Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC Running Slower & Slower


  • Please log in to reply

#1
need2no

need2no

    Member

  • Member
  • PipPip
  • 35 posts

Hi,

 

My PC has been running slower & slower each day. I've noticed this starting about 3 months ago. It's now gotten to the point where it takes more than a minute to open any app, sometimes two. It also takes forever to refresh my emails.

 

I've run Malwarebytes & SUPERAntiSpyware numerous times. I don't feel it has helped any.

 

Any help will be much appreciated.

 

Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-11-2021
Ran by Joe (administrator) on JOE (Dell Inc. OptiPlex 9020) (29-11-2021 23:18:13)
Running from C:\Users\jotot_000\Desktop
Loaded Profiles: Joe
Platform: Microsoft Windows 10 Pro Version 21H1 19043.1348 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Advanced Micro Devices, Inc. -> ) C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(FUJIFILM Corporation.) [File not signed] C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
(GoPro, Inc. -> ) C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.Application.exe
(Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Memeo Inc. -> Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Memeo Inc. -> Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21102.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(PDFescape -> Red Software) C:\Program Files\PDFescape Desktop\creator\common\creator-ws.exe
(PDFescape -> Red Software) C:\Program Files\PDFescape Desktop\updater-ws.exe
(PDFescape -> Red Software) C:\Program Files\PDFescape Desktop\ws.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Starfield Technologies, LLC -> Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Support.com Inc -> SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8538872 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1415928 2016-01-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2017-03-16] (GoPro, Inc. -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-11-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3800328 2018-04-27] (Intuit, Inc. -> Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [137088 2012-10-11] (Memeo Inc. -> Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79776 2012-10-15] (Memeo Inc. -> )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779448 2021-05-10] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5267168 2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1318024 2020-07-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11224432 2021-08-19] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Starfield Updater] => C:\Users\jotot_000\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2016-01-27] (Starfield Technologies, Inc. -> Starfield Technologies)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [wben] => C:\Users\jotot_000\AppData\Local\Workspace\wben.exe [1078896 2014-10-20] (Starfield Technologies, LLC -> Starfield Technologies, LLC)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Workspace Status] => C:\Users\jotot_000\AppData\Local\Workspace\workspacestatus.exe [694760 2016-01-27] (Starfield Technologies, Inc. -> Starfield Technologies)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50615936 2016-01-18] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [190280 2021-11-17] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65160 2021-05-28] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON WF-3520 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMJJE.DLL [120320 2015-01-19] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-15] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2018-05-29]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Newsflash.lnk [2015-11-23]
ShortcutTarget: Newsflash.lnk -> C:\Program Files (x86)\Common Files\MySoftware\Newsflsh.exe (Avanquest USA LLC) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2020-12-24]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2020-12-24]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2021\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Set FUJIFILM PC AutoSave to stby.lnk [2016-08-09]
ShortcutTarget: Set FUJIFILM PC AutoSave to stby.lnk -> C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe (FUJIFILM Corporation.) [File not signed]
GroupPolicy: Restriction - Chrome <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {029DEE92-B63C-4671-83D6-DB6402D7F115} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {07A5D3DA-E275-4712-B056-3BFED65BCB35} - System32\Tasks\EPSON DS-410 Update => C:\Program Files (x86)\epson\Epson Scan 2\Update\e_dtsksd.exe [690176 2019-03-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
Task: {0BAC6AF9-45E0-4D81-9E8E-0B3B04E52DE3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {198692F1-5D55-44D1-970B-892F0833324C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1A99D41F-1667-4B48-A870-2FF47FDBCEBB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {2D86FBC9-D223-4327-85DC-C8FBC1211656} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-jototh@optonline.net => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (No File)
Task: {4DA29701-9247-41F8-ACD2-36C79E03467D} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [382672 2021-10-11] (Intuit, Inc. -> Intuit Inc.)
Task: {53E53AA2-6F49-4F1E-8FB4-B975FBB8B08A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5C9D3DFA-4106-41FE-BB34-DD73630449E9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {6166BE6D-B100-4CFB-98CB-AE5A8772EA84} - System32\Tasks\G2MUploadTask-S-1-5-21-1867227179-3748921823-2400054393-1001 => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupload.exe [31176 2021-11-10] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {616F008C-5800-435B-BBAE-CC8BA00CF787} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {64995C7B-7DA0-41EB-BC6C-0CBD7661882E} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {6B9B649C-E29F-4437-B9AC-BBB2FAC772F7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {816791A3-4811-4BF3-AC62-290C308EFD86} - System32\Tasks\Outlook Express => C:\Program Files (x86)\Outlook Express\tray.exe (No File)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {8793A82F-25D2-4FBC-B126-D0A6531552DB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {87F0E834-C773-43BB-B997-9FD2DCCD275D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8E813C2C-EF13-4F4C-9D89-4028532547BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-02] (Google Inc -> Google Inc.)
Task: {9C84C4B1-BDB5-40D6-B95D-8E80FB9951D3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1162160 2021-11-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {ABE7D929-CDE7-48A7-B776-2CDA78969139} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-11] (HP Inc. -> HP Inc.)
Task: {AF4FE8A2-6250-44C1-A10E-04CC2DD2D6D8} - System32\Tasks\G2MUpdateTask-S-1-5-21-1867227179-3748921823-2400054393-1001 => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupdate.exe [31176 2021-11-10] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D28B67D0-BC6C-4708-B40C-D68CC2F099EE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D7D9C867-03F2-4A17-B740-AA81896A713B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {E0440421-DE51-4D65-9415-5E8C7B17FA9C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB482E52-87E2-40EF-80E1-B7AEE77F2F6D} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [38504 2021-05-11] (HP Inc. -> HP Inc.)
Task: {F0A12BC8-E204-4512-8F65-04342B30DB13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-02-02] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON DS-410 Update.job => C:\Program Files (x86)\epson\Epson Scan 2\Update\e_dtsksd.exe/EXE_S:EPSON DS-410,ES0159.DAT /F:UpdateJOE\JoeĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1867227179-3748921823-2400054393-1001.job => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1867227179-3748921823-2400054393-1001.job => C:\Users\jotot_000\AppData\Local\GoToMeeting\19932\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{469b0b08-473a-41ff-a6da-1e3bc03494a9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{93c88401-f7b1-4dd7-8a17-fa3bcc99a41e}: [DhcpNameServer] 172.20.10.1

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\jotot_000\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-17]
Edge Extension: (McAfee® WebAdvisor) - C:\Users\jotot_000\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2021-10-29]

FireFox:
========
FF DefaultProfile: 9ddwzvzd.default-1598568816359
FF ProfilePath: C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release [2021-11-29]
FF Notifications: Mozilla\Firefox\Profiles\tnu8utwl.default-release -> hxxps://www.smithsonianmag.com; hxxps://www.propertyshark.com; hxxps://mail.google.com
FF Extension: (WBE Paste) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2016-01-27] [Legacy] [not signed]
FF Extension: (True Key™ by McAfee) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release\Extensions\@true-key.xpi [2021-11-19] [UpdateUrl:hxxps://downloads.truekey.com/firefox/update.json]
FF Extension: (Honey) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi [2021-06-26]
FF Extension: (McAfee® WebAdvisor) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release\Extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}.xpi [2021-07-26] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\tnu8utwl.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-11-26]
FF ProfilePath: C:\Users\jotot_000\AppData\Roaming\Mozilla\Firefox\Profiles\9ddwzvzd.default-1598568816359 [2021-11-29]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-05-10] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\GlanceGuest\npglance.dll [2018-01-24] (Glance Networks Inc -> Glance Networks, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2019-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2019-01-15] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-05-10] (Adobe Inc. -> Adobe Systems)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @citrixonline.com/appdetectorplugin -> C:\Users\jotot_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-15] (Citrix Online -> Citrix Online)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @starfield.com/off -> C:\Users\jotot_000\AppData\Roaming\Mozilla\Plugins\npoff.dll [2016-01-27] (Starfield Technologies, LLC ->  Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @starfield.com/off64 -> C:\Users\jotot_000\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2016-01-27] (Starfield Technologies, LLC ->  Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @starfield.com/wbe -> C:\Users\jotot_000\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2016-01-27] (Starfield Technologies, Inc. -> Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-1867227179-3748921823-2400054393-1001: @starfield.com/wbe64 -> C:\Users\jotot_000\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2016-01-27] (Starfield Technologies, Inc. -> Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\jotot_000\AppData\Roaming\mozilla\plugins\npoff.dll [2016-01-27]
FF Plugin ProgramFiles/Appdata: C:\Users\jotot_000\AppData\Roaming\mozilla\plugins\npoff64.dll [2016-01-27]
FF Plugin ProgramFiles/Appdata: C:\Users\jotot_000\AppData\Roaming\mozilla\plugins\npwbe.dll [2016-01-27]
FF Plugin ProgramFiles/Appdata: C:\Users\jotot_000\AppData\Roaming\mozilla\plugins\npwbe64.dll [2016-01-27]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default [2021-11-22]
CHR Notifications: Default -> hxxps://pdfconverterhub.com; hxxps://www.facebook.com; hxxps://zmusic-online.com
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
CHR DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Extension: (Slides) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-31]
CHR Extension: (Docs) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-31]
CHR Extension: (Google Drive) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-17]
CHR Extension: (DuckDuckGo) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2021-11-02]
CHR Extension: (YouTube) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-02]
CHR Extension: (Salesforce Inbox) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkgdfnjmgamkcpjdljdncfjcegpgcdg [2021-02-21]
CHR Extension: (Google Search) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-02]
CHR Extension: (Yahoo Partner) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofoafnmdocgkdphpkdooahjkhpmakjd [2020-08-27]
CHR Extension: (Adobe Acrobat) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-11-17]
CHR Extension: (McAfee® Secure Search) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\enppghjcblldgigemljohkgpcompnjgh [2021-05-21]
CHR Extension: (Sheets) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-02]
CHR Extension: (Glance Networks) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gniobnbbehpgbcamkdplghfimhocklgb [2020-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-28]
CHR Extension: (Gmail) - C:\Users\jotot_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-17]
CHR HKLM\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [enppghjcblldgigemljohkgpcompnjgh]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-11-21] (Advanced Micro Devices, Inc. -> )
R2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-12-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842424 2021-05-10] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [206304 2020-05-19] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.) [File not signed]
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies, LLC -> Starfield Technologies)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] (GoPro, Inc. -> )
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-11] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7848632 2021-11-10] (Malwarebytes Inc -> Malwarebytes)
R3 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2440568 2019-01-18] (PDFescape -> Red Software)
R2 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator\common\creator-ws.exe [715640 2019-01-18] (PDFescape -> Red Software)
R2 PDFescape Desktop Update Service; C:\Program Files\PDFescape Desktop\updater-ws.exe [697208 2019-01-18] (PDFescape -> Red Software)
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-03-17] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-03-17] (Intuit Inc.) [File not signed]
R2 QBWCMonitor; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe [40784 2021-04-08] (Intuit, Inc. -> )
R2 SeagateDashboardService; C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14752 2012-10-15] (Memeo Inc. -> Memeo)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-11-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-10] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-11-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-29 23:18 - 2021-11-29 23:22 - 000040256 _____ C:\Users\jotot_000\Desktop\FRST.txt
2021-11-29 23:17 - 2021-11-29 23:17 - 000000000 ____D C:\Users\jotot_000\Desktop\FRST-OlderVersion
2021-11-29 23:16 - 2021-11-29 23:17 - 002311680 _____ (Farbar) C:\Users\jotot_000\Desktop\FRST64.exe
2021-11-29 17:21 - 2021-11-29 17:50 - 001741412 _____ C:\WINDOWS\Minidump\112921-55500-01.dmp
2021-11-25 06:26 - 2021-11-25 06:26 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-11-17 11:42 - 2021-11-29 23:21 - 000000000 ____D C:\FRST
2021-11-17 11:30 - 2021-11-17 11:30 - 002299904 _____ (Farbar) C:\Users\jotot_000\Downloads\FRST64.exe
2021-11-17 10:29 - 2021-11-17 10:29 - 000000052 _____ C:\Users\jotot_000\AppData\Local\xx.ini
2021-11-17 10:29 - 2021-11-17 10:29 - 000000000 ____D C:\Users\jotot_000\AppData\Local\Alpemix
2021-11-17 10:28 - 2021-11-17 10:28 - 001776008 _____ (Teknopars Bilisim) C:\Users\jotot_000\Downloads\Alpemix.exe
2021-11-12 12:43 - 2021-11-12 12:43 - 003559920 _____ C:\Users\jotot_000\Desktop\POLICY 15 Manitou 21.22.pdf
2021-11-12 11:36 - 2021-11-12 11:36 - 000138448 _____ C:\Users\jotot_000\Desktop\WRAS BOR Shelterpoint.pdf
2021-11-12 11:35 - 2021-11-12 11:35 - 000141967 _____ C:\Users\jotot_000\Desktop\C&R BOR ShelterPoint.pdf
2021-11-11 12:13 - 2021-11-11 12:13 - 000662190 _____ C:\Users\jotot_000\Desktop\DMAS Lancer APP Tow Truck.pdf
2021-11-10 12:32 - 2021-11-10 12:32 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-11-10 12:32 - 2021-11-10 12:32 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-11-10 12:32 - 2021-11-10 12:32 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-11-10 12:32 - 2021-11-10 12:32 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-11-10 12:32 - 2021-11-10 12:32 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-11-09 18:05 - 2021-11-09 18:05 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-09 18:04 - 2021-11-09 18:04 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-09 18:04 - 2021-11-09 18:04 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-09 18:03 - 2021-11-09 18:03 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-09 17:35 - 2021-11-09 17:35 - 000000000 ___HD C:\$WinREAgent
2021-11-09 00:45 - 2021-11-09 00:45 - 000000000 ____D C:\Users\jotot_000\AppData\Local\SaRALogs
2021-11-09 00:44 - 2021-11-09 00:44 - 000000000 ____D C:\Users\jotot_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2021-11-09 00:43 - 2021-11-09 00:47 - 000000000 ____D C:\Users\jotot_000\AppData\Local\Deployment
2021-11-09 00:43 - 2021-11-09 00:43 - 000000000 ____D C:\Users\jotot_000\AppData\Local\Apps\2.0
2021-11-08 16:46 - 2021-11-08 17:57 - 000243282 _____ C:\Users\jotot_000\Desktop\DMAS Tow Truck POLICY 21 - 22.pdf
2021-11-08 16:45 - 2021-11-08 16:45 - 000033749 _____ C:\Users\jotot_000\Desktop\DMAS Vehicle ID Card 21 - 22.pdf
2021-11-08 11:41 - 2021-11-08 11:41 - 000052466 _____ C:\Users\jotot_000\Desktop\S&A - Dealer Plate App 1mil.pdf
2021-11-08 11:40 - 2021-11-08 11:40 - 000245517 _____ C:\Users\jotot_000\Desktop\S&A Cars QUOTE 1mil.pdf
2021-11-05 12:36 - 2021-11-05 12:36 - 000245514 _____ C:\Users\jotot_000\Desktop\S&A Cars QUOTE 100k.pdf
2021-11-05 12:35 - 2021-11-05 12:35 - 000052465 _____ C:\Users\jotot_000\Desktop\S&A - Dealer Plate App 100k.pdf
2021-11-05 10:03 - 2021-11-05 10:03 - 000013954 _____ C:\Users\jotot_000\Desktop\Mercito Refund Invoice.pdf
2021-11-05 10:02 - 2021-11-05 10:02 - 000039860 _____ C:\Users\jotot_000\Desktop\Mercito CANCELLATION NOTICE.pdf
2021-11-04 10:05 - 2021-11-04 10:05 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-04 10:05 - 2021-11-04 10:05 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-03 14:53 - 2021-11-03 14:53 - 000008279 _____ C:\Users\jotot_000\Desktop\WRAS Lancer Statement.pdf
2021-11-02 12:05 - 2021-11-02 12:05 - 000141552 _____ C:\Users\jotot_000\Desktop\DMAS Tow Truck BOR.pdf
2021-11-02 11:54 - 2021-11-02 11:54 - 000391892 _____ C:\Users\jotot_000\Desktop\DMAS Tow Truck Acord 137.pdf
2021-11-02 11:53 - 2021-11-02 11:53 - 000355222 _____ C:\Users\jotot_000\Desktop\DMAS Tow Truck ACORD 127.pdf
2021-11-02 11:52 - 2021-11-02 11:52 - 001328627 _____ C:\Users\jotot_000\Desktop\DMAS Tow Truck ACORD 125.pdf
2021-11-02 11:46 - 2021-11-02 11:46 - 000000000 ____D C:\Users\jotot_000\Desktop\Guatelinda Titling App
2021-11-01 12:58 - 2021-11-29 17:01 - 000000000 ____D C:\Users\jotot_000\Documents\Outlook Files
2021-11-01 12:14 - 2021-11-01 12:14 - 000001427 _____ C:\Users\jotot_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-29 23:13 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-29 22:55 - 2016-02-02 10:58 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-29 22:44 - 2019-02-12 20:20 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-29 22:43 - 2016-11-15 16:34 - 000000000 ____D C:\Users\jotot_000\AppData\LocalLow\Mozilla
2021-11-29 21:51 - 2020-09-05 02:29 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-29 17:52 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-29 17:52 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-29 17:50 - 2021-05-20 13:23 - 000000000 ____D C:\WINDOWS\Minidump
2021-11-29 17:50 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-29 17:35 - 2020-04-07 14:41 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-11-29 17:29 - 2020-04-07 14:56 - 000000000 ___RD C:\Users\jotot_000\Creative Cloud Files
2021-11-29 17:28 - 2020-09-05 05:59 - 000792922 _____ C:\WINDOWS\system32\perfh00C.dat
2021-11-29 17:28 - 2020-09-05 05:59 - 000150378 _____ C:\WINDOWS\system32\perfc00C.dat
2021-11-29 17:28 - 2020-09-05 02:50 - 001778710 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-29 17:24 - 2021-07-08 10:26 - 000000000 ____D C:\Users\jotot_000\AppData\LocalLow\IGDump
2021-11-29 17:23 - 2017-06-09 23:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-11-29 17:21 - 2021-09-25 09:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-29 17:21 - 2020-09-05 03:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-29 17:21 - 2020-09-05 02:28 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-29 17:21 - 2020-04-09 08:56 - 1516993256 _____ C:\WINDOWS\MEMORY.DMP
2021-11-29 17:21 - 2015-11-30 11:00 - 000000654 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1867227179-3748921823-2400054393-1001.job
2021-11-29 17:21 - 2015-11-30 11:00 - 000000558 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1867227179-3748921823-2400054393-1001.job
2021-11-29 17:21 - 2015-10-14 21:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-29 17:00 - 2019-02-01 11:16 - 000000000 ____D C:\Users\jotot_000\AppData\Local\A11E13BE-94F8-4773-855B-43D51C40C866.aplzod
2021-11-25 04:45 - 2020-06-23 18:31 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-23 08:42 - 2021-10-11 11:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-23 08:42 - 2020-08-27 18:24 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-22 19:42 - 2021-04-29 09:43 - 000002428 _____ C:\Users\jotot_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-22 19:42 - 2020-09-05 03:01 - 000003352 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1867227179-3748921823-2400054393-1001
2021-11-22 16:06 - 2020-12-18 17:01 - 000000000 ____D C:\Users\jotot_000\AppData\Local\CrashDumps
2021-11-19 11:47 - 2018-07-19 16:58 - 000000000 ____D C:\ProgramData\Packages
2021-11-19 10:09 - 2015-10-16 10:42 - 000000000 ____D C:\Program Files\Adobe
2021-11-17 05:39 - 2020-09-05 03:01 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-17 05:39 - 2020-09-05 03:01 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-15 12:45 - 2016-02-02 10:59 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-12 12:10 - 2015-10-15 23:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-11-12 12:06 - 2020-07-27 10:52 - 000014679 _____ C:\Users\jotot_000\Desktop\Comission.xlsx
2021-11-12 11:28 - 2021-04-27 09:01 - 000000000 ____D C:\Users\jotot_000\Desktop\Joe 4 Insure BOR
2021-11-11 12:15 - 2018-02-01 14:51 - 000000000 ____D C:\Users\jotot_000\AppData\Local\Packages
2021-11-10 14:45 - 2020-09-05 03:01 - 000003796 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-1867227179-3748921823-2400054393-1001
2021-11-10 14:45 - 2020-09-05 03:01 - 000003700 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-1867227179-3748921823-2400054393-1001
2021-11-10 14:45 - 2017-07-09 10:36 - 000000000 ____D C:\Users\jotot_000\AppData\Local\GoToMeeting
2021-11-10 14:25 - 2015-10-15 15:14 - 000000090 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2021-11-09 19:24 - 2020-09-05 02:29 - 000514744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-09 19:23 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-11-09 19:22 - 2019-12-07 04:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-11-09 19:22 - 2017-06-09 23:07 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-11-09 19:20 - 2019-12-07 04:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-11-09 19:20 - 2019-12-07 04:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-11-09 19:20 - 2019-12-07 04:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-09 19:20 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-09 19:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-09 19:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-09 19:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-09 19:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-09 19:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-09 19:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-09 19:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-09 19:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-11-09 19:20 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-09 19:20 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-09 18:13 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-09 17:29 - 2015-10-15 11:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-09 17:24 - 2015-10-15 11:07 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-09 09:01 - 2015-10-15 00:29 - 000000000 ___RD C:\Users\jotot_000\OneDrive
2021-11-09 00:35 - 2016-11-15 16:37 - 000000000 ____D C:\Users\jotot_000\Downloads\NetworkRepairTool
2021-11-09 00:34 - 2019-12-05 14:37 - 000000000 ____D C:\Users\jotot_000\Downloads\rempnp
2021-11-09 00:29 - 2016-01-27 11:34 - 000000000 ____D C:\Users\jotot_000\Documents\Workspace Logs
2021-11-08 23:13 - 2018-07-19 13:27 - 000000000 ____D C:\Users\jotot_000\AppData\Local\PlaceholderTileLogoFolder
2021-11-04 12:30 - 2015-10-16 10:42 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-11-03 09:56 - 2021-10-29 13:03 - 000347099 _____ C:\Users\jotot_000\Desktop\Mercito LPR.pdf
2021-11-02 14:38 - 2017-04-03 14:06 - 001807200 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2021-11-02 13:54 - 2015-11-23 11:33 - 000000000 ____D C:\Users\jotot_000\AppData\Local\LogMeIn Rescue Applet
2021-11-02 12:40 - 2018-02-20 17:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-11-02 12:26 - 2020-09-05 02:31 - 000000000 ____D C:\Users\jotot_000

==================== Files in the root of some directories ========

2017-03-06 15:14 - 2017-03-06 15:14 - 000001456 _____ () C:\Users\jotot_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-04-07 14:58 - 2020-04-07 14:58 - 000000000 _____ () C:\Users\jotot_000\AppData\Local\oobelibMkey.log
2021-11-17 10:29 - 2021-11-17 10:29 - 000000052 _____ () C:\Users\jotot_000\AppData\Local\xx.ini
2017-01-03 15:25 - 2016-07-14 04:09 - 000010240 _____ () C:\Users\jotot_000\AppData\Local\Z@!-50796960-5d90-4787-ab9e-84ae443b2d9f.tmp
2017-01-03 15:25 - 2016-07-14 04:09 - 000009216 _____ () C:\Users\jotot_000\AppData\Local\Z@S!-335b5983-63e4-49a4-bc2d-4f07790fd948.tmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2021
Ran by Joe (29-11-2021 23:24:12)
Running from C:\Users\jotot_000\Desktop
Microsoft Windows 10 Pro Version 21H1 19043.1348 (X64) (2020-09-05 08:02:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1867227179-3748921823-2400054393-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1867227179-3748921823-2400054393-503 - Limited - Disabled)
Guest (S-1-5-21-1867227179-3748921823-2400054393-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1867227179-3748921823-2400054393-1005 - Limited - Enabled)
Joe (S-1-5-21-1867227179-3748921823-2400054393-1001 - Administrator - Enabled) => C:\Users\jotot_000
WDAGUtilityAccount (S-1-5-21-1867227179-3748921823-2400054393-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.4.5.550 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.1 - Adobe Systems Incorporated)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.09 - Avanquest Software)
BitRecover TIFF Converter Wizard (HKLM-x32\...\BitRecover TIFF Converter Wizard_is1) (Version:  - BitRecover)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Document Capture Pro (HKLM-x32\...\{5476CDBF-2F6C-4384-BCCF-B0AC4E21FEAA}) (Version: 3.00.1400 - Seiko Epson Corporation)
Epson DS-410 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson DS-410 User’s Guide_is1) (Version: 1.0 - Epson America, Inc.)
Epson Event Manager (HKLM-x32\...\{C837E9B0-B92F-4C5A-BE14-C48FF53DD343}) (Version: 3.11.0057 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Scan OCR Component Pro (HKLM-x32\...\{7C3DDC52-B63F-463D-B41E-9D619EF93823}) (Version: 1.0.7 - Seiko Epson Corporation)
EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
FUJIFILM PC AutoSave (HKLM-x32\...\{872F1306-0DB6-45EC-832E-2F5D3A56CF99}) (Version: 1.0.0 - FUJIFILM)
GlanceGuest version 4.2.0.38 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.2.0.38 - Glance Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Google Earth Pro (HKLM\...\{9BFB06CD-3925-49E2-BAB7-EA695821CE4C}) (Version: 7.3.4.8248 - Google)
GoPro Studio (HKLM-x32\...\{BE06FF1A-83A0-42F2-913E-6E405393145C}) (Version: 5.12.5383 - GoPro, Inc.) Hidden
GoToMeeting 10.18.0.19932 (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\GoToMeeting) (Version: 10.18.0.19932 - LogMeIn, Inc.)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
iTunes (HKLM\...\{653C59E1-B78D-4D82-9259-C14DFD9F6EFC}) (Version: 12.11.3.17 - Apple Inc.)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Malwarebytes version 4.4.10.144 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.10.144 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6448.1 - Waves Audio Ltd.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7955 - Memeo Inc.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0527a644a4ddd31d) (Version: 17.0.7440.13 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 94.0.2 (x64 en-US)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 80.0 - Mozilla)
Mozilla Thunderbird (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 91.2.1 (x86 en-US)) (Version: 91.2.1 - Mozilla)
MyLabel Designer Deluxe (HKLM-x32\...\{856CD2A4-9BCE-4ED2-B7F5-A96C960081C1}) (Version: 9.0.0.0 - Avanquest Publishing USA, Inc.)
Newsflash (HKLM-x32\...\{1A722192-4AEA-4911-9F71-EBECEDC970B5}) (Version: 1.0.0.7 - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Outlook Express 6 (HKLM-x32\...\Outlook Express 6) (Version:  - )
PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 3.0.26.634 - RedSoftware)
PDFescape Desktop Asian Fonts Pack (HKLM\...\{9C203993-F3BE-4BFC-A254-CB216829D42A}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Convert Module (HKLM\...\{824918B9-04A8-443B-B512-081E759C4A55}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Create Module (HKLM\...\{5797860C-821C-48FA-A7C0-B78B89A841C0}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Edit Module (HKLM\...\{E4554E04-278B-4A1E-AC60-F2B70D38EB6E}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Forms Module (HKLM\...\{E8EE3BDD-8FD5-4198-9DBD-93DBAE6AEA84}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Insert Module (HKLM\...\{AD066E45-9601-433B-AB97-6FD927DE7A5D}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Review Module (HKLM\...\{0F869EA9-0E13-429B-8BA0-B4ACEA3141F2}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop Secure Module (HKLM\...\{8043C225-A362-485A-A9E9-BFBCF3D1F738}) (Version: 3.1.16.2121 - Red Software) Hidden
PDFescape Desktop View Module (HKLM\...\{50E88EA2-1DF3-4769-9753-B5F8C26FE0CC}) (Version: 3.1.16.2121 - Red Software) Hidden
QBIDPServiceInstall (HKLM-x32\...\{C639494E-FAF1-47FB-9EB3-AA296040F456}) (Version: 1.24.4000 - Intuit, Inc.)
QuickBooks (HKLM-x32\...\{4120AF20-BA58-49D1-8CFA-11F166E73945}) (Version: 29.0.4011.2901 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{48011BF6-E0BC-4B49-9DCA-C7144EF0C01E}) (Version: 28.0.4010.2806 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{4D29DF3C-1A3F-42F7-A565-136F3E5EBD59}) (Version: 31.0.4008.3103 - Intuit Inc.) Hidden
QuickBooks Pro 2018 (HKLM-x32\...\{92254DF4-E735-4B1F-9E61-D1EE5FAAC03D}) (Version: 28.0.4006.2806 - Intuit Inc.)
QuickBooks Pro 2019 (HKLM-x32\...\{FD44271B-DAFF-4C50-8E9B-998AA008606A}) (Version: 29.0.4003.2901 - Intuit Inc.)
QuickBooks Pro 2021 (HKLM-x32\...\{F9E2B890-E921-43AF-AB40-B9D8072CD7E4}) (Version: 31.0.4003.3103 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickBooks Tool Hub (HKLM-x32\...\{5A43047E-1ACD-4F89-99E6-69988300E6AB}) (Version: 1.4.0.0 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Quik (HKLM\...\{DF7EE9CB-0369-44F3-9B91-BF05A2D4891D}) (Version: 0.1.5383 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{b15a4fb5-7637-45ca-b230-33d94af786a7}) (Version: 2.3.0.5383 - GoPro, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6086 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1554 - Memeo Inc.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
SpywareBlaster 6.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 6.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1230 - SUPERAntiSpyware.com)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
VFW_Codec32 (HKLM-x32\...\{ECDB3455-70F4-4EE6-B89E-3B4C5E9FF592}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{AE4073DE-7596-4E3B-9DE3-18BE2C3EFAA6}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Workspace Desktop (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\workspacedesktop) (Version:  - Starfield Technologies)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Zoom (HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\ZoomUMX) (Version: 5.6.1 (617) - Zoom Video Communications, Inc.)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-04-07] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-07-10] (Adobe Systems Incorporated)
Age of Empires: Definitive Edition -> C:\Program Files\WindowsApps\Microsoft.MSDallas_1.3.27374.2_x64__8wekyb3d8bbwe [2019-08-20] (Microsoft Studios)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.4.265.0_x64__v10z8vjag6ke6 [2021-11-29] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-27] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-30] (Microsoft Studios) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2016-01-29] (Microsoft Corporation) [MS Ad]
Passbook Converter -> C:\Program Files\WindowsApps\60967wertzui.PassbookConverter_3.0.0.0_x64__fj0k61qv743vg [2018-07-19] (wertzui)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-01] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-08-04] (Adobe Systems Incorporated)
Total PC Cleaner - Free Disk Space Clean Up, Optimize Memory & Windows System -> C:\Program Files\WindowsApps\64404Softuna.TotalDiskCleaner_2.1.5.0_x64__r1b4jsc7ddp3p [2021-11-08] (Total PC Cleaner)
Unpacker -> C:\Program Files\WindowsApps\AFF540DC.Unpacker_1.1.14.24_x64__v7353qx4kg3sa [2016-01-29] (Jujuba Software) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-53889B4FA3EA} -> [Creative Cloud Files] => C:\Users\jotot_000\Creative Cloud Files [2020-04-07 14:56]
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\jotot_000\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies, LLC -> Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\jotot_000\AppData\Local\Citrix\GoToMeeting\4007\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\jotot_000\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technologies, Inc. -> Starfield Technology, LLC)
CustomCLSID: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2016-01-27] (Starfield Technologies, Inc. -> Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2016-01-27] (Starfield Technologies, Inc. -> Starfield Technologies, LLC)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [PDFescapeDesktop_ManagerExt] -> {D3C28D54-72B8-4B8D-B204-157EFA9BF3E7} => C:\Program Files\PDFescape Desktop\context-menu.dll [2019-01-18] (PDFescape -> Red Software)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-11-21] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-09-15] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.CFHD] => C:\WINDOWS\system32\CFHD.dll [1334784 2017-03-16] (CineForm Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.CFHD] => C:\Windows\SysWOW64\CFHD.dll [1119744 2017-03-16] (CineForm Inc.) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2013-02-28 18:14 - 2013-02-28 18:14 - 000188416 _____ () [File not signed] [File is in use] C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\FFWB.dll
2013-02-28 18:14 - 2013-02-28 18:14 - 000118784 _____ () [File not signed] C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFFIR.dll
2013-02-28 18:14 - 2013-02-28 18:14 - 000135168 _____ () [File not signed] C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\libFTLPTPIP.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000011776 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 002013696 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000739840 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000071168 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000014336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2006-01-18 15:06 - 2006-01-18 15:06 - 001017856 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll
2020-07-10 11:23 - 2020-07-10 11:23 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2020-05-26 19:20 - 2020-05-26 19:20 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2018-03-30 18:48 - 2018-03-30 18:48 - 000428032 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files\PDFescape Desktop\libcurl.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000049664 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qdds.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000029696 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000037376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000459776 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjp2.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000236544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000275456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qmng.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000023552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000022528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000351744 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtiff.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000021504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000374784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 001212416 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000912384 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Charts.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 005496320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 005804544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 001061376 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 003187712 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 002924544 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000310784 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 005444608 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000277504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2016-06-30 18:12 - 2016-06-30 18:12 - 000193024 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [136]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> DefaultScope {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001 -> DefaultScope {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
SearchScopes: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =
SearchScopes: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001 -> {37B9F5B8-4AB3-412B-9850-CF242FA4831D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-helper.dll [2019-01-18] (PDFescape -> Red Software)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll [2019-01-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files (x86)\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-helper.dll [2019-01-18] (PDFescape -> Red Software)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll [2019-01-15] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-plugin.dll [2019-01-18] (PDFescape -> Red Software)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files (x86)\PDFescape Desktop\creator\plugins\IEAddin\creator-ie-plugin.dll [2019-01-18] (PDFescape -> Red Software)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler-x32: intu-help-qb11 - {5AFDE6E8-AD0F-450B-818F-21D1CDC2E3EE} - C:\Program Files (x86)\Intuit\QuickBooks 2018\HelpAsyncPluggableProtocol.dll [2018-12-03] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb12 - {665F2BD4-8216-400B-9706-865D2B771E27} - C:\Program Files (x86)\Intuit\QuickBooks 2019\HelpAsyncPluggableProtocol.dll [2019-11-27] (Intuit, Inc. -> Intuit, Inc.)
Handler: intu-help-qb13 - {75EC4BB0-9AC5-4AF7-A9CE-38A34557E27C} -  No File
Handler-x32: intu-help-qb14 - {C854407F-AA78-4036-A9C1-54EBA9BD3608} - C:\Program Files (x86)\Intuit\QuickBooks 2021\HelpAsyncPluggableProtocol.dll [2021-10-11] (Intuit, Inc. -> Intuit, Inc.)
Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2021-05-21 14:19 - 000334861 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 ad2games.com
0.0.0.0 adadvisor.net
0.0.0.0 www.adchimp.com
0.0.0.0 pixel.adcrowd.com
0.0.0.0 ct1.addthis.com
0.0.0.0 static.uk.addynamo.com
0.0.0.0 adexc.net
0.0.0.0 static.adfclick1.com
0.0.0.0 server.adformdsp.net
0.0.0.0 s.adframesrc.com
0.0.0.0 media.adfrontiers.com
0.0.0.0 www.adgitize.com
0.0.0.0 www.ad-groups.com #[Ban Man Pro Banner Code]
0.0.0.0 adgrx.com
0.0.0.0 adhall.com
0.0.0.0 adhitzads.com
0.0.0.0 aj.adjungle.com
0.0.0.0 adserver-e7.com
0.0.0.0 n.admagnet.net

There are 8702 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Skype\Phone\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jotot_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Set FUJIFILM PC AutoSave to stby.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Newsflash.lnk"
HKLM\...\StartupApproved\Run: => "GoPro Tray App"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "Memeo Instant Backup"
HKLM\...\StartupApproved\Run32: => "Seagate Dashboard"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "Workspace Status"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "Starfield Updater"
HKU\S-1-5-21-1867227179-3748921823-2400054393-1001\...\StartupApproved\Run: => "wben"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FF2D9E81-6FBE-4D1D-80D2-2D32D2474550}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B8BA946F-60B4-4D31-A268-F5DD75524510}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{74573347-C908-40D5-B900-0BD343885DEC}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro, Inc. -> )
FirewallRules: [{AB23CF5D-A715-4370-8C6A-80905AD5AB2A}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro, Inc. -> )
FirewallRules: [{3B568426-690B-4464-AD48-2487343015F7}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro, Inc. -> )
FirewallRules: [{4DFC08BB-1163-4458-95CF-CA5D81E31CF3}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe (GoPro, Inc. -> )
FirewallRules: [{78DFE748-E16E-4351-A2EC-3C7D1F398230}] => (Allow) LPort=54925
FirewallRules: [{C0FBF500-0685-4BAF-A8F5-D7736F375DE9}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12d\FAXRX.exe => No File
FirewallRules: [{16D5E111-6413-4D4D-9625-81D1F6E0077D}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12d\FAXRX.exe => No File
FirewallRules: [{548B3138-D2B7-420E-8910-100BBCB11CD2}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation) [File not signed]
FirewallRules: [UDP Query User{CE125F92-7108-4CFD-B605-6B054E29BCDA}C:\users\jotot_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\jotot_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [TCP Query User{11BD614B-D286-4893-B2BB-B92A4F4A01B1}C:\users\jotot_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\jotot_000\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [{9E9DB471-C4F7-4B1B-9E33-D10CEE9D30BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{22E4CEA1-8D68-46AB-BFFC-9F88270567F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{1B44FE03-4E15-43A5-AF74-CBFA6A60F585}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D54D2481-6900-4753-9B8D-1913455141FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{15BFB4BB-0E45-4D6B-B486-2A9B644BCAD5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{117E393E-7828-4683-93C4-9ED39F522740}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F7D9FF8-012D-48CE-87DC-3DEF8094DE16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{576D3DFF-216F-4D49-B67E-42FF2AB5143D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{F0640770-A0F9-403D-A5DD-37623F4DC05B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{0BCFAA23-1A5D-4CE9-8CF0-2C6137A16313}C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe] => (Allow) C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe => No File
FirewallRules: [UDP Query User{40BE9436-207C-4E44-8914-F19AA2E6D967}C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe] => (Allow) C:\users\jotot_000\appdata\local\temp\joidae9.tmp\join.me.exe => No File
FirewallRules: [{839672FE-FF0D-4BA6-B1CC-7826AD29D75F}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe (FUJIFILM Corporation.) [File not signed]
FirewallRules: [{E5929727-7809-4324-A237-0FE101D81D93}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PairingWizard.exe (FUJIFILM Corporation.) [File not signed]
FirewallRules: [{39B58CAF-3780-43B3-9610-1823198930DA}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe (FUJIFILM Corporation.) [File not signed]
FirewallRules: [{4060716F-90F7-4835-BD7E-FAA1FD8F5870}] => (Allow) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe (FUJIFILM Corporation.) [File not signed]
FirewallRules: [{4D35C7C8-CD43-4215-9782-21C8DD94901B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{BD34B93C-3052-4BA1-987C-2B6893993409}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{2AB3B57E-00EE-4417-A442-C60A5272A580}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6624C76C-77A6-43FD-A285-1F7D52E4C196}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{3416BE92-DD60-4E05-90C3-6E533D224042}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{21734E20-4A6D-4E73-A54B-BF6EF2289138}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{76482A60-BA93-4E05-9F43-154F2E4565B3}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
FirewallRules: [{FC6A7572-476E-43C2-84C0-BF250A23C3F0}] => (Allow) C:\Users\jotot_000\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{71C7F2AA-6180-4445-9D1E-4B607E5BC6ED}] => (Allow) C:\Users\jotot_000\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{8402EBE1-A551-432B-9C60-1F4DA8914E59}] => (Allow) C:\Users\jotot_000\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{EB9C6D8A-9077-46BD-9CCD-D0A1822DEED2}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1B4E26B3-F0EB-4180-91CB-E3B42DA575D7}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{A588D94F-2ECB-4BB2-ADE7-BD0AEE41A2AD}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{CCBE6C51-B7FC-46EA-ACE8-1D08BA41E354}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2EA24E3C-8F0D-44DC-86E3-7AB3470673B7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B8364911-3721-496D-B1EC-432010236354}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC0727F7-0FBE-4869-B453-A119707491A2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2E55042D-F15B-418B-808A-D2936518CA28}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{78887D19-6446-4EC4-9C01-936070B0FF73}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{D9110405-8724-4D8F-990C-1A05ADBF82FA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{95F86449-3393-4CA1-8B3C-0A0251FD7533}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.34\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

27-11-2021 03:05:22 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/29/2021 09:52:41 PM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (11/29/2021 05:12:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31547

Error: (11/29/2021 05:12:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31547

Error: (11/29/2021 05:12:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/29/2021 05:12:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15797

Error: (11/29/2021 05:12:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15797

Error: (11/29/2021 05:12:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/28/2021 09:17:02 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (C:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (11/29/2021 10:41:00 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (11/29/2021 10:41:00 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (11/29/2021 10:17:00 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (11/29/2021 10:17:00 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (11/29/2021 10:07:46 PM) (Source: DCOM) (EventID: 10005) (User: JOE)
Description: DCOM got error "1053" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess

Error: (11/29/2021 10:07:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Capability Access Manager Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/29/2021 10:07:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Capability Access Manager Service service to connect.

Error: (11/29/2021 10:05:00 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.


Windows Defender:
================
Date: 2021-11-29 13:24:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-28 13:16:56
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-27 13:20:14
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-26 13:03:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-11-24 13:39:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===============
Date: 2021-10-01 10:54:16
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-09-11 04:35:01
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

BIOS: Dell Inc. A07 04/25/2014
Motherboard: Dell Inc. 06X1TJ
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 67%
Total physical RAM: 8100.18 MB
Available physical RAM: 2653.46 MB
Total Virtual: 13732.18 MB
Available Virtual: 6466.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:919.74 GB) (Free:606.28 GB) NTFS

\\?\Volume{885190b7-72f6-11e5-824c-806e6f6e6963}\ () (Fixed) (Total:11.73 GB) (Free:10.97 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A71DED74)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,122 posts
  • MVP

Multiple replies are OK.  Best to post a log as you get it.

 

Let's get a benchmark:


https://www.userbenchmark.com


Click on Free Download.  Save the file then right click and Run As Admin.  Close all programs and pause your antivirus before starting.


When it finishes it will open a browser.  Copy the URL and paste it into a Reply.

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
View and check Show Processes From All Users

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 7.0 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.  


Click on the Drivers Tab.  Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top of the column then take a screen shot (save as type jpg) and attach it.  
Click on the Processes tab then click on the  "Hard Pagefaults" column header once or twice until the big numbers are at the top of the column.  Take a screen shot (save as type jpg) and attach it.


  • 0

#3
need2no

need2no

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

https://www.userbenc...serRun/49562403

 

Process CPU       Private Bytes      Working Set       PID         Description         Company Name Verified Signer

System Idle Process        96.22     60 K       8 K          0                                             

procexp64.exe  2.52        47,832 K               87,404 K               15480    Sysinternals Process Explorer      Sysinternals - www.sysinternals.com  (Verified) Microsoft Corporation

dwm.exe             1.26        77,808 K               59,732 K               12632                                   

csrss.exe             0.36        3,304 K 3,620 K 15988                                   

System 0.18        200 K     5,364 K 4                                             

MBAMService.exe           0.18        444,144 K            230,980 K            3700       Malwarebytes Service   Malwarebytes                (Verified) Malwarebytes Inc

Interrupts           < 0.01    0 K          0 K          n/a         Hardware Interrupts and DPCs                  

MsMpEng.exe   < 0.01    637,416 K            267,556 K            3672       Antimalware Service Executable Microsoft Corporation        (Verified) Microsoft Windows Publisher

Adobe Desktop Service.exe         < 0.01    118,844 K            57,844 K               16136    Creative Cloud   Adobe Inc.                (Verified) Adobe Inc.

explorer.exe      < 0.01    102,456 K            101,780 K            10448    Windows Explorer           Microsoft Corporation                (Verified) Microsoft Windows

AdobeCollabSync.exe    < 0.01    9,512 K 9,292 K 13784    Adobe Collaboration Synchronizer 21.11                Adobe Systems Incorporated    (Verified) Adobe Inc.

CoreSync.exe    < 0.01    48,412 K               24,520 K               4748       Core Sync                            (Verified) Adobe Inc.

SUPERANTISPYWARE.EXE             < 0.01    280,500 K            9,788 K 8072       SUPERAntiSpyware Application                SUPERAntiSpyware         (Verified) Support.com Inc

PCAutoSaveSv.exe          < 0.01    14,356 K               2,500 K 3188       PC AutoSave Service Module      FUJIFILM Corporation.      (No signature was present in the subject) FUJIFILM Corporation.

offSyncService.exe          < 0.01    1,488 K 1,856 K 3260       Online Storage File Backup           Starfield Technologies                (Verified) Starfield Technologies, LLC

QBCFMonitorService.exe             < 0.01    18,828 K               9,820 K 4000                      Intuit Inc.             (Verified) Intuit, Inc.

TeamViewer_Service.exe             < 0.01    6,692 K 6,440 K 3560       TeamViewer 13 TeamViewer GmbH        (Verified) TeamViewer GmbH

svchost.exe        < 0.01    8,448 K 19,944 K               10640    Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

EEventManager.exe       < 0.01    3,320 K 4,592 K 14852    Epson Event Manager    Seiko Epson Corporation                (Verified) SEIKO EPSON CORPORATION

svchost.exe        < 0.01    12,328 K               8,640 K 1792       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe        < 0.01    12,432 K               14,784 K               2540       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe        < 0.01    12,828 K               15,044 K               1068       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

AppleMobileDeviceService.exe  < 0.01    3,424 K 3,532 K 3660       MobileDeviceService     Apple Inc.            (Verified) Apple Inc.

ShellExperienceHost.exe              < 0.01    23,964 K               11,284 K               8908       Windows Shell Experience Host                Microsoft Corporation   (Verified) Microsoft Windows

SASCore64.exe < 0.01    7,744 K 1,800 K 3156                                      

svchost.exe        < 0.01    1,640 K 2,080 K 3240       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

lsass.exe              < 0.01    11,956 K               15,804 K               968         Local Security Authority Process Microsoft Corporation        (Verified) Microsoft Windows Publisher

WINWORD.EXE < 0.01    105,404 K            158,528 K            5560       Microsoft Word Microsoft Corporation   (Verified) Microsoft Corporation

AdobeUpdateService.exe             < 0.01    4,068 K 3,212 K 3252       Adobe Update Service   Adobe Inc.          (Verified) Adobe Inc.

svchost.exe        < 0.01    1,560 K 1,660 K 7076       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

ctfmon.exe        < 0.01    5,488 K 9,776 K 3868                                      

RuntimeBroker.exe        < 0.01    21,416 K               12,884 K               12144    Runtime Broker Microsoft Corporation                (Verified) Microsoft Windows

Adobe CEF Helper.exe   < 0.01    190,948 K            65,852 K               14924    Adobe CEF Helper            Adobe Inc.                (Verified) Adobe Inc.

ApplePhotoStreams.exe < 0.01    11,292 K               8,836 K 2060       iCloud Photo Stream       Apple Inc.            (Verified) Apple Inc.

svchost.exe        < 0.01    3,012 K 3,612 K 4620       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

TextInputHost.exe          < 0.01    14,876 K               12,236 K               13916                    Microsoft Corporation   (Verified) Microsoft Windows

OfficeClickToRun.exe     < 0.01    37,300 K               26,768 K               4028       Microsoft Office Click-to-Run (SxS)                Microsoft Corporation   (Verified) Microsoft Corporation

svchost.exe        < 0.01    116,548 K            101,220 K            2264       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe        < 0.01    3,636 K 5,188 K 4820       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

PhotoshopElementsFileAgent.exe            < 0.01    2,600 K 1,072 K 3148       Adobe Photoshop Elements 14.0 (component)     Adobe Systems Incorporated     (Verified) Adobe Systems Incorporated

csrss.exe             < 0.01    2,680 K 3,284 K 680                                        

creator-ws.exe < 0.01    2,464 K 6,520 K 3516       PDFescape Desktop        Red Software     (Verified) PDFescape

spoolsv.exe        < 0.01    14,328 K               16,668 K               2880       Spooler SubSystem App Microsoft Corporation                (Verified) Microsoft Windows

YourPhone.exe Suspended         26,584 K               1,468 K 7508       YourPhone         Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation

ws.exe                 2,612 K 2,540 K 1336       PDFescape Desktop        Red Software     (Verified) PDFescape

WmiPrvSE.exe                  2,876 K 10,188 K               12748                                   

winlogon.exe                    2,668 K 5,044 K 8736                                      

wininit.exe                         1,748 K 1,552 K 836                                        

Win32Bridge.Server.exe                               9,160 K 4,028 K 9300       Cortana System Service Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation

Video.UI.exe      Suspended         23,468 K               568 K     9488                                       (No signature was present in the subject)

UserOOBEBroker.exe                     2,176 K 4,604 K 11464    User OOBE Broker           Microsoft Corporation   (Verified) Microsoft Windows

updater-ws.exe                3,656 K 2,736 K 3608       PDFescape Desktop        Red Software     (Verified) PDFescape

unsecapp.exe                    1,724 K 2,696 K 4952                                      

taskhostw.exe                  12,036 K               11,408 K               8432       Host Process for Windows Tasks Microsoft Corporation        (Verified) Microsoft Windows

svchost.exe                        1,616 K 3,152 K 11848    Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        16,604 K               22,688 K               756         Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        22,220 K               22,016 K               3232       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        4,956 K 7,668 K 1688       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        4,188 K 8,372 K 2596       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        6,376 K 11,464 K               3212       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        15,672 K               10,404 K               1448       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        7,020 K 4,412 K 1572       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        12,416 K               11,500 K               2932       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        2,568 K 5,008 K 2008       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,716 K 4,116 K 2644       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,524 K 3,716 K 1632       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        3,140 K 6,120 K 2072       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        3,612 K 6,048 K 1760       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        3,120 K 4,172 K 1124       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        38,868 K               21,584 K               3196       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        8,492 K 13,420 K               2952       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        2,968 K 5,072 K 2488       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,324 K 1,652 K 2272       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,904 K 7,824 K 15428    Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        3,148 K 2,876 K 11948    Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        4,540 K 15,700 K               7404       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        2,132 K 2,712 K 2440       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        4,292 K 14,272 K               9792       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        2,440 K 4,020 K 4404       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,928 K 5,332 K 6080       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,656 K 1,448 K 4084       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        7,336 K 9,744 K 1916       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,904 K 7,888 K 6400       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        31,580 K               13,004 K               4452       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        2,044 K 3,792 K 2284       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,900 K 12,188 K               9524       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        9,508 K 16,456 K               11164    Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        10,408 K               21,928 K               3396       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        2,964 K 3,876 K 4580       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        3,012 K 5,748 K 3324       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        5,064 K 14,144 K               3460       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        1,292 K 1,416 K 3476       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        3,204 K 3,736 K 3508       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,620 K 1,460 K 3464       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,688 K 1,996 K 3180       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        3,064 K 5,348 K 3220       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,876 K 3,580 K 2724       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,828 K 2,544 K 2636       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        11,824 K               3,508 K 3140       Host Process for Windows Services          Microsoft Corporation        (Verified) Microsoft Windows Publisher

svchost.exe                        2,172 K 4,480 K 2480       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,500 K 5,392 K 2420       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        6,880 K 6,004 K 1888       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,776 K 2,308 K 1428       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,404 K 4,844 K 1340       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,456 K 4,380 K 1272       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,656 K 7,444 K 8280       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,656 K 3,736 K 7728       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,348 K 4,956 K 14724    Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        4,936 K 7,092 K 2888       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,920 K 3,668 K 7336       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,652 K 7,548 K 9788       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,904 K 2,260 K 7620       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,200 K 4,180 K 7600       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,272 K 4,292 K 7368       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        5,372 K 7,464 K 8056       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,844 K 4,276 K 11224    Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        1,296 K 1,652 K 11296    Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,584 K 4,720 K 12296    Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        2,272 K 3,712 K 6684       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        6,396 K 9,988 K 1180       Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        7,132 K 7,404 K 12636    Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

svchost.exe                        6,420 K 2,232 K 14800    Host Process for Windows Services          Microsoft Corporation                (Verified) Microsoft Windows Publisher

StartMenuExperienceHost.exe                  31,768 K               32,148 K               6192                                       (Verified) Microsoft Windows

splwow64.exe                   3,836 K 17,824 K               5820       Print driver host for applications                Microsoft Corporation        (Verified) Microsoft Windows

smss.exe                             1,084 K 416 K     564                                        

sihost.exe                           8,032 K 20,928 K               8528       Shell Infrastructure Host               Microsoft Corporation                (Verified) Microsoft Windows

SgrmBroker.exe                5,580 K 5,116 K 7924       System Guard Runtime Monitor Broker Service  Microsoft Corporation        (Verified) Microsoft Windows Publisher

SettingSyncHost.exe                      21,432 K               2,544 K 7632       Host Process for Setting Synchronization                Microsoft Corporation   (Verified) Microsoft Windows

services.exe                       6,268 K 6,748 K 888                                        

SecurityHealthSystray.exe                           1,960 K 2,868 K 12540    Windows Security notification icon           Microsoft Corporation        (Verified) Microsoft Windows

SecurityHealthService.exe                           5,008 K 6,260 K 8272       Windows Security Health Service              Microsoft Corporation        (Verified) Microsoft Windows Publisher

SearchIndexer.exe                          51,012 K               42,312 K               13172    Microsoft Windows Search Indexer                Microsoft Corporation   (Verified) Microsoft Windows

SearchApp.exe Suspended         54,844 K               5,892 K 9076       Search application            Microsoft Corporation                (Verified) Microsoft Windows

SeagateDashboardService.exe                   14,716 K               2,228 K 3484       MemeoDashboardService            Memeo                (Verified) Memeo Inc.

RuntimeBroker.exe                        3,060 K 3,168 K 7496       Runtime Broker Microsoft Corporation   (Verified) Microsoft Windows

RuntimeBroker.exe                        2,920 K 3,156 K 11720    Runtime Broker Microsoft Corporation   (Verified) Microsoft Windows

RuntimeBroker.exe                        12,628 K               20,448 K               16824    Runtime Broker Microsoft Corporation                (Verified) Microsoft Windows

RuntimeBroker.exe                        6,896 K 13,868 K               13816    Runtime Broker Microsoft Corporation   (Verified) Microsoft Windows

RuntimeBroker.exe                        2,960 K 3,268 K 12308    Runtime Broker Microsoft Corporation   (Verified) Microsoft Windows

RuntimeBroker.exe                        4,944 K 8,340 K 7956       Runtime Broker Microsoft Corporation   (Verified) Microsoft Windows

RuntimeBroker.exe                        3,204 K 10,872 K               13480    Runtime Broker Microsoft Corporation   (Verified) Microsoft Windows

RuntimeBroker.exe                        3,960 K 2,760 K 15168    Runtime Broker Microsoft Corporation   (Verified) Microsoft Windows

RuntimeBroker.exe                        1,980 K 2,176 K 15424    Runtime Broker Microsoft Corporation   (Verified) Microsoft Windows

RuntimeBroker.exe                        5,988 K 10,784 K               7124       Runtime Broker Microsoft Corporation   (Verified) Microsoft Windows

RuntimeBroker.exe                        3,624 K 3,996 K 3804       Runtime Broker Microsoft Corporation   (Verified) Microsoft Windows

RuntimeBroker.exe                        8,792 K 12,192 K               4836       Runtime Broker Microsoft Corporation   (Verified) Microsoft Windows

RuntimeBroker.exe                        1,736 K 2,152 K 4868       Runtime Broker Microsoft Corporation   (Verified) Microsoft Windows

RtkNGUI64.exe                 13,836 K               13,340 K               7280       Realtek HD Audio Manager          Realtek Semiconductor (Verified) Realtek Semiconductor Corp

RstMwService.exe                           1,540 K 1,664 K 3528       Intel® Rapid Storage Technology Management Service Intel Corporation        (Verified) Intel® Rapid Storage Technology

Registry                                10,064 K               43,020 K               124                                        

RAVBg64.exe                     7,048 K 7,920 K 9800       HD Audio Background Process    Realtek Semiconductor (Verified) Realtek Semiconductor Corp

RadeonSettings.exe                        115,484 K            8,496 K 6156       Radeon Settings: Host Application            Advanced Micro Devices, Inc.          (Verified) Advanced Micro Devices, Inc.

qbupdate.exe                   10,368 K               9,244 K 5760       QuickBooks Automatic Update  Intuit Inc.             (Verified) Intuit, Inc.

QBIDPService.exe                            9,328 K 2,280 K 3552       QBIDPService    Intuit Inc.             (No signature was present in the subject) Intuit Inc.

procexp.exe                       4,428 K 11,432 K               8296       Sysinternals Process Explorer      Sysinternals - www.sysinternals.com  (Verified) Microsoft Corporation

PresentationFontCache.exe                        24,440 K               2,300 K 7376       PresentationFontCache.exe        Microsoft Corporation        (Verified) Microsoft Corporation

PaintStudio.View.exe     Suspended         70,928 K               476 K     14736                                    (No signature was present in the subject)

node.exe                             31,988 K               35,388 K               1304       Node.js JavaScript Runtime         Node.js (Verified) OpenJS Foundation

node.exe                             44,456 K               28,364 K               10268    Node.js: Server-side JavaScript  Node.js (Verified) OpenJS Foundation

NisSrv.exe                          4,812 K 4,116 K 3364       Microsoft Network Realtime Inspection Service  Microsoft Corporation        (Verified) Microsoft Windows Publisher

Music.UI.exe     Suspended         28,168 K               1,912 K 11988                                    (No signature was present in the subject)

MoUsoCoreWorker.exe                3,432 K 13,444 K               8224                                      

Microsoft.Photos.exe    Suspended         54,164 K               2,896 K 7568                                       (No signature was present in the subject)

Memory Compression                   1,960 K 618,152 K            2352                                      

MemeoBackgroundService.exe                 24,388 K               2,948 K 3596       MemeoBackgroundService          Memeo                (Verified) Memeo Inc.

mDNSResponder.exe                     2,032 K 3,636 K 3204       Bonjour Service Apple Inc.            (Verified) Apple Inc.

LockApp.exe      Suspended         16,908 K               18,968 K               3388       LockApp.exe      Microsoft Corporation                (Verified) Microsoft Windows

Intuit.QBDT.Webconnector.QBWCMonitor.exe                  17,500 K               4,548 K 5712       QBWCMonitor                  (Verified) Intuit, Inc.

Intuit.QBDT.Webconnector.Application.exe                         25,820 K               10,324 K               15772    App                        (Verified) Intuit, Inc.

igfxTray.exe                       3,344 K 5,396 K 10468                                    (Verified) Intel® pGFX

igfxHK.exe                          2,640 K 2,904 K 12164    igfxHK Module  Intel Corporation              (Verified) Intel® pGFX

igfxEM.exe                         3,796 K 5,748 K 3728       igfxEM Module Intel Corporation              (Verified) Intel® pGFX

igfxCUIService.exe                           2,640 K 3,100 K 2444       igfxCUIService Module  Intel Corporation              (Verified) Intel® pGFX

iCloudServices.exe                          24,468 K               17,828 K               9660       iCloud Services  Apple Inc.            (Verified) Apple Inc.

HPPrintScanDoctorService.exe                   3,464 K 4,372 K 3536                       HP Inc.  (Verified) HP Inc.

GoProDeviceDetection.exe                         21,988 K               10,500 K               3348                                      (Verified) GoPro, Inc.

fontdrvhost.exe                5,496 K 10,072 K               15712                                   

fontdrvhost.exe                1,908 K 868 K     488                                        

escsvc64.exe                     1,412 K 1,468 K 3172       Epson Scanner Service (64bit)     Seiko Epson Corporation                (Verified) SEIKO EPSON CORPORATION

dllhost.exe                         3,868 K 2,304 K 5720                                      

dasHost.exe                       8,932 K 11,716 K               4192                                      

dasHost.exe                       2,224 K 3,836 K 6000                                      

Creative Cloud.exe                          45,696 K               37,568 K               436         Creative Cloud Desktop Adobe Inc.                (Verified) Adobe Inc.

Creative Cloud Helper.exe                           8,076 K 14,668 K               8968       Creative Cloud Helper    Adobe Inc.                (Verified) Adobe Inc.

Creative Cloud Helper.exe                           9,508 K 10,312 K               8464       Creative Cloud Helper    Adobe Inc.                (Verified) Adobe Inc.

Cortana.exe                       32,524 K               12,332 K               12176    Cortana Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation

conhost.exe                       1,356 K 1,880 K 15252    Console Window Host    Microsoft Corporation   (Verified) Microsoft Windows

conhost.exe                       1,356 K 1,700 K 752         Console Window Host    Microsoft Corporation   (Verified) Microsoft Windows

CompPkgSrv.exe                              1,980 K 4,796 K 8932       Component Package Support Server       Microsoft Corporation        (Verified) Microsoft Windows

CCXProcess.exe                580 K     588 K     6160       CCXProcess        Adobe Systems Incorporated     (Verified) Adobe Inc.

CCLibrary.exe                    596 K     588 K     11524    CCLibraries          Adobe Systems Incorporated     (Verified) Adobe Inc.

atiesrxx.exe                       1,828 K 1,864 K 1836       AMD External Events Service Module      AMD      (Verified) Advanced Micro Devices, Inc.

atieclxx.exe                        3,280 K 5,068 K 4480                                      

armsvc.exe                         1,584 K 1,588 K 13232    Adobe Acrobat Update Service  Adobe Inc.          (Verified) Adobe Inc.

APSDaemon.exe                              4,644 K 5,484 K 8340       Apple Push         Apple Inc.            (Verified) Apple Inc.

ApplicationFrameHost.exe                          15,448 K               11,284 K               8572       Application Frame Host Microsoft Corporation        (Verified) Microsoft Windows

AGSService.exe                3,472 K 2,388 K 3780       Adobe Genuine Software Integrity Service            Adobe Systems, Incorporated     (Verified) Adobe Inc.

AGMService.exe                              6,428 K 3,680 K 3788       Adobe Genuine Software Service              Adobe Systems, Incorporated     (Verified) Adobe Inc.

AdobeNotificationClient.exe       Suspended         10,680 K               252 K     9092       Adobe Notification Client                Adobe Inc.          (Verified) Adobe Inc.

AdobeIPCBroker.exe                      6,148 K 5,440 K 4740       Adobe IPC Broker             Adobe Inc            (Verified) Adobe Inc.

AdobeCollabSync.exe                    3,868 K 4,144 K 8288       Adobe Collaboration Synchronizer 21.11                Adobe Systems Incorporated    (Verified) Adobe Inc.

Adobe Installer.exe                         3,288 K 2,620 K 11888                                   

Adobe CEF Helper.exe                   21,108 K               12,920 K               2564       Adobe CEF Helper            Adobe Inc.                (Verified) Adobe Inc.

AdaptiveSleepService.exe                            1,832 K 2,692 K 672                                         (Verified) Advanced Micro Devices, Inc.

acrotray.exe                      4,684 K 4,212 K 10548    AcroTray              Adobe Systems Inc.         (Verified) Adobe Inc.

AcrobatNotificationClient.exe    Suspended         11,080 K               572 K     6204                                       (Verified) Adobe Systems, Incorporated

AcrobatNotificationClient.exe    Suspended         11,200 K               236 K     13864                                    (Verified) Adobe Systems, Incorporated

 

_________________________________________________________________________________________________________

CONCLUSION

_________________________________________________________________________________________________________

Your system appears to be suitable for handling real-time audio and other tasks without dropouts.

LatencyMon has been analyzing your system for  0:01:38  (h:mm:ss) on all processors.

 

 

_________________________________________________________________________________________________________

SYSTEM INFORMATION

_________________________________________________________________________________________________________

Computer name:                                        JOE

OS version:                                           Windows 10, 10.0, version 2009, build: 19043 (x64)

Hardware:                                             OptiPlex 9020, Dell Inc.

BIOS:                                                 BIOS Date: 04/25/14 18:32:52 Ver: A07.00

CPU:                                                  GenuineIntel Intel® Core™ i7-4790 CPU @ 3.60GHz

Logical processors:                                   8

Processor groups:                                     1

Processor group size:                                 8

RAM:                                                  8100 MB total

 

 

_________________________________________________________________________________________________________

CPU SPEED

_________________________________________________________________________________________________________

Reported CPU speed (WMI):                             3601 MHz

Reported CPU speed (registry):                        3592 MHz

 

Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.

 

 

_________________________________________________________________________________________________________

MEASURED INTERRUPT TO USER PROCESS LATENCIES

_________________________________________________________________________________________________________

The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.

 

Highest measured interrupt to process latency (µs):   294.60

Average measured interrupt to process latency (µs):   9.956194

 

Highest measured interrupt to DPC latency (µs):       245.80

Average measured interrupt to DPC latency (µs):       2.304269

 

 

_________________________________________________________________________________________________________

 REPORTED ISRs

_________________________________________________________________________________________________________

Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.

 

Highest ISR routine execution time (µs):              33.376949

Driver with highest ISR routine execution time:       USBPORT.SYS - USB 1.1 & 2.0 Port Driver, Microsoft Corporation

 

Highest reported total ISR routine time (%):          0.000430

Driver with highest ISR total time:                   HDAudBus.sys - High Definition Audio Bus Driver, Microsoft Corporation

 

Total time spent in ISRs (%)                          0.000542

 

ISR count (execution time <250 µs):                   508

ISR count (execution time 250-500 µs):                0

ISR count (execution time 500-1000 µs):               0

ISR count (execution time 1000-2000 µs):              0

ISR count (execution time 2000-4000 µs):              0

ISR count (execution time >=4000 µs):                 0

 

 

_________________________________________________________________________________________________________

REPORTED DPCs

_________________________________________________________________________________________________________

DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.

 

Highest DPC routine execution time (µs):              627.778953

Driver with highest DPC routine execution time:       NDIS.SYS - Network Driver Interface Specification (NDIS), Microsoft Corporation

 

Highest reported total DPC routine time (%):          0.018632

Driver with highest DPC total execution time:         storport.sys - Microsoft Storage Port Driver, Microsoft Corporation

 

Total time spent in DPCs (%)                          0.057499

 

DPC count (execution time <250 µs):                   66036

DPC count (execution time 250-500 µs):                0

DPC count (execution time 500-10000 µs):              8

DPC count (execution time 1000-2000 µs):              0

DPC count (execution time 2000-4000 µs):              0

DPC count (execution time >=4000 µs):                 0

 

 

_________________________________________________________________________________________________________

 REPORTED HARD PAGEFAULTS

_________________________________________________________________________________________________________

Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.

 

NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.

 

Process with highest pagefault count:                 backgroundtaskhost.exe

 

Total number of hard pagefaults                       4504

Hard pagefault count of hardest hit process:          3645

Number of processes hit:                              50

 

 

_________________________________________________________________________________________________________

 PER CPU DATA

_________________________________________________________________________________________________________

CPU 0 Interrupt cycle time (s):                       1.298974

CPU 0 ISR highest execution time (µs):                33.376949

CPU 0 ISR total execution time (s):                   0.004262

CPU 0 ISR count:                                      508

CPU 0 DPC highest execution time (µs):                627.778953

CPU 0 DPC total execution time (s):                   0.247697

CPU 0 DPC count:                                      46406

_________________________________________________________________________________________________________

CPU 1 Interrupt cycle time (s):                       0.523757

CPU 1 ISR highest execution time (µs):                0.0

CPU 1 ISR total execution time (s):                   0.0

CPU 1 ISR count:                                      0

CPU 1 DPC highest execution time (µs):                68.131403

CPU 1 DPC total execution time (s):                   0.003648

CPU 1 DPC count:                                      511

_________________________________________________________________________________________________________

CPU 2 Interrupt cycle time (s):                       0.862675

CPU 2 ISR highest execution time (µs):                0.0

CPU 2 ISR total execution time (s):                   0.0

CPU 2 ISR count:                                      0

CPU 2 DPC highest execution time (µs):                178.336303

CPU 2 DPC total execution time (s):                   0.097518

CPU 2 DPC count:                                      8332

_________________________________________________________________________________________________________

CPU 3 Interrupt cycle time (s):                       0.717957

CPU 3 ISR highest execution time (µs):                0.0

CPU 3 ISR total execution time (s):                   0.0

CPU 3 ISR count:                                      0

CPU 3 DPC highest execution time (µs):                78.158686

CPU 3 DPC total execution time (s):                   0.015354

CPU 3 DPC count:                                      2065

_________________________________________________________________________________________________________

CPU 4 Interrupt cycle time (s):                       0.703885

CPU 4 ISR highest execution time (µs):                0.0

CPU 4 ISR total execution time (s):                   0.0

CPU 4 ISR count:                                      0

CPU 4 DPC highest execution time (µs):                198.957127

CPU 4 DPC total execution time (s):                   0.048860

CPU 4 DPC count:                                      4494

_________________________________________________________________________________________________________

CPU 5 Interrupt cycle time (s):                       0.622877

CPU 5 ISR highest execution time (µs):                0.0

CPU 5 ISR total execution time (s):                   0.0

CPU 5 ISR count:                                      0

CPU 5 DPC highest execution time (µs):                54.115256

CPU 5 DPC total execution time (s):                   0.005948

CPU 5 DPC count:                                      738

_________________________________________________________________________________________________________

CPU 6 Interrupt cycle time (s):                       0.624706

CPU 6 ISR highest execution time (µs):                0.0

CPU 6 ISR total execution time (s):                   0.0

CPU 6 ISR count:                                      0

CPU 6 DPC highest execution time (µs):                91.187639

CPU 6 DPC total execution time (s):                   0.026808

CPU 6 DPC count:                                      2762

_________________________________________________________________________________________________________

CPU 7 Interrupt cycle time (s):                       0.575413

CPU 7 ISR highest execution time (µs):                0.0

CPU 7 ISR total execution time (s):                   0.0

CPU 7 ISR count:                                      0

CPU 7 DPC highest execution time (µs):                85.055122

CPU 7 DPC total execution time (s):                   0.005893

CPU 7 DPC count:                                      736

_________________________________________________________________________________________________________

Attached Thumbnails

  • Resplendence.jpg

Attached Files

  • Attached File  JOE.txt   390.46KB   11 downloads

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,122 posts
  • MVP

I need a screen shot of the Processes tab in Latency Monitor so I can see what is causing the pagefaults.  Please try and just run Latency Monitor for only about 20 seconds and make the screen shot full screen.  It's hard to read otherwise.


  • 0

#5
need2no

need2no

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Attached as requested

Attached Thumbnails

  • Latency Mon Processes.jpg

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,122 posts
  • MVP

Try steps 1 & 2 on

https://www.driverea...-10-7-solved/#b

 

Reboot then run Latency Monitor again for 20 seconds and post the Processes screenshot again.


  • 0

#7
need2no

need2no

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
  • Went to https://www.driverea...-10-7-solved/#b
  • Completed step 1
  • Couldn't complete step 2 due to there being no "Owner" tab as shown in task 5 of step 2 (see screenshot)[attachment=92071:Screen Shot Step 2 Task 5.

Attached Thumbnails

  • Screen Shot Step 2 Task 5.jpg

Edited by need2no, 14 January 2022 - 05:08 PM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,122 posts
  • MVP

I think they are using Win 7's Properties.  Just tried it on my PC and tho I can change owner to Administrator it still doesn't let me change permissions so Step 2 no longer works.  Sorry.  Just skip Step 2.   Reboot and try Latency Monitor now and let's see if it helped any.  


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP