150676-4290985535-1003}/">.
 
Error: (05/04/2021 07:11:40 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x8007045b, "winrt://{S-1-5-21-3915671219-3013150676-4290985535-1001}/">.
 
Error: (05/04/2021 07:11:40 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x8007045b, "winrt://{S-1-5-21-1629761431-2914786845-3006196346-500}/">.
 
Error: (05/04/2021 07:11:40 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x8007045b, "mapi16://{S-1-5-21-3915671219-3013150676-4290985535-1003}/">.
 
Error: (05/04/2021 07:11:40 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x8007045b, "file:///C:\[836e3658-fab3-4103-9b86-4ca810745eba]\Users\">.
 
 
System errors:
=============
Error: (05/04/2021 07:11:49 PM) (Source: DCOM) (EventID: 10005) (User: CHARLIE-LAPTOP)
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (05/04/2021 07:11:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/04/2021 07:11:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (05/04/2021 07:11:49 PM) (Source: DCOM) (EventID: 10005) (User: CHARLIE-LAPTOP)
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (05/04/2021 07:11:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/04/2021 07:11:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (05/04/2021 07:11:49 PM) (Source: DCOM) (EventID: 10005) (User: CHARLIE-LAPTOP)
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (05/04/2021 07:11:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
Windows Defender:
================
Date: 2021-04-15 20:41:32
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-04-15 20:30:45
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-04-15 20:21:18
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-04-15 20:09:10
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-04-07 14:40:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-04 18:28:28
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.335.1343.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18000.5
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2021-05-04 18:22:27
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.335.1343.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18000.5
Error code: 0x80070643
Error description: Fatal error during installation. 
 
Date: 2021-05-04 18:22:21
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.337.600.0
Previous security intelligence Version: 1.335.1343.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.5
Previous Engine Version: 1.1.18000.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-05-04 18:22:21
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.337.600.0
Previous security intelligence Version: 1.335.1343.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.5
Previous Engine Version: 1.1.18000.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-05-04 18:22:21
Description: 
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.18100.5
Previous Engine Version: 1.1.18000.5
Error Code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
==================== Memory info =========================== 
 
BIOS: Insyde F.10 07/28/2017
Motherboard: HP 8367
Processor: Intel® Core™ i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 81%
Total physical RAM: 8077.22 MB
Available physical RAM: 1518.43 MB
Total Virtual: 9357.22 MB
Available Virtual: 2406.38 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:915.14 GB) (Free:737.34 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.14 GB) (Free:1.81 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{9937a385-788e-4fb4-9980-2788d1ebcf18}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.44 GB) NTFS
\\?\Volume{666d7029-a0a4-455e-8199-9a14441f31a8}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B38C9083)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 

 


  • 0

Advertisements

#2
RKinner
Posted 04 May 2021 - 09:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   414bytes   174 downloads

Run FRST and press Fix (This will check your system files and run for about 25 minutes.   Be patient.)
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Assuming that doesn't magically fix things:

Multiple replies are OK.  Best to post a log as you get it.

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 7.0 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.  


Click on the Drivers Tab.  Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top of the column then take a screen shot (save as type jpg) and attach it.  
Click on the Processes tab then click on the  "Hard Pagefaults" column header once or twice until the big numbers are at the top of the column.  Take a screen shot (save as type jpg) and attach it.

 


  • 0

#3
fonzy
Posted 05 May 2021 - 03:53 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Thank you for your reply. I will post the logs below as I get them.

 

Fix Log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by charl (05-05-2021 10:46:14) Run:1
Running from C:\Users\charl\OneDrive\Desktop
Loaded Profiles: charl
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Error: 740
 
Elevated permissions are required to run DISM. 
Use an elevated command prompt to complete these tasks.
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
 
You must be an administrator running a console session in order to 
 
use the sfc utility.
 
 
========= End of CMD: =========
 
 
========= findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log =========
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log muxencode.
Access is denied.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 10:47:17 ====

Edited by fonzy, 05 May 2021 - 04:17 AM.

  • 0

#4
fonzy
Posted 05 May 2021 - 04:24 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by cstar (administrator) on CHARLIE-LAPTOP (HP HP Pavilion Laptop 15-cc5xx) (05-05-2021 11:16:00)
Running from C:\Users\charl\OneDrive\Desktop
Loaded Profiles: cstar & charl
Platform: Windows 10 Home Version 20H2 19042.928 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\charl\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\charl\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
0 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe
0 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe
0 C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21022.215.0_x64__8wekyb3d8bbwe\YourPhone.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3657408 2017-06-05] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [1062392 2017-03-15] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\Run: [SmileboxTray] => C:\Users\charl\AppData\Roaming\Smilebox\SmileboxTray.exe [378760 2019-03-12] (Smilebox,Inc. -> Smilebox, Inc.)
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3144760 2021-04-25] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\charl\AppData\Local\Microsoft\Teams\Update.exe [2453728 2021-04-10] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-05-05] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05B86CAC-2314-457B-99EC-0E833D039DC5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-01] (Dropbox, Inc -> Dropbox, Inc.)
Task: {0AD985B1-F1E9-4E44-B965-50FFBCE95AD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1148448 2016-12-07] (HP Inc. -> HP Inc.)
Task: {1A6A18B7-CFC9-4463-B65A-3A6C403A79F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-13] (Google LLC -> Google LLC)
Task: {2016191B-2CA7-443D-8B86-BC24D0C8D78E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {2040C6E8-2D26-455B-A212-8AEE31B561BF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269296 2018-10-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {4A0FD709-4370-4927-835C-9CBF9914A474} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [621600 2016-12-06] (HP Inc. -> HP Inc.)
Task: {4E46D38D-CED5-4255-BF62-8B8D2DEBA87D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {56C4C716-A684-4337-9869-A07B2C38AB4D} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1356648 2017-01-12] (HP Inc. -> HP Development Company, L.P.)
Task: {576C991C-0FD7-43D1-A9D3-15AED1C4C74B} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {694185E9-B992-479C-832C-247A08E795F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1075744 2016-12-06] (HP Inc. -> HP Inc.)
Task: {6FC5439A-7EFB-40AC-8B07-CE88EC2A0CFE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1148448 2016-12-07] (HP Inc. -> HP Inc.)
Task: {6FD64561-B55B-4489-BA69-896572DA9E1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-12-06] (HP Inc. -> HP Inc.)
Task: {74B67022-ABA8-4E40-820F-4EFFB6A41A9E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [196968 2016-12-06] (HP Inc. -> HP Inc.)
Task: {98365D60-770B-4518-A637-340FB6B62A9B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-12-06] (HP Inc. -> HP Inc.)
Task: {B39562A4-B3D9-423C-B250-0693CCA6341C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1120696 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4982C01-F36E-4221-BD47-B79A0989D4E3} - System32\Tasks\DropboxUpdateTaskMachineCore1d489842837318d => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-01] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B79E59FF-8948-4D6B-A9FF-90632A1DA9A0} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {D9D1092E-C075-47B9-AC56-5C1FB63A7EDA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-01] (Dropbox, Inc -> Dropbox, Inc.)
Task: {E188EA89-2509-4E6D-A53B-42D425C32727} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [616232 2016-11-28] (Dropbox, Inc -> DropboxOEM)
Task: {E3479766-BD70-4ACB-AF62-3D99ECC63565} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1075744 2016-12-06] (HP Inc. -> HP Inc.)
Task: {F24BD4FC-7511-48E4-81F2-1495D6DA6BD4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {F57A4491-280A-4EC6-9750-B9D8AB5E3A67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-13] (Google LLC -> Google LLC)
Task: {F952D223-6C14-4777-AEAF-AAC5395CEB64} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {FAD7AE50-AF1D-4B4A-9F9C-9FDEE072976D} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459264 2017-02-01] (HP Inc. -> )
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d489842837318d.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{075670c8-69b9-4fd9-90fd-de7e9764d89f}: [DhcpNameServer] 192.168.0.1
 
Edge: 
=======
Edge Notifications: HKU\S-1-5-21-3915671219-3013150676-4290985535-1003 -> hxxps://blox.land
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\cstar\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-04]
 
FireFox:
========
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-11-23] (WildTangent Inc -> )
FF Plugin HKU\S-1-5-21-3915671219-3013150676-4290985535-1003: @zoom.us/ZoomVideoPlugin -> C:\Users\charl\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-12] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default [2021-05-04]
CHR Extension: (Slides) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-01-13]
CHR Extension: (Docs) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-01-13]
CHR Extension: (Google Drive) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-04]
CHR Extension: (YouTube) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-01-13]
CHR Extension: (Sheets) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-05-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-04]
CHR Extension: (Gmail) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-04]
CHR Extension: (Chrome Media Router) - C:\Users\cstar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-04]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8469592 2020-03-31] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798600 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-01] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-12-01] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2020-03-31] (EasyAntiCheat Oy -> Epic Games, Inc)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-11-23] (WildTangent Inc -> WildTangent)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1309184 2016-10-07] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3394072 2017-03-01] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [471040 2017-04-03] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [630776 2017-02-06] (HP Inc. -> HP Inc.)
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2397816 2017-04-27] (Intel Corporation - pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-05-04] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2545752 2021-04-25] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3485784 2021-04-25] (Electronic Arts, Inc. -> Electronic Arts)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-05-04] (Malwarebytes Inc -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-04] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-05-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-05-05] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-05-04] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [157944 2021-05-05] (Malwarebytes Inc -> Malwarebytes)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-04-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421088 2021-04-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-13] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
U3 aspnet_state; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-05 10:56 - 2021-05-05 10:56 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-05-05 10:56 - 2021-05-05 10:56 - 000157944 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-05-05 10:56 - 2021-05-05 10:56 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-05-05 10:56 - 2021-05-05 10:56 - 000000000 ___HD C:\ProgramData\temp
2021-05-05 10:43 - 2021-05-05 10:43 - 000000414 _____ C:\Users\charl\Downloads\fixlist.txt
2021-05-04 22:07 - 2021-05-04 22:07 - 000925696 _____ C:\WINDOWS\SysWOW64\FXSRESM.dll
2021-05-04 22:07 - 2021-05-04 22:07 - 000504832 _____ C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2021-05-04 22:07 - 2021-05-04 22:07 - 000094208 _____ C:\WINDOWS\system32\FXSCOM.dll
2021-05-04 22:07 - 2021-05-04 22:07 - 000025600 _____ C:\WINDOWS\SysWOW64\WinFax.dll
2021-05-04 22:06 - 2021-05-04 22:06 - 000742912 _____ C:\WINDOWS\SysWOW64\fveapi.dll
2021-05-04 22:06 - 2021-05-04 22:06 - 000352256 _____ C:\WINDOWS\SysWOW64\fveapibase.dll
2021-05-04 22:05 - 2021-05-04 22:05 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-04 22:02 - 2021-05-04 22:02 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-04 22:01 - 2021-05-04 22:01 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-05-04 21:10 - 2021-05-04 21:10 - 000000000 ____D C:\Users\cstar\AppData\LocalLow\IGDump
2021-05-04 19:37 - 2021-05-04 19:37 - 000000000 ____D C:\Users\charl\AppData\Local\mbam
2021-05-04 19:36 - 2021-05-04 19:36 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-05-04 19:36 - 2021-05-04 19:36 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-05-04 19:36 - 2021-05-04 19:36 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-04 19:36 - 2021-05-04 19:36 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-05-04 19:36 - 2021-05-04 19:36 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-05-04 19:35 - 2021-05-04 19:33 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-05-04 19:35 - 2021-05-04 19:33 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-05-04 19:33 - 2021-05-04 19:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-05-04 19:32 - 2021-05-04 19:32 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-04 19:24 - 2021-05-04 19:24 - 002078632 _____ (Malwarebytes) C:\Users\charl\Downloads\MBSetup.exe
2021-05-04 19:01 - 2021-05-04 19:18 - 000039566 _____ C:\Users\cstar\Desktop\Addition.txt
2021-05-04 18:47 - 2021-05-04 19:18 - 000028799 _____ C:\Users\cstar\Desktop\FRST.txt
2021-05-04 18:44 - 2021-05-05 11:17 - 000000000 ____D C:\FRST
2021-05-04 18:43 - 2021-05-04 18:42 - 002298368 _____ (Farbar) C:\Users\cstar\Desktop\FRST64.exe
2021-05-04 18:42 - 2021-05-04 18:42 - 002298368 _____ (Farbar) C:\Users\cstar\Downloads\FRST64.exe
2021-05-04 18:15 - 2021-05-04 18:15 - 000000020 ___SH C:\Users\cstar\ntuser.ini
2021-04-15 20:54 - 2021-04-15 21:14 - 087628984 _____ C:\Users\charl\Downloads\Taylor Swift-1989 World Tour (3).zip
2021-04-15 20:53 - 2021-04-15 21:11 - 087910734 _____ C:\Users\charl\Downloads\Taylor Swift-1989 World Tour (4).zip
2021-04-15 20:49 - 2021-04-15 21:15 - 083020536 _____ C:\Users\charl\Downloads\Taylor Swift-1989 World Tour (1).zip
2021-04-15 20:43 - 2021-04-15 21:14 - 082168861 _____ C:\Users\charl\Downloads\Taylor Swift-1989 World Tour.zip
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-05-05 11:16 - 2021-02-10 19:15 - 000000000 ____D C:\Users\defaultuser1.CHARLIE-LAPTOP
2021-05-05 11:16 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-05 11:03 - 2021-02-10 19:14 - 000885796 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-05 11:03 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-05 11:00 - 2017-12-26 13:54 - 000000000 ___RD C:\Users\charl\OneDrive
2021-05-05 10:58 - 2017-12-26 13:43 - 000000000 __SHD C:\Users\charl\IntelGraphicsProfiles
2021-05-05 10:55 - 2021-02-10 20:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-05 10:55 - 2021-02-10 19:05 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-05 10:55 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-05-05 10:55 - 2018-12-01 15:43 - 000000942 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d489842837318d.job
2021-05-05 10:55 - 2017-06-13 07:30 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-05-05 10:54 - 2019-12-07 10:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-05-05 10:37 - 2021-02-10 19:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-05 10:31 - 2021-02-10 20:23 - 000004008 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-05-05 10:31 - 2021-02-10 20:23 - 000003804 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore1d489842837318d
2021-05-05 08:43 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-05 08:43 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-05 08:24 - 2020-06-26 09:06 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-05 08:24 - 2020-06-26 09:06 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-05 08:24 - 2020-06-26 09:06 - 000002283 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-05-05 08:22 - 2020-01-13 20:55 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-05 08:22 - 2020-01-13 20:55 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-05 08:22 - 2020-01-13 20:55 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-05-05 08:18 - 2021-02-10 19:06 - 000342056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-05 08:15 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-05 08:12 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-05-05 08:12 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-05 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-05 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-05 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-05 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-05-05 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-05 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-05-05 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-05-05 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-05 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-05 08:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-05 07:05 - 2021-02-10 19:15 - 000000000 ____D C:\Users\charl
2021-05-04 22:00 - 2021-02-10 19:10 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-05-04 21:09 - 2020-09-30 16:30 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-05-04 20:46 - 2019-07-06 12:29 - 000000000 ____D C:\Users\cstar\AppData\Local\packages
2021-05-04 20:44 - 2020-01-13 20:42 - 000000000 ____D C:\Users\cstar\AppData\Local\Publishers
2021-05-04 19:36 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-05-04 19:32 - 2020-03-31 19:20 - 000000000 ____D C:\Users\charl\AppData\Local\NVIDIA Corporation
2021-05-04 19:28 - 2018-12-02 10:03 - 000000000 ____D C:\Users\charl\AppData\Local\Packages
2021-05-04 19:19 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-04 19:14 - 2020-03-31 19:08 - 000000000 ____D C:\Users\cstar\AppData\Local\NVIDIA Corporation
2021-05-04 19:04 - 2017-06-13 07:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-05-04 18:59 - 2020-05-05 18:44 - 000000000 ____D C:\ProgramData\Origin
2021-05-04 18:57 - 2020-05-05 18:44 - 000000000 ____D C:\Users\charl\AppData\Roaming\Origin
2021-05-04 18:53 - 2020-05-05 18:44 - 000000000 ____D C:\Users\charl\AppData\Local\Origin
2021-05-04 18:40 - 2021-02-10 20:23 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3915671219-3013150676-4290985535-1001
2021-05-04 18:40 - 2021-02-10 19:15 - 000002374 _____ C:\Users\cstar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-04 18:40 - 2017-12-26 12:53 - 000000000 ___RD C:\Users\cstar\OneDrive
2021-05-04 18:33 - 2020-03-31 13:04 - 000000000 ____D C:\Users\cstar\AppData\Local\D3DSCache
2021-05-04 18:20 - 2020-01-13 20:41 - 000000000 ___RD C:\Users\cstar\3D Objects
2021-05-04 18:20 - 2017-03-18 04:53 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-05-04 18:16 - 2017-12-26 12:48 - 000000000 __SHD C:\Users\cstar\IntelGraphicsProfiles
2021-05-04 18:15 - 2021-02-10 19:15 - 000000000 ____D C:\Users\cstar
2021-05-02 14:29 - 2021-02-10 19:15 - 000002374 _____ C:\Users\charl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-02 14:01 - 2021-03-04 09:48 - 000003386 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6ffda8fc60eaf
2021-05-02 14:01 - 2021-02-10 20:23 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-25 21:12 - 2018-12-17 17:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-25 20:33 - 2020-05-05 18:45 - 000000000 ____D C:\Program Files (x86)\Origin
2021-04-25 20:31 - 2018-12-17 17:28 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-21 15:45 - 2021-02-10 20:23 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-21 15:45 - 2021-02-10 20:23 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-15 19:44 - 2017-12-26 15:47 - 000000000 ____D C:\Users\charl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-04-13 21:21 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-13 14:08 - 2019-02-02 14:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-10 15:37 - 2017-12-26 15:47 - 000000252 _____ C:\Users\charl\AppData\LocalLow\rbxcsettings.rbx
2021-04-10 14:53 - 2021-01-04 12:28 - 000002375 _____ C:\Users\charl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-04-10 14:28 - 2021-02-10 20:23 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3915671219-3013150676-4290985535-1003
2021-04-07 14:03 - 2020-05-05 18:47 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-04-06 10:15 - 2019-03-22 21:47 - 000000000 ____D C:\Users\charl\AppData\Local\PlaceholderTileLogoFolder
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by cstar (05-05-2021 11:19:38)
Running from C:\Users\charl\OneDrive\Desktop
Windows 10 Home Version 20H2 19042.928 (X64) (2021-02-10 19:25:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3915671219-3013150676-4290985535-500 - Administrator - Disabled)
charl (S-1-5-21-3915671219-3013150676-4290985535-1003 - Limited - Enabled) => C:\Users\charl
cstar (S-1-5-21-3915671219-3013150676-4290985535-1001 - Administrator - Enabled) => C:\Users\cstar
DefaultAccount (S-1-5-21-3915671219-3013150676-4290985535-503 - Limited - Disabled)
defaultuser1 (S-1-5-21-3915671219-3013150676-4290985535-1007 - Limited - Enabled) => C:\Users\defaultuser1.CHARLIE-LAPTOP
Guest (S-1-5-21-3915671219-3013150676-4290985535-501 - Limited - Disabled)
holly (S-1-5-21-3915671219-3013150676-4290985535-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3915671219-3013150676-4290985535-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (HKLM-x32\...\WTA-a77e5c69-8230-4eb6-aa02-65002b4b86cb) (Version: 3.0.2.59 - WildTangent) Hidden
Crazy Chicken Soccer (HKLM-x32\...\WTA-4932acc3-ccaa-461b-afa1-b952769bfca6) (Version: 2.2.0.110 - WildTangent) Hidden
Dropbox 25 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.459.1 - Dropbox, Inc.) Hidden
ELAN Touchpad 18.2.13.1_X64_WHQL (HKLM\...\Elantech) (Version: 18.2.13.1 - ELAN Microelectronic Corp.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Express Animate (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\ExpressAnimate) (Version: 4.06 - NCH Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{20CC03C7-7B48-4130-B7FA-39BC128E3A9E}) (Version: 2.21.5 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{23D5C1E8-0442-4D70-9280-927EF36657CB}) (Version: 1.1.0.378 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{81CA40FD-E11B-4DC1-AE33-A71EB044B8B7}) (Version: 1.1.275.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{04ec2b32-255d-418f-b6ca-dec62b872f5d}) (Version: 1.3.60.240 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.3.50.9 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.5.32.203 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{1BB20774-0FA8-4CFF-AB69-7B7AAE2DCE6C}) (Version: 1.4.19 - HP Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11003.3588 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1004 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.5.0.1051 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{05f918ac-9392-4f5d-8399-68c4c70550b0}) (Version: 19.60.1 - Intel Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Magic Heroes: Save Our Park (HKLM-x32\...\WTA-cc693ae0-2c2f-4377-96d3-bdc78b0cc31e) (Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13929.20296 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3915671219-3013150676-4290985535-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\Teams) (Version: 1.4.00.8872 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
MixPad Multitrack Recording Software (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\MixPad) (Version: 5.98 - NCH Software)
Movavi Video Editor 15 Plus (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\Movavi Video Editor 15 Plus) (Version: 15.4.0 - Movavi)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13929.20296 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13929.20216 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.97.47554 - Electronic Arts, Inc.)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-27266199-ac8c-4915-ad18-0107864fc9e4) (Version: 3.0.2.59 - WildTangent) Hidden
Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-fa0826e4-b676-4470-82bf-533487b89040) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.150 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8554 - Realtek Semiconductor Corp.)
Roblox Player for charl (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Studio for charl (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\roblox-studio) (Version:  - Roblox Corporation)
Runefall (HKLM-x32\...\WTA-fd856dda-843f-4844-b994-d3b60de3f367) (Version: 3.0.2.126 - WildTangent) Hidden
Smilebox (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\Smilebox) (Version: 1.0.0.33152 - Smilebox, Inc.)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.72.28.1030 - Electronic Arts Inc.)
Trinklit Supreme (HKLM-x32\...\WTA-b66ab1db-4610-4b63-8522-58c4254277ad) (Version: 2.2.0.98 - WildTangent) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VideoPad Video Editor (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\VideoPad) (Version: 7.24 - NCH Software)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-4) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Zoom (HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
 
Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.33.4.0_x86__kgqvnymyfvs32 [2020-03-31] (king.com)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.378.0_x64__v10z8vjag6ke6 [2019-07-06] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_126.2.222.0_x64__v10z8vjag6ke6 [2021-05-04] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-02-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-02-10] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-05-04] (Netflix, Inc.)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j [2021-05-04] (Random Salad Games LLC)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3915671219-3013150676-4290985535-1003_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\charl\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20339.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3915671219-3013150676-4290985535-1003_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\charl\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-04] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\igfxDTCM.dll [2018-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-04] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [447752 2014-09-16] (Electronic Arts -> On2.com)
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2021-02-17 14:00 - 2021-02-17 14:00 - 000157696 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\17c957e18eec67eee9951a8c48fd28e5\BRIDGECommon.ni.dll
2021-02-17 14:03 - 2021-02-17 14:03 - 000120832 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\764b38e6de1bd057f94011120cc33d24\BridgeExtension.ni.dll
2021-02-17 14:03 - 2021-02-17 14:03 - 000343552 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\51b827da59bc6d814fd76ade6d857d6b\CleanStartController.ni.dll
2021-02-17 14:04 - 2021-02-17 14:04 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\19ba9be726e8dce51892174a30840398\Interop.IWshRuntimeLibrary.ni.dll
2021-02-17 14:04 - 2021-02-17 14:04 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\b7c7bfa93546fa2cc82d70c005cb0a01\Hardcodet.Wpf.TaskbarNotification.ni.dll
2021-02-17 14:03 - 2021-02-17 14:03 - 000134656 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\939bd33c5f4a7ad06c69a173c40dc7f0\CommonPortable.ni.dll
2021-02-17 14:04 - 2021-02-17 14:04 - 001585664 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\c357577684f89e2e7eb092042ac7105d\NAudio.ni.dll
2021-02-17 14:01 - 2021-02-17 14:01 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\07fe9165a3593cb64a943a8b34855409\Newtonsoft.Json.ni.dll
2021-02-17 14:04 - 2021-02-17 14:04 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\da11c135f4fc3f7190041b0b0935c564\log4net.ni.dll
2021-04-02 15:55 - 2021-04-25 20:31 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2021-04-25 20:32 - 2021-04-25 20:31 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2021-04-02 15:55 - 2021-04-25 20:30 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-04-25 20:32 - 2021-04-25 20:31 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-04-25 20:32 - 2021-04-25 20:31 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-04-25 20:32 - 2021-04-25 20:31 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-04-25 20:32 - 2021-04-25 20:31 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-04-25 20:32 - 2021-04-25 20:31 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-04-25 20:32 - 2021-04-25 20:31 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [488]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKU\S-1-5-21-3915671219-3013150676-4290985535-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3915671219-3013150676-4290985535-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.google.com
hxxp://hp13.msn.com
SearchScopes: HKLM -> {BD7622EA-8221-42CA-A62A-F55EDA40F894} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {BD7622EA-8221-42CA-A62A-F55EDA40F894} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\sharepoint.com -> hxxps://denefieldschool-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 22:03 - 2017-03-18 22:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3915671219-3013150676-4290985535-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cstar\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\backgrounddefault.jpg
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\charl\OneDrive\Desktop\Taylor-Swift (1).jpg
HKU\S-1-5-21-3915671219-3013150676-4290985535-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-3915671219-3013150676-4290985535-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\StartupApproved\Run: => "SmileboxTray"
HKU\S-1-5-21-3915671219-3013150676-4290985535-1003\...\StartupApproved\Run: => "EADM"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5C8C0DC5-F39B-429D-8B24-3BAA2A2BA41B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6D84BE4B-8CD6-4E61-95A4-A302D46D9B6B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{811E943C-5CC5-4B31-9C06-EE65A46A7B7E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9916855E-EF73-4E9E-9627-343ABC884E64}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{C9931502-6755-4852-A4C8-84D07242FA67}C:\users\charl\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\charl\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{B55BB93A-C47E-419C-973A-0B9A2A43856C}C:\users\charl\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\charl\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{64D4649A-DE11-4719-9240-CC809A962B3E}C:\users\charl\appdata\roaming\zoom\bin\airhost.exe] => (Block) C:\users\charl\appdata\roaming\zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{C94BC659-569A-4A0D-97FB-98B80B3C0A82}C:\users\charl\appdata\roaming\zoom\bin\airhost.exe] => (Block) C:\users\charl\appdata\roaming\zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A50E895A-F116-4848-A1F7-792E6A3C35EA}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{CC26F3C3-EC66-40BF-AEFF-0083D8C86594}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{F4947508-67DC-4E43-8F13-DA95D78E655E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5738489F-3F84-49B1-A97E-37DFF2AA2E19}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{38260D83-C0F2-49F7-A1AE-0E5AB6929FDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0EBF9E09-B494-42F2-A424-5D61B23AD468}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C3E6269A-9943-4AE0-B127-D1837838A72E}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (HP Inc. -> HP Inc.)
FirewallRules: [{6E34DDF9-81E6-4487-8FE9-9F934E8C9A5B}] => (Allow) LPort=13148
FirewallRules: [{40E25B42-91C2-439C-8E8F-5AB78EFC4A1C}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{4188A434-EE3B-4CEB-AF0A-A75B6A884AAB}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin_LE\TS4.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{08A5DE64-BEBE-49FA-9415-4E35C9E5A553}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{1B24180D-3DCF-4E25-8D89-085465A41424}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{B13B35E2-B963-4A79-B49B-8BD9C28669CD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.51\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8A79D20E-27AB-4CAC-9A6F-2BB534B3A07E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AF097BDE-7291-4F4E-A575-F55C1EBD4E23}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{43278228-FDB3-4C2F-B135-FEC2DCD872F5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8ACC0576-0FE1-46B4-B77E-270493804344}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C3EFC83F-B40B-4F58-8714-FEEF6CC2C932}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FBA5A2AA-C43F-48A4-B894-AF5036EDB92A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6C8C89A0-AC63-4628-BA7C-682615C1170A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CDEF47EB-B857-42CB-A836-702F6163DC03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DC161E99-5115-4FBB-B64D-4BB61FA65ECA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CDE52021-4762-42E3-8311-580AA3CFCE3F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.158.820.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B315ED45-25D7-43F3-A13D-D148CA78EAEF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{04857658-D87F-4D15-AB58-879A72724D34}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{545452B7-C78C-486F-B478-D106B38F40E5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{75470606-74A5-41FB-BFB8-99DABCAE5FB5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{69215CC9-466D-4A26-9E2A-5E5D2E05C1D5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9EA9C1DF-1AE0-4DAA-8A66-B3A5588C25B0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D3E23101-066E-400D-ACB0-853894DAC628}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E1253B83-4514-4058-8CDD-C3CCAE4B2A82}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12113.17.53090.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
 
==================== Restore Points =========================
 
26-04-2021 15:52:55 Windows Modules Installer
04-05-2021 21:22:33 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (05/05/2021 07:55:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 10.0.19041.789 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: b0c
 
Start Time: 01d741742abee3f9
 
Termination Time: 4294967295
 
Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
Report Id: fcb01db4-b97f-4417-b7d1-71d8fdea20fd
 
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Hang type: Quiesce
 
Error: (05/05/2021 05:47:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Charlie-Laptop.local already in use; will try Charlie-Laptop-2.local instead
 
Error: (05/05/2021 05:47:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Charlie-Laptop.local. Addr 192.168.0.7
 
Error: (05/05/2021 05:47:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353   16 Charlie-Laptop.local. AAAA 2A02:0C7F:5C4F:8C00:F5D2:A568:A7CF:F40A
 
Error: (05/05/2021 05:47:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 Charlie-Laptop.local. AAAA FE80:0000:0000:0000:F5D2:A568:A7CF:F40A
 
Error: (05/05/2021 05:47:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353   16 Charlie-Laptop.local. AAAA 2A02:0C7F:5C4F:8C00:F5D2:A568:A7CF:F40A
 
Error: (05/05/2021 05:47:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 Charlie-Laptop.local. AAAA FD40:6481:0F05:0000:3DF9:9716:A3FE:6F9B
 
Error: (05/05/2021 05:47:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.7:5353   16 Charlie-Laptop.local. AAAA 2A02:0C7F:5C4F:8C00:F5D2:A568:A7CF:F40A
 
 
System errors:
=============
Error: (05/05/2021 11:02:55 AM) (Source: DCOM) (EventID: 10010) (User: CHARLIE-LAPTOP)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (05/05/2021 10:59:55 AM) (Source: DCOM) (EventID: 10010) (User: CHARLIE-LAPTOP)
Description: The server Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.
 
Error: (05/05/2021 10:54:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
 
Error: (05/05/2021 10:54:02 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (05/05/2021 10:54:02 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (05/05/2021 10:54:02 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (05/05/2021 10:54:02 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (05/05/2021 10:53:52 AM) (Source: DCOM) (EventID: 10010) (User: CHARLIE-LAPTOP)
Description: The server {389510B7-9E58-40D7-98BF-60B911CB0EA9} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2021-04-15 20:41:32
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-04-15 20:30:45
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-04-15 20:21:18
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-04-15 20:09:10
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-04-07 14:40:57
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2021-05-05 10:54:05
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.
 
Date: 2021-05-04 18:28:28
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.335.1343.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18000.5
Error code: 0x80070102
Error description: The wait operation timed out. 
 
Date: 2021-05-04 18:22:27
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.335.1343.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18000.5
Error code: 0x80070643
Error description: Fatal error during installation. 
 
Date: 2021-05-04 18:22:21
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.337.600.0
Previous security intelligence Version: 1.335.1343.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.18100.5
Previous Engine Version: 1.1.18000.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
Date: 2021-05-04 18:22:21
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.337.600.0
Previous security intelligence Version: 1.335.1343.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.18100.5
Previous Engine Version: 1.1.18000.5
Error code: 0x80070666
Error description: Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel. 
 
==================== Memory info =========================== 
 
BIOS: Insyde F.10 07/28/2017
Motherboard: HP 8367
Processor: Intel® Core™ i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 53%
Total physical RAM: 8077.22 MB
Available physical RAM: 3769.48 MB
Total Virtual: 9357.22 MB
Available Virtual: 4446.76 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:915.14 GB) (Free:796.13 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.14 GB) (Free:1.81 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{9937a385-788e-4fb4-9980-2788d1ebcf18}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.44 GB) NTFS
\\?\Volume{666d7029-a0a4-455e-8199-9a14441f31a8}\ () (Fixed) (Total:0.25 GB) (Free:0.19 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: B38C9083)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#5
fonzy
Posted 05 May 2021 - 04:33 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
ApplicationFrameHost.exe 21,696 K 39,820 K 3876 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 11,596 K 18,528 K 7780 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 2,280 K 11,920 K 12444 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
backgroundTaskHost.exe Suspended 7,524 K 24,492 K 8624 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 6,176 K 7,244 K 8860 Google Chrome Google LLC (Verified) Google LLC
conhost.exe 6,224 K 5,088 K 3536 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
CoolSense.exe 2,316 K 3,408 K 8180 HP CoolSense HP Development Company, L.P. (Verified) HP Inc.
Cortana.exe Suspended 35,084 K 70,460 K 8096 Cortana Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
csrss.exe 1,892 K 5,344 K 656 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
ctfmon.exe 4,976 K 16,112 K 6712 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 3,932 K 11,048 K 2188 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 3,840 K 11,848 K 10204 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 3,696 K 11,212 K 5916 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 3,556 K 12,108 K 7872 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
esif_uf.exe 1,704 K 6,844 K 3648 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel Corporation
ETDCtrl.exe 6,796 K 22,936 K 7052 ETD Control Center ELAN Microelectronics Corp. (Verified) ELAN Microelectronics Corporation
ETDCtrlHelper.exe 2,600 K 8,620 K 7384 ETD Control Center Helper ELAN Microelectronics Corp. (Verified) ELAN Microelectronics Corporation
ETDService.exe 1,128 K 5,420 K 3656 Elan Service ELAN Microelectronics Corp. (Verified) ELAN Microelectronics Corporation
ETDTouch.exe 1,968 K 6,384 K 7260 ETDTouch ELAN Microelectronics Corp. (Verified) ELAN Microelectronics Corporation
FileCoAuth.exe 4,292 K 16,260 K 3508 Microsoft OneDriveFile Co-Authoring Executable Microsoft Corporation (Verified) Microsoft Corporation
fontdrvhost.exe 1,356 K 3,052 K 976 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 3,584 K 6,808 K 888 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
GoogleCrashHandler.exe 1,588 K 264 K 10156 Google Crash Handler Google LLC (Verified) Google LLC
GoogleCrashHandler64.exe 1,660 K 328 K 9456 Google Crash Handler Google LLC (Verified) Google LLC
HPMSGSVC.exe 1,948 K 9,276 K 8312 HP Message Service HP Inc. (Verified) HP Inc.
HPOrbitService.exe 3,948 K 16,576 K 4236 HP Orbit HP Inc. (Verified) HP Inc.
hpqwmiex.exe 2,108 K 10,512 K 11420 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
HPWMISVC.exe 1,508 K 8,168 K 3672 HP WMI Service HP Inc. (Verified) HP Inc.
HxOutlook.exe Suspended 37,188 K 2,200 K 5372 Microsoft Outlook Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
HxTsr.exe Suspended 27,768 K 33,520 K 8908 Microsoft Outlook Communications Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
IAStorDataMgrSvc.exe 33,484 K 34,944 K 11988 IAStorDataSvc Intel Corporation (Verified) Intel® Rapid Storage Technology
ibtsiva.exe 1,104 K 4,888 K 3712 Intel® Wireless Bluetooth® iBtSiva Service Intel Corporation (Verified) Intel® Wireless Connectivity Solutions
igfxCUIService.exe 1,788 K 8,680 K 2656 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
igfxEM.exe 3,892 K 13,756 K 7540 igfxEM Module Intel Corporation (Verified) Intel® pGFX
IntelCpHDCPSvc.exe 1,420 K 7,156 K 3636 Intel HD Graphics Drivers for Windows® Intel Corporation (Verified) Intel® pGFX
IntelCpHeciSvc.exe 1,404 K 7,068 K 4364 IntelCpHeciSvc Executable Intel Corporation (Verified) Intel® pGFX
jhi_service.exe 1,276 K 6,092 K 3540 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel® Embedded Subsystems and IP Blocks Group
mDNSResponder.exe 2,016 K 6,816 K 3628 Bonjour Service Apple Inc. (Verified) Apple Inc.
Microsoft.Photos.exe Suspended 24,324 K 18,336 K 12384 (No signature was present in the subject)
Music.UI.exe Suspended 16,472 K 1,828 K 12332 (No signature was present in the subject)
PresentationFontCache.exe 24,616 K 17,060 K 2368 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
procexp.exe 5,228 K 11,632 K 8588 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Registry 8,568 K 94,584 K 100
RtkAudioService64.exe 1,660 K 7,800 K 3000 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
RtkNGUI64.exe 4,640 K 2,108 K 8440 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
RuntimeBroker.exe 3,564 K 18,996 K 12376 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 4,740 K 14,404 K 892 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,976 K 17,504 K 9108 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,936 K 26,352 K 8316 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 2,492 K 13,988 K 13072 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 2,764 K 14,224 K 12532 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 2,864 K 14,960 K 12656 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 1,968 K 8,272 K 12396 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3,872 K 22,964 K 12776 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
SearchApp.exe Suspended 141,024 K 206,884 K 8068 Search application Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 2,248 K 9,844 K 10276 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 4,124 K 14,780 K 7432 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
SecurityHealthSystray.exe 1,844 K 9,056 K 9032 Windows Security notification icon Microsoft Corporation (Verified) Microsoft Windows
services.exe 5,908 K 9,572 K 816 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SettingSyncHost.exe 2,340 K 4,636 K 10008 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 5,044 K 7,944 K 12236 System Guard Runtime Monitor Broker Service Microsoft Corporation (Verified) Microsoft Windows Publisher
ShellExperienceHost.exe Suspended 13,740 K 55,096 K 1904 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 7,092 K 26,588 K 7092 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
smss.exe 1,080 K 1,076 K 452 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe 27,208 K 63,440 K 7888 (Verified) Microsoft Windows
svchost.exe 1,912 K 8,060 K 1288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,784 K 10,976 K 1296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,716 K 8,416 K 1568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,996 K 8,504 K 1736 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,404 K 11,892 K 1836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,476 K 6,780 K 1228 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,848 K 7,336 K 2092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,220 K 9,424 K 2568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,944 K 7,712 K 2748 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,264 K 5,412 K 3860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,596 K 6,124 K 3868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,284 K 5,120 K 4024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,344 K 8,984 K 4484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,460 K 11,936 K 4828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,012 K 7,296 K 5108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,316 K 5,064 K 5516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,896 K 9,040 K 5636 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,052 K 7,168 K 7632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,736 K 19,976 K 9064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,244 K 16,988 K 124 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,656 K 11,708 K 3924 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,528 K 10,640 K 1308 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,068 K 5,892 K 6264 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,336 K 11,872 K 1376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,740 K 11,488 K 10544 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,744 K 8,352 K 968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,820 K 8,232 K 4048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,452 K 11,684 K 10536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,688 K 13,860 K 2908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,396 K 9,480 K 10720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,032 K 19,428 K 5500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,348 K 16,120 K 10524 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,708 K 13,784 K 9180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,188 K 7,624 K 2396 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,752 K 8,740 K 3292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,700 K 7,612 K 9048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,276 K 5,648 K 2432 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,908 K 7,064 K 2740 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,244 K 12,176 K 10780 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,280 K 38,048 K 356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,832 K 6,360 K 1884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,644 K 10,696 K 2244 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,928 K 10,992 K 2016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,648 K 17,032 K 3908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,420 K 12,276 K 3276 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,552 K 10,668 K 5540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 10,860 K 20,176 K 3748 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 15,612 K 17,064 K 1708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,836 K 8,064 K 5596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,440 K 7,968 K 1108 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SystemSettings.exe Suspended 24,160 K 2,268 K 5368 Settings Microsoft Corporation (Verified) Microsoft Windows
Teams.exe 11,484 K 58,692 K 10356 Microsoft Teams Microsoft Corporation (Verified) Microsoft Corporation
Teams.exe 32,644 K 50,800 K 9304 Microsoft Teams Microsoft Corporation (Verified) Microsoft Corporation
Teams.exe 23,292 K 73,652 K 10248 Microsoft Teams Microsoft Corporation (Verified) Microsoft Corporation
Teams.exe 63,312 K 98,624 K 9016 Microsoft Teams Microsoft Corporation (Verified) Microsoft Corporation
TextInputHost.exe 12,032 K 41,292 K 7876 Microsoft Corporation (Verified) Microsoft Windows
UserOOBEBroker.exe 1,904 K 9,148 K 3172 User OOBE Broker Microsoft Corporation (Verified) Microsoft Windows
Video.UI.exe Suspended 18,428 K 57,596 K 3936 (No signature was present in the subject)
wininit.exe 1,368 K 6,656 K 744 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
winlogon.exe 2,868 K 12,080 K 616 Windows Log-on Application Microsoft Corporation (Verified) Microsoft Windows
WinStore.App.exe Suspended 48,736 K 2,164 K 13016 Store Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
wlanext.exe 1,188 K 5,620 K 3492 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,856 K 10,088 K 7516 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WpcMon.exe 2,816 K 11,396 K 4728 Family Safety Monitor Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 24,960 K 13,352 K 1016 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
YourPhone.exe Suspended 23,752 K 51,480 K 6876 YourPhone Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
Memory Compression < 0.01 500 K 171,732 K 2532
svchost.exe < 0.01 9,820 K 18,168 K 2484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 9,096 K 24,132 K 6760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 6,936 K 15,680 K 1676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 1,528 K 5,776 K 1656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchProtocolHost.exe < 0.01 3,200 K 14,572 K 13032 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 4,500 K 19,660 K 3852 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
RuntimeBroker.exe < 0.01 7,604 K 28,080 K 9100 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
HPCommRecovery.exe < 0.01 14,064 K 18,120 K 8056 CommRecovery HP Inc. (No signature was present in the subject) HP Inc.
svchost.exe < 0.01 2,096 K 8,208 K 5772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2,492 K 10,000 K 1352 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2,396 K 7,260 K 1048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 19,136 K 30,020 K 9504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
lsass.exe 0.01 8,664 K 21,744 K 836 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.01 20,272 K 34,084 K 11952 Google Chrome Google LLC (Verified) Google LLC
SearchIndexer.exe 0.01 34,332 K 42,256 K 664 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 4,028 K 21,500 K 8100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 3,692 K 8,328 K 2476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Teams.exe 0.01 111,240 K 112,772 K 11180 Microsoft Teams Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 0.01 3,072 K 9,304 K 2356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
HPSupportSolutionsFrameworkService.exe 0.01 43,492 K 32,764 K 11668 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
chrome.exe 0.01 20,952 K 41,644 K 12980 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.01 2,932 K 10,352 K 3944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
HPAudioSwitch.exe 0.01 38,120 K 39,144 K 8916 HPAudioSwitch HP Inc. (Verified) HP Inc.
svchost.exe 0.01 4,036 K 13,628 K 3664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
esif_assist_64.exe 0.01 1,192 K 4,124 K 7148 Intel® Dynamic Platform and Thermal Framework Utility Application Intel Corporation (Verified) Intel Corporation
chrome.exe 0.01 13,320 K 15,672 K 10188 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.01 14,004 K 19,440 K 3368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.01 17,732 K 22,988 K 8148 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.01 9,376 K 34,836 K 7460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Teams.exe 0.01 92,532 K 71,400 K 9604 Microsoft Teams Microsoft Corporation (Verified) Microsoft Corporation
chrome.exe 0.01 53,704 K 91,760 K 12084 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.01 111,904 K 119,632 K 11936 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.01 3,164 K 9,788 K 2388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
HPJumpStartBridge.exe 0.01 20,604 K 25,564 K 11568 HP JumpStart Bridge HP Inc. (Verified) HP Inc.
chrome.exe 0.01 20,592 K 33,816 K 11836 Google Chrome Google LLC (Verified) Google LLC
OriginWebHelperService.exe 0.01 5,316 K 11,692 K 4228 OriginWebHelperService Electronic Arts (Verified) Electronic Arts, Inc.
chrome.exe 0.01 50,500 K 70,820 K 10384 Google Chrome Google LLC (Verified) Google LLC
chrome.exe 0.01 20,712 K 41,408 K 10244 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.01 2,076 K 7,840 K 3528 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.02 19,904 K 37,676 K 10580 Google Chrome Google LLC (Verified) Google LLC
spoolsv.exe 0.02 8,524 K 20,680 K 3324 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.02 5,192 K 18,020 K 5608 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
mbamtray.exe 0.02 33,484 K 37,708 K 7008 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Inc
svchost.exe 0.02 4,180 K 12,808 K 3844 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 8,560 K 15,980 K 1060 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 2,224 K 7,856 K 3152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 16,216 K 27,640 K 3680 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
smartscreen.exe 0.03 9,344 K 26,404 K 5336 Windows Defender SmartScreen Microsoft Corporation (Verified) Microsoft Windows
Teams.exe 0.03 15,872 K 41,284 K 5536 Microsoft Teams Microsoft Corporation (Verified) Microsoft Corporation
RuntimeBroker.exe 0.03 4,488 K 22,020 K 3548 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
OneDrive.exe 0.04 21,556 K 55,776 K 9128 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
Teams.exe 0.04 164,632 K 113,516 K 9328 Microsoft Teams Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 0.04 9,556 K 17,568 K 7596 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.04 9,692 K 26,120 K 6324 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Teams.exe 0.04 290,612 K 275,472 K 8928 Microsoft Teams Microsoft Corporation (Verified) Microsoft Corporation
taskhostw.exe 0.04 7,476 K 16,940 K 1716 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
OfficeClickToRun.exe 0.05 33,720 K 51,312 K 4244 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
chrome.exe 0.06 71,432 K 143,264 K 11140 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 0.07 13,824 K 33,456 K 952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.07 6,344 K 17,364 K 3232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 0.11 66,764 K 136,828 K 2520 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.13 95,320 K 105,060 K 2416 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 0.25 2,440 K 5,796 K 764 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
MBAMService.exe 0.26 279,044 K 179,244 K 4636 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Inc
svchost.exe 0.29 15,108 K 23,652 K 3688 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.30 5,304 K 12,468 K 2180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
dwm.exe 0.35 54,972 K 64,512 K 1192 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.44 5,248 K 8,652 K 1992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
System 0.78 308 K 56,724 K 4
Interrupts 1.03 0 K 0 K n/a Hardware Interrupts and DPCs
procexp64.exe 1.99 39,212 K 75,996 K 8648 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 93.09 60 K 8 K 0

  • 0

#6
fonzy
Posted 05 May 2021 - 04:35 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                       100 N/A                                         
smss.exe                       452 N/A                                         
csrss.exe                      656 N/A                                         
wininit.exe                    744 N/A                                         
csrss.exe                      764 N/A                                         
services.exe                   816 N/A                                         
lsass.exe                      836 KeyIso, SamSs, VaultSvc                     
svchost.exe                    952 BrokerInfrastructure, DcomLaunch, PlugPlay, 
                                   Power, SystemEventsBroker                   
fontdrvhost.exe                976 N/A                                         
WUDFHost.exe                  1016 N/A                                         
winlogon.exe                   616 N/A                                         
fontdrvhost.exe                888 N/A                                         
svchost.exe                   1060 RpcEptMapper, RpcSs                         
svchost.exe                   1108 LSM                                         
dwm.exe                       1192 N/A                                         
svchost.exe                   1288 BTAGService                                 
svchost.exe                   1296 BthAvctpSvc                                 
svchost.exe                   1308 bthserv                                     
svchost.exe                   1352 NcbService                                  
svchost.exe                   1376 TimeBrokerSvc                               
svchost.exe                   1568 DisplayEnhancementService                   
svchost.exe                   1656 CoreMessagingRegistrar                      
svchost.exe                   1676 Schedule                                    
svchost.exe                   1708 EventLog                                    
svchost.exe                   1736 PhoneSvc                                    
svchost.exe                   1836 ProfSvc                                     
svchost.exe                   1992 nsi                                         
svchost.exe                   1228 DispBrokerDesktopSvc                        
svchost.exe                   1048 Dhcp                                        
svchost.exe                   2016 UserManager                                 
svchost.exe                   2092 DeviceAssociationService                    
svchost.exe                   2180 NlaSvc                                      
dasHost.exe                   2188 N/A                                         
svchost.exe                   2244 camsvc                                      
svchost.exe                   2356 netprofm                                    
svchost.exe                   2396 EventSystem                                 
svchost.exe                   2416 SysMain                                     
svchost.exe                   2432 Themes                                      
svchost.exe                   2484 StateRepository                             
Memory Compression            2532 N/A                                         
svchost.exe                   2568 SENS                                        
igfxCUIService.exe            2656 igfxCUIService2.0.0.0                       
svchost.exe                   2740 FontCache                                   
svchost.exe                   2748 AudioEndpointBuilder                        
svchost.exe                   2908 Audiosrv                                    
RtkAudioService64.exe         3000 RtkAudioService                             
svchost.exe                   1884 DusmSvc                                     
svchost.exe                   2388 Wcmsvc                                      
svchost.exe                   2476 Dnscache                                    
svchost.exe                   3152 WinHttpAutoProxySvc                         
svchost.exe                   3232 WlanSvc                                     
svchost.exe                   3276 ShellHWDetection                            
spoolsv.exe                   3324 Spooler                                     
svchost.exe                   3368 BFE, mpssvc                                 
wlanext.exe                   3492 N/A                                         
svchost.exe                   3528 LanmanWorkstation                           
conhost.exe                   3536 N/A                                         
mDNSResponder.exe             3628 Bonjour Service                             
IntelCpHDCPSvc.exe            3636 cplspcon                                    
esif_uf.exe                   3648 esifsvc                                     
ETDService.exe                3656 ETDService                                  
HPWMISVC.exe                  3672 HPWMISVC                                    
svchost.exe                   3664 CryptSvc                                    
svchost.exe                   3680 DiagTrack                                   
svchost.exe                   3688 DPS                                         
ibtsiva.exe                   3712 ibtsiva                                     
svchost.exe                   3748 Winmgmt                                     
svchost.exe                   3844 stisvc                                      
svchost.exe                   3852 WpnService                                  
svchost.exe                   3860 TrkWks                                      
svchost.exe                   3868 SstpSvc                                     
svchost.exe                   3944 iphlpsvc                                    
svchost.exe                   4024 WdiServiceHost                              
jhi_service.exe               3540 jhi_service                                 
OriginWebHelperService.ex     4228 Origin Web Helper Service                   
HPOrbitService.exe            4236 HP Orbit Service                            
OfficeClickToRun.exe          4244 ClickToRunSvc                               
IntelCpHeciSvc.exe            4364 cphs                                        
svchost.exe                   4484 LanmanServer                                
MBAMService.exe               4636 MBAMService                                 
svchost.exe                   4828 RasMan                                      
svchost.exe                   5108 PolicyAgent                                 
svchost.exe                   5516 lmhosts                                     
svchost.exe                   5772 RmSvc                                       
dllhost.exe                   5916 N/A                                         
SearchIndexer.exe              664 WSearch                                     
svchost.exe                   6264 WdiSystemHost                               
mbamtray.exe                  7008 N/A                                         
ETDCtrl.exe                   7052 N/A                                         
sihost.exe                    7092 N/A                                         
esif_assist_64.exe            7148 N/A                                         
svchost.exe                   6324 CDPUserSvc_a1eff                            
svchost.exe                    356 WpnUserService_a1eff                        
taskhostw.exe                 1716 N/A                                         
PresentationFontCache.exe     2368 FontCache3.0.0.0                            
svchost.exe                   3908 TokenBroker                                 
svchost.exe                   6760 WpcMonSvc                                   
WpcMon.exe                    4728 N/A                                         
svchost.exe                   5540 PcaSvc                                      
svchost.exe                   5596 TabletInputService                          
ctfmon.exe                    6712 N/A                                         
explorer.exe                  2520 N/A                                         
svchost.exe                   5608 CDPSvc                                      
svchost.exe                   5636 Appinfo                                     
ETDTouch.exe                  7260 N/A                                         
ETDCtrlHelper.exe             7384 N/A                                         
svchost.exe                   7460 OneSyncSvc_a1eff,                           
                                   PimIndexMaintenanceSvc_a1eff,               
                                   UnistoreSvc_a1eff, UserDataSvc_a1eff        
igfxEM.exe                    7540 N/A                                         
svchost.exe                   8100 cbdhsvc_a1eff                               
CoolSense.exe                 8180 N/A                                         
svchost.exe                   7632 SSDPSRV                                     
StartMenuExperienceHost.e     7888 N/A                                         
TextInputHost.exe             7876 N/A                                         
svchost.exe                   7596 DoSvc                                       
RuntimeBroker.exe             8316 N/A                                         
HPAudioSwitch.exe             8916 N/A                                         
RuntimeBroker.exe             9100 N/A                                         
svchost.exe                   9180 LicenseManager                              
YourPhone.exe                 6876 N/A                                         
SettingSyncHost.exe          10008 N/A                                         
dllhost.exe                  10204 N/A                                         
SecurityHealthSystray.exe     9032 N/A                                         
OneDrive.exe                  9128 N/A                                         
SecurityHealthService.exe     7432 SecurityHealthService                       
SearchApp.exe                 8068 N/A                                         
Cortana.exe                   8096 N/A                                         
HPMSGSVC.exe                  8312 N/A                                         
WmiPrvSE.exe                  7516 N/A                                         
Teams.exe                     9328 N/A                                         
RtkNGUI64.exe                 8440 N/A                                         
RuntimeBroker.exe             3548 N/A                                         
svchost.exe                   9504 wuauserv                                    
Teams.exe                     9604 N/A                                         
svchost.exe                   9064 AarSvc_a1eff                                
Teams.exe                     5536 N/A                                         
Teams.exe                     9304 N/A                                         
Teams.exe                     8928 N/A                                         
Teams.exe                    10356 N/A                                         
svchost.exe                  10780 WbioSrvc                                    
Teams.exe                     9016 N/A                                         
Teams.exe                    11180 N/A                                         
svchost.exe                  10544 StorSvc                                     
HPCommRecovery.exe            8056 HP Comm Recover                             
RuntimeBroker.exe             9108 N/A                                         
GoogleCrashHandler.exe       10156 N/A                                         
svchost.exe                  10524 lfsvc                                       
GoogleCrashHandler64.exe      9456 N/A                                         
HPJumpStartBridge.exe        11568 HPJumpStartBridge                           
HPSupportSolutionsFramewo    11668 HPSupportSolutionsFrameworkService          
IAStorDataMgrSvc.exe         11988 IAStorDataMgrSvc                            
SgrmBroker.exe               12236 SgrmBroker                                  
svchost.exe                  10720 UsoSvc                                      
hpqwmiex.exe                 11420 hpqwmiex                                    
chrome.exe                   11140 N/A                                         
chrome.exe                    8860 N/A                                         
chrome.exe                   11936 N/A                                         
chrome.exe                   11952 N/A                                         
chrome.exe                   10188 N/A                                         
chrome.exe                   10384 N/A                                         
chrome.exe                   11836 N/A                                         
chrome.exe                   12084 N/A                                         
svchost.exe                  10536 wscsvc                                      
svchost.exe                   9048 WaaSMedicSvc                                
RuntimeBroker.exe            12532 N/A                                         
ShellExperienceHost.exe       1904 N/A                                         
RuntimeBroker.exe            12376 N/A                                         
ApplicationFrameHost.exe      3876 N/A                                         
HxOutlook.exe                 5372 N/A                                         
RuntimeBroker.exe            12776 N/A                                         
HxTsr.exe                     8908 N/A                                         
chrome.exe                   10244 N/A                                         
chrome.exe                   10580 N/A                                         
chrome.exe                   12980 N/A                                         
SystemSettings.exe            5368 N/A                                         
UserOOBEBroker.exe            3172 N/A                                         
Music.UI.exe                 12332 N/A                                         
WinStore.App.exe             13016 N/A                                         
RuntimeBroker.exe              892 N/A                                         
svchost.exe                    124 InstallService                              
Microsoft.Photos.exe         12384 N/A                                         
RuntimeBroker.exe            13072 N/A                                         
chrome.exe                    8148 N/A                                         
FileCoAuth.exe                3508 N/A                                         
procexp.exe                   8588 N/A                                         
procexp64.exe                 8648 N/A                                         
dllhost.exe                   7872 N/A                                         
Video.UI.exe                  3936 N/A                                         
RuntimeBroker.exe            12396 N/A                                         
Teams.exe                    10692 N/A                                         
svchost.exe                   5884 wlidsvc                                     
notepad.exe                   9868 N/A                                         
svchost.exe                   3180 BITS                                        
dllhost.exe                   4212 N/A                                         
smartscreen.exe               8364 N/A                                         
audiodg.exe                   5092 N/A                                         
cmd.exe                       6932 N/A                                         
conhost.exe                   7932 N/A                                         
tasklist.exe                 12964 N/A                                         
WmiPrvSE.exe                  8656 N/A                                         

  • 0

#7
fonzy
Posted 05 May 2021 - 06:12 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Speccy file attached

Attached Files


Edited by fonzy, 05 May 2021 - 06:19 AM.

  • 0

#8
fonzy
Posted 05 May 2021 - 06:19 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:42  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        CHARLIE-LAPTOP
OS version:                                           Windows 10, 10.0, version 2009, build: 19042 (x64)
Hardware:                                             HP Pavilion Laptop 15-cc5xx, HP
CPU:                                                  GenuineIntel Intel® Core™ i3-7100U CPU @ 2.40GHz
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  8077 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   240 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   173.60
Average measured interrupt to process latency (µs):   6.644472
 
Highest measured interrupt to DPC latency (µs):       142.90
Average measured interrupt to DPC latency (µs):       1.967921
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              205.080
Driver with highest ISR routine execution time:       Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.017239
Driver with highest ISR total time:                   Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.020250
 
ISR count (execution time <250 µs):                   416
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               0
ISR count (execution time 1000-2000 µs):              0
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              706.771667
Driver with highest DPC routine execution time:       ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.087505
Driver with highest DPC total execution time:         storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in DPCs (%)                          0.240204
 
DPC count (execution time <250 µs):                   46953
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              82
DPC count (execution time 1000-2000 µs):              0
DPC count (execution time 2000-4000 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 compattelrunner.exe
 
Total number of hard pagefaults                       1247
Hard pagefault count of hardest hit process:          1227
Number of processes hit:                              8
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0.643360
CPU 0 ISR highest execution time (µs):                205.080
CPU 0 ISR total execution time (s):                   0.034058
CPU 0 ISR count:                                      416
CPU 0 DPC highest execution time (µs):                687.949167
CPU 0 DPC total execution time (s):                   0.334121
CPU 0 DPC count:                                      42491
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.072867
CPU 1 ISR highest execution time (µs):                0.0
CPU 1 ISR total execution time (s):                   0.0
CPU 1 ISR count:                                      0
CPU 1 DPC highest execution time (µs):                669.53750
CPU 1 DPC total execution time (s):                   0.007452
CPU 1 DPC count:                                      959
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.148197
CPU 2 ISR highest execution time (µs):                0.0
CPU 2 ISR total execution time (s):                   0.0
CPU 2 ISR count:                                      0
CPU 2 DPC highest execution time (µs):                706.771667
CPU 2 DPC total execution time (s):                   0.051964
CPU 2 DPC count:                                      2224
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.062968
CPU 3 ISR highest execution time (µs):                0.0
CPU 3 ISR total execution time (s):                   0.0
CPU 3 ISR count:                                      0
CPU 3 DPC highest execution time (µs):                653.103333
CPU 3 DPC total execution time (s):                   0.010458
CPU 3 DPC count:                                      1361
_________________________________________________________________________________________________________
 

Attached Thumbnails

  • Total execution.JPG
  • Processes.JPG

  • 0

#9
RKinner
Posted 05 May 2021 - 07:16 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

The fix didn't work.  You started FRST by just double clicking on it.  You need to right click and Run As Admin.  You will probably need to redownload the fixlist.txt file from my previous post as FRST removes a fixlist after it runs.

 

Also see if you can update

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.5.0.1051 - Intel Corporation)

 

Either use the HP software that detects what drivers you need on

 

https://support.hp.c...top-pc/15551393

 

or get it directly from Intel:

 

https://downloadcent...face-and-Driver

 

Then:

 

Search for

task scheduler

hit Enter

Click on the arrow in front of Task Scheduler Library then

Click on the arrow in front of Microsoft

Click on the arrow in front of Windows

Click on Application Experience.  In the next pane to the right, right click on each Task and Disable.  Should be three or four (later versions) tasks.

Click on Customer Experience Improvement Program.  In the next pane to the right, right click on each Task and Disable.  Should be two tasks.

Download OOSU10.exe:

https://www.oo-softw...com/en/shutup10

Download and Save it (You will get a popup while it's downloading.  You can X out of it)
then Right click and Run As Admin.
Allow it to make a System Restore Point.
Click on Actions then on Apply Recommended Settings.

Close the program and reboot.

Rerun Latency Monitor and post the summary and both screenshots as before.


  • 0

#10
fonzy
Posted 05 May 2021 - 09:05 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Sorry about that. I have run it as an admin now:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by cstar (05-05-2021 15:16:51) Run:2
Running from C:\Users\charl\OneDrive\Desktop
Loaded Profiles: cstar & charl
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.844
 
Image Version: 10.0.19042.928
 
 
[==                         3.8%                           ] 
 
[==                         3.8%                           ] 
 
[==                         4.2%                           ] 
 
[==                         4.5%                           ] 
 
[==                         4.8%                           ] 
 
[==                         5.1%                           ] 
 
[===                        5.3%                           ] 
 
[===                        5.5%                           ] 
 
[===                        5.8%                           ] 
 
[===                        6.1%                           ] 
 
[===                        6.4%                           ] 
 
[===                        6.7%                           ] 
 
[====                       7.0%                           ] 
 
[====                       7.2%                           ] 
 
[====                       7.5%                           ] 
 
[====                       7.8%                           ] 
 
[====                       7.8%                           ] 
 
[====                       8.1%                           ] 
 
[====                       8.3%                           ] 
 
[====                       8.6%                           ] 
 
[=====                      8.9%                           ] 
 
[=====                      9.2%                           ] 
 
[=====                      9.3%                           ] 
 
[=====                      9.4%                           ] 
 
[=====                      9.6%                           ] 
 
[=====                      9.8%                           ] 
 
[=====                      10.0%                          ] 
 
[=====                      10.0%                          ] 
 
[=====                      10.1%                          ] 
 
[======                     10.6%                          ] 
 
[======                     10.7%                          ] 
 
[======                     11.0%                          ] 
 
[======                     11.3%                          ] 
 
[======                     11.5%                          ] 
 
[======                     11.9%                          ] 
 
[=======                    12.9%                          ] 
 
[========                   13.9%                          ] 
 
[========                   14.8%                          ] 
 
[========                   15.3%                          ] 
 
[=========                  15.9%                          ] 
 
[=========                  16.2%                          ] 
 
[=========                  16.5%                          ] 
 
[=========                  17.0%                          ] 
 
[==========                 17.4%                          ] 
 
[==========                 18.0%                          ] 
 
[==========                 18.6%                          ] 
 
[===========                19.3%                          ] 
 
[===========                20.0%                          ] 
 
[===========                20.5%                          ] 
 
[===========                20.6%                          ] 
 
[============               20.9%                          ] 
 
[============               21.3%                          ] 
 
[============               21.5%                          ] 
 
[============               21.7%                          ] 
 
[============               22.1%                          ] 
 
[============               22.2%                          ] 
 
[============               22.3%                          ] 
 
[=============              22.5%                          ] 
 
[=============              22.7%                          ] 
 
[=============              23.1%                          ] 
 
[=============              23.2%                          ] 
 
[=============              23.2%                          ] 
 
[=============              23.3%                          ] 
 
[=============              23.3%                          ] 
 
[=============              23.4%                          ] 
 
[=============              23.4%                          ] 
 
[=============              23.5%                          ] 
 
[=============              23.5%                          ] 
 
[=============              24.0%                          ] 
 
[=============              24.1%                          ] 
 
[==============             24.3%                          ] 
 
[==============             24.5%                          ] 
 
[==============             24.9%                          ] 
 
[==============             25.3%                          ] 
 
[==============             25.4%                          ] 
 
[==============             25.7%                          ] 
 
[===============            25.9%                          ] 
 
[===============            26.2%                          ] 
 
[===============            26.6%                          ] 
 
[===============            27.1%                          ] 
 
[===============            27.4%                          ] 
 
[================           27.7%                          ] 
 
[================           28.3%                          ] 
 
[================           28.5%                          ] 
 
[================           28.6%                          ] 
 
[================           28.9%                          ] 
 
[================           29.0%                          ] 
 
[================           29.1%                          ] 
 
[================           29.2%                          ] 
 
[================           29.3%                          ] 
 
[=================          29.4%                          ] 
 
[=================          29.4%                          ] 
 
[=================          29.5%                          ] 
 
[=================          29.7%                          ] 
 
[=================          30.0%                          ] 
 
[=================          30.4%                          ] 
 
[=================          30.6%                          ] 
 
[=================          30.8%                          ] 
 
[=================          30.9%                          ] 
 
[==================         31.2%                          ] 
 
[==================         31.4%                          ] 
 
[==================         31.5%                          ] 
 
[==================         31.8%                          ] 
 
[==================         31.9%                          ] 
 
[==================         31.9%                          ] 
 
[==================         32.2%                          ] 
 
[==================         32.5%                          ] 
 
[===================        32.8%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.4%                          ] 
 
[===================        33.5%                          ] 
 
[===================        33.7%                          ] 
 
[===================        33.9%                          ] 
 
[===================        34.0%                          ] 
 
[====================       34.5%                          ] 
 
[====================       34.7%                          ] 
 
[====================       34.9%                          ] 
 
[====================       34.9%                          ] 
 
[====================       34.9%                          ] 
 
[====================       35.1%                          ] 
 
[====================       35.3%                          ] 
 
[====================       35.4%                          ] 
 
[====================       35.7%                          ] 
 
[====================       35.8%                          ] 
 
[====================       35.9%                          ] 
 
[====================       36.0%                          ] 
 
[====================       36.1%                          ] 
 
[====================       36.1%                          ] 
 
[=====================      36.4%                          ] 
 
[=====================      36.5%                          ] 
 
[=====================      36.7%                          ] 
 
[=====================      36.8%                          ] 
 
[=====================      36.8%                          ] 
 
[=====================      37.1%                          ] 
 
[=====================      37.2%                          ] 
 
[=====================      37.4%                          ] 
 
[=====================      37.6%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.8%                          ] 
 
[=====================      37.9%                          ] 
 
[======================     38.0%                          ] 
 
[======================     38.0%                          ] 
 
[======================     38.0%                          ] 
 
[======================     38.0%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.2%                          ] 
 
[======================     38.2%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.4%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.8%                          ] 
 
[======================     38.9%                          ] 
 
[======================     38.9%                          ] 
 
[======================     39.0%                          ] 
 
[======================     39.1%                          ] 
 
[======================     39.1%                          ] 
 
[======================     39.2%                          ] 
 
[======================     39.2%                          ] 
 
[======================     39.3%                          ] 
 
[======================     39.5%                          ] 
 
[======================     39.5%                          ] 
 
[======================     39.6%                          ] 
 
[======================     39.6%                          ] 
 
[======================     39.6%                          ] 
 
[=======================    39.7%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.9%                          ] 
 
[=======================    40.0%                          ] 
 
[=======================    40.0%                          ] 
 
[=======================    40.1%                          ] 
 
[=======================    40.1%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.2%                          ] 
 
[=======================    40.3%                          ] 
 
[=======================    40.4%                          ] 
 
[=======================    40.5%                          ] 
 
[=======================    40.6%                          ] 
 
[=======================    40.7%                          ] 
 
[=======================    40.8%                          ] 
 
[=======================    40.9%                          ] 
 
[=======================    40.9%                          ] 
 
[=======================    41.0%                          ] 
 
[=======================    41.1%                          ] 
 
[=======================    41.1%                          ] 
 
[=======================    41.3%                          ] 
 
[=======================    41.3%                          ] 
 
[========================   41.4%                          ] 
 
[========================   41.4%                          ] 
 
[========================   41.6%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.8%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.1%                          ] 
 
[========================   42.2%                          ] 
 
[========================   42.3%                          ] 
 
[========================   42.3%                          ] 
 
[========================   42.3%                          ] 
 
[========================   42.3%                          ] 
 
[========================   42.4%                          ] 
 
[========================   42.4%                          ] 
 
[========================   42.5%                          ] 
 
[========================   42.6%                          ] 
 
[========================   42.7%                          ] 
 
[========================   42.7%                          ] 
 
[========================   42.7%                          ] 
 
[========================   42.8%                          ] 
 
[========================   42.8%                          ] 
 
[========================   42.9%                          ] 
 
[========================   42.9%                          ] 
 
[========================   43.0%                          ] 
 
[========================   43.1%                          ] 
 
[========================   43.1%                          ] 
 
[=========================  43.2%                          ] 
 
[=========================  43.3%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  43.7%                          ] 
 
[=========================  43.8%                          ] 
 
[=========================  44.0%                          ] 
 
[=========================  44.2%                          ] 
 
[=========================  44.3%                          ] 
 
[=========================  44.4%                          ] 
 
[=========================  44.5%                          ] 
 
[=========================  44.7%                          ] 
 
[=========================  44.8%                          ] 
 
[=========================  44.8%                          ] 
 
[========================== 44.9%                          ] 
 
[========================== 45.1%                          ] 
 
[========================== 45.2%                          ] 
 
[========================== 45.3%                          ] 
 
[========================== 45.4%                          ] 
 
[========================== 45.7%                          ] 
 
[========================== 45.8%                          ] 
 
[========================== 45.9%                          ] 
 
[========================== 46.0%                          ] 
 
[========================== 46.3%                          ] 
 
[========================== 46.3%                          ] 
 
[========================== 46.5%                          ] 
 
[===========================46.6%                          ] 
 
[===========================46.8%                          ] 
 
[===========================47.2%                          ] 
 
[===========================47.3%                          ] 
 
[===========================47.8%                          ] 
 
[===========================47.9%                          ] 
 
[===========================48.1%                          ] 
 
[===========================48.3%                          ] 
 
[===========================48.5%                          ] 
 
[===========================48.8%                          ] 
 
[===========================48.8%                          ] 
 
[===========================49.1%                          ] 
 
[===========================49.2%                          ] 
 
[===========================49.6%                          ] 
 
[===========================49.8%                          ] 
 
[===========================50.0%                          ] 
 
[===========================50.3%                          ] 
 
[===========================50.8%                          ] 
 
[===========================51.2%                          ] 
 
[===========================51.4%                          ] 
 
[===========================51.5%                          ] 
 
[===========================51.7%                          ] 
 
[===========================51.8%                          ] 
 
[===========================52.1%                          ] 
 
[===========================52.1%                          ] 
 
[===========================52.1%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.2%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.7%                          ] 
 
[===========================52.7%                          ] 
 
[===========================52.7%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.9%                          ] 
 
[===========================52.9%                          ] 
 
[===========================52.9%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.9%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.7%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================57.4%=                         ] 
 
[===========================57.4%=                         ] 
 
[===========================57.5%=                         ] 
 
[===========================58.5%=                         ] 
 
[===========================58.7%==                        ] 
 
[===========================58.8%==                        ] 
 
[===========================59.2%==                        ] 
 
[===========================59.4%==                        ] 
 
[===========================59.5%==                        ] 
 
[===========================59.5%==                        ] 
 
[===========================59.5%==                        ] 
 
[===========================60.0%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================77.4%============              ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection found corrupt files and successfully repaired them.
 
For online repairs, details are included in the CBS log file located at
 
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
 
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
========= End of CMD: =========
 
 
========= findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log =========
 
2021-05-05 15:46:24, Info                  CSI    00000054 [SR] Verifying 100 components
2021-05-05 15:46:24, Info                  CSI    00000055 [SR] Beginning Verify and Repair transaction
2021-05-05 15:46:24, Info                  CSI    00000056 [SR] Verify complete
2021-05-05 15:46:24, Info                  CSI    00000057 [SR] Verifying 100 components
2021-05-05 15:46:24, Info                  CSI    00000058 [SR] Beginning Verify and Repair transaction
2021-05-05 15:46:25, Info                  CSI    00000059 [SR] Verify complete
2021-05-05 15:46:25, Info                  CSI    0000005a [SR] Verifying 100 components
2021-05-05 15:46:25, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2021-05-05 15:46:26, Info                  CSI    0000005c [SR] Verify complete
2021-05-05 15:46:26, Info                  CSI    0000005d [SR] Verifying 100 components
2021-05-05 15:46:26, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
2021-05-05 15:46:27, Info                  CSI    0000005f [SR] Verify complete
2021-05-05 15:46:27, Info                  CSI    00000060 [SR] Verifying 100 components
2021-05-05 15:46:27, Info                  CSI    00000061 [SR] Beginning Verify and Repair transaction
2021-05-05 15:46:30, Info                  CSI    00000062 [SR] Verify complete
2021-05-05 15:46:30, Info                  CSI    00000063 [SR] Verifying 100 components
2021-05-05 15:46:30, Info                  CSI    00000064 [SR] Beginning Verify and Repair transaction
2021-05-05 15:46:34, Info                  CSI    00000065 [SR] Verify complete
2021-05-05 15:46:34, Info                  CSI    00000066 [SR] Verifying 100 components
2021-05-05 15:46:34, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
2021-05-05 15:46:40, Info                  CSI    00000068 [SR] Verify complete
2021-05-05 15:46:40, Info                  CSI    00000069 [SR] Verifying 100 components
2021-05-05 15:46:40, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2021-05-05 15:46:48, Info                  CSI    0000006b [SR] Verify complete
2021-05-05 15:46:48, Info                  CSI    0000006c [SR] Verifying 100 components
2021-05-05 15:46:48, Info                  CSI    0000006d [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:03, Info                  CSI    0000006e [SR] Verify complete
2021-05-05 15:47:03, Info                  CSI    0000006f [SR] Verifying 100 components
2021-05-05 15:47:03, Info                  CSI    00000070 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:09, Info                  CSI    00000071 [SR] Verify complete
2021-05-05 15:47:09, Info                  CSI    00000072 [SR] Verifying 100 components
2021-05-05 15:47:09, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:12, Info                  CSI    00000075 [SR] Verify complete
2021-05-05 15:47:12, Info                  CSI    00000076 [SR] Verifying 100 components
2021-05-05 15:47:12, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:14, Info                  CSI    00000078 [SR] Verify complete
2021-05-05 15:47:14, Info                  CSI    00000079 [SR] Verifying 100 components
2021-05-05 15:47:14, Info                  CSI    0000007a [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:17, Info                  CSI    0000007d [SR] Verify complete
2021-05-05 15:47:17, Info                  CSI    0000007e [SR] Verifying 100 components
2021-05-05 15:47:17, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:18, Info                  CSI    00000080 [SR] Verify complete
2021-05-05 15:47:18, Info                  CSI    00000081 [SR] Verifying 100 components
2021-05-05 15:47:18, Info                  CSI    00000082 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:20, Info                  CSI    00000083 [SR] Verify complete
2021-05-05 15:47:20, Info                  CSI    00000084 [SR] Verifying 100 components
2021-05-05 15:47:20, Info                  CSI    00000085 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:22, Info                  CSI    00000086 [SR] Verify complete
2021-05-05 15:47:22, Info                  CSI    00000087 [SR] Verifying 100 components
2021-05-05 15:47:22, Info                  CSI    00000088 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:25, Info                  CSI    0000008a [SR] Verify complete
2021-05-05 15:47:25, Info                  CSI    0000008b [SR] Verifying 100 components
2021-05-05 15:47:25, Info                  CSI    0000008c [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:27, Info                  CSI    0000008d [SR] Verify complete
2021-05-05 15:47:27, Info                  CSI    0000008e [SR] Verifying 100 components
2021-05-05 15:47:27, Info                  CSI    0000008f [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:30, Info                  CSI    00000090 [SR] Verify complete
2021-05-05 15:47:30, Info                  CSI    00000091 [SR] Verifying 100 components
2021-05-05 15:47:30, Info                  CSI    00000092 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:32, Info                  CSI    00000093 [SR] Verify complete
2021-05-05 15:47:32, Info                  CSI    00000094 [SR] Verifying 100 components
2021-05-05 15:47:32, Info                  CSI    00000095 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:34, Info                  CSI    00000097 [SR] Verify complete
2021-05-05 15:47:35, Info                  CSI    00000098 [SR] Verifying 100 components
2021-05-05 15:47:35, Info                  CSI    00000099 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:41, Info                  CSI    0000009b [SR] Verify complete
2021-05-05 15:47:41, Info                  CSI    0000009c [SR] Verifying 100 components
2021-05-05 15:47:41, Info                  CSI    0000009d [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:43, Info                  CSI    0000009e [SR] Verify complete
2021-05-05 15:47:43, Info                  CSI    0000009f [SR] Verifying 100 components
2021-05-05 15:47:43, Info                  CSI    000000a0 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:45, Info                  CSI    000000a1 [SR] Verify complete
2021-05-05 15:47:45, Info                  CSI    000000a2 [SR] Verifying 100 components
2021-05-05 15:47:45, Info                  CSI    000000a3 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:46, Info                  CSI    000000a4 [SR] Verify complete
2021-05-05 15:47:47, Info                  CSI    000000a5 [SR] Verifying 100 components
2021-05-05 15:47:47, Info                  CSI    000000a6 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:51, Info                  CSI    000000ab [SR] Verify complete
2021-05-05 15:47:51, Info                  CSI    000000ac [SR] Verifying 100 components
2021-05-05 15:47:51, Info                  CSI    000000ad [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:53, Info                  CSI    000000ae [SR] Verify complete
2021-05-05 15:47:53, Info                  CSI    000000af [SR] Verifying 100 components
2021-05-05 15:47:53, Info                  CSI    000000b0 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:55, Info                  CSI    000000b1 [SR] Verify complete
2021-05-05 15:47:55, Info                  CSI    000000b2 [SR] Verifying 100 components
2021-05-05 15:47:55, Info                  CSI    000000b3 [SR] Beginning Verify and Repair transaction
2021-05-05 15:47:58, Info                  CSI    000000b4 [SR] Verify complete
2021-05-05 15:47:58, Info                  CSI    000000b5 [SR] Verifying 100 components
2021-05-05 15:47:58, Info                  CSI    000000b6 [SR] Beginning Verify and Repair transaction
2021-05-05 15:48:01, Info                  CSI    000000b9 [SR] Verify complete
2021-05-05 15:48:01, Info                  CSI    000000ba [SR] Verifying 100 components
2021-05-05 15:48:01, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2021-05-05 15:48:04, Info                  CSI    000000bd [SR] Verify complete
2021-05-05 15:48:04, Info                  CSI    000000be [SR] Verifying 100 components
2021-05-05 15:48:04, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2021-05-05 15:48:10, Info                  CSI    000000c1 [SR] Verify complete
2021-05-05 15:48:10, Info                  CSI    000000c2 [SR] Verifying 100 components
2021-05-05 15:48:10, Info                  CSI    000000c3 [SR] Beginning Verify and Repair transaction
2021-05-05 15:48:17, Info                  CSI    000000c6 [SR] Verify complete
2021-05-05 15:48:17, Info                  CSI    000000c7 [SR] Verifying 100 components
2021-05-05 15:48:17, Info                  CSI    000000c8 [SR] Beginning Verify and Repair transaction
2021-05-05 15:48:22, Info                  CSI    000000c9 [SR] Verify complete
2021-05-05 15:48:22, Info                  CSI    000000ca [SR] Verifying 100 components
2021-05-05 15:48:22, Info                  CSI    000000cb [SR] Beginning Verify and Repair transaction
2021-05-05 15:48:27, Info                  CSI    000000d4 [SR] Verify complete
2021-05-05 15:48:27, Info                  CSI    000000d5 [SR] Verifying 100 components
2021-05-05 15:48:27, Info                  CSI    000000d6 [SR] Beginning Verify and Repair transaction
2021-05-05 15:48:32, Info                  CSI    000000d9 [SR] Repairing file \??\C:\WINDOWS\System32\\FXSCOM.dll from store
2021-05-05 15:48:39, Info                  CSI    000000dd [SR] Verify complete
2021-05-05 15:48:40, Info                  CSI    000000de [SR] Verifying 100 components
2021-05-05 15:48:40, Info                  CSI    000000df [SR] Beginning Verify and Repair transaction
2021-05-05 15:48:46, Info                  CSI    000000e6 [SR] Verify complete
2021-05-05 15:48:46, Info                  CSI    000000e7 [SR] Verifying 100 components
2021-05-05 15:48:46, Info                  CSI    000000e8 [SR] Beginning Verify and Repair transaction
2021-05-05 15:48:48, Info                  CSI    000000e9 [SR] Verify complete
2021-05-05 15:48:48, Info                  CSI    000000ea [SR] Verifying 100 components
2021-05-05 15:48:48, Info                  CSI    000000eb [SR] Beginning Verify and Repair transaction
2021-05-05 15:48:56, Info                  CSI    000000ef [SR] Verify complete
2021-05-05 15:48:56, Info                  CSI    000000f0 [SR] Verifying 100 components
2021-05-05 15:48:56, Info                  CSI    000000f1 [SR] Beginning Verify and Repair transaction
2021-05-05 15:48:59, Info                  CSI    000000f4 [SR] Verify complete
2021-05-05 15:48:59, Info                  CSI    000000f5 [SR] Verifying 100 components
2021-05-05 15:48:59, Info                  CSI    000000f6 [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:00, Info                  CSI    000000f7 [SR] Verify complete
2021-05-05 15:49:00, Info                  CSI    000000f8 [SR] Verifying 100 components
2021-05-05 15:49:00, Info                  CSI    000000f9 [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:00, Info                  CSI    000000fa [SR] Verify complete
2021-05-05 15:49:00, Info                  CSI    000000fb [SR] Verifying 100 components
2021-05-05 15:49:00, Info                  CSI    000000fc [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:06, Info                  CSI    00000102 [SR] Verify complete
2021-05-05 15:49:06, Info                  CSI    00000103 [SR] Verifying 100 components
2021-05-05 15:49:06, Info                  CSI    00000104 [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:14, Info                  CSI    0000010b [SR] Verify complete
2021-05-05 15:49:14, Info                  CSI    0000010c [SR] Verifying 100 components
2021-05-05 15:49:14, Info                  CSI    0000010d [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:18, Info                  CSI    0000010e [SR] Verify complete
2021-05-05 15:49:18, Info                  CSI    0000010f [SR] Verifying 100 components
2021-05-05 15:49:18, Info                  CSI    00000110 [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:20, Info                  CSI    00000111 [SR] Verify complete
2021-05-05 15:49:20, Info                  CSI    00000112 [SR] Verifying 100 components
2021-05-05 15:49:20, Info                  CSI    00000113 [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:24, Info                  CSI    00000114 [SR] Verify complete
2021-05-05 15:49:24, Info                  CSI    00000115 [SR] Verifying 100 components
2021-05-05 15:49:24, Info                  CSI    00000116 [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:28, Info                  CSI    00000117 [SR] Verify complete
2021-05-05 15:49:28, Info                  CSI    00000118 [SR] Verifying 100 components
2021-05-05 15:49:28, Info                  CSI    00000119 [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:32, Info                  CSI    0000011c [SR] Verify complete
2021-05-05 15:49:33, Info                  CSI    0000011d [SR] Verifying 100 components
2021-05-05 15:49:33, Info                  CSI    0000011e [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:36, Info                  CSI    00000120 [SR] Verify complete
2021-05-05 15:49:37, Info                  CSI    00000121 [SR] Verifying 100 components
2021-05-05 15:49:37, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:43, Info                  CSI    00000127 [SR] Verify complete
2021-05-05 15:49:43, Info                  CSI    00000128 [SR] Verifying 100 components
2021-05-05 15:49:43, Info                  CSI    00000129 [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:46, Info                  CSI    0000012b [SR] Verify complete
2021-05-05 15:49:46, Info                  CSI    0000012c [SR] Verifying 100 components
2021-05-05 15:49:46, Info                  CSI    0000012d [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:49, Info                  CSI    00000130 [SR] Verify complete
2021-05-05 15:49:50, Info                  CSI    00000131 [SR] Verifying 100 components
2021-05-05 15:49:50, Info                  CSI    00000132 [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:56, Info                  CSI    00000134 [SR] Verify complete
2021-05-05 15:49:56, Info                  CSI    00000135 [SR] Verifying 100 components
2021-05-05 15:49:56, Info                  CSI    00000136 [SR] Beginning Verify and Repair transaction
2021-05-05 15:49:59, Info                  CSI    00000137 [SR] Verify complete
2021-05-05 15:49:59, Info                  CSI    00000138 [SR] Verifying 100 components
2021-05-05 15:49:59, Info                  CSI    00000139 [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:02, Info                  CSI    0000013a [SR] Verify complete
2021-05-05 15:50:03, Info                  CSI    0000013b [SR] Verifying 100 components
2021-05-05 15:50:03, Info                  CSI    0000013c [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:05, Info                  CSI    0000013d [SR] Verify complete
2021-05-05 15:50:05, Info                  CSI    0000013e [SR] Verifying 100 components
2021-05-05 15:50:05, Info                  CSI    0000013f [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:08, Info                  CSI    00000140 [SR] Verify complete
2021-05-05 15:50:09, Info                  CSI    00000141 [SR] Verifying 100 components
2021-05-05 15:50:09, Info                  CSI    00000142 [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:13, Info                  CSI    00000143 [SR] Verify complete
2021-05-05 15:50:13, Info                  CSI    00000144 [SR] Verifying 100 components
2021-05-05 15:50:13, Info                  CSI    00000145 [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:16, Info                  CSI    00000146 [SR] Verify complete
2021-05-05 15:50:16, Info                  CSI    00000147 [SR] Verifying 100 components
2021-05-05 15:50:16, Info                  CSI    00000148 [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:22, Info                  CSI    00000149 [SR] Verify complete
2021-05-05 15:50:22, Info                  CSI    0000014a [SR] Verifying 100 components
2021-05-05 15:50:22, Info                  CSI    0000014b [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:24, Info                  CSI    0000014c [SR] Verify complete
2021-05-05 15:50:24, Info                  CSI    0000014d [SR] Verifying 100 components
2021-05-05 15:50:24, Info                  CSI    0000014e [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:27, Info                  CSI    0000014f [SR] Verify complete
2021-05-05 15:50:27, Info                  CSI    00000150 [SR] Verifying 100 components
2021-05-05 15:50:27, Info                  CSI    00000151 [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:32, Info                  CSI    00000152 [SR] Verify complete
2021-05-05 15:50:32, Info                  CSI    00000153 [SR] Verifying 100 components
2021-05-05 15:50:32, Info                  CSI    00000154 [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:37, Info                  CSI    00000155 [SR] Verify complete
2021-05-05 15:50:37, Info                  CSI    00000156 [SR] Verifying 100 components
2021-05-05 15:50:37, Info                  CSI    00000157 [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:41, Info                  CSI    00000158 [SR] Verify complete
2021-05-05 15:50:41, Info                  CSI    00000159 [SR] Verifying 100 components
2021-05-05 15:50:41, Info                  CSI    0000015a [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:46, Info                  CSI    0000015f [SR] Verify complete
2021-05-05 15:50:46, Info                  CSI    00000160 [SR] Verifying 100 components
2021-05-05 15:50:46, Info                  CSI    00000161 [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:49, Info                  CSI    00000162 [SR] Verify complete
2021-05-05 15:50:49, Info                  CSI    00000163 [SR] Verifying 100 components
2021-05-05 15:50:49, Info                  CSI    00000164 [SR] Beginning Verify and Repair transaction
2021-05-05 15:50:53, Info                  CSI    00000166 [SR] Verify complete
2021-05-05 15:50:53, Info                  CSI    00000167 [SR] Verifying 100 components
2021-05-05 15:50:53, Info                  CSI    00000168 [SR] Beginning Verify and Repair transaction
2021-05-05 15:51:00, Info                  CSI    0000016c [SR] Verify complete
2021-05-05 15:51:00, Info                  CSI    0000016d [SR] Verifying 100 components
2021-05-05 15:51:00, Info                  CSI    0000016e [SR] Beginning Verify and Repair transaction
2021-05-05 15:51:04, Info                  CSI    0000016f [SR] Verify complete
2021-05-05 15:51:04, Info                  CSI    00000170 [SR] Verifying 100 components
2021-05-05 15:51:04, Info                  CSI    00000171 [SR] Beginning Verify and Repair transaction
2021-05-05 15:51:12, Info                  CSI    00000178 [SR] Verify complete
2021-05-05 15:51:12, Info                  CSI    00000179 [SR] Verifying 100 components
2021-05-05 15:51:12, Info                  CSI    0000017a [SR] Beginning Verify and Repair transaction
2021-05-05 15:51:18, Info                  CSI    0000017c [SR] Verify complete
2021-05-05 15:51:19, Info                  CSI    0000017d [SR] Verifying 100 components
2021-05-05 15:51:19, Info                  CSI    0000017e [SR] Beginning Verify and Repair transaction
2021-05-05 15:51:23, Info                  CSI    00000180 [SR] Verify complete
2021-05-05 15:51:23, Info                  CSI    00000181 [SR] Verifying 100 components
2021-05-05 15:51:23, Info                  CSI    00000182 [SR] Beginning Verify and Repair transaction
2021-05-05 15:51:27, Info                  CSI    00000184 [SR] Verify complete
2021-05-05 15:51:27, Info                  CSI    00000185 [SR] Verifying 100 components
2021-05-05 15:51:27, Info                  CSI    00000186 [SR] Beginning Verify and Repair transaction
2021-05-05 15:51:35, Info                  CSI    0000018b [SR] Verify complete
2021-05-05 15:51:35, Info                  CSI    0000018c [SR] Verifying 100 components
2021-05-05 15:51:35, Info                  CSI    0000018d [SR] Beginning Verify and Repair transaction
2021-05-05 15:51:40, Info                  CSI    00000190 [SR] Verify complete
2021-05-05 15:51:40, Info                  CSI    00000191 [SR] Verifying 100 components
2021-05-05 15:51:40, Info                  CSI    00000192 [SR] Beginning Verify and Repair transaction
2021-05-05 15:51:44, Info                  CSI    00000193 [SR] Verify complete
2021-05-05 15:51:44, Info                  CSI    00000194 [SR] Verifying 100 components
2021-05-05 15:51:44, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2021-05-05 15:51:56, Info                  CSI    00000197 [SR] Verify complete
2021-05-05 15:51:56, Info                  CSI    00000198 [SR] Verifying 100 components
2021-05-05 15:51:56, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2021-05-05 15:52:04, Info                  CSI    0000019b [SR] Verify complete
2021-05-05 15:52:04, Info                  CSI    0000019c [SR] Verifying 100 components
2021-05-05 15:52:04, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2021-05-05 15:52:08, Info                  CSI    0000019e [SR] Verify complete
2021-05-05 15:52:08, Info                  CSI    0000019f [SR] Verifying 100 components
2021-05-05 15:52:08, Info                  CSI    000001a0 [SR] Beginning Verify and Repair transaction
2021-05-05 15:52:12, Info                  CSI    000001a1 [SR] Verify complete
2021-05-05 15:52:12, Info                  CSI    000001a2 [SR] Verifying 100 components
2021-05-05 15:52:12, Info                  CSI    000001a3 [SR] Beginning Verify and Repair transaction
2021-05-05 15:52:16, Info                  CSI    000001a5 [SR] Verify complete
2021-05-05 15:52:16, Info                  CSI    000001a6 [SR] Verifying 100 components
2021-05-05 15:52:16, Info                  CSI    000001a7 [SR] Beginning Verify and Repair transaction
2021-05-05 15:52:22, Info                  CSI    000001a9 [SR] Verify complete
2021-05-05 15:52:22, Info                  CSI    000001aa [SR] Verifying 100 components
2021-05-05 15:52:22, Info                  CSI    000001ab [SR] Beginning Verify and Repair transaction
2021-05-05 15:52:29, Info                  CSI    000001ad [SR] Verify complete
2021-05-05 15:52:29, Info                  CSI    000001ae [SR] Verifying 100 components
2021-05-05 15:52:29, Info                  CSI    000001af [SR] Beginning Verify and Repair transaction
2021-05-05 15:52:35, Info                  CSI    000001b1 [SR] Verify complete
2021-05-05 15:52:35, Info                  CSI    000001b2 [SR] Verifying 100 components
2021-05-05 15:52:35, Info                  CSI    000001b3 [SR] Beginning Verify and Repair transaction
2021-05-05 15:52:40, Info                  CSI    000001b5 [SR] Verify complete
2021-05-05 15:52:41, Info                  CSI    000001b6 [SR] Verifying 100 components
2021-05-05 15:52:41, Info                  CSI    000001b7 [SR] Beginning Verify and Repair transaction
2021-05-05 15:52:49, Info                  CSI    000001ba [SR] Verify complete
2021-05-05 15:52:49, Info                  CSI    000001bb [SR] Verifying 100 components
2021-05-05 15:52:49, Info                  CSI    000001bc [SR] Beginning Verify and Repair transaction
2021-05-05 15:52:52, Info                  CSI    000001bd [SR] Verify complete
2021-05-05 15:52:52, Info                  CSI    000001be [SR] Verifying 100 components
2021-05-05 15:52:52, Info                  CSI    000001bf [SR] Beginning Verify and Repair transaction
2021-05-05 15:52:57, Info                  CSI    000001c1 [SR] Verify complete
2021-05-05 15:52:57, Info                  CSI    000001c2 [SR] Verifying 100 components
2021-05-05 15:52:57, Info                  CSI    000001c3 [SR] Beginning Verify and Repair transaction
2021-05-05 15:53:01, Info                  CSI    000001c4 [SR] Verify complete
2021-05-05 15:53:01, Info                  CSI    000001c5 [SR] Verifying 100 components
2021-05-05 15:53:01, Info                  CSI    000001c6 [SR] Beginning Verify and Repair transaction
2021-05-05 15:53:05, Info                  CSI    000001c8 [SR] Verify complete
2021-05-05 15:53:05, Info                  CSI    000001c9 [SR] Verifying 100 components
2021-05-05 15:53:05, Info                  CSI    000001ca [SR] Beginning Verify and Repair transaction
2021-05-05 15:53:11, Info                  CSI    000001d4 [SR] Verify complete
2021-05-05 15:53:11, Info                  CSI    000001d5 [SR] Verifying 100 components
2021-05-05 15:53:11, Info                  CSI    000001d6 [SR] Beginning Verify and Repair transaction
2021-05-05 15:53:15, Info                  CSI    000001d8 [SR] Verify complete
2021-05-05 15:53:15, Info                  CSI    000001d9 [SR] Verifying 100 components
2021-05-05 15:53:15, Info                  CSI    000001da [SR] Beginning Verify and Repair transaction
2021-05-05 15:53:18, Info                  CSI    000001dd [SR] Verify complete
2021-05-05 15:53:18, Info                  CSI    000001de [SR] Verifying 100 components
2021-05-05 15:53:18, Info                  CSI    000001df [SR] Beginning Verify and Repair transaction
2021-05-05 15:53:27, Info                  CSI    000001e1 [SR] Verify complete
2021-05-05 15:53:27, Info                  CSI    000001e2 [SR] Verifying 100 components
2021-05-05 15:53:27, Info                  CSI    000001e3 [SR] Beginning Verify and Repair transaction
2021-05-05 15:53:34, Info                  CSI    000001e4 [SR] Verify complete
2021-05-05 15:53:34, Info                  CSI    000001e5 [SR] Verifying 100 components
2021-05-05 15:53:34, Info                  CSI    000001e6 [SR] Beginning Verify and Repair transaction
2021-05-05 15:53:38, Info                  CSI    000001e7 [SR] Verify complete
2021-05-05 15:53:38, Info                  CSI    000001e8 [SR] Verifying 100 components
2021-05-05 15:53:38, Info                  CSI    000001e9 [SR] Beginning Verify and Repair transaction
2021-05-05 15:53:42, Info                  CSI    000001ea [SR] Verify complete
2021-05-05 15:53:42, Info                  CSI    000001eb [SR] Verifying 100 components
2021-05-05 15:53:42, Info                  CSI    000001ec [SR] Beginning Verify and Repair transaction
2021-05-05 15:53:46, Info                  CSI    000001ed [SR] Verify complete
2021-05-05 15:53:46, Info                  CSI    000001ee [SR] Verifying 100 components
2021-05-05 15:53:46, Info                  CSI    000001ef [SR] Beginning Verify and Repair transaction
2021-05-05 15:53:50, Info                  CSI    000001f0 [SR] Verify complete
2021-05-05 15:53:50, Info                  CSI    000001f1 [SR] Verifying 100 components
2021-05-05 15:53:50, Info                  CSI    000001f2 [SR] Beginning Verify and Repair transaction
2021-05-05 15:53:57, Info                  CSI    000001f4 [SR] Verify complete
2021-05-05 15:53:57, Info                  CSI    000001f5 [SR] Verifying 100 components
2021-05-05 15:53:57, Info                  CSI    000001f6 [SR] Beginning Verify and Repair transaction
2021-05-05 15:54:04, Info                  CSI    000001f8 [SR] Verify complete
2021-05-05 15:54:04, Info                  CSI    000001f9 [SR] Verifying 100 components
2021-05-05 15:54:04, Info                  CSI    000001fa [SR] Beginning Verify and Repair transaction
2021-05-05 15:54:11, Info                  CSI    000001ff [SR] Verify complete
2021-05-05 15:54:12, Info                  CSI    00000200 [SR] Verifying 100 components
2021-05-05 15:54:12, Info                  CSI    00000201 [SR] Beginning Verify and Repair transaction
2021-05-05 15:54:16, Info                  CSI    00000206 [SR] Verify complete
2021-05-05 15:54:16, Info                  CSI    00000207 [SR] Verifying 100 components
2021-05-05 15:54:16, Info                  CSI    00000208 [SR] Beginning Verify and Repair transaction
2021-05-05 15:54:20, Info                  CSI    00000209 [SR] Verify complete
2021-05-05 15:54:20, Info                  CSI    0000020a [SR] Verifying 100 components
2021-05-05 15:54:20, Info                  CSI    0000020b [SR] Beginning Verify and Repair transaction
2021-05-05 15:54:24, Info                  CSI    0000020c [SR] Verify complete
2021-05-05 15:54:24, Info                  CSI    0000020d [SR] Verifying 100 components
2021-05-05 15:54:24, Info                  CSI    0000020e [SR] Beginning Verify and Repair transaction
2021-05-05 15:54:30, Info                  CSI    0000020f [SR] Verify complete
2021-05-05 15:54:30, Info                  CSI    00000210 [SR] Verifying 100 components
2021-05-05 15:54:30, Info                  CSI    00000211 [SR] Beginning Verify and Repair transaction
2021-05-05 15:54:37, Info                  CSI    00000212 [SR] Verify complete
2021-05-05 15:54:37, Info                  CSI    00000213 [SR] Verifying 100 components
2021-05-05 15:54:37, Info                  CSI    00000214 [SR] Beginning Verify and Repair transaction
2021-05-05 15:54:41, Info                  CSI    00000215 [SR] Verify complete
2021-05-05 15:54:42, Info                  CSI    00000216 [SR] Verifying 100 components
2021-05-05 15:54:42, Info                  CSI    00000217 [SR] Beginning Verify and Repair transaction
2021-05-05 15:54:46, Info                  CSI    00000219 [SR] Verify complete
2021-05-05 15:54:46, Info                  CSI    0000021a [SR] Verifying 100 components
2021-05-05 15:54:46, Info                  CSI    0000021b [SR] Beginning Verify and Repair transaction
2021-05-05 15:54:50, Info                  CSI    0000021c [SR] Verify complete
2021-05-05 15:54:50, Info                  CSI    0000021d [SR] Verifying 100 components
2021-05-05 15:54:50, Info                  CSI    0000021e [SR] Beginning Verify and Repair transaction
2021-05-05 15:54:56, Info                  CSI    00000223 [SR] Verify complete
2021-05-05 15:54:56, Info                  CSI    00000224 [SR] Verifying 100 components
2021-05-05 15:54:56, Info                  CSI    00000225 [SR] Beginning Verify and Repair transaction
2021-05-05 15:55:03, Info                  CSI    00000226 [SR] Verify complete
2021-05-05 15:55:04, Info                  CSI    00000227 [SR] Verifying 100 components
2021-05-05 15:55:04, Info                  CSI    00000228 [SR] Beginning Verify and Repair transaction
2021-05-05 15:55:08, Info                  CSI    00000229 [SR] Verify complete
2021-05-05 15:55:08, Info                  CSI    0000022a [SR] Verifying 100 components
2021-05-05 15:55:08, Info                  CSI    0000022b [SR] Beginning Verify and Repair transaction
2021-05-05 15:55:13, Info                  CSI    0000022d [SR] Verify complete
2021-05-05 15:55:13, Info                  CSI    0000022e [SR] Verifying 100 components
2021-05-05 15:55:13, Info                  CSI    0000022f [SR] Beginning Verify and Repair transaction
2021-05-05 15:55:17, Info                  CSI    00000230 [SR] Verify complete
2021-05-05 15:55:17, Info                  CSI    00000231 [SR] Verifying 100 components
2021-05-05 15:55:17, Info                  CSI    00000232 [SR] Beginning Verify and Repair transaction
2021-05-05 15:55:21, Info                  CSI    00000237 [SR] Repairing file \??\C:\WINDOWS\SysWOW64\\FXSCOMEX.dll from store
2021-05-05 15:55:21, Info                  CSI    00000239 [SR] Repairing file \??\C:\WINDOWS\SysWOW64\\WinFax.dll from store
2021-05-05 15:55:21, Info                  CSI    0000023b [SR] Repairing file \??\C:\WINDOWS\SysWOW64\\FXSRESM.dll from store
2021-05-05 15:55:21, Info                  CSI    0000023c [SR] Verify complete
2021-05-05 15:55:21, Info                  CSI    0000023d [SR] Verifying 100 components
2021-05-05 15:55:21, Info                  CSI    0000023e [SR] Beginning Verify and Repair transaction
2021-05-05 15:55:25, Info                  CSI    0000023f [SR] Verify complete
2021-05-05 15:55:25, Info                  CSI    00000240 [SR] Verifying 100 components
2021-05-05 15:55:25, Info                  CSI    00000241 [SR] Beginning Verify and Repair transaction
2021-05-05 15:55:27, Info                  CSI    00000242 [SR] Verify complete
2021-05-05 15:55:27, Info                  CSI    00000243 [SR] Verifying 100 components
2021-05-05 15:55:27, Info                  CSI    00000244 [SR] Beginning Verify and Repair transaction
2021-05-05 15:55:30, Info                  CSI    00000245 [SR] Verify complete
2021-05-05 15:55:30, Info                  CSI    00000246 [SR] Verifying 100 components
2021-05-05 15:55:30, Info                  CSI    00000247 [SR] Beginning Verify and Repair transaction
2021-05-05 15:55:34, Info                  CSI    0000024a [SR] Verify complete
2021-05-05 15:55:34, Info                  CSI    0000024b [SR] Verifying 100 components
2021-05-05 15:55:34, Info                  CSI    0000024c [SR] Beginning Verify and Repair transaction
2021-05-05 15:55:40, Info                  CSI    0000024e [SR] Verify complete
2021-05-05 15:55:40, Info                  CSI    0000024f [SR] Verifying 100 components
2021-05-05 15:55:40, Info                  CSI    00000250 [SR] Beginning Verify and Repair transaction
2021-05-05 15:55:43, Info                  CSI    00000251 [SR] Verify complete
2021-05-05 15:55:43, Info                  CSI    00000252 [SR] Verifying 100 components
2021-05-05 15:55:43, Info                  CSI    00000253 [SR] Beginning Verify and Repair transaction
2021-05-05 15:55:48, Info                  CSI    00000256 [SR] Verify complete
2021-05-05 15:55:48, Info                  CSI    00000257 [SR] Verifying 100 components
2021-05-05 15:55:48, Info                  CSI    00000258 [SR] Beginning Verify and Repair transaction
2021-05-05 15:55:55, Info                  CSI    0000025c [SR] Verify complete
2021-05-05 15:55:55, Info                  CSI    0000025d [SR] Verifying 100 components
2021-05-05 15:55:55, Info                  CSI    0000025e [SR] Beginning Verify and Repair transaction
2021-05-05 15:56:00, Info                  CSI    0000025f [SR] Verify complete
2021-05-05 15:56:00, Info                  CSI    00000260 [SR] Verifying 100 components
2021-05-05 15:56:00, Info                  CSI    00000261 [SR] Beginning Verify and Repair transaction
2021-05-05 15:56:06, Info                  CSI    00000263 [SR] Verify complete
2021-05-05 15:56:06, Info                  CSI    00000264 [SR] Verifying 100 components
2021-05-05 15:56:06, Info                  CSI    00000265 [SR] Beginning Verify and Repair transaction
2021-05-05 15:56:09, Info                  CSI    00000266 [SR] Verify complete
2021-05-05 15:56:09, Info                  CSI    00000267 [SR] Verifying 100 components
2021-05-05 15:56:09, Info                  CSI    00000268 [SR] Beginning Verify and Repair transaction
2021-05-05 15:56:12, Info                  CSI    0000026a [SR] Verify complete
2021-05-05 15:56:12, Info                  CSI    0000026b [SR] Verifying 100 components
2021-05-05 15:56:12, Info                  CSI    0000026c [SR] Beginning Verify and Repair transaction
2021-05-05 15:56:16, Info                  CSI    0000026d [SR] Verify complete
2021-05-05 15:56:16, Info                  CSI    0000026e [SR] Verifying 100 components
2021-05-05 15:56:16, Info                  CSI    0000026f [SR] Beginning Verify and Repair transaction
2021-05-05 15:56:21, Info                  CSI    00000271 [SR] Verify complete
2021-05-05 15:56:21, Info                  CSI    00000272 [SR] Verifying 100 components
2021-05-05 15:56:21, Info                  CSI    00000273 [SR] Beginning Verify and Repair transaction
2021-05-05 15:56:24, Info                  CSI    00000275 [SR] Repairing file \??\C:\WINDOWS\SysWOW64\\fveapibase.dll from store
2021-05-05 15:56:24, Info                  CSI    00000277 [SR] Repairing file \??\C:\WINDOWS\SysWOW64\\fveapi.dll from store
2021-05-05 15:56:25, Info                  CSI    00000278 [SR] Verify complete
2021-05-05 15:56:25, Info                  CSI    00000279 [SR] Verifying 100 components
2021-05-05 15:56:25, Info                  CSI    0000027a [SR] Beginning Verify and Repair transaction
2021-05-05 15:56:31, Info                  CSI    00000280 [SR] Verify complete
2021-05-05 15:56:31, Info                  CSI    00000281 [SR] Verifying 100 components
2021-05-05 15:56:31, Info                  CSI    00000282 [SR] Beginning Verify and Repair transaction
2021-05-05 15:56:36, Info                  CSI    00000283 [SR] Verify complete
2021-05-05 15:56:37, Info                  CSI    00000284 [SR] Verifying 100 components
2021-05-05 15:56:37, Info                  CSI    00000285 [SR] Beginning Verify and Repair transaction
2021-05-05 15:56:43, Info                  CSI    00000288 [SR] Verify complete
2021-05-05 15:56:43, Info                  CSI    00000289 [SR] Verifying 100 components
2021-05-05 15:56:43, Info                  CSI    0000028a [SR] Beginning Verify and Repair transaction
2021-05-05 15:56:51, Info                  CSI    0000028b [SR] Verify complete
2021-05-05 15:56:51, Info                  CSI    0000028c [SR] Verifying 100 components
2021-05-05 15:56:51, Info                  CSI    0000028d [SR] Beginning Verify and Repair transaction
2021-05-05 15:56:56, Info                  CSI    0000028e [SR] Verify complete
2021-05-05 15:56:56, Info                  CSI    0000028f [SR] Verifying 100 components
2021-05-05 15:56:56, Info                  CSI    00000290 [SR] Beginning Verify and Repair transaction
2021-05-05 15:57:05, Info                  CSI    00000293 [SR] Verify complete
2021-05-05 15:57:05, Info                  CSI    00000294 [SR] Verifying 100 components
2021-05-05 15:57:05, Info                  CSI    00000295 [SR] Beginning Verify and Repair transaction
2021-05-05 15:57:09, Info                  CSI    00000296 [SR] Verify complete
2021-05-05 15:57:09, Info                  CSI    00000297 [SR] Verifying 100 components
2021-05-05 15:57:09, Info                  CSI    00000298 [SR] Beginning Verify and Repair transaction
2021-05-05 15:57:14, Info                  CSI    00000299 [SR] Verify complete
2021-05-05 15:57:14, Info                  CSI    0000029a [SR] Verifying 100 components
2021-05-05 15:57:14, Info                  CSI    0000029b [SR] Beginning Verify and Repair transaction
2021-05-05 15:57:22, Info                  CSI    0000029c [SR] Verify complete
2021-05-05 15:57:22, Info                  CSI    0000029d [SR] Verifying 100 components
2021-05-05 15:57:22, Info                  CSI    0000029e [SR] Beginning Verify and Repair transaction
2021-05-05 15:57:28, Info                  CSI    000002a0 [SR] Verify complete
2021-05-05 15:57:28, Info                  CSI    000002a1 [SR] Verifying 100 components
2021-05-05 15:57:28, Info                  CSI    000002a2 [SR] Beginning Verify and Repair transaction
2021-05-05 15:57:33, Info                  CSI    000002a3 [SR] Verify complete
2021-05-05 15:57:33, Info                  CSI    000002a4 [SR] Verifying 100 components
2021-05-05 15:57:33, Info                  CSI    000002a5 [SR] Beginning Verify and Repair transaction
2021-05-05 15:57:39, Info                  CSI    000002a9 [SR] Verify complete
2021-05-05 15:57:39, Info                  CSI    000002aa [SR] Verifying 100 components
2021-05-05 15:57:39, Info                  CSI    000002ab [SR] Beginning Verify and Repair transaction
2021-05-05 15:57:45, Info                  CSI    000002ac [SR] Verify complete
2021-05-05 15:57:45, Info                  CSI    000002ad [SR] Verifying 100 components
2021-05-05 15:57:45, Info                  CSI    000002ae [SR] Beginning Verify and Repair transaction
2021-05-05 15:57:50, Info                  CSI    000002af [SR] Verify complete
2021-05-05 15:57:50, Info                  CSI    000002b0 [SR] Verifying 100 components
2021-05-05 15:57:50, Info                  CSI    000002b1 [SR] Beginning Verify and Repair transaction
2021-05-05 15:57:53, Info                  CSI    000002b2 [SR] Verify complete
2021-05-05 15:57:53, Info                  CSI    000002b3 [SR] Verifying 100 components
2021-05-05 15:57:53, Info                  CSI    000002b4 [SR] Beginning Verify and Repair transaction
2021-05-05 15:57:55, Info                  CSI    000002b5 [SR] Verify complete
2021-05-05 15:57:55, Info                  CSI    000002b6 [SR] Verifying 100 components
2021-05-05 15:57:55, Info                  CSI    000002b7 [SR] Beginning Verify and Repair transaction
2021-05-05 15:57:59, Info                  CSI    000002bb [SR] Verify complete
2021-05-05 15:57:59, Info                  CSI    000002bc [SR] Verifying 100 components
2021-05-05 15:57:59, Info                  CSI    000002bd [SR] Beginning Verify and Repair transaction
2021-05-05 15:58:03, Info                  CSI    000002be [SR] Verify complete
2021-05-05 15:58:03, Info                  CSI    000002bf [SR] Verifying 100 components
2021-05-05 15:58:03, Info                  CSI    000002c0 [SR] Beginning Verify and Repair transaction
2021-05-05 15:58:07, Info                  CSI    000002c2 [SR] Verify complete
2021-05-05 15:58:07, Info                  CSI    000002c3 [SR] Verifying 100 components
2021-05-05 15:58:07, Info                  CSI    000002c4 [SR] Beginning Verify and Repair transaction
2021-05-05 15:58:13, Info                  CSI    000002c5 [SR] Verify complete
2021-05-05 15:58:14, Info                  CSI    000002c6 [SR] Verifying 49 components
2021-05-05 15:58:14, Info                  CSI    000002c7 [SR] Beginning Verify and Repair transaction
2021-05-05 15:58:17, Info                  CSI    000002c9 [SR] Verify complete
2021-05-05 15:58:17, Info                  CSI    000002ca [SR] Repairing 3 components
2021-05-05 15:58:17, Info                  CSI    000002cb [SR] Beginning Verify and Repair transaction
2021-05-05 15:58:19, Info                  CSI    000002cd [SR] Repairing file \??\C:\WINDOWS\System32\\FXSCOM.dll from store
2021-05-05 15:58:19, Info                  CSI    000002cf [SR] Repairing file \??\C:\WINDOWS\SysWOW64\\FXSCOMEX.dll from store
2021-05-05 15:58:19, Info                  CSI    000002d1 [SR] Repairing file \??\C:\WINDOWS\SysWOW64\\WinFax.dll from store
2021-05-05 15:58:19, Info                  CSI    000002d3 [SR] Repairing file \??\C:\WINDOWS\SysWOW64\\FXSRESM.dll from store
2021-05-05 15:58:19, Info                  CSI    000002d5 [SR] Repairing file \??\C:\WINDOWS\SysWOW64\\fveapibase.dll from store
2021-05-05 15:58:19, Info                  CSI    000002d7 [SR] Repairing file \??\C:\WINDOWS\SysWOW64\\fveapi.dll from store
2021-05-05 15:58:19, Info                  CSI    000002d8 [SR] Repair complete
2021-05-05 15:58:19, Info                  CSI    000002d9 [SR] Committing transaction
2021-05-05 15:58:20, Info                  CSI    000002de [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 15:59:45 ====

  • 0

Advertisements

#11
fonzy
Posted 05 May 2021 - 09:43 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system seems to be having difficulty handling real-time audio and other tasks. You may experience drop outs, clicks or pops due to buffer underruns. One or more DPC routines that belong to a driver running in your system appear to be executing for too long. Also one or more ISR routines that belong to a driver running in your system appear to be executing for too long. One problem may be related to power management, disable CPU throttling settings in Control Panel and BIOS setup. Check for BIOS updates. 
LatencyMon has been analyzing your system for  0:00:33  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        CHARLIE-LAPTOP
OS version:                                           Windows 10, 10.0, version 2009, build: 19042 (x64)
Hardware:                                             HP Pavilion Laptop 15-cc5xx, HP
CPU:                                                  GenuineIntel Intel® Core™ i3-7100U CPU @ 2.40GHz
Logical processors:                                   4
Processor groups:                                     1
RAM:                                                  8077 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   240 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   1327.40
Average measured interrupt to process latency (µs):   11.427830
 
Highest measured interrupt to DPC latency (µs):       1305.90
Average measured interrupt to DPC latency (µs):       4.482879
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              1210.126667
Driver with highest ISR routine execution time:       Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.518020
Driver with highest ISR total time:                   Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.526012
 
ISR count (execution time <250 µs):                   15017
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               5
ISR count (execution time 1000-2000 µs):              1
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              1609.600833
Driver with highest DPC routine execution time:       Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.118498
Driver with highest DPC total execution time:         Wdf01000.sys - Kernel Mode Driver Framework Runtime, Microsoft Corporation
 
Total time spent in DPCs (%)                          0.432204
 
DPC count (execution time <250 µs):                   37620
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              75
DPC count (execution time 1000-2000 µs):              26
DPC count (execution time 2000-4000 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 system
 
Total number of hard pagefaults                       3237
Hard pagefault count of hardest hit process:          561
Number of processes hit:                              54
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       1.352879
CPU 0 ISR highest execution time (µs):                1210.126667
CPU 0 ISR total execution time (s):                   0.670815
CPU 0 ISR count:                                      14401
CPU 0 DPC highest execution time (µs):                1609.600833
CPU 0 DPC total execution time (s):                   0.476194
CPU 0 DPC count:                                      30762
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.231621
CPU 1 ISR highest execution time (µs):                228.368333
CPU 1 ISR total execution time (s):                   0.032715
CPU 1 ISR count:                                      622
CPU 1 DPC highest execution time (µs):                1125.381667
CPU 1 DPC total execution time (s):                   0.062665
CPU 1 DPC count:                                      3880
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0.151924
CPU 2 ISR highest execution time (µs):                0.0
CPU 2 ISR total execution time (s):                   0.0
CPU 2 ISR count:                                      0
CPU 2 DPC highest execution time (µs):                699.1250
CPU 2 DPC total execution time (s):                   0.032106
CPU 2 DPC count:                                      2161
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0.083854
CPU 3 ISR highest execution time (µs):                0.0
CPU 3 ISR total execution time (s):                   0.0
CPU 3 ISR count:                                      0
CPU 3 DPC highest execution time (µs):                148.738333
CPU 3 DPC total execution time (s):                   0.007099
CPU 3 DPC count:                                      918
_________________________________________________________________________________________________________

  • 0

#12
fonzy
Posted 05 May 2021 - 09:46 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Latency monitor screenshots attached

Attached Thumbnails

  • Total execution.JPG
  • Processes.JPG

  • 0

#13
RKinner
Posted 05 May 2021 - 10:13 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Do you have anything connected to a USB port?

 

Let's try and update your PC to the latest version.  Go to

https://www.microsof...nload/windows10

Click on Update Now.  Save the file and then go to the download folder and right click on the file and Run As Admin.

 

Follow the instructions.  When it finishes and reboots you should be up to the very latest but make sure by going to Settings, Update & Security and Check for Updates

 

When you are sure you are up to date then run Latency Monitor again as before.


  • 0

#14
fonzy
Posted 07 May 2021 - 03:38 AM

fonzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts

Hi,

 

there is nothing connected to the laptop. I have attached the two new images.

 

Thanks

Attached Thumbnails

  • processes.JPG
  • Drivers.JPG

  • 0

#15
RKinner
Posted 07 May 2021 - 08:51 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Looks like your Origin game is causing a lot of the problem.  See if this helps:

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   566bytes   161 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Then rerun Lat Mon for about 20 seconds.  Post the summary and the two screen shots.

 

This is just disabling two unnecessary services recently added by Origin/EA.  See:

 

https://www.reddit.c...s_how/?sort=top

 


 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP