Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with sluggish computer not rendering images properly

rendering Revit GPU Dell AMD graphics

  • Please log in to reply

#46
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Don't know why it picked on the Dell stuff but the dotomi.com stuff appears to be worth removing.  Did it help?

It called the Dell stuff "pre-installed software" and basically declared it unnecessary flotsam that just consumes real estate and slows down your CPU. I usually remove it after I've obtained whatever I needed from the Dell site anyway and just install it again in the future when I need to, because it does run at startup (and it nags at you and pretends it needs you to leave it alone so it can feed its children or something if you turn auto startup off) and it does some other trivial thing that just bothers me like it appears in that "show hidden icons" box at the bottom of screen near the clock or something, I don't remember exactly what it is, but it's like when your aunt comes to stay and after 4 days you're like "when is she going home?"...

 

I don't know just yet if the lovely ladies of C. Wars have departed yet, because it's not something that happened with every click, just every now and then it would hijack a link, I can't try and replicate it other than to just browse, so I shall remain vigilant and see what happens.

 

VEW reports as requested earlier:

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 13/04/2020 10:44:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/04/2020 1:59:02 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/04/2020 12:32:05 PM
Type: Error Category: 0
Event: 5 Source: BTHUSB
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Log: 'System' Date/Time: 13/04/2020 8:52:43 AM
Type: Error Category: 0
Event: 15 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Log: 'System' Date/Time: 13/04/2020 8:51:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Dell Hardware Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Dell Data Vault Service API service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Waves Audio Services service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Dell Data Vault Processor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The FlexNet Licensing Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Autodesk Desktop App Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The WindscribeService service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Autodesk Desktop Licensing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:46:10 AM
Type: Error Category: 0
Event: 15 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Log: 'System' Date/Time: 12/04/2020 8:20:10 PM
Type: Error Category: 0
Event: 12 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly.  Please restart your computer to reset the TPM hardware.  For further assistance on this hardware issue, please contact the computer manufacturer for more information.

Log: 'System' Date/Time: 12/04/2020 4:34:54 AM
Type: Error Category: 0
Event: 15 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Log: 'System' Date/Time: 12/04/2020 3:41:38 AM
Type: Error Category: 0
Event: 12 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly.  Please restart your computer to reset the TPM hardware.  For further assistance on this hardware issue, please contact the computer manufacturer for more information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/04/2020 9:50:53 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user RIFFRAFFDELL\tracy SID (S-1-5-21-792678858-599442959-1286739730-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 9:50:53 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user RIFFRAFFDELL\tracy SID (S-1-5-21-792678858-599442959-1286739730-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 8:56:09 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 8:54:10 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 8:54:10 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 8:53:50 AM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 13/04/2020 8:53:50 AM
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 13/04/2020 8:52:46 AM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 13/04/2020 8:52:46 AM
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 13/04/2020 8:52:46 AM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 13/04/2020 8:46:33 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user RIFFRAFFDELL\tracy SID (S-1-5-21-792678858-599442959-1286739730-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 8:46:33 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user RIFFRAFFDELL\tracy SID (S-1-5-21-792678858-599442959-1286739730-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 8:46:13 AM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 13/04/2020 8:46:11 AM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 13/04/2020 8:46:11 AM
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 12/04/2020 8:19:26 PM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device  either went out of range or became unresponsive.

Log: 'System' Date/Time: 12/04/2020 6:58:03 PM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device  either went out of range or became unresponsive.

Log: 'System' Date/Time: 12/04/2020 6:03:20 PM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device  either went out of range or became unresponsive.

Log: 'System' Date/Time: 12/04/2020 5:57:44 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume1\Windows\System32\audiodg.exe with process id 4048 stopped the removal or ejection for the device PCI\VEN_1022&DEV_780D&SUBSYS_06BF1028&REV_02\3&11583659&0&A2.

Log: 'System' Date/Time: 12/04/2020 5:06:59 PM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device  either went out of range or became unresponsive.


 


  • 0

Advertisements


#47
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

VEW #2

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 13/04/2020 10:44:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/04/2020 1:59:02 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/04/2020 12:32:05 PM
Type: Error Category: 0
Event: 5 Source: BTHUSB
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Log: 'System' Date/Time: 13/04/2020 8:52:43 AM
Type: Error Category: 0
Event: 15 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Log: 'System' Date/Time: 13/04/2020 8:51:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Dell Hardware Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Dell Data Vault Service API service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Waves Audio Services service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Dell Data Vault Processor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The FlexNet Licensing Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Autodesk Desktop App Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The WindscribeService service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Autodesk Desktop Licensing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:46:10 AM
Type: Error Category: 0
Event: 15 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Log: 'System' Date/Time: 12/04/2020 8:20:10 PM
Type: Error Category: 0
Event: 12 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly.  Please restart your computer to reset the TPM hardware.  For further assistance on this hardware issue, please contact the computer manufacturer for more information.

Log: 'System' Date/Time: 12/04/2020 4:34:54 AM
Type: Error Category: 0
Event: 15 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Log: 'System' Date/Time: 12/04/2020 3:41:38 AM
Type: Error Category: 0
Event: 12 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered an error in the TPM hardware, which might prevent some applications using TPM services from operating correctly.  Please restart your computer to reset the TPM hardware.  For further assistance on this hardware issue, please contact the computer manufacturer for more information.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/04/2020 9:50:53 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user RIFFRAFFDELL\tracy SID (S-1-5-21-792678858-599442959-1286739730-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 9:50:53 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user RIFFRAFFDELL\tracy SID (S-1-5-21-792678858-599442959-1286739730-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 8:56:09 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  Windows.SecurityCenter.WscDataProtection  and APPID  Unavailable  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 8:54:10 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 8:54:10 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 8:53:50 AM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 13/04/2020 8:53:50 AM
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 13/04/2020 8:52:46 AM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 13/04/2020 8:52:46 AM
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 13/04/2020 8:52:46 AM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 13/04/2020 8:46:33 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user RIFFRAFFDELL\tracy SID (S-1-5-21-792678858-599442959-1286739730-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 8:46:33 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user RIFFRAFFDELL\tracy SID (S-1-5-21-792678858-599442959-1286739730-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 13/04/2020 8:46:13 AM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 13/04/2020 8:46:11 AM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 13/04/2020 8:46:11 AM
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 12/04/2020 8:19:26 PM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device  either went out of range or became unresponsive.

Log: 'System' Date/Time: 12/04/2020 6:58:03 PM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device  either went out of range or became unresponsive.

Log: 'System' Date/Time: 12/04/2020 6:03:20 PM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device  either went out of range or became unresponsive.

Log: 'System' Date/Time: 12/04/2020 5:57:44 PM
Type: Warning Category: 223
Event: 225 Source: Microsoft-Windows-Kernel-PnP
The application \Device\HarddiskVolume1\Windows\System32\audiodg.exe with process id 4048 stopped the removal or ejection for the device PCI\VEN_1022&DEV_780D&SUBSYS_06BF1028&REV_02\3&11583659&0&A2.

Log: 'System' Date/Time: 12/04/2020 5:06:59 PM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device  either went out of range or became unresponsive.


 


  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP

Any chance of adding some RAM?  You have only 8GB and that's the  minimum for basic REVIT per their website

the more complex your design the more RAM you need.  (Actually you have less than 8GB since a big chunk is used by your video driver)

 

https://knowledge.au...0-products.html

 

If you can't add more RAM get a good quality 16 or 32 GB USB drive.  (3.0 is best if your PC supports 3.0)  When you plug it in Windows will offer (among other options) to use it to speed up your PC.

https://fossbytes.co...oost-usb-drive/

They say it won't help that much with an SSD drive but I'm not sure how good your drive is.  Is there any software that came with the drive so that you can run basic maintenance on it?  Usually SSD drives need to be trim'd once in a while.  Personally I only use Samsung EVO SSDs.  I've had three off-brands fail on me. 

 

DxDiag says you have DirectX 12 which has Shader Model 5.1 so that should be good enough tho I can't say if your builtin graphics is good enough.  They sort of imply that a dedicated graphics adapter would be a good idea.

 

If you are storing your designs on the Western Digital drive you might want to think about replacing it with a good SSD

 

I'm thinking Revit wasn't really designed to run on a laptop.  You probably should consider getting a good desktop with 32 GB RAM, a separate graphics  card and a 1TB SSD.

 

Sometimes it helps to remove as many programs that you don't need as possible:

 

Uninstall Speccy if you haven't already.

 

Download OOSU10.exe:

https://www.oo-softw...com/en/shutup10

Download and Save it (You will get a popup while it's downloading.  You can X out of it)
then Right click and Run As Admin.
Allow it to make a System Restore Point.
Click on Actions then on Apply Recommended Settings.

Close the program and reboot.

(After each major windows update it's wise to rerun the program and Revert the changes.)

 

Search for

task scheduler

hit Enter

Click on the arrow in front of Task Scheduler Library then

Click on the arrow in front of Microsoft

Click on the arrow in front of Windows

Click on Application Experience.  In the next pane to the right, right click on each Task and Disable.  Should be three tasks.

Click on Customer Experience Improvement Program.  In the next pane to the right, right click on each Task and Disable.  Should be two tasks.

 

Reboot when done

 

Let's also do a new Process Explorer log as before (wait a full minute before making the log)

 


  • 0

#49
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

When I bought my laptop it had 4GB RAM in it and I removed that card and replaced it with the 8GB one currently in it. I read mixed opinions on combining cards of different sizes, so I just replaced the old card with the new. The other day I came across the original 4GB card and thought I'd have a go at combining the two. I don't know if it's made much difference, my laptop hasn't flown across the room or anything exciting, but more importantly, it hasn't imploded either. I had planned to purchase another 8GB card and put it in as well, because 16GB is the max. this machine will play with, but then I started thinking "...or you could throw that $50 at a new laptop instead..." so the card has remained in my ebay cart until the issue is settled psychologically, financially or by redundancy should I feel compelled to just back my car over my laptop one day instead.

 

The current RAM setup is shown in the attached CPU-Z screen grabs.

 

I read the link about Ready Boost, got a bit lost at sequential vs random (what sort of files/programs use each? Or do all programs use both, for different things?) and it was sounding great, until the bit you mentioned about SSDs, but are you saying that there may be times when the Ready Boost could still be utilised by the system, in spite of the presence of an SSD, should the SSD be performing complex tasks? Would the system still attempt to use Ready Boost, or is it just "switched off" by Windows because it knows the SSD is running the show?

 

The article mentions SD cards as an option for Ready Boost. I have a Lexar 16GB SD card serving no purpose at the moment, and I could count on one hand the number of times I've used the SD card reader in my laptop, so that would be a good option for me. I frequently have all three USB drives occupied, including the 3.0 one. I'm not even sure which port the 3.0 one is because it's not blue like they usually are. I know it has one, I just don't do anything via USB that would be noticeably affected by whether I was using 2.0 or 3.0 for a device, so I've never been able to recognise it that way, and my attempts at googling "which one is my 3.0 drive" invariably ended in "it's the blue one, idiot." I have always suspected it's the one on the left of my laptop, simply because it sits alone over there with the HDMI port, while the remaining two USBs sit side-by-side on the right, and I have faith that Dell would not be so arbitrary in their location decision as to just slap it next to its inferior sibling. But then again, I'm not sure computer manufacturers consider the faith and assumptions their customers possess when designing devices.

 

I'm sure you know the way to find it out. Could it please be a way that doesn't involve the disassembly of my laptop? When I changed my keyboard ages ago I had to dismantle the thing to the point it was just a pile of components (entirely unexpected given the easy access location of the top part of the keyboard ) and upon completion of the reassembly, I found I had three "extra" screws all of a sudden. I dismantled it again last week to brush off the fan (didn't have air duster can and was admonished by a friend for my intention to vacuum the insides) and upon reassembly, found I had not only the original "extra" three screws, but an additional "extra" four as well. Quite frankly I'm not sure at this stage how my laptop is holding together, given it is missing at least seven screws somehow.

 

My SSD is the entirely unpronounceable Chinese brand Kingsuxing and the only accessory it came with was the box it was packaged in. It had no accompanying software or instructions for that matter (not that turning a few screws is a complicated concept). It seems to be holding its end of the bargain so I'm happy with it. The main reason I bought it was that I figured it would run Revit better than my old-school HDD, and it does. I ditched my DVD drive, purchased a caddy and moved the HDD to the DVD drive spot and replaced the newly vacated HDD spot with the SSD. I tried to just be lazy and stick the SSD in the caddy, but Windows didn't want to boot from the D: drive. My caddy at least came with a screwdriver! The stupid thing is that the screwdriver slots into a holder on the caddy... which is then inserted into the laptop... and screwed in place! I hope somebody was slapped for that design failure.

 

I have never heard of "trimming" an SSD. Please enlighten me.

 

 

They sort of imply that a dedicated graphics adapter would be a good idea.

At the time I bought this laptop I had no inkling whatsoever that I would be studying architecture in 12 months time and require a better-than-entry-level graphics card and thus I am in this predicament. Believe me, on my list of essentials for my new fantasy laptop is a not-quite-dedicated-gamer-quality-but-better-than-what-I-have graphics card.

 

I most certainly do not store anything Revit related on the HDD. As I mentioned, the main driving force behind getting the SSD was the hope it would run Revit better, so it seemed counter intuitive to go storing Revit designs on the HDD. The HDD serves as little more than a dumping ground for all my photos, word documents,phone backup files, incidental files that don't get drawn upon terribly often, etc and a backup copy of Windows, should the main on the SSD hate me one day.

 

I began looking into external graphics cards for laptops. Would you consider this a viable option worth pursuing?

 

I do uninstall any program I download for a once-off purpose or which I replace with a better one, so there should be minimal guff on the SSD.

 

I'm quite fond of Speccy, it summarises all the important info for me and provides me incentive to save money that seems to increase in parallel with the temperature reading. Is it necessary to ditch it?

 

I shall go about performing the OOSU and task scheduler instructions shortly as I can't reboot right now owing to other stuff that's open that will require my attention should I wish it to still be there when the computer turns back on. Which I do.

 

Were there any clues in the Revit dump file to potential causes of unhappiness by Revit, perchance?

 

Thanks again.

Attached Thumbnails

  • CZ1.jpg
  • CZ2.jpg

  • 0

#50
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP

Let's look at the files that your dump complained about and see if we see anything wrong:

 

Copy the next line:

 

libcef.dll;amdihk64.dll;mscorlib.ni.dll;PresentationCore.ni.dll;atidxx64.dll;System.ni.dll;atiumd64.dll;atiumd6a.dll

 

Open FRST (right click & run as admin)

 

click on the search box then Ctrl +v.  The copied line should appear.  Click on Search Files.  You will get one file please post.

 

 

As far as Trim is concerned:

 

https://www.howtogee...-it-if-it-isnt/

 

https://www.digitalc...s-why-it-useful

 

Do you have the latest bluetooth driver?

Intel 3160/3165/7260/7265/8260/8265 Bluetooth Driver  25 Jul 2019
 
Can you run VEW for Applications?  You posted the log for System twice.
 
I think we already did OOSU10 when you were getting French ads so we don't need that again but I don't think we did the task scheduler stuff.
 
You can try the SD card but my experience is that Windows considers it inferior.  Adding the 4 GB might help without it (but a 2nd 8 GB would be better).
The single USB port next to the SD reader is the 3.0.  The two on the other side are 2.0 per Inspiron 15 5555 Specifications on
 
Don't know anything about external video cards.  Probably not cost effective if they even work.
 
 
 
 
 

  • 0

#51
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

I've just had Revit crash out and close down on me with a "video driver error". Is there a dump file or something somewhere that might help you diagnose this issue?

 

This followed an issue about half an hour ago where I was attempting to open two large-ish pdf files (241mb and 253mb) of images (single page). While trying to open the second one, Adobe told me that there was not enough memory and that I had to close some things off and try again. At the time I also had firefox, facebook messenger, paint shop pro 5*** with a 327kb picture open and revit open. Upon closing revit and PSP, I was able to open the second file. Yes, the first pdf was still open - I needed to compare them so I couldn't shut the first one off and had to sacrifice the two programs instead. Is it possible to identify a more specific cause (and perhaps adjustment/workaround to minimise its impact in the future?) other than "your graphics card is entirely inadequate, unqualified and unsuited to perform the heinous tasks you demand of it"?

 

 

***(not to be confused with photoshop. PSP is a very, very old much more simplistic imitation - the whole program installed is only 30mb)


  • 0

#52
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Farbar:

 

Farbar Recovery Scan Tool (x64) Version: 14-04-2020
Ran by tracy (15-04-2020 20:02:19)
Running from C:\Program Files (x86)
Boot Mode: Normal

================== Search Files: "libcef.dll;amdihk64.dll;mscorlib.ni.dll;PresentationCore.ni.dll;atidxx64.dll;System.ni.dll;atiumd64.dll;atiumd6a.dll" =============

C:\Windows\WinSxS\x86_netfx4-system_ni_b03f5f7f11d50a3a_4.0.15788.0_none_304d3dfab4e8f798\system.ni.dll
[2019-03-19 14:46][2019-03-19 14:46] 010842528 _____ (Microsoft Corporation) 0D161DBCB4CAF669A97A468BC7C25638 [File is digitally signed]

C:\Windows\WinSxS\x86_netfx4-mscorlib_ni_b03f5f7f11d50a3a_4.0.15788.328_none_14d40676dad78543\mscorlib.ni.dll
[2020-04-10 21:51][2020-01-10 05:46] 021044584 _____ (Microsoft Corporation) FD9AA28B9A3D2A81AC47E925FFB2100A [File is digitally signed]

C:\Windows\WinSxS\x86_netfx4-mscorlib_ni_b03f5f7f11d50a3a_4.0.15788.297_none_14d3034adad870fc\mscorlib.ni.dll
[2020-02-07 04:25][2019-12-07 16:03] 021044600 _____ (Microsoft Corporation) D3D544D264070F0E62E5941BB41E5FEA [File is digitally signed]

C:\Windows\WinSxS\x86_netfx4-mscorlib_ni_b03f5f7f11d50a3a_4.0.15788.0_none_1c884509d1f23822\mscorlib.ni.dll
[2019-03-19 14:46][2019-03-19 14:46] 021036960 _____ (Microsoft Corporation) 82966551F5F6511EA2E4BE65B961FC97 [File is digitally signed]

C:\Windows\WinSxS\amd64_netfx4-system_ni_b03f5f7f11d50a3a_4.0.15788.0_none_e8a00723a06cce92\system.ni.dll
[2019-03-19 14:46][2019-03-19 14:46] 013043104 _____ (Microsoft Corporation) B0559C126B46E45A10D662C09C4E4D23 [File is digitally signed]

C:\Windows\WinSxS\amd64_netfx4-mscorlib_ni_b03f5f7f11d50a3a_4.0.15788.328_none_cd26cf9fc65b5c3d\mscorlib.ni.dll
[2020-04-10 21:51][2020-01-10 05:46] 023084896 _____ (Microsoft Corporation) 2143CC44A0E2816C369CA40E2F2BFA82 [File is digitally signed]

C:\Windows\WinSxS\amd64_netfx4-mscorlib_ni_b03f5f7f11d50a3a_4.0.15788.297_none_cd25cc73c65c47f6\mscorlib.ni.dll
[2020-02-07 04:25][2019-12-07 16:03] 023084904 _____ (Microsoft Corporation) 3CA9FC6F80077E8CC9D13C20BE684A23 [File is digitally signed]

C:\Windows\WinSxS\amd64_netfx4-mscorlib_ni_b03f5f7f11d50a3a_4.0.15788.0_none_d4db0e32bd760f1c\mscorlib.ni.dll
[2019-03-19 14:46][2019-03-19 14:46] 023114656 _____ (Microsoft Corporation) 30EEBFCBCCAD3E1C32610F92B93AE1F5 [File is digitally signed]

C:\Windows\System32\amdihk64.dll
[2020-04-12 03:27][2020-04-02 19:43] 000198120 _____ (Advanced Micro Devices, Inc.) 73C085A42C9F75266A196D9EBDB72F30 [File is digitally signed]

C:\Windows\System32\atidxx64.dll
[2020-04-12 03:28][2020-04-02 19:44] 000124840 _____ () 8C905337DF10F118F7708E16715FD1D4 [File is digitally signed]

C:\Windows\System32\DriverStore\FileRepository͓575.inf_amd64_8e19095ae833d985\B353558\amdihk64.dll
[2020-04-12 03:27][2020-04-02 19:43] 000198120 _____ (Advanced Micro Devices, Inc.) 73C085A42C9F75266A196D9EBDB72F30 [File is digitally signed]

C:\Windows\System32\DriverStore\FileRepository͓575.inf_amd64_8e19095ae833d985\B353558\atidxx64.dll
[2020-04-12 03:28][2020-04-02 19:42] 026272272 _____ (Advanced Micro Devices, Inc. ) E364E855901473E5201AE3DED39F574B [File is digitally signed]

C:\Windows\System32\DriverStore\FileRepository͓575.inf_amd64_8e19095ae833d985\B353558\atiumd64.dll
[2020-04-12 03:28][2020-04-02 19:42] 013161176 _____ (Advanced Micro Devices, Inc. ) 439D40F4F9DFB9246E6297B0763C6161 [File is digitally signed]

C:\Windows\System32\DriverStore\FileRepository͓575.inf_amd64_8e19095ae833d985\B353558\atiumd6a.dll
[2020-04-12 03:28][2020-04-02 19:42] 013860984 _____ (Advanced Micro Devices, Inc. ) 3D72012AAC4B5D44A52CBF1A1C1869F3 [File is digitally signed]

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NativeImages\mscorlib.ni.dll
[2020-04-10 21:51][2020-01-10 05:46] 023084896 _____ (Microsoft Corporation) 2143CC44A0E2816C369CA40E2F2BFA82 [File is digitally signed]

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NativeImages\system.ni.dll
[2019-03-19 14:46][2019-03-19 14:46] 013043104 _____ (Microsoft Corporation) B0559C126B46E45A10D662C09C4E4D23 [File is digitally signed]

C:\Windows\Microsoft.NET\Framework\v4.0.30319\NativeImages\mscorlib.ni.dll
[2020-04-10 21:51][2020-01-10 05:46] 021044584 _____ (Microsoft Corporation) FD9AA28B9A3D2A81AC47E925FFB2100A [File is digitally signed]

C:\Windows\Microsoft.NET\Framework\v4.0.30319\NativeImages\system.ni.dll
[2019-03-19 14:46][2019-03-19 14:46] 010842528 _____ (Microsoft Corporation) 0D161DBCB4CAF669A97A468BC7C25638 [File is digitally signed]

C:\Windows\assembly\NativeImages_v4.0.30319_64\System\08f69c55e9284eaab92075159503c897\System.ni.dll
[2020-04-11 03:04][2020-04-11 03:04] 013033472 _____ (Microsoft Corporation) BB298FE873A1CDA55F92E205723698D9 [File not signed]

C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\f80cf74f6d7c21b493fbce27230bd83b\PresentationCore.ni.dll
[2020-04-11 03:06][2020-04-11 03:06] 015029248 _____ (Microsoft Corporation) 7C04E0720052E2BC2474B7A56233CF58 [File not signed]

C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\cea8b8fbc469dcbc6224d523a578e4b3\mscorlib.ni.dll
[2020-04-10 21:51][2020-01-10 05:46] 023084896 _____ (Microsoft Corporation) 2143CC44A0E2816C369CA40E2F2BFA82 [File is digitally signed]

C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f3efcabd0ee45af4d0d9146029f0f860\System.ni.dll
[2020-04-11 03:09][2020-04-11 03:09] 010824192 _____ (Microsoft Corporation) E8897907ECD0C26C9C590C960F56D0A5 [File not signed]

C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37f0ebe291a71c4e67858a44ab445295\PresentationCore.ni.dll
[2020-04-11 03:10][2020-04-11 03:10] 012821504 _____ (Microsoft Corporation) 3337ACB4259752059DDA1F61B12D09D0 [File not signed]

C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\46c6217a2d77a20d9fff301af2e1d67e\mscorlib.ni.dll
[2020-04-10 21:51][2020-01-10 05:46] 021044584 _____ (Microsoft Corporation) FD9AA28B9A3D2A81AC47E925FFB2100A [File is digitally signed]

C:\Windows\assembly\NativeImages_v2.0.50727_64\System\ac7eb2473049911b6930fdff13dc2392\System.ni.dll
[2019-11-02 14:20][2019-11-02 14:20] 010693632 _____ (Microsoft Corporation) 8649B7B0373FCA6A3449B4480DC3D42F [File not signed]

C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\25cfac82ce9070d94bc14c19cd1c654c\PresentationCore.ni.dll
[2020-01-20 01:01][2020-01-20 01:01] 016566272 _____ (Microsoft Corporation) 7DD7BC0792BDBA11214132E575CBDA37 [File not signed]

C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\3159e818aabf5fe4b3f4e1b6ca686f68\mscorlib.ni.dll
[2019-11-02 14:19][2019-11-02 14:19] 015605248 _____ (Microsoft Corporation) 78A624FCD10BF4289D87DB05FCCFF1D2 [File not signed]

C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e174b53f30801b5836c47881e646c80e\System.ni.dll
[2019-11-02 14:27][2019-11-02 14:27] 008012800 _____ (Microsoft Corporation) AE249AE17A264DB9A4812D727E9FB0B2 [File not signed]

C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f425b508f0f4829d9a224b92897fd6f6\PresentationCore.ni.dll
[2020-01-20 01:03][2020-01-20 01:03] 012260352 _____ (Microsoft Corporation) C87DF7EF003295361684B26040C5B423 [File not signed]

C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6a9799facd58aab04d11863c0101c09\mscorlib.ni.dll
[2019-11-02 14:27][2019-11-02 14:27] 011520512 _____ (Microsoft Corporation) AB93565ACB221DE62592C9319FB195C1 [File not signed]

C:\Users\tracy\Autodesk\Genuine Service\libcef.dll
[2019-01-15 11:41][2019-01-15 11:41] 071818552 _____ () D41D8CD98F00B204E9800998ECF8427E [File is digitally signed]

C:\ProgramData\BlueStacks\CefData\libcef.dll
[2019-12-12 20:24][2019-09-16 20:51] 099684864 _____ () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\libcef.dll
[2020-04-06 23:12][2017-09-05 18:09] 059523896 _____ () 140A30CBB41718F1A0F1F723E7E823D9 [File is digitally signed]

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
[2019-10-12 07:05][2019-10-12 07:05] 099313712 _____ () D41D8CD98F00B204E9800998ECF8427E [File is digitally signed]

C:\Program Files\Autodesk\Revit 2020\CefSharp\libcef.dll
[2018-04-17 10:14][2018-04-17 10:14] 095925248 _____ () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\Program Files\Adobe\Adobe Photoshop CC 2019\Required\Plug-ins\Spaces\libcef.dll
[2019-10-17 14:56][2019-10-17 14:56] 098352200 _____ () D41D8CD98F00B204E9800998ECF8427E [File is digitally signed]

C:\Program Files\Adobe\Adobe Photoshop CC 2019\Required\CEP\CEPHtmlEngine\libcef.dll
[2019-10-17 14:56][2019-10-17 14:56] 097374792 _____ () D41D8CD98F00B204E9800998ECF8427E [File is digitally signed]

C:\Autodesk\WI\Autodesk Revit 2020\x64\RVT\PF64\Autodesk\Root\CefSharp\libcef.dll
[2018-04-17 10:14][2018-04-17 10:14] 095925248 _____ () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\AMD\Packages\Drivers\Radeon-Software-Adrenalin-2019-19.9.2-u0346940-win10-64bit-190923WHQL\B346681\atidxx64.dll
[2019-09-23 21:24][2019-09-23 21:24] 028171696 _____ (Advanced Micro Devices, Inc. ) 9E0B90C080F39EC66A5299D24F09A71A [File is digitally signed]

C:\AMD\Packages\Drivers\Radeon-Software-Adrenalin-2019-19.9.2-u0346940-win10-64bit-190923WHQL\B346681\atiumd64.dll
[2019-09-23 21:24][2019-09-23 21:24] 013507336 _____ (Advanced Micro Devices, Inc. ) E265585CB5C8CB8D96D32EF19BFE18C4 [File is digitally signed]

C:\AMD\Packages\Drivers\Radeon-Software-Adrenalin-2019-19.9.2-u0346940-win10-64bit-190923WHQL\B346681\atiumd6a.dll
[2019-09-23 21:24][2019-09-23 21:24] 013677792 _____ (Advanced Micro Devices, Inc. ) B07FD8956C8BE1C8CB4994CFAE730EAE [File is digitally signed]


====== End of Search ======


  • 0

#53
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

other VEW file:

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 15/04/2020 8:09:01 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/04/2020 1:59:02 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/04/2020 4:19:41 AM
Type: Error Category: 0
Event: 15 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Log: 'System' Date/Time: 14/04/2020 4:36:23 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Microsoft Account Sign-in Assistant service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 14/04/2020 4:36:23 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (60000 milliseconds) while waiting for the Microsoft Account Sign-in Assistant service to connect.

Log: 'System' Date/Time: 14/04/2020 9:38:17 AM
Type: Error Category: 0
Event: 15 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Log: 'System' Date/Time: 13/04/2020 12:32:05 PM
Type: Error Category: 0
Event: 5 Source: BTHUSB
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Log: 'System' Date/Time: 13/04/2020 8:52:43 AM
Type: Error Category: 0
Event: 15 Source: TPM
The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Log: 'System' Date/Time: 13/04/2020 8:51:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Dell Hardware Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:31 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Dell Data Vault Collector service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Dell Data Vault Service API service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Waves Audio Services service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Dell Data Vault Processor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The FlexNet Licensing Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Autodesk Desktop App Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The WindscribeService service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Autodesk Desktop Licensing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 13/04/2020 8:51:29 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/04/2020 9:41:07 AM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device  either went out of range or became unresponsive.

Log: 'System' Date/Time: 15/04/2020 9:40:48 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name g.api.mega.co.nz timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/04/2020 9:40:37 AM
Type: Warning Category: 0
Event: 4101 Source: Display
Display driver amdkmdap stopped responding and has successfully recovered.

Log: 'System' Date/Time: 15/04/2020 9:26:35 AM
Type: Warning Category: 3
Event: 2004 Source: Microsoft-Windows-Resource-Exhaustion-Detector
Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: firefox.exe (6772) consumed 1457086464 bytes, Revit.exe (35744) consumed 1100259328 bytes, and explorer.exe (5568) consumed 677359616 bytes.

Log: 'System' Date/Time: 15/04/2020 8:49:33 AM
Type: Warning Category: 3
Event: 2004 Source: Microsoft-Windows-Resource-Exhaustion-Detector
Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: firefox.exe (6772) consumed 1901723648 bytes, Revit.exe (16268) consumed 952852480 bytes, and firefox.exe (4732) consumed 670539776 bytes.

Log: 'System' Date/Time: 15/04/2020 5:22:03 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user RIFFRAFFDELL\tracy SID (S-1-5-21-792678858-599442959-1286739730-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 15/04/2020 4:55:28 AM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user RIFFRAFFDELL\tracy SID (S-1-5-21-792678858-599442959-1286739730-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 15/04/2020 4:19:50 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name mozilla.org timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 15/04/2020 4:19:44 AM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 15/04/2020 4:19:43 AM
Type: Warning Category: 0
Event: 34 Source: BTHUSB
The local adapter does not support an important Low Energy controller state to support peripheral mode. The minimum required supported state mask is 0x2491f7fffff; got 0x1fffffff. Low Energy peripheral role functionality will not be available.

Log: 'System' Date/Time: 15/04/2020 4:19:43 AM
Type: Warning Category: 0
Event: 48 Source: BTHUSB
The local adapter does not support reading the encryption key size for a connected device. Insecure devices may be able to connect to this system.

Log: 'System' Date/Time: 14/04/2020 6:12:24 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user RIFFRAFFDELL\tracy SID (S-1-5-21-792678858-599442959-1286739730-1001) from address LocalHost (Using LRPC) running in the application container FACEBOOK.317180B0BB486_440.9.118.0_x64__8xx8rvfyw5nnt SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 14/04/2020 5:33:41 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {0358B920-0AC7-461F-98F4-58E32CD89148}  and APPID  {3EB3C877-1F16-487C-9050-104DBCD66683}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 14/04/2020 5:33:40 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {0358B920-0AC7-461F-98F4-58E32CD89148}  and APPID  {3EB3C877-1F16-487C-9050-104DBCD66683}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 14/04/2020 5:33:40 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {0358B920-0AC7-461F-98F4-58E32CD89148}  and APPID  {3EB3C877-1F16-487C-9050-104DBCD66683}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 14/04/2020 5:29:33 PM
Type: Warning Category: 0
Event: 2 Source: HidBth
Bluetooth HID device  either went out of range or became unresponsive.

Log: 'System' Date/Time: 14/04/2020 5:16:39 PM
Type: Warning Category: 3
Event: 2004 Source: Microsoft-Windows-Resource-Exhaustion-Detector
Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: Revit.exe (13892) consumed 2672447488 bytes, firefox.exe (6772) consumed 968314880 bytes, and SupportAssistAgent.exe (5308) consumed 597639168 bytes.

Log: 'System' Date/Time: 14/04/2020 5:08:31 PM
Type: Warning Category: 3
Event: 2004 Source: Microsoft-Windows-Resource-Exhaustion-Detector
Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: Revit.exe (13892) consumed 2632056832 bytes, firefox.exe (6772) consumed 967413760 bytes, and SupportAssistAgent.exe (5308) consumed 598548480 bytes.

Log: 'System' Date/Time: 14/04/2020 5:03:31 PM
Type: Warning Category: 3
Event: 2004 Source: Microsoft-Windows-Resource-Exhaustion-Detector
Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: Revit.exe (13892) consumed 2778259456 bytes, firefox.exe (6772) consumed 966885376 bytes, and SupportAssistAgent.exe (5308) consumed 598458368 bytes.

Log: 'System' Date/Time: 14/04/2020 4:52:14 PM
Type: Warning Category: 3
Event: 2004 Source: Microsoft-Windows-Resource-Exhaustion-Detector
Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: Revit.exe (13892) consumed 2781913088 bytes, firefox.exe (6772) consumed 964608000 bytes, and SupportAssistAgent.exe (5308) consumed 598458368 bytes.


 


  • 0

#54
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Also, a day or so ago you asked for a new process explorer. If you still need this could you please remind me how to do it? I've been back through the last three pages of this forum and can't find it.


  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP
Log: 'System' Date/Time: 15/04/2020 9:40:37 AM
Type: Warning Category: 0
Event: 4101 Source: Display
Display driver amdkmdap stopped responding and has successfully recovered.

Log: 'System' Date/Time: 15/04/2020 9:26:35 AM
Type: Warning Category: 3
Event: 2004 Source: Microsoft-Windows-Resource-Exhaustion-Detector
Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: firefox.exe (6772) consumed 1457086464 bytes, Revit.exe (35744) consumed 1100259328 bytes, and explorer.exe (5568) consumed 677359616 bytes.

Log: 'System' Date/Time: 15/04/2020 8:49:33 AM
Type: Warning Category: 3
Event: 2004 Source: Microsoft-Windows-Resource-Exhaustion-Detector
Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: firefox.exe (6772) consumed 1901723648 bytes, Revit.exe (16268) consumed 952852480 bytes, and firefox.exe (4732) consumed 670539776 bytes.

 

 

 

The Display Driver error indicates your Video/Graphics Driver had problems.  If I remember correctly you just updated it.  Might want to go in Device Manager and try to Roll Back Driver.

 

The second indicates it ran out of virtual memory.  Do you absolutely  have to have Firefox running when doing Revit?  Your computer is marginal at best for Revit and asking it to surf the web or play games at the same time is just too much. 

 

You can manually give yourself more virtual memory

https://www.windowsc...size-windows-10

Perhaps that would help.

 

Don't know what Explorer was doing eating so much memory. 

download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe
(Right click and Run As Admin.)
Once you get it installed, run it (Right click and Run As Admin.) and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

 

 

Looking at your file search I see identical files as far as the checksum goes but some are signed and some aren't.  Will have to research how that can be.  Also some are very old versions of the same file.  Don't know if a newer version would help or cause problems.


  • 0

Advertisements


#56
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Latest Bluetooth driver installed.

 

Display driver rolled back.

 

Task scheduler changes made.

 

Restart performed.

 

I attempted the virtual memory changes, but didn't know what numbers to put in the boxes.

 

I realised long ago that Firefox and Revit do not play nicely together. I try to close off Firefox while using Revit, but I often have to google how to perform some task or another or download a component for my project. Part of the problem is that I am a serial tab hoarder. I venture into a topic, fall down a hole, open 5 sites about it, become distracted by some tangential hole, tell myself I'll return to the original topic, fall down the next hole, and repeat. I often used to have in the area of 100 tabs open at a time. My record was 211. That was the day I realised I needed help. I recently discovered a great Firefox add-on called OneTab. When you click on its icon it takes all of your open tabs, closes them and creates a new tab with a dated list of everything you had open. You can then examine the list and reopen the desired tabs at a more controlled rate. Keeps my open tabs down to maybe 20 at a time and reduces the strain on my CPU. Firefox does however, still usually draw around 1.3 to 1.4gb of memory and represent about a third of my CPU usage. I shall try to keep my thirst for information satiated in a more sensible manner and send Firefox back to the annals of my SSD when not immediately in use.

 

I performed the requested FRST search to which you said I would receive one report. Evidently I got the bonus package, because two were issued instead. Please find them attached for your perusal.

 

Shellxview etc tasks being performed now.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2020
Ran by tracy (20-04-2020 02:08:28)
Running from C:\Program Files (x86)
Windows 10 Home Version 1903 18362.778 (X64) (2019-10-30 01:09:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-792678858-599442959-1286739730-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-792678858-599442959-1286739730-503 - Limited - Disabled)
Guest (S-1-5-21-792678858-599442959-1286739730-501 - Limited - Disabled)
tracy (S-1-5-21-792678858-599442959-1286739730-1001 - Administrator - Enabled) => C:\Users\tracy
WDAGUtilityAccount (S-1-5-21-792678858-599442959-1286739730-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3uTools (HKLM-x32\...\3uTools) (Version: 2.38.010 - ShangHai ZhangZheng Network Technology Co., Ltd.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_7) (Version: 20.0.7 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.4.1 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{A7039CC9-4669-4799-92B1-C5CE346DBE3D}) (Version: 8.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DA78A9DC-3599-4D81-A960-B679687A6C14}) (Version: 8.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Ashampoo ZIP Free (HKLM-x32\...\{0A11EA01-5173-F4C2-0973-35C932D5C674}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG)
Audacity 2.3.2 (HKLM-x32\...\Audacity_is1) (Version: 2.3.2 - Audacity Team)
Autodesk Advanced Material Library Base Resolution Image Library 2020 (HKLM-x32\...\{FF27FA47-6E0F-4654-A435-19916B297565}) (Version: 18.11.1.0 - Autodesk)
Autodesk Advanced Material Library Low Resolution Image Library 2020 (HKLM-x32\...\{042B92EF-929A-40B1-9578-DA8363208D02}) (Version: 18.11.1.0 - Autodesk)
Autodesk Advanced Material Library Medium Resolution Image Library 2020 (HKLM-x32\...\{0F682C15-79B0-4E6F-A2F4-56BC8CD43F1F}) (Version: 18.11.1.0 - Autodesk)
Autodesk Cloud Models for Revit 2020 (HKLM\...\{AA384BE4-2001-0010-0000-97E7D7D00B17}) (Version: 20.0.0.377 - Autodesk) Hidden
Autodesk Cloud Models for Revit 2020 (HKLM\...\Autodesk Cloud Models for Revit 2020) (Version: 20.0.0.377 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 8.0.0.46 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{317D67F2-9027-4E85-9ED1-ADF4D765AE02}) (Version: 3.0.11 - Autodesk)
Autodesk Material Library 2020 (HKLM-x32\...\{B9312A51-41B5-479D-9F72-E7448A2D89AF}) (Version: 18.11.1.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2020 (HKLM-x32\...\{0E976988-E753-4C81-BD96-434CE305B176}) (Version: 18.11.1.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2020 (HKLM-x32\...\{7979E1F2-682E-4A3C-B674-B3336F35D472}) (Version: 18.11.1.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2020 (HKLM-x32\...\{B52B3C0C-F56D-44CB-AC81-F86BCBB7550F}) (Version: 18.11.1.0 - Autodesk)
Autodesk Revit 2020 (HKLM\...\Revit 2020) (Version: 20.0.0.377 - Autodesk)
Autodesk Revit 2020 Revit MEP Imperial Content (HKLM\...\{38AEB114-D437-4695-B390-6D03723F32E0}) (Version: 2.2 - Autodesk)
Autodesk Revit 2020 Revit MEP Metric Content (HKLM\...\{6504036D-FF6D-41E0-B3FE-3193E9BC2047}) (Version: 2.2 - Autodesk)
Autodesk Revit Content Libraries 2020 (HKLM\...\Revit Content Libraries 2020) (Version: 20.0.0.377 - Autodesk)
Autodesk Revit Model Review 2020 (HKLM\...\{715812E8-2001-0010-0000-BBB894911B46}) (Version: 20.0.0.377 - Autodesk) Hidden
Autodesk Revit Model Review 2020 (HKLM\...\Autodesk Revit Model Review 2020) (Version: 20.0.0.377 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{E3807FC8-DD0A-4D6D-89E9-EAADE00C845C}) (Version: 10.22.00.1800 - Autodesk)
Batch Print for Autodesk Revit 2020 (HKLM\...\{82AF00E4-2001-0010-0000-FCE0F87063F9}) (Version: 20.0.0.377 - Autodesk) Hidden
Batch Print for Autodesk Revit 2020 (HKLM\...\Batch Print for Autodesk Revit 2020) (Version: 20.0.0.377 - Autodesk)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.150.11.1001 - BlueStack Systems, Inc.)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
CloneSpy 3.43 - 64 bit (HKLM\...\CloneSpy) (Version: 3.43 - The CloneSpy Team)
ConfigTool 4.07.0 (HKLM-x32\...\ConfigTool) (Version: 4.07.0 - )
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\CopyTrans Suite) (Version: 4.100 - WindSolutions)
DevID Agent (HKLM-x32\...\DevID_Agent) (Version: 4.48 - DevID)
Duplicate Cleaner Free 4.1.2 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 4.1.2 - DigitalVolcano Software Ltd) <==== ATTENTION
eTransmit for Autodesk Revit 2020 (HKLM\...\{4477F08B-2001-0010-0000-9A09D834DFF5}) (Version: 20.0.0.377 - Autodesk) Hidden
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 6.28 - NCH Software)
Fast Duplicate File Finder 3.7.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 3.7.0.1 - MindGems, Inc.)
Font Viewer 2.0 (HKLM-x32\...\Font Viewer_is1) (Version:  - Thinking BIG Information Technology Inc.)
FormIt Converter For Revit 2020 (HKLM\...\{7A22DBAA-79A6-4C7B-98FA-9157A97EF6DA}) (Version: 1.9.6.0 - Autodesk)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Macgo iPhone Explorer (HKLM-x32\...\{4DA57BEC-D8C1-4A23-9C4E-0285857B6A58}_is1) (Version: 1.4.0.1886 - Macgo Inc.)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11929.20648 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{52EBC484-44A1-4DC5-824A-0A503735ABD8}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\Teams) (Version: 1.3.00.8663 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 75.0 (x64 en-US) (HKLM\...\Mozilla Firefox 75.0 (x64 en-US)) (Version: 75.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0 - Mozilla)
NetSurveillance (HKLM-x32\...\NetSurveillance) (Version:  - )
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20648 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11929.20648 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11929.20648 - Microsoft Corporation) Hidden
OpenShot Video Editor version 2.4.4 (HKLM\...\{4BB0DCDC-BC24-49EC-8937-72956C33A470}_is1) (Version: 2.4.4 - OpenShot Studios, LLC)
Personal Accelerator for Revit (HKLM\...\{533DE806-7EC5-4A73-841B-007110126A75}) (Version: 21.0.4.0 - Autodesk)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 5.28 - NCH Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
Revit 2020 (HKLM\...\{7346B4A0-2000-0510-0000-705C0D862004}) (Version: 20.0.0.377 - Autodesk) Hidden
Revit Content Libraries 2020 (HKLM\...\{941030D0-2000-0410-0000-818BB38A95FC}) (Version: 20.0.0.377 - Autodesk) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version: 19.10.20 - Meltytech, LLC)
SnapBackup (HKLM\...\{9F1035F5-C4B1-4618-BFB8-2826E68210ED}) (Version: 1.0 - Snap Backup)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Sweet Home 3D version 6.2 (HKLM\...\Sweet Home 3D_is1) (Version: 6.2 - eTeks)
VdhCoApp 1.3.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
Virtual Router v1.0 (HKLM-x32\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VSDC Free Video Editor version 6.4.1.69 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.4.1.69 - Flash-Integro LLC)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Wave Editor 3.1.0.0 (HKLM-x32\...\Wave Editor_is1) (Version: 3.1.0.0 - AbyssMedia.com)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 9.61 - NCH Software)
WhySoSlow 1.51 (HKLM\...\WhySoSlowHome_is1) (Version:  - Resplendence Software Projects Sp.)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
WizFile v2.06 (HKLM\...\WizFile_is1) (Version: 2.06 - Antibody Software)
WizTree v3.29 (HKLM\...\WizTree_is1) (Version: 3.29 - Antibody Software)
Zoom (HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)
Zoom Outlook Plugin (HKLM-x32\...\{11F41C33-81CB-40DE-86A2-98E391BC16A0}) (Version: 4.8.20547 - Zoom)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.671.0_x64__v10z8vjag6ke6 [2020-02-06] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa [2020-03-27] (Apple Inc.) [Startup Task]
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_440.9.118.0_x64__8xx8rvfyw5nnt [2020-04-03] (Facebook Inc)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-30] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-13] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-31] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-03-13] (Adobe Systems Incorporated)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.10.61.0_x64__43tkc6nmykmb6 [2020-04-09] (Ookla)
WinDbg Preview -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2001.2001.0_neutral__8wekyb3d8bbwe [2020-01-05] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-792678858-599442959-1286739730-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
CustomCLSID: HKU\S-1-5-21-792678858-599442959-1286739730-1001_Classes\CLSID\{04271989-C4D2-DEB0-A5D7-91328C290E46} -> [OneDrive - The Gordon] => C:\Users\tracy\OneDrive - The Gordon [2019-10-31 04:14]
CustomCLSID: HKU\S-1-5-21-792678858-599442959-1286739730-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\tracy\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-792678858-599442959-1286739730-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\tracy\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1-x32: [ASZipF] -> {e03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT.DLL [2017-10-10] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [ASZipF64] -> {e03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT64.DLL [2017-10-10] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-12-16] () [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-04-01] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6-x32: [ASZipF] -> {e03d3e68-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT.DLL [2017-10-10] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [ASZipF64] -> {e03d3e78-0f44-3d45-b15f-bcfd8a8b4c7e} => C:\Program Files (x86)\Ashampoo\Ashampoo ZIP Free\ASZSHLEXT64.DLL [2017-10-10] (Ashampoo GmbH & Co. KG -> Ashampoo GmbH)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2019-12-16] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.voxacm160] => C:\Windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [File not signed]
HKLM\...\Drivers32: [msacm.scg726] => C:\Windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [File not signed]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\Windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lame] => C:\Windows\system32\lame.ax [245760 2005-08-01] () [File not signed]
HKLM\...\Drivers32: [vidc.dvsd] => C:\Windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [File not signed]
HKLM\...\Drivers32: [vidc.mpg4] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp42] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.mp43] => C:\Windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [File not signed]
HKLM\...\Drivers32: [vidc.xvid] => C:\Windows\system32\xvidvfw.dll [139264 2004-07-03] () [File not signed]
HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP62] => C:\Windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] ( ) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetSurveillance\reg.lnk -> C:\Program Files (x86)\NetSurveillance\CMS\reg.bat ()
ShortcutWithArgument: C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\tracy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2019-12-04 04:00 - 2019-12-04 04:00 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-03-10 14:20 - 2017-03-10 14:20 - 000179200 _____ () [File not signed] C:\Program Files\Autodesk\Personal Accelerator for Revit\Autodesk.C4R.AdWebServicesInterop.dll
2019-10-30 21:16 - 2019-10-30 21:16 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2019-10-30 21:16 - 2019-10-30 21:16 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-04-01 15:10 - 2020-04-01 15:10 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2019-12-04 04:00 - 2019-12-04 04:00 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-04-01 15:10 - 2020-04-01 15:10 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:Easy$Duplicate$Finder [125]
AlternateDataStreams: C:\Users\All Users:Easy$Duplicate$Finder [125]
AlternateDataStreams: C:\ProgramData\Application Data:Easy$Duplicate$Finder [125]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\sharepoint.com -> hxxps://thegordon-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\expressvpn.com -> expressvpn.com
IE restricted site: HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\get-express-vpn.com -> get-express-vpn.com
IE restricted site: HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\thebestgame2020.com -> hxxps://thebestgame2020.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 14:49 - 2019-03-19 14:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2020-02-04 16:32 - 2020-02-04 16:41 - 000000440 _____ C:\Windows\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-792678858-599442959-1286739730-1001\Control Panel\Desktop\\Wallpaper -> c:\users\tracy\appdata\local\microsoft\windows\themes\roamedthemefiles\desktopbackground\flippyflippedflippier.png
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "ProdLib"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData"
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\StartupApproved\StartupFolder: => "GenuineService.lnk"
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{50437D83-25E8-4343-9F50-35BB047B3E38}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0D64B562-CD56-4332-B9F5-8480EA275FC0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8E48935A-3C85-4164-BC8A-5655E287C279}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5423C79-5C41-4D75-A5B9-DEAE366EE420}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1347ED35-2901-459D-B1A2-AC11337A67F8}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{DA77E04B-B364-44AD-B392-B4AD022D0B1F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{7AF921ED-B861-4F4F-8BE8-78239F3B888F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{46885675-2554-4032-BBE6-A8CF608C8044}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Flash-Integro LLC) [File not signed]
FirewallRules: [{AFA2EDCE-3EAE-41AF-95E9-172297F63BC2}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (Flash-Integro LLC) [File not signed]
FirewallRules: [{16F345E6-5AD7-4299-B5D1-B0E25C15455B}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Flash-Integro LLC) [File not signed]
FirewallRules: [{A9FB7220-773D-49FB-9A2A-0F883F472B6E}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (Flash-Integro LLC) [File not signed]
FirewallRules: [{FCB4AA98-BB95-41DB-B61F-9768C9720691}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Flash-Integro LLC) [File not signed]
FirewallRules: [{B0162D49-E99F-435E-8D22-24533A213FB4}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (Flash-Integro LLC) [File not signed]
FirewallRules: [{52BB412B-D298-4265-B27B-98B7A10C1E82}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{913857BF-7579-41D1-A324-9344B7E4696E}] => (Allow) C:\Users\tracy\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe No File
FirewallRules: [{10F52F68-BAC4-47B3-869D-83CB1B232B08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5D3637E7-CFB8-4BFF-B232-9EDA98FBAABC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EF844437-3405-409A-9E69-3EA0A91E54CC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0AB9B55B-1376-459B-9C6D-DF37C9E9D87E}] => (Allow) C:\Users\tracy\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe No File
FirewallRules: [{0BABCE91-9977-4C85-8526-C9F42BE0AAA7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BD907F2F-D04D-4131-9BF6-4E94B517B052}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9CAE1192-E64A-418E-B253-C1AA0D164039}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E821DE98-2B12-4F64-98A5-A44DA5852C81}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5F89141B-797C-4C77-9AEE-32A994E5C42A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EFB7C923-EBD1-42D6-BF10-E74EDC5D1CA2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{18770CA2-AB39-4444-A1D9-5393BC401894}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{46FEF00F-041B-48BB-B83F-5E1152CEF142}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C80A6631-B202-49FC-ADC0-F60C783032F0}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{61B032CB-2617-430F-A716-95AE75AA9A4A}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{8523A1D1-7BC9-4929-A460-3FC060DD28E7}] => (Allow) LPort=80
FirewallRules: [{482366C8-0D1E-4EA3-8536-9D841ADBFFBD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{11FC62E4-4951-4BCD-8596-B4C109BFB261}] => (Allow) C:\Users\tracy\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{559E289C-7507-4CD6-A629-71FF6B71E90D}] => (Allow) C:\Users\tracy\AppData\Roaming\Zoom\bin\airhost.exe No File

==================== Restore Points =========================

04-04-2020 22:18:56 Scheduled Checkpoint
06-04-2020 01:26:06 Removed Bonjour
06-04-2020 05:30:25 Revit Removal
10-04-2020 21:50:45 Windows Update
11-04-2020 08:51:05 O&O ShutUp10
13-04-2020 18:50:44 AdwCleaner_BeforeCleaning_13/04/2020_18:50:42
16-04-2020 01:08:19 Installed Zoom Outlook Plugin

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/20/2020 01:13:14 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: The required buffer size is greater than the buffer size passed to the Collect function of the "C:\Windows\System32\perfts.dll" Extensible Counter DLL for the "LSM" service. The given buffer size was 31192 and the required size was 31936.

Error: (04/19/2020 09:52:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 26.20.15029.20013, time stamp: 0x5e84e87a
Faulting module name: atieclxx.exe, version: 26.20.15029.20013, time stamp: 0x5e84e87a
Exception code: 0xc0000005
Fault offset: 0x0000000000030e96
Faulting process ID: 0x91c
Faulting application start time: 0x01d616410783a81b
Faulting application path: C:\Windows\System32\DriverStore\FileRepository͓575.inf_amd64_8e19095ae833d985\B353558\atieclxx.exe
Faulting module path: C:\Windows\System32\DriverStore\FileRepository͓575.inf_amd64_8e19095ae833d985\B353558\atieclxx.exe
Report ID: 852a75d4-ecdf-4bd0-9ef2-6fc450e9ed3d
Faulting package full name:
Faulting package-relative application ID:

Error: (04/19/2020 09:25:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (04/19/2020 09:25:33 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (04/19/2020 09:25:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (04/19/2020 09:25:33 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (04/19/2020 09:24:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Radeonsoftware.exe, version: 10.1.2.1788, time stamp: 0x5e84e714
Faulting module name: ntdll.dll, version: 10.0.18362.778, time stamp: 0x0c1bb301
Exception code: 0xc0000374
Fault offset: 0x00000000000f9229
Faulting process ID: 0x1f38
Faulting application start time: 0x01d6149fb731171b
Faulting application path: C:\Program Files\AMD\CNext\CNext\Radeonsoftware.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report ID: b9770697-f3b9-4965-8d3a-54d67132689f
Faulting package full name:
Faulting package-relative application ID:

Error: (04/18/2020 05:40:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dwm.exe version 10.0.18362.387 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 428

Start Time: 01d6149f8944268a

Termination Time: 244

Application Path: C:\Windows\System32\dwm.exe

Report Id: 226a5e1a-b949-49b2-8310-2c36034ebdaf

Faulting package full name:

Faulting package-relative application ID:

Hang type: Unknown


System errors:
=============
Error: (04/19/2020 11:49:17 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (04/19/2020 09:51:27 PM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (04/19/2020 09:25:31 PM) (Source: DCOM) (EventID: 10010) (User: RIFFRAFFDELL)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.

Error: (04/19/2020 09:25:31 PM) (Source: DCOM) (EventID: 10010) (User: RIFFRAFFDELL)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.

Error: (04/19/2020 09:25:30 PM) (Source: DCOM) (EventID: 10010) (User: RIFFRAFFDELL)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (04/19/2020 09:25:30 PM) (Source: DCOM) (EventID: 10010) (User: RIFFRAFFDELL)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (04/19/2020 09:25:30 PM) (Source: DCOM) (EventID: 10010) (User: RIFFRAFFDELL)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (04/19/2020 09:25:30 PM) (Source: DCOM) (EventID: 10010) (User: RIFFRAFFDELL)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2020-04-12 17:54:11.420
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B4F61B09-A09C-445F-8150-67193FF6AFAA}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-04-14 20:57:00.333
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.313.1492.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16900.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-04-12 03:36:37.657
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.307.1467.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-04-12 03:36:37.631
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.307.1467.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-04-12 03:36:37.629
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.307.1467.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2020-04-12 03:36:37.539
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.307.1467.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2020-04-11 08:12:03.484
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\netaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-11 06:23:19.205
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\netaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-11 06:21:43.687
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\netaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-04-11 05:36:19.404
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\netaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. A12 08/30/2016
Motherboard: Dell Inc. 0FXF2C
Processor: AMD A6-7310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 47%
Total physical RAM: 11200.24 MB
Available physical RAM: 5903.73 MB
Total Virtual: 12100.24 MB
Available Virtual: 5705.7 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:238.47 GB) (Free:100.48 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (ORIGINAL HDD) (Fixed) (Total:929.66 GB) (Free:393.01 GB) NTFS
Drive f: (SCHOOL) (Removable) (Total:30 GB) (Free:15.85 GB) FAT32

\\?\Volume{9923554b-9ad2-4d8d-8cca-4b22cb27de71}\ (WinRETOOLS) (Fixed) (Total:0.78 GB) (Free:0.76 GB) NTFS
\\?\Volume{140233df-a3b6-46d6-89db-13be3461f8ea}\ () (Fixed) (Total:0.85 GB) (Free:0.4 GB) NTFS
\\?\Volume{a9409e46-0860-4422-8d7a-e52801f9c2c5}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 34706B48)
Partition 1: (Active) - (Size=238.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: A739D2F0)

Partition: GPT.

==========================================================
Disk: 2 (Size: 30 GB) (Disk ID: 500A0DFF)
No partition Table on disk 2.

==================== End of Addition.txt =======================


  • 0

#57
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2020
Ran by tracy (administrator) on RIFFRAFFDELL (Dell Inc. Inspiron 5555) (20-04-2020 02:01:21)
Running from C:\Program Files (x86)
Loaded Profiles: tracy (Available Profiles: tracy)
Platform: Windows 10 Home Version 1903 18362.778 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͓575.inf_amd64_8e19095ae833d985\B353558\atiesrxx.exe
(Antibody Software Limited -> Antibody Software) C:\Program Files\WizFile\WizFile64.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12105.12.48001.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\9.0.1.1462\AdskLicensingService\AdskLicensingService.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe
(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <4>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Inc -> Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ProdLib] => "C:\ProgramData\Autodesk\ApplicationPlugins\ProdLib.bundle\ProdLib.SystemTray.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9226752 2017-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [pac] => C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe [223544 2019-02-01] (Autodesk, Inc. -> Autodesk)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Inc -> Waves Audio Ltd.)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\tracy\AppData\Local\Microsoft\Teams\Update.exe [2339472 2020-04-19] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-09-25] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\tracy\AppData\Local\Microsoft\Teams\Update.exe [2339472 2020-04-19] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-792678858-599442959-1286739730-1001\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe [2491064 2020-04-01] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A9819B-59FF-4ADD-941E-27120797AFD7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-31] (Google Inc -> Google LLC)
Task: {0992B72E-174F-48CA-833F-F8CBDC38797E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2350176 2020-03-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {0A7CBBFB-CE22-4DCB-BFB9-01A394E11D95} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [150272 2020-03-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {1048265C-0472-498A-AFE4-17016126AE82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {19D7671E-81EE-483C-9493-E9F16E118F45} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1628160 2020-04-02] (Advanced Micro Devices, Inc.) [File not signed]
Task: {20D7BAC1-F6BF-4BAB-868C-676E1AC3F740} - System32\Tasks\WizFile => C:\Program Files\WizFile\WizFile64.exe [10498360 2018-11-14] (Antibody Software Limited -> Antibody Software)
Task: {2B5E7A41-28F7-4225-B55C-2C96B220593B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2167920 2020-03-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {3111A92D-B48E-488E-B9AD-70F583B767BE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [150272 2020-03-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {57799EA9-DD95-41FD-BEE5-61AC0482C1BB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2167920 2020-03-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {6082365E-FAE7-4BB0-9AFB-F9D7FE381748} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-31] (Google Inc -> Google LLC)
Task: {68DCA834-5F60-4F7E-AD9C-5E84F4FA3063} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [745480 2019-04-16] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {6A43038A-9DB1-45B6-BA73-EFE7D244B727} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6292336 2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C2E678B-A184-4A46-A6B8-489C8DD121B7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27369752 2020-03-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {6D936876-97DC-4979-8C09-C8A6138424D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6292336 2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {779FF869-D956-453F-A676-CE49CFD88E5D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-04-01] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {83D68806-CB76-4834-B0CF-E5C0A9139503} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-04-01] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {A5203AB4-9183-4A89-A6EA-892A6D16DBFB} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-04-02] (Advanced Micro Devices, Inc.) [File not signed]
Task: {A9614F83-434C-460B-944F-BD78C10736C2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [566592 2008-07-30] (Apple Inc. -> Apple Inc.)
Task: {AF16A0EF-2D9B-48B3-A243-185651867E32} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-04-02] (Advanced Micro Devices, Inc.) [File not signed]
Task: {D379E68F-0028-4F21-941F-3A2DC603AA02} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {D63CBF52-718A-44D1-85DD-6ECFD64404DC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D6CABBB9-6629-4934-9B99-D3ABC2D6B537} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27369752 2020-03-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E32DD40D-62B8-4CFE-A84B-3EF9829053AD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FC43AA72-3BF5-4632-9B29-1F4023FE36CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{70286a1a-7108-46ed-aae9-2fd660d97285}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{ab58ebd0-bed3-4a6b-bbf0-dcac49b068a4}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{c53578d0-f2f7-4140-9d8c-9c7649bb356a}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\tracy\Downloads

FireFox:
========
FF DefaultProfile: bjghe92c.default
FF ProfilePath: C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1 [2020-04-20]
FF Session Restore: Mozilla\Firefox\Profiles\ygzux85d.default-release-1 -> is enabled.
FF Extension: (Facebook Container) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\@contain-facebook.xpi [2020-04-14]
FF Extension: (YouTube Adblocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (AdBlocker Ultimate) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (Best Proxy Switcher) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (CatBlock) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (Enhancer for YouTube™) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-03-31]
FF Extension: (OneTab) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-04-14]
FF Extension: (FoxyProxy Standard) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-02-16]
FF Extension: (ProxTube) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-02-04]
FF Extension: (Video Blocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (download-helper) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (Show my Password) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (Show/Hide passwords) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (Skip Redirect) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (TinEye Reverse Image Search) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-12]
FF Extension: (No Name) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-04-13]
FF Extension: (uBlock Origin) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-04-07]
FF Extension: (YouTube Video Downloader/YouTube HD Download) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\[email protected] [2020-01-31]
FF Extension: (Social Video Downloader) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{00e68183-fc7d-4a91-b5cc-f7f8272386db}.xpi [2020-04-18]
FF Extension: (Search by image on Aliexpress) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{125dc5f0-45f5-429d-93a6-e865d67efbee}.xpi [2020-01-12]
FF Extension: (Dark Night Mode) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{27c3c9d8-95cd-44e6-ae9c-ff537348b9f3}.xpi [2020-04-13]
FF Extension: (You No Cards) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{450542d6-67d0-4975-aee1-ca1464e1ff6f}.xpi [2020-01-12]
FF Extension: (BlockTube) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{58204f8b-01c2-4bbc-98f8-9a90458fd9ef}.xpi [2020-04-07]
FF Extension: (Online PDF Editor (pdf2go.com)) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{5fe0e3b1-ef04-41af-aae8-4653d2dbd0eb}.xpi [2020-01-12]
FF Extension: (Popup Blocker Ultimate) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2020-03-09]
FF Extension: (ANIMATED CAT LICKING YOUR SCREEN) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{6a21e28f-b023-41bb-aad9-7db3a398599f}.xpi [2020-01-12]
FF Extension: (Don't touch my tabs! (rel=noopener)) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{6b938c0c-fc53-4f27-805f-619778631082}.xpi [2020-03-23]
FF Extension: (Cats on the Couch by MaDonna) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{77d6617c-ad08-4413-9373-e04e0c4b937d}.xpi [2020-01-18]
FF Extension: (Channels Blocker for Youtube) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{92d2b334-60b5-4f82-8239-9fc7b542174d}.xpi [2020-01-12]
FF Extension: (Definitions.net) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{97851884-5432-4131-9f46-841755bb0e73}.xpi [2020-03-08]
FF Extension: (see-password) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{9fc6ffbd-fbc4-43ac-9376-f6d789bea76d}.xpi [2020-01-12]
FF Extension: (Flash and Video Download) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{adeadebb-fedc-4180-a7f4-cfdd87496551}.xpi [2020-02-14]
FF Extension: (Create a new script) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{aecec67f-0d10-4fa7-b7c7-609a2db280cf}.xpi [2020-02-13]
FF Extension: (Cats shapes) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{b26c3856-d617-4503-8c5e-83af3b37c68d}.xpi [2020-01-12]
FF Extension: (Tree of Cats by MaDonna) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{b37caf98-8582-410b-943c-efa21a20ee07}.xpi [2020-04-18]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2020-01-19]
FF Extension: (Simple Night Mode for Quantum) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{c1b085de-157e-4521-a06f-c39f5c698216}.xpi [2020-01-12]
FF Extension: (ANIMATED changing eyes of black cat) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{c46898bc-7204-4398-b5a8-3ba41ff93080}.xpi [2020-01-12]
FF Extension: (Night Reader for Firefox) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{d464c6fa-2976-4e0a-a2d8-8a9a372c5dd8}.xpi [2020-01-12]
FF Extension: (Translate Menu) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{dac8a935-4775-4918-9205-5c0600087dc4}.xpi [2020-03-20]
FF Extension: (ANIMATED KITTY CAT) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{eab93f67-9aab-4a1e-923c-4000abe0e509}.xpi [2020-01-12]
FF Extension: (animated cat walking on roofs by candelora) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ygzux85d.default-release-1\Extensions\{f19ce2b0-4a67-49d0-8c09-797d294b8834}.xpi [2020-01-12]
FF ProfilePath: C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\bjghe92c.default [2020-04-04]
FF NewTab: Mozilla\Firefox\Profiles\bjghe92c.default -> hxxp://www.bing.com/?pc=COS2&ptag=D112119-N0600ABBFDD158E6&form=CONMHP&conlogo=CT3334487
FF ProfilePath: C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release [2020-04-02]
FF NewTab: Mozilla\Firefox\Profiles\ys9wk741.default-release -> hxxp://www.bing.com/?pc=COS2&ptag=D112119-N0600ABBFDD158E6&form=CONMHP&conlogo=CT3334487
FF Session Restore: Mozilla\Firefox\Profiles\ys9wk741.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\ys9wk741.default-release -> hxxps://www.facebook.com
FF Extension: (Facebook Container) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\@contain-facebook.xpi [2019-10-30]
FF Extension: (YouTube Adblocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2020-01-11]
FF Extension: (AdBlocker Ultimate) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2020-01-11]
FF Extension: (Best Proxy Switcher) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-12-10]
FF Extension: (CatBlock) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (Enhancer for YouTube™) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-12-14]
FF Extension: (OneTab) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-12-23]
FF Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-11-22]
FF Extension: (ProxTube) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-12-20]
FF Extension: (Video Blocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (download-helper) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (Show my Password) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (JavaScript-Java Bridge) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (Show/Hide passwords) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (Skip Redirect) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-11-16]
FF Extension: (TinEye Reverse Image Search) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (uBlock Origin) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-11-25]
FF Extension: (YouTube Video Downloader/YouTube HD Download) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\[email protected] [2019-10-30]
FF Extension: (Social Video Downloader) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{00e68183-fc7d-4a91-b5cc-f7f8272386db}.xpi [2019-12-29]
FF Extension: (Lookup in Oxford Dictionary) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{0aa583da-e323-42f2-b4d2-0bc61b493171}.xpi [2019-12-15]
FF Extension: (Search by image on Aliexpress) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{125dc5f0-45f5-429d-93a6-e865d67efbee}.xpi [2019-11-12]
FF Extension: (Easy Ad Blocker) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{407e413d-d53c-44d2-864c-e0163513f9fb}.xpi [2019-11-13]
FF Extension: (You No Cards) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{450542d6-67d0-4975-aee1-ca1464e1ff6f}.xpi [2020-01-11]
FF Extension: (BlockTube) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{58204f8b-01c2-4bbc-98f8-9a90458fd9ef}.xpi [2019-12-28]
FF Extension: (Online PDF Editor (pdf2go.com)) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{5fe0e3b1-ef04-41af-aae8-4653d2dbd0eb}.xpi [2019-12-19]
FF Extension: (Popup Blocker Ultimate) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2020-01-03]
FF Extension: (ANIMATED CAT LICKING YOUR SCREEN) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{6a21e28f-b023-41bb-aad9-7db3a398599f}.xpi [2019-10-30]
FF Extension: (Don't touch my tabs! (rel=noopener)) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{6b938c0c-fc53-4f27-805f-619778631082}.xpi [2019-12-23]
FF Extension: (English Popup Dictionary) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{74e2e3a5-6d4f-4766-b870-51b301cedb9b}.xpi [2019-10-30]
FF Extension: (Cats on the Couch by MaDonna) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{77d6617c-ad08-4413-9373-e04e0c4b937d}.xpi [2019-10-30]
FF Extension: (YouTube Converter Button) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{8f4bbf79-5514-4d04-a901-d5fabfe91d73}.xpi [2019-12-28]
FF Extension: (Google Translator with Right Click) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{92047279-0910-4abb-beb7-a7f2cd6cf04b}.xpi [2019-11-29]
FF Extension: (Channels Blocker for Youtube) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{92d2b334-60b5-4f82-8239-9fc7b542174d}.xpi [2019-12-28]
FF Extension: (see-password) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{9fc6ffbd-fbc4-43ac-9376-f6d789bea76d}.xpi [2019-10-30]
FF Extension: (Adblocker for YouTube™) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{ab2186b0-8c0b-4921-a2d4-95e6e05c0e3c}.xpi [2020-01-11]
FF Extension: (Flash and Video Download) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{adeadebb-fedc-4180-a7f4-cfdd87496551}.xpi [2020-01-06]
FF Extension: (Create a new script) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{aecec67f-0d10-4fa7-b7c7-609a2db280cf}.xpi [2019-12-24]
FF Extension: (Cats shapes) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{b26c3856-d617-4503-8c5e-83af3b37c68d}.xpi [2019-10-30]
FF Extension: (Tree of Cats by MaDonna) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{b37caf98-8582-410b-943c-efa21a20ee07}.xpi [2019-10-30]
FF Extension: (Simple Night Mode for Quantum) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{c1b085de-157e-4521-a06f-c39f5c698216}.xpi [2019-10-30]
FF Extension: (ANIMATED changing eyes of black cat) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{c46898bc-7204-4398-b5a8-3ba41ff93080}.xpi [2019-10-30]
FF Extension: (Night Reader for Firefox) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{d464c6fa-2976-4e0a-a2d8-8a9a372c5dd8}.xpi [2019-10-30]
FF Extension: (ANIMATED KITTY CAT) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{eab93f67-9aab-4a1e-923c-4000abe0e509}.xpi [2019-10-30]
FF Extension: (animated cat walking on roofs by candelora) - C:\Users\tracy\AppData\Roaming\Mozilla\Firefox\Profiles\ys9wk741.default-release\Extensions\{f19ce2b0-4a67-49d0-8c09-797d294b8834}.xpi [2019-10-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-27] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-27] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-01-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2018-12-26] () [File not signed]
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2018-12-26] () [File not signed]
FF Plugin HKU\S-1-5-21-792678858-599442959-1286739730-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\tracy\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-16] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default [2020-04-02]
CHR Notifications: Default -> hxxps://www.reddit.com
CHR HomePage: Default -> hxxp://www.google.com
CHR DefaultSearchURL: Default -> hxxps://www.startpage.com/do/dsearch?query={searchTerms}&cat=web&pl=ext-chrome&language=english&extVersion=1.1.0
CHR DefaultSearchKeyword: Default -> startpage.com
CHR Session Restore: Default -> is enabled.
CHR Extension: (Slides) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-31]
CHR Extension: (Popup Blocker (strict)) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aefkmifgmaafnojlojpnekbpbmjiiogg [2019-12-23]
CHR Extension: (Speed Test) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeghledigokaedmpimgnfplidhdhlchg [2020-03-03]
CHR Extension: (Docs) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-31]
CHR Extension: (Google Drive) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-31]
CHR Extension: (Dark Night Mode) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhbekkddpbpbibiknkcjamlkhoghieie [2019-10-31]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2019-12-23]
CHR Extension: (YouTube) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-31]
CHR Extension: (Adblock for Youtube™) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2019-12-23]
CHR Extension: (Proxy SwitchySharp) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2020-03-25]
CHR Extension: (Adobe Acrobat) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-02]
CHR Extension: (Sheets) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-31]
CHR Extension: (Startpage - English) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmjlmbojbkmdpofahffgcpkhkngfpef [2020-01-31]
CHR Extension: (Chrome Remote Desktop) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2019-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-02]
CHR Extension: (Etymonline) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\giehjnnlopapngdjbjjgddpaagoimmgl [2019-10-31]
CHR Extension: (uVPN - free and unlimited VPN for everyone) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpieacagdjdfbifodokiccinpbacemjf [2020-02-16]
CHR Extension: (Read Aloud: A Text to Speech Voice Reader) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhinadidafjejdhmfkjgnolgimiaplp [2020-04-02]
CHR Extension: (Voice to Text) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcdafhjjjfnkoeilnjmnadadaoehgdc [2020-01-09]
CHR Extension: (Free VPN - the fastest VPN in the house) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkomfibbgccdjcahcpleidblgknecfhh [2020-02-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-31]
CHR Extension: (Speedtest by Ookla) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2020-02-08]
CHR Extension: (Gmail) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-02]
CHR Profile: C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-04-15]
CHR Extension: (Slides) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-02]
CHR Extension: (Docs) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-02]
CHR Extension: (Google Drive) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-02]
CHR Extension: (YouTube) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-02]
CHR Extension: (Adobe Acrobat) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-04-02]
CHR Extension: (Sheets) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-02]
CHR Extension: (Google Docs Offline) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-02]
CHR Extension: (Gmail) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\tracy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-15]
CHR Profile: C:\Users\tracy\AppData\Local\Google\Chrome\User Data\System Profile [2020-04-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1046904 2020-03-04] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16939312 2019-01-09] (Autodesk, Inc. -> Autodesk)
R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository͓575.inf_amd64_8e19095ae833d985\B353558\atiesrxx.exe [524512 2020-04-02] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11600672 2020-03-03] (Microsoft Corporation -> Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-05-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [615384 2017-02-07] (Waves Inc -> Waves Audio Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-04-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [27016 2017-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, INC.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository͓575.inf_amd64_8e19095ae833d985\B353558\atikmdag.sys [65752288 2020-04-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository͓575.inf_amd64_8e19095ae833d985\B353558\atikmpag.sys [592096 2020-04-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [103672 2020-04-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [137104 2017-11-08] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325808 2016-07-28] (Qualcomm Atheros -> Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-11-18] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R2 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv_bgp.sys [315976 2019-12-12] (Bluestack Systems, Inc -> Bluestack System Inc. )
R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [601616 2016-05-19] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [22864 2016-10-27] (WDKTestCert Andy_Chen6,131219483243550933 -> OSR Open Systems Resources, Inc.)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspWhySoSlow; C:\Windows\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Daniel Terhell -> Resplendence Software Projects Sp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [662528 2019-03-19] (Microsoft Windows -> Realtek )
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [8206848 2019-03-19] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [412400 2015-09-11] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45960 2020-04-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [391392 2020-04-13] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [59104 2020-04-13] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-20 02:01 - 2020-04-20 02:04 - 000045702 _____ C:\Program Files (x86)\FRST.txt
2020-04-19 23:34 - 2020-04-19 23:34 - 000000165 ____H C:\Users\tracy\Desktop\~$Double Names.xlsx
2020-04-19 21:17 - 2020-04-19 21:17 - 000002367 _____ C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-04-19 21:17 - 2020-04-19 21:17 - 000002359 _____ C:\Users\tracy\Desktop\Microsoft Teams.lnk
2020-04-19 18:16 - 2020-04-19 18:16 - 097813672 _____ (Microsoft Corporation) C:\Users\tracy\Downloads\Teams_windows_x64.exe
2020-04-19 03:02 - 2020-04-19 03:03 - 283765456 _____ (Dell Inc.) C:\Users\tracy\Downloads\Realtek-High-Definition-Audio-Driver_51T6N_WIN_6.0.1.8142_A07_01(1).EXE
2020-04-19 01:20 - 2020-04-19 01:20 - 000176615 _____ C:\Users\tracy\Downloads\Listing Of VicRoads Fees 2019-20.pdf
2020-04-18 04:33 - 2020-04-18 04:33 - 000239873 _____ C:\Users\tracy\Downloads\Enjoy the Huntsman Spiders in Your Backyard - BackyardBuddies.net.au(1).pdf
2020-04-18 02:29 - 2020-04-18 02:30 - 343086043 _____ C:\Users\tracy\Desktop\Weekend At Bernies [360p].mp4
2020-04-17 21:04 - 2020-04-17 21:04 - 000001072 _____ C:\Users\tracy\Desktop\Pictures - Shortcut.lnk
2020-04-17 20:19 - 2020-04-17 20:19 - 000239873 _____ C:\Users\tracy\Downloads\Enjoy the Huntsman Spiders in Your Backyard - BackyardBuddies.net.au.pdf
2020-04-17 13:55 - 2020-04-17 13:55 - 143093760 _____ C:\Users\tracy\Downloads\TLCDESIGNS_SITE PLAN_w landscape FINAL(1).rvt
2020-04-17 13:46 - 2020-04-17 13:46 - 000247306 _____ C:\Users\tracy\Downloads\20_Project 3A__assessment(1).pdf
2020-04-17 11:34 - 2020-04-17 11:34 - 000001957 _____ C:\Users\tracy\Desktop\tasks.txt
2020-04-17 04:11 - 2020-04-17 04:11 - 000175822 _____ C:\Users\tracy\Downloads\420-430-Point-Henry-Road-Moolap-Vicplan-Planning-Property-Report.pdf
2020-04-17 00:20 - 2020-04-17 00:20 - 000370662 _____ C:\Users\tracy\Downloads\8d57f7d438e0c8f-applicationformforaplanningpermit.pdf
2020-04-17 00:14 - 2020-04-17 02:58 - 143093760 _____ C:\Users\tracy\Downloads\TLCDESIGNS_SITE PLAN_w landscape FINAL.rvt
2020-04-17 00:14 - 2020-04-17 02:20 - 143147008 _____ C:\Users\tracy\Downloads\TLCDESIGNS_SITE PLAN_w landscape FINAL.0002.rvt
2020-04-17 00:14 - 2020-04-17 00:14 - 143093760 _____ C:\Users\tracy\Downloads\TLCDESIGNS_SITE PLAN_w landscape FINAL.0001.rvt
2020-04-16 23:36 - 2020-04-16 23:36 - 000268968 _____ C:\Users\tracy\Downloads\How-to-complete-the-Application-for-Planning-Permit-Form.pdf
2020-04-16 23:27 - 2020-04-16 23:27 - 003143587 _____ C:\Users\tracy\Downloads\PLN121154 Environmental Sustainable Development Report.pdf
2020-04-16 23:27 - 2020-04-16 23:27 - 000015092 _____ C:\Users\tracy\Downloads\Opinion of Probale Cost.xlsx
2020-04-16 23:26 - 2020-04-16 23:26 - 002375569 _____ C:\Users\tracy\Downloads\Sustainability_Report[1].pdf
2020-04-16 23:11 - 2020-04-16 23:11 - 447486932 _____ C:\Users\tracy\Downloads\The Naust Boathouse - Board Final.tif
2020-04-16 22:35 - 2020-04-16 22:36 - 003190885 _____ C:\Users\tracy\Downloads\A-Snapshot-of-sustainability-reporting-in-the-Construction-Real-Estate-Sector.pdf
2020-04-16 03:20 - 2020-04-16 03:20 - 025444352 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 019812864 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 007017472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 005910016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 004129624 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 003512320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 002951832 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 002494744 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 001870408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 001610240 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 001310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 001264640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2020-04-16 03:20 - 2020-04-16 03:20 - 001151816 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 001013000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000983040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000420152 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000380416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000321536 _____ (Microsoft Corporation) C:\Windows\system32\wbadmin.exe
2020-04-16 03:20 - 2020-04-16 03:20 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.XamlHost.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.XamlHost.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000105472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakrathunk.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2020-04-16 03:20 - 2020-04-16 03:20 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 022636544 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 019850240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 018027520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 014818816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 009930552 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 008013824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 007756800 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 007604584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 006523048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 006168064 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 005040640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 004611584 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 004563200 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 004538880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 003802624 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 003753472 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 003742544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 003729408 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2020-04-16 03:19 - 2020-04-16 03:19 - 003547648 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 002986808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2020-04-16 03:19 - 2020-04-16 03:19 - 002871608 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 002800640 _____ (Microsoft Corporation) C:\Windows\system32\WinSAT.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 002800128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2020-04-16 03:19 - 2020-04-16 03:19 - 002767928 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 002453504 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 002180408 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 002086656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001999960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001945600 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001918976 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001835008 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001764336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001757096 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-04-16 03:19 - 2020-04-16 03:19 - 001729024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001726264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001697792 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001665216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001664896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001656904 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001646048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001612800 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001603584 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001587712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001545216 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 001512832 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 001484384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001480192 _____ (Microsoft Corporation) C:\Windows\system32\usocoreworker.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 001477112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001458688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001427456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001413840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001397576 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 001378528 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001368576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001368576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001318912 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001300280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2020-04-16 03:19 - 2020-04-16 03:19 - 001261808 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001257472 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001245184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001243648 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001153024 _____ (Microsoft Corporation) C:\Windows\system32\windowsperformancerecordercontrol.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001136128 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001083904 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001081856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001077064 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 001055376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001011200 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001009152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 001008128 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000993280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000982840 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000974336 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000924672 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000923136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000915192 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000912896 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windowsperformancerecordercontrol.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000865280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000865280 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000840704 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Language.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000836608 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000835584 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000822208 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000811320 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000785920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000783480 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000775696 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000772096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2020-04-16 03:19 - 2020-04-16 03:19 - 000768528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000759272 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000747320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FlightSettings.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BTAGService.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000684560 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000673704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000673464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000668672 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000647680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000638480 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000632832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000629760 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000628616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000618296 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000604984 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000561464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2020-04-16 03:19 - 2020-04-16 03:19 - 000555008 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2020-04-16 03:19 - 2020-04-16 03:19 - 000550400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-04-16 03:19 - 2020-04-16 03:19 - 000538160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000525312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000515600 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000513576 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000510792 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000507152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000498688 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000491008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000487784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000477496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2020-04-16 03:19 - 2020-04-16 03:19 - 000465208 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000459688 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000456504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2020-04-16 03:19 - 2020-04-16 03:19 - 000456192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2020-04-16 03:19 - 2020-04-16 03:19 - 000452096 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000415760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000410112 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000408064 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000406480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Enumeration.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000374784 _____ (Microsoft Corporation) C:\Windows\system32\ncbservice.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000355840 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicSvc.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\wpr.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\es.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000324408 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2020-04-16 03:19 - 2020-04-16 03:19 - 000323584 _____ (Microsoft Corporation) C:\Windows\system32\sppcommdlg.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicCapsule.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000277864 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000277504 _____ (Microsoft Corporation) C:\Windows\system32\scecli.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000268008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000259776 _____ (Microsoft Corporation) C:\Windows\system32\logoncli.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000251704 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000241152 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000234496 _____ (Microsoft Corporation) C:\Windows\system32\iasrad.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000231936 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000227840 _____ (Microsoft Corporation) C:\Windows\system32\IndexedDbLegacy.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000225792 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000214528 _____ (Microsoft Corporation) C:\Windows\system32\srumsvc.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scecli.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000211256 _____ (Microsoft Corporation) C:\Windows\system32\tcbloader.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000203264 _____ (Microsoft Corporation) C:\Windows\system32\LanguageComponentsInstaller.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000197632 _____ (Microsoft Corporation) C:\Windows\system32\Win32CompatibilityAppraiserCSP.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000190048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logoncli.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasrad.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000185952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000179712 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000178192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2020-04-16 03:19 - 2020-04-16 03:19 - 000178176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srumsvc.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000164368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000152408 _____ (Microsoft Corporation) C:\Windows\system32\KerbClientShared.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000147696 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000142544 _____ (Microsoft Corporation) C:\Windows\system32\LicensingUI.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\slc.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000139776 _____ (Microsoft Corporation) C:\Windows\system32\Chakrathunk.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000136192 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000130560 _____ (Microsoft Corporation) C:\Windows\system32\StorageUsage.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000127280 _____ (Microsoft Corporation) C:\Windows\system32\win32u.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000123952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KerbClientShared.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000122368 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slc.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000115120 _____ (Microsoft Corporation) C:\Windows\system32\phoneactivate.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000105472 _____ (Microsoft Corporation) C:\Windows\system32\WorkFolders.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000102216 _____ (Microsoft Corporation) C:\Windows\system32\changepk.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000093712 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000089336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32u.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicAgent.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\iasacct.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000084280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2020-04-16 03:19 - 2020-04-16 03:19 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Custom.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000071480 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\keepaliveprovider.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000066624 _____ (Microsoft Corporation) C:\Windows\system32\iumcrypt.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasacct.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\srumapi.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000058880 _____ C:\Windows\system32\runexehelper.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000051200 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srumapi.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000050544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudNotifications.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\iaspolcy.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbauth.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cmintegrator.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\UpgradeResultsUI.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iaspolcy.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000036152 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000033792 _____ (Microsoft Corporation) C:\Windows\system32\sxssrv.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000033080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys
2020-04-16 03:19 - 2020-04-16 03:19 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000031744 _____ (Microsoft Corporation) C:\Windows\system32\ias.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cmintegrator.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000029184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerCookies.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\WaaSMedicPS.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ias.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\slcext.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\sbservicetrigger.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000021520 _____ (Microsoft Corporation) C:\Windows\system32\kdhvcom.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\icsunattend.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Custom.ps.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000012288 _____ (Microsoft Corporation) C:\Windows\system32\pacjsworker.exe
2020-04-16 03:19 - 2020-04-16 03:19 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000010752 _____ (Microsoft Corporation) C:\Windows\system32\DMAlertListener.ProxyStub.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DMAlertListener.ProxyStub.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2020-04-16 03:19 - 2020-04-16 03:19 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2020-04-16 03:19 - 2020-04-16 03:19 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2020-04-16 03:19 - 2020-04-16 03:19 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2020-04-16 03:19 - 2020-04-16 03:19 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2020-04-16 03:19 - 2020-04-16 03:19 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2020-04-16 03:19 - 2020-04-16 03:19 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2020-04-16 03:19 - 2020-04-16 03:19 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2020-04-16 03:19 - 2020-04-16 03:19 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2020-04-16 03:19 - 2020-04-16 03:19 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2020-04-16 03:19 - 2020-04-16 03:19 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2020-04-16 03:19 - 2020-04-16 03:19 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2020-04-16 03:19 - 2020-04-16 03:19 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2020-04-16 03:18 - 2020-04-16 03:18 - 017790464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 007849216 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 003708928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 003587384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 003109376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 002717184 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 002131456 _____ (Microsoft Corporation) C:\Windows\system32\WpcDesktopMonSvc.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 002126144 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 002114560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 001960448 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 001942528 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 001783296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 001762816 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 001719808 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 001497600 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 001413704 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 001263856 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2020-04-16 03:18 - 2020-04-16 03:18 - 001180672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 001127424 _____ (Microsoft Corporation) C:\Windows\system32\WpcRefreshTask.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 001071616 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000893952 _____ (Microsoft Corporation) C:\Windows\system32\FlightSettings.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000879616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Service.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000874296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 000735744 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000722072 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000654912 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000637240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 000589384 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2020-04-16 03:18 - 2020-04-16 03:18 - 000524264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Enumeration.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000469504 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000441144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 000437560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 000416016 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\WpcApi.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000339304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000297272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 000278016 _____ (Microsoft Corporation) C:\Windows\system32\WpcTok.exe
2020-04-16 03:18 - 2020-04-16 03:18 - 000268288 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000265216 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\UpdateDeploymentProvider.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000251392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winnat.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 000231912 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000200192 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000193848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\SpatialAudioLicenseSrv.exe
2020-04-16 03:18 - 2020-04-16 03:18 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000151352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scmbus.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\UtcDecoderHost.exe
2020-04-16 03:18 - 2020-04-16 03:18 - 000108032 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Custom.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\dot3api.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000089912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 000088352 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\autopilot.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.EnrollmentStatusTracking.ConfigProvider.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\tbauth.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\CloudNotifications.exe
2020-04-16 03:18 - 2020-04-16 03:18 - 000059192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\audioresourceregistrar.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000047000 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2020-04-16 03:18 - 2020-04-16 03:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.Common.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\WiredNetworkCSP.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\WpcProxyStubs.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\TokenBrokerCookies.exe
2020-04-16 03:18 - 2020-04-16 03:18 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\KNetPwrDepBroker.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys
2020-04-16 03:18 - 2020-04-16 03:18 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Custom.ps.dll
2020-04-16 03:18 - 2020-04-16 03:18 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys
2020-04-16 03:01 - 2020-03-17 13:57 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-04-16 03:01 - 2020-03-17 13:56 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-04-16 01:11 - 2020-04-16 01:21 - 000000000 ____D C:\Users\tracy\AppData\Roaming\Zoom Plugin
2020-04-16 01:09 - 2020-04-16 01:09 - 000000000 ____D C:\Program Files (x86)\Zoom
2020-04-16 01:07 - 2020-04-16 01:08 - 003580928 _____ C:\Users\tracy\Downloads\ZoomOutlookPluginSetup.msi
2020-04-16 00:38 - 2020-04-16 00:38 - 000001675 _____ C:\Users\tracy\Downloads\meeting-98903233635.ics
2020-04-16 00:32 - 2020-04-16 00:32 - 000001934 _____ C:\Users\tracy\Desktop\Zoom.lnk
2020-04-16 00:30 - 2020-04-16 00:30 - 000000000 ____D C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-04-16 00:28 - 2020-04-16 00:29 - 011357160 _____ (Zoom Video Communications, Inc.) C:\Users\tracy\Downloads\ZoomInstaller.exe
2020-04-16 00:00 - 2020-04-16 00:13 - 013712306 _____ C:\Users\tracy\Downloads\0004-Diagnostic_v2.0.3.0_AllInOneRel_0803.zip
2020-04-16 00:00 - 2020-04-16 00:12 - 011108153 _____ C:\Users\tracy\Downloads\Install_Win10_10038_02202020.zip
2020-04-15 23:09 - 2020-04-15 19:40 - 005621390 _____ C:\Windows\Minidump\journal.0009.0001.dmp
2020-04-15 23:06 - 2020-04-15 22:30 - 000558021 _____ C:\Windows\Minidump\668cb281-773b-4478-a352-a8228cd35408.dmp
2020-04-15 23:01 - 2020-04-14 17:55 - 000281048 _____ C:\Windows\Minidump\WATCHDOG-20200414-1755.dmp
2020-04-15 23:01 - 2020-04-12 13:42 - 000281048 _____ C:\Windows\Minidump\WATCHDOG-20200412-1342.dmp
2020-04-15 20:44 - 2020-04-15 20:44 - 000286720 _____ C:\Users\tracy\Downloads\Barn_Door_12447.rfa
2020-04-15 20:43 - 2020-04-15 20:43 - 000479232 _____ C:\Users\tracy\Downloads\Double_Barn_Door_2211.rfa
2020-04-15 20:02 - 2020-04-20 02:01 - 000000000 ____D C:\Program Files (x86)\FRST-OlderVersion
2020-04-15 20:02 - 2020-04-15 20:08 - 000009742 _____ C:\Program Files (x86)\Search.txt
2020-04-15 18:49 - 2020-04-15 18:50 - 418495716 _____ C:\Users\tracy\Downloads\The Naust BoardFinal.tif
2020-04-15 18:46 - 2020-04-15 18:47 - 252781936 _____ C:\Users\tracy\Downloads\The Naust Board White.pdf
2020-04-15 18:45 - 2020-04-15 18:45 - 265958069 _____ C:\Users\tracy\Downloads\The Naust Board Black.pdf
2020-04-15 00:32 - 2020-04-15 00:32 - 003361405 _____ C:\Users\tracy\Downloads\96672925 - CoGG Drainage Plan.pdf
2020-04-15 00:32 - 2020-04-15 00:32 - 000118488 _____ C:\Users\tracy\Downloads\CoGG Guide to Reading Plans.pdf
2020-04-15 00:29 - 2020-04-15 00:29 - 000443540 _____ C:\Users\tracy\Downloads\Coversheet(2).pdf
2020-04-15 00:29 - 2020-04-15 00:29 - 000443540 _____ C:\Users\tracy\Downloads\Coversheet(1).pdf
2020-04-15 00:27 - 2020-04-15 00:27 - 000551116 _____ C:\Users\tracy\Downloads\96673050 - CoGG Drainage Plan.pdf
2020-04-15 00:13 - 2020-04-15 00:13 - 006168452 _____ C:\Users\tracy\Downloads\96672930 - Barwon Water Plan.pdf
2020-04-14 23:23 - 2020-04-14 23:23 - 000451795 _____ C:\Users\tracy\Downloads\Coversheet.pdf
2020-04-14 23:21 - 2020-04-14 23:21 - 000092169 _____ C:\Users\tracy\Downloads\19360764.PDF
2020-04-14 22:20 - 2020-04-14 22:20 - 000000000 ____D C:\Users\tracy\Documents\Zoom
2020-04-14 22:18 - 2020-04-16 00:30 - 000000000 ____D C:\Users\tracy\AppData\Roaming\Zoom
2020-04-14 03:33 - 2020-04-14 03:33 - 005292165 _____ C:\Users\tracy\Desktop\NVR_GuideBook.pdf
2020-04-14 03:20 - 2020-04-14 03:21 - 005342504 _____ C:\Users\tracy\Downloads\SPRO_GuideBook(2).pdf
2020-04-14 03:19 - 2020-04-14 03:19 - 005342504 _____ C:\Users\tracy\Downloads\SPRO_GuideBook(1).pdf
2020-04-14 02:13 - 2020-04-14 02:13 - 000000000 ____D C:\Users\tracy\Downloads\time_pwd_1.1
2020-04-14 01:37 - 2020-04-14 01:37 - 000006020 _____ C:\Users\tracy\Downloads\time_pwd_1.1.zip
2020-04-13 23:32 - 2020-04-13 23:32 - 005342504 _____ C:\Users\tracy\Downloads\SPRO_GuideBook.pdf
2020-04-13 22:49 - 2020-04-13 22:49 - 000000698 _____ C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VEW (2).lnk
2020-04-13 22:44 - 2020-04-15 20:12 - 000014055 _____ C:\VEW.txt
2020-04-13 22:39 - 2020-04-13 22:43 - 000000000 ____D C:\VEW
2020-04-13 22:39 - 2020-04-13 22:39 - 000001184 _____ C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\bluescreenview_setup.lnk
2020-04-13 22:39 - 2020-04-13 22:39 - 000001084 _____ C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk
2020-04-13 22:23 - 2020-04-13 22:23 - 000001084 _____ C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OOSU10 (2).lnk
2020-04-13 04:26 - 2020-04-13 04:27 - 000106496 _____ (PCGameBenchmark) C:\Users\tracy\Downloads\PCGameBenchmark_Detector.exe
2020-04-12 23:18 - 2020-04-12 23:18 - 000987136 _____ (RevitLog.NL) C:\Users\tracy\Downloads\RevitHatchBuilderENG (สร้างลาย Pattern).exe
2020-04-12 12:06 - 2020-04-13 18:51 - 000000000 ____D C:\AdwCleaner
2020-04-12 12:06 - 2020-04-12 12:06 - 008196784 _____ (Malwarebytes) C:\Users\tracy\Downloads\AdwCleaner.exe
2020-04-12 10:28 - 2020-04-19 21:52 - 000003120 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2020-04-12 08:58 - 2020-04-12 08:59 - 001929216 _____ C:\Users\tracy\Downloads\Platane_3.rfa
2020-04-12 08:46 - 2020-04-12 08:46 - 001101824 _____ C:\Users\tracy\Downloads\Planting_-_Solid_and_RPC_16077.rfa
2020-04-12 08:35 - 2020-04-12 08:50 - 000000000 ____D C:\Users\tracy\Downloads\Images
2020-04-12 08:35 - 2020-04-12 08:35 - 000000000 ____D C:\Users\tracy\Downloads\Textures
2020-04-12 08:35 - 2018-12-13 11:24 - 058691584 _____ C:\Users\tracy\Downloads\Marshalls_Floor_ConcretePaving_Modal.rvt
2020-04-12 08:35 - 2018-06-12 11:43 - 022548480 _____ C:\Users\tracy\Downloads\Marshalls_Floor_NaturalStone_Appleton.rvt
2020-04-12 08:35 - 2018-05-26 12:21 - 020590592 _____ C:\Users\tracy\Downloads\Marshalls_Streetfurniture_CitiElementCollection.rvt
2020-04-12 08:35 - 2018-05-14 09:31 - 018497536 _____ C:\Users\tracy\Downloads\Marshalls_Streetfurniture_ErecleaCollection.rvt
2020-04-12 08:35 - 2018-05-09 10:50 - 016293888 _____ C:\Users\tracy\Downloads\Marshalls_Streetfurniture_Escofet_PrimaMarinaCollection.rvt
2020-04-12 08:35 - 2018-04-19 08:10 - 000520192 _____ C:\Users\tracy\Downloads\Marshalls_Streetfurniture_Escofet_Twig.rfa
2020-04-12 08:35 - 2018-03-20 13:58 - 025182208 _____ C:\Users\tracy\Downloads\Marshalls_Floor_NaturalStone_Stonespar.rvt
2020-04-12 08:35 - 2018-03-20 11:37 - 035512320 _____ C:\Users\tracy\Downloads\Marshalls_Floor_ConcretePaving_Organa.rvt
2020-04-12 08:35 - 2017-11-30 12:24 - 029134848 _____ C:\Users\tracy\Downloads\Marshalls_StreetFurniture_DemetraCollection.rvt
2020-04-12 08:35 - 2017-07-17 10:58 - 004776254 _____ C:\Users\tracy\Downloads\Marshalls_BIMuserguide23062017.pdf
2020-04-12 08:34 - 2020-04-12 08:48 - 000000000 ____D C:\Users\tracy\Downloads\Material
2020-04-12 08:34 - 2020-04-12 08:35 - 000000000 ____D C:\Users\tracy\Downloads\Materials
2020-04-12 08:34 - 2019-01-23 15:52 - 001593374 _____ C:\Users\tracy\Downloads\Marshalls_BIMuserguide.pdf
2020-04-12 08:34 - 2018-03-20 12:18 - 034013184 _____ C:\Users\tracy\Downloads\Marshalls_Floor_ConcretePaving_Rivero.rvt
2020-04-12 08:34 - 2018-03-07 09:43 - 022011904 _____ C:\Users\tracy\Downloads\Marshalls_External_Streetfurniture_Loci.rvt
2020-04-12 08:34 - 2018-03-07 09:33 - 000090382 _____ C:\Users\tracy\Downloads\ReadMe_D.pdf
2020-04-12 08:34 - 2018-03-06 14:54 - 001323696 _____ C:\Users\tracy\Downloads\Marshalls_BIMuserguide.2018.pdf
2020-04-12 08:34 - 2018-02-08 11:48 - 038105088 _____ C:\Users\tracy\Downloads\Marshalls_External_Streetfurniture_Stratic.rvt
2020-04-12 08:34 - 2015-01-21 17:49 - 001508508 _____ C:\Users\tracy\Downloads\Readme-D.pdf
2020-04-12 08:32 - 2020-04-12 08:33 - 072610881 _____ C:\Users\tracy\Downloads\marshalls-floor-concretepaving-modal.zip
2020-04-12 08:32 - 2020-04-12 08:33 - 061481104 _____ C:\Users\tracy\Downloads\marshalls-floor-naturalstone-appleton.zip
2020-04-12 08:32 - 2020-04-12 08:33 - 032762606 _____ C:\Users\tracy\Downloads\marshalls-floor-concretepaving-rivero.zip
2020-04-12 08:32 - 2020-04-12 08:33 - 032003019 _____ C:\Users\tracy\Downloads\marshalls-floor-concretepaving-organa.zip
2020-04-12 08:32 - 2020-04-12 08:33 - 022328988 _____ C:\Users\tracy\Downloads\marshalls-floor-naturalstone-stonespar.zip
2020-04-12 08:32 - 2020-04-12 08:33 - 018394050 _____ C:\Users\tracy\Downloads\marshalls-external-streetfurniture-loci.zip
2020-04-12 08:32 - 2020-04-12 08:32 - 033166006 _____ C:\Users\tracy\Downloads\marshalls-external-streetfurniture-stratic1.zip
2020-04-12 08:32 - 2020-04-12 08:32 - 026832503 _____ C:\Users\tracy\Downloads\marshalls-streetfurniture-demetracollection.zip
2020-04-12 08:32 - 2020-04-12 08:32 - 026622290 _____ C:\Users\tracy\Downloads\marshalls-streetfurniture-erecleacollection.zip
2020-04-12 08:32 - 2020-04-12 08:32 - 021243278 _____ C:\Users\tracy\Downloads\marshalls-streetfurniture-citielementcollection.zip
2020-04-12 08:32 - 2020-04-12 08:32 - 016557582 _____ C:\Users\tracy\Downloads\marshalls-streetfurniture-escofet-primamarinacollection.zip
2020-04-12 08:32 - 2020-04-12 08:32 - 003487616 _____ C:\Users\tracy\Downloads\marshalls-streetfurniture-escofet-twig1.zip
2020-04-12 03:45 - 2020-04-19 21:52 - 000003106 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2020-04-12 03:45 - 2020-04-12 03:45 - 000003194 _____ C:\Windows\system32\Tasks\ModifyLinkUpdate
2020-04-12 03:45 - 2020-04-12 03:45 - 000000000 ____D C:\Windows\system32\AMD
2020-04-12 03:45 - 2020-04-02 19:43 - 000103672 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys
2020-04-12 03:44 - 2020-04-12 03:44 - 000003160 _____ C:\Windows\system32\Tasks\StartCN
2020-04-12 03:44 - 2020-04-12 03:44 - 000003080 _____ C:\Windows\system32\Tasks\StartDVR
2020-04-12 03:44 - 2020-04-12 03:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2020-04-12 03:42 - 2020-04-12 03:42 - 000000000 ____D C:\Program Files (x86)\AMD
2020-04-12 03:38 - 2020-04-12 03:38 - 000000000 ____D C:\Program Files\Waves
2020-04-12 03:36 - 2020-04-12 03:36 - 000000000 ____D C:\ProgramData\AMD
2020-04-12 03:28 - 2020-04-02 19:45 - 001784744 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-04-12 03:28 - 2020-04-02 19:45 - 001784744 _____ C:\Windows\system32\vulkaninfo.exe
2020-04-12 03:28 - 2020-04-02 19:44 - 001375144 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-04-12 03:28 - 2020-04-02 19:44 - 001375144 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-04-12 03:28 - 2020-04-02 19:44 - 001086184 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 001086184 _____ C:\Windows\system32\vulkan-1.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000945032 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000945032 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000761056 _____ (AMD) C:\Windows\system32\atieclxx.exe
2020-04-12 03:28 - 2020-04-02 19:44 - 000574888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000493992 _____ C:\Windows\system32\dgtrayicon.exe
2020-04-12 03:28 - 2020-04-02 19:44 - 000491944 _____ C:\Windows\system32\GameManager64.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000485800 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000451808 _____ C:\Windows\system32\atieah64.exe
2020-04-12 03:28 - 2020-04-02 19:44 - 000428968 _____ C:\Windows\system32\EEURestart.exe
2020-04-12 03:28 - 2020-04-02 19:44 - 000374696 _____ C:\Windows\SysWOW64\GameManager32.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000345824 _____ C:\Windows\SysWOW64\atieah32.exe
2020-04-12 03:28 - 2020-04-02 19:44 - 000344800 _____ C:\Windows\system32\clinfo.exe
2020-04-12 03:28 - 2020-04-02 19:44 - 000241888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000209120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000184744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000163240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000159456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000153512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000138664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000136416 _____ (AMD) C:\Windows\system32\atimuixx.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000136416 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000124840 _____ C:\Windows\system32\atidxx64.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000107432 _____ C:\Windows\SysWOW64\atidxx32.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000091560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000076200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000047528 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000044456 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000020408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2020-04-12 03:28 - 2020-04-02 19:44 - 000020408 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2020-04-12 03:28 - 2020-04-02 19:43 - 004585896 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2020-04-12 03:28 - 2020-04-02 19:43 - 004095400 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2020-04-12 03:28 - 2020-04-02 19:43 - 001730984 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2020-04-12 03:28 - 2020-04-02 19:43 - 001243560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2020-04-12 03:28 - 2020-04-02 19:43 - 001243560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2020-04-12 03:28 - 2020-04-02 19:43 - 000469416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2020-04-12 03:28 - 2020-04-02 19:43 - 000179080 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2020-04-12 03:28 - 2020-04-02 19:43 - 000158432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2020-04-12 03:28 - 2020-04-02 19:43 - 000121256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2020-04-12 03:28 - 2020-04-02 19:43 - 000106408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2020-04-12 03:28 - 2020-04-02 19:43 - 000071080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2020-04-12 03:28 - 2020-04-02 19:42 - 001686840 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2020-04-12 03:28 - 2020-04-02 19:42 - 001366192 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2020-04-12 03:28 - 2020-04-02 19:42 - 000128952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2020-04-12 03:28 - 2020-04-02 19:42 - 000108056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2020-04-12 03:28 - 2020-04-02 05:20 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2020-04-12 03:28 - 2020-04-02 05:20 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2020-04-12 03:28 - 2020-04-02 05:18 - 000204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2020-04-12 03:28 - 2020-04-02 05:18 - 000204952 _____ C:\Windows\system32\ativvsvl.dat
2020-04-12 03:28 - 2020-04-02 05:18 - 000157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2020-04-12 03:28 - 2020-04-02 05:18 - 000157144 _____ C:\Windows\system32\ativvsva.dat
2020-04-12 03:28 - 2020-04-02 05:15 - 000543168 _____ C:\Windows\SysWOW64\atiapfxx.blb
2020-04-12 03:28 - 2020-04-02 05:15 - 000543168 _____ C:\Windows\system32\atiapfxx.blb
2020-04-12 03:28 - 2019-11-18 13:59 - 000108152 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdWT6.sys
2020-04-12 03:28 - 2019-08-20 04:06 - 000125488 _____ C:\Windows\system32\kapp_ci.sbin
2020-04-12 03:28 - 2019-01-12 08:27 - 000121168 _____ C:\Windows\system32\kapp_si.sbin
2020-04-12 03:28 - 2016-09-03 01:24 - 000154384 _____ C:\Windows\system32\samu_krnl_ci.sbin
2020-04-12 03:28 - 2013-12-12 23:53 - 000138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin
2020-04-12 03:27 - 2020-04-02 19:43 - 078651840 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2020-04-12 03:27 - 2020-04-02 19:43 - 062867880 _____ C:\Windows\system32\amd_comgr.dll
2020-04-12 03:27 - 2020-04-02 19:43 - 052403624 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2020-04-12 03:27 - 2020-04-02 19:43 - 000941992 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2020-04-12 03:27 - 2020-04-02 19:43 - 000769448 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2020-04-12 03:27 - 2020-04-02 19:43 - 000554408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2020-04-12 03:27 - 2020-04-02 19:43 - 000484776 _____ C:\Windows\system32\amdgfxinfo64.dll
2020-04-12 03:27 - 2020-04-02 19:43 - 000467368 _____ C:\Windows\system32\amdlogum.exe
2020-04-12 03:27 - 2020-04-02 19:43 - 000384424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2020-04-12 03:27 - 2020-04-02 19:43 - 000374184 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2020-04-12 03:27 - 2020-04-02 19:43 - 000198120 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2020-04-12 03:27 - 2020-04-02 19:43 - 000167720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2020-04-12 03:27 - 2020-04-02 19:43 - 000135592 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-04-12 03:27 - 2020-04-02 19:43 - 000121792 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-04-12 03:27 - 2020-04-02 19:42 - 000546544 _____ C:\Windows\system32\amdmiracast.dll
2020-04-12 03:27 - 2020-04-02 19:42 - 000135160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2020-04-12 03:27 - 2020-04-02 19:42 - 000128952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2020-04-12 03:27 - 2020-04-02 19:42 - 000120072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2020-04-12 03:27 - 2020-04-02 19:42 - 000108048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2020-04-12 03:27 - 2019-07-17 05:58 - 000069770 _____ C:\Windows\system32\AMDKernelEvents.man
2020-04-11 20:49 - 2020-04-11 20:49 - 000000000 ____D C:\Windows\system32\Tasks\S-1-5-21-792678858-599442959-1286739730-1001
2020-04-11 17:59 - 2020-04-11 17:59 - 000001073 _____ C:\Users\Public\Desktop\ConfigTool.lnk
2020-04-11 17:59 - 2020-04-11 17:59 - 000001073 _____ C:\ProgramData\Desktop\ConfigTool.lnk
2020-04-11 17:59 - 2020-04-11 17:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConfigTool
2020-04-11 17:58 - 2020-04-11 20:19 - 000000000 ____D C:\Program Files (x86)\ConfigTool
2020-04-11 17:54 - 2020-04-11 17:54 - 019542440 _____ C:\Users\tracy\Downloads\ConfigTool_ChnEng_V4.07.0.R.20170415.exe
2020-04-11 16:17 - 2020-04-11 16:18 - 040547320 _____ (AMD Inc.) C:\Users\tracy\Downloads\radeon-software-adrenalin-2020-20.4.1-minimalsetup-200402_web.exe
2020-04-11 08:50 - 2020-04-11 08:59 - 000002880 _____ C:\Users\tracy\Downloads\OOSU10.ini
2020-04-11 08:49 - 2020-04-11 08:49 - 001030520 _____ (O&O Software GmbH) C:\Program Files (x86)\OOSU10.exe
2020-04-11 07:41 - 2020-04-11 07:41 - 000904557 _____ C:\Users\tracy\Downloads\1183401_Sumo_Elec_Reminder.pdf
2020-04-11 04:43 - 2020-04-11 04:44 - 005281873 _____ C:\Users\tracy\Downloads\saliva_drug_test_drugwipe_en_180413.pdf
2020-04-11 04:41 - 2020-04-11 04:41 - 000407508 _____ C:\Users\tracy\Downloads\flyer_drugwipe_5min_70534_v01_en_email.pdf
2020-04-11 04:29 - 2020-04-11 04:29 - 000082920 _____ C:\Users\tracy\Downloads\email-account-10117733.pdf
2020-04-11 04:27 - 2020-04-11 04:27 - 000407721 _____ C:\Users\tracy\Downloads\121213.pdf
2020-04-11 04:02 - 2020-04-11 04:02 - 000896279 _____ C:\Users\tracy\Downloads\09-095sr.pdf
2020-04-11 03:25 - 2020-04-11 03:26 - 000011275 _____ C:\Users\tracy\Downloads\Fixlog.txt
2020-04-11 03:21 - 2020-04-11 03:21 - 000116468 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2020-04-11 03:21 - 2020-04-11 03:21 - 000116468 _____ C:\ProgramData\Documents\SIGVERIF.TXT
2020-04-11 00:57 - 2020-04-11 03:03 - 000000000 ____D C:\Program Files (x86)\Windscribe
2020-04-11 00:57 - 2020-04-11 00:57 - 000000000 ____D C:\Users\tracy\AppData\Local\Windscribe
2020-04-11 00:57 - 2020-04-11 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2020-04-11 00:57 - 2018-07-06 17:22 - 000054896 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tapwindscribe0901.sys
2020-04-11 00:50 - 2020-04-11 00:50 - 016899544 _____ (Windscribe Limited ) C:\Users\tracy\Downloads\Windscribe.exe
2020-04-11 00:00 - 2020-04-11 00:02 - 138677304 _____ C:\Users\tracy\Downloads\indi-licking-lukass-face_446wno4S_2JbM.mp4
2020-04-10 23:17 - 2020-04-10 23:17 - 005192280 _____ (Husdawg, LLC) C:\Users\tracy\Downloads\Detection.exe
2020-04-10 19:48 - 2020-04-10 19:48 - 000136508 _____ C:\Users\tracy\Downloads\Reason-season-lifetime.pdf
2020-04-09 00:54 - 2020-04-09 01:37 - 000000000 ____D C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\British Broadcasting Corporation
2020-04-09 00:54 - 2020-04-09 01:37 - 000000000 ____D C:\Users\tracy\AppData\Roaming\BBCiPlayerDownloads
2020-04-09 00:54 - 2020-04-09 01:37 - 000000000 ____D C:\Users\tracy\AppData\Local\bbciplayerdownloads
2020-04-08 23:56 - 2020-04-09 00:54 - 071879440 _____ (British Broadcasting Corporation) C:\Users\tracy\Downloads\BBCiPlayerDownloadsSetup-2.11.2.exe
2020-04-07 18:56 - 2020-04-07 19:18 - 150773760 _____ C:\Users\tracy\Downloads\TLCDESIGNS_SITE PLAN_LAYELLErvt.rvt
2020-04-07 18:56 - 2020-04-07 19:02 - 150573056 _____ C:\Users\tracy\Downloads\TLCDESIGNS_SITE PLAN_LAYELLErvt.0001.rvt
2020-04-07 04:46 - 2020-04-07 04:46 - 000000000 ____D C:\Users\tracy\AppData\Local\RaaSForRevitAddin
2020-04-07 04:45 - 2020-04-07 04:45 - 000000000 ____D C:\Users\tracy\AppData\Local\AdSSO
2020-04-07 03:12 - 2020-04-18 21:15 - 000000000 ____D C:\ProgramData\RevitInterProcess
2020-04-06 22:57 - 2020-04-06 23:01 - 000000000 ____D C:\Program Files\Common Files\Autodesk Shared
2020-04-06 22:54 - 2020-04-06 22:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Licensing
2020-04-06 22:52 - 2020-04-06 22:52 - 000632448 _____ C:\Users\tracy\Downloads\Border-2019.PDF
2020-04-06 21:16 - 2020-04-06 21:17 - 085295864 _____ C:\Users\tracy\Downloads\Revit_2020_G1_Win_64bit_wi_en-US_Setup.exe
2020-04-06 21:15 - 2020-04-06 21:15 - 001143032 _____ (Autodesk Inc.) C:\Users\tracy\Downloads\Revit_2020_G1_Win_64bit_wi_en-US_Setup_webinstall.exe
2020-04-06 18:50 - 2020-04-06 18:50 - 000000000 ____D C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2020-04-06 18:50 - 2020-04-06 18:50 - 000000000 ____D C:\Program Files (x86)\NirSoft
2020-04-06 18:49 - 2020-04-11 06:31 - 000043771 _____ C:\Users\tracy\Downloads\Addition.txt
2020-04-06 18:46 - 2020-04-11 06:31 - 000096284 _____ C:\Users\tracy\Downloads\FRST.txt
2020-04-06 18:45 - 2020-04-20 02:03 - 000000000 ____D C:\FRST
2020-04-06 18:44 - 2020-04-20 02:01 - 002281984 _____ (Farbar) C:\Program Files (x86)\FRST64.exe
2020-04-06 18:44 - 2020-04-06 18:44 - 000141864 _____ C:\Program Files (x86)\bluescreenview_setup.exe
2020-04-06 18:06 - 2020-04-17 20:09 - 000000000 ____D C:\Program Files (x86)\3uTools
2020-04-06 18:06 - 2020-04-06 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3uTools
2020-04-06 18:04 - 2020-04-06 18:05 - 105709528 _____ C:\Users\tracy\Downloads\3uTools_v2.38.010_Setup_.exe
2020-04-06 17:36 - 2020-04-06 17:36 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2020-04-06 17:36 - 2020-04-06 17:36 - 000000000 ____D C:\Windows\system32\Tasks\Apple
2020-04-06 17:36 - 2020-04-06 17:36 - 000000000 ____D C:\Users\tracy\AppData\Local\Apple
2020-04-06 17:36 - 2020-04-06 17:36 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2020-04-06 17:35 - 2020-04-06 17:35 - 002151720 _____ (Apple Inc.) C:\Users\tracy\Downloads\BonjourSetup.exe
2020-04-06 05:32 - 2020-04-19 21:53 - 000002634 _____ C:\Windows\system32\Tasks\WizFile
2020-04-06 01:35 - 2020-04-06 01:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WizFile
2020-04-06 01:35 - 2020-04-06 01:35 - 000000000 ____D C:\Program Files\WizFile
2020-04-06 01:30 - 2020-04-06 01:30 - 004319272 _____ (Antibody Software ) C:\Users\tracy\Downloads\wizfile_2_06_setup.exe
2020-04-04 23:55 - 2020-04-04 23:56 - 045161395 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_01-55-13PM.zip
2020-04-04 23:45 - 2020-04-12 03:39 - 000000000 ____D C:\Windows\system32\RTCOM
2020-04-04 23:44 - 2017-05-04 05:23 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2020-04-04 23:44 - 2017-05-04 05:23 - 000221960 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2020-04-04 23:44 - 2017-05-04 05:23 - 000209536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2020-04-04 23:44 - 2017-05-04 05:23 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 003506632 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 003502536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 001353272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000691672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000214824 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000164424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkXInterface64.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000110976 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2020-04-04 23:44 - 2017-05-04 05:20 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2020-04-04 23:44 - 2017-05-04 05:16 - 072520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCORES64.dat
2020-04-04 23:44 - 2017-05-04 05:16 - 005753856 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2020-04-04 23:44 - 2017-05-04 05:16 - 003677184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2020-04-04 23:44 - 2017-05-04 05:16 - 003205120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2020-04-04 23:44 - 2017-05-04 05:16 - 000023696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2020-04-04 23:44 - 2017-05-04 05:15 - 002209792 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2020-04-04 23:44 - 2017-05-04 01:33 - 012671647 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2020-04-04 23:44 - 2017-05-04 01:33 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2020-04-04 23:43 - 2020-04-04 23:43 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2020-04-04 23:43 - 2017-05-04 05:19 - 013122576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 012988344 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 012016264 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 002291304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 001422920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 000999856 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 000677664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 000447712 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 000151776 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 000134192 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2020-04-04 23:43 - 2017-05-04 05:19 - 000084608 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2020-04-04 23:43 - 2017-05-04 05:18 - 001213656 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2020-04-04 23:43 - 2017-05-04 05:18 - 001166152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2020-04-04 23:43 - 2017-05-04 05:18 - 000678176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2020-04-04 23:43 - 2017-05-04 05:18 - 000330560 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 001780616 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 001591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 001508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000727424 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000708304 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000504304 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000445392 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000441256 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000253856 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2020-04-04 23:43 - 2017-05-04 05:17 - 000252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2020-04-04 23:43 - 2017-05-04 05:16 - 001965808 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2020-04-04 23:43 - 2017-05-04 05:16 - 000327448 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2020-04-04 23:43 - 2017-05-04 05:16 - 000272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2020-04-04 23:43 - 2017-05-04 05:15 - 007172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2020-04-04 23:43 - 2017-05-04 05:15 - 003786704 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe
2020-04-04 23:43 - 2017-05-04 05:15 - 002050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2020-04-04 23:43 - 2017-05-04 05:15 - 000203552 _____ (Waves Audio) C:\Windows\system32\MaxxAudioVienna264.dll
2020-04-04 23:43 - 2017-05-04 05:14 - 007096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2020-04-04 23:43 - 2017-05-04 05:14 - 000122312 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2020-04-04 23:43 - 2016-09-22 13:55 - 002839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2020-04-04 23:39 - 2020-04-04 23:46 - 000000000 ___HD C:\Program Files (x86)\Temp
2020-04-04 23:39 - 2020-04-04 23:39 - 000001536 _____ C:\Windows\SysWOW64\RtkMsgs.dll
2020-04-04 23:35 - 2020-04-12 03:32 - 000000000 ____D C:\Users\tracy\AppData\Roaming\ATI
2020-04-04 23:35 - 2020-04-04 23:35 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2020-04-04 23:34 - 2020-04-04 23:34 - 000000000 ____D C:\Users\tracy\AppData\Local\RadeonInstaller
2020-04-04 22:56 - 2020-04-04 23:12 - 559913072 _____ (Dell Inc.) C:\Users\tracy\Downloads\AMD-Radeon-R2-R3-R4-R5-R6-and-AMD-Radeon-R5-M335_0WMC2_WIN_17.100.2901_A06.EXE
2020-04-04 22:54 - 2020-04-04 22:58 - 283765456 _____ (Dell Inc.) C:\Users\tracy\Downloads\Realtek-High-Definition-Audio-Driver_51T6N_WIN_6.0.1.8142_A07_01.EXE
2020-04-04 22:53 - 2020-04-15 20:31 - 000000000 ____D C:\ProgramData\PCDr
2020-04-04 22:52 - 2020-04-04 23:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2020-04-04 22:52 - 2020-04-04 22:52 - 000000000 ____D C:\Dell
2020-04-04 22:52 - 2020-04-04 22:52 - 000000000 _____ C:\Windows\invcol.tmp
2020-04-04 22:50 - 2020-04-15 20:31 - 000000000 ____D C:\Program Files\Dell
2020-04-04 22:50 - 2020-04-04 23:34 - 000000000 ____D C:\ProgramData\Dell
2020-04-04 22:50 - 2020-04-04 22:50 - 000000000 ____D C:\Users\tracy\AppData\Local\Dell Inc
2020-04-04 22:50 - 2020-04-04 22:50 - 000000000 ____D C:\ProgramData\Dell Inc
2020-04-04 22:49 - 2020-04-04 22:49 - 000521552 _____ (Dell Inc.) C:\Users\tracy\Downloads\SupportAssistLauncher.exe
2020-04-04 15:06 - 2020-04-04 15:06 - 007124070 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_05-05-56AM.zip
2020-04-04 15:06 - 2020-04-04 15:06 - 005251312 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_05-06-15AM.zip
2020-04-04 15:05 - 2020-04-04 15:05 - 005130633 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_05-05-13AM.zip
2020-04-04 15:05 - 2020-04-04 15:05 - 004744799 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_05-05-37AM.zip
2020-04-04 15:04 - 2020-04-04 15:05 - 005130633 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_05-04-49AM.zip
2020-04-04 15:02 - 2020-04-04 15:02 - 021513749 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_05-01-52AM.zip
2020-04-04 14:53 - 2020-04-04 14:53 - 004744799 _____ C:\Users\tracy\Downloads\Pt_Henry_Cafe_Building.rvt_2020-Apr-04_04-52-52AM.zip
2020-04-04 02:34 - 2020-04-04 02:37 - 000080544 _____ C:\Users\tracy\Downloads\MTB.txt
2020-04-04 02:32 - 2020-04-04 02:32 - 000892416 _____ (Farbar) C:\Users\tracy\Downloads\MiniToolBox.exe
2020-04-04 01:56 - 2020-04-04 02:24 - 000000000 ____D C:\Program Files\LatencyMon
2020-04-04 01:56 - 2020-04-04 01:56 - 002323432 _____ (Resplendence Software Projects Sp. ) C:\Users\tracy\Downloads\LatencyMon.exe
2020-04-04 01:56 - 2015-07-13 10:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers\rspLLL64.sys
2020-04-04 01:43 - 2020-04-04 01:53 - 000139965 _____ C:\Users\tracy\Desktop\RIFFRAFFDELL.txt
2020-04-04 01:41 - 2020-04-04 01:41 - 000015068 _____ C:\junk.txt
2020-04-04 01:32 - 2020-04-04 01:32 - 000036192 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2020-04-04 00:28 - 2020-04-04 00:28 - 000339968 _____ C:\Users\tracy\Downloads\john-cullen-lighting_lucca-led-uplight-downlight-and-steplight_bim_0_lucca.rfa
2020-04-03 01:59 - 2020-04-03 01:59 - 000000000 ____D C:\Windows\ShellComponents
2020-04-02 16:37 - 2020-04-02 16:37 - 006889184 _____ (Piriform Ltd) C:\Users\tracy\Downloads\spsetup132.exe
2020-04-02 16:37 - 2020-04-02 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2020-04-02 16:37 - 2020-04-02 16:37 - 000000000 ____D C:\Program Files\Speccy
2020-04-02 15:46 - 2020-04-02 15:46 - 000491388 _____ C:\Users\tracy\Downloads\bookmarks.html
2020-04-01 22:32 - 2020-04-01 22:32 - 000303104 _____ C:\Users\tracy\Downloads\Helical_BUlb_7503.rfa
2020-04-01 22:32 - 2020-04-01 22:32 - 000278528 _____ C:\Users\tracy\Downloads\Bulb_Fiction_Pendant_15732.rfa
2020-04-01 16:16 - 2020-04-01 16:16 - 000327680 _____ C:\Users\tracy\Downloads\Zombie_Thug_20372.rfa
2020-04-01 16:12 - 2020-04-01 16:12 - 000327680 _____ C:\Users\tracy\Downloads\Zombie_Thug_20373.rfa
2020-03-31 21:47 - 2020-03-31 21:47 - 000137978 _____ C:\Users\tracy\Downloads\Animal-Surrender-Form.pdf
2020-03-31 21:47 - 2020-03-31 21:47 - 000105661 _____ C:\Users\tracy\Downloads\Street-Furniture-Application.pdf
2020-03-31 21:46 - 2020-03-31 21:46 - 000250537 _____ C:\Users\tracy\Downloads\Livestock-Grazing-Application-Form.pdf
2020-03-31 21:46 - 2020-03-31 21:46 - 000209183 _____ C:\Users\tracy\Downloads\Livestock-Grazing-in-Drought-Conditions-Application-Form.pdf
2020-03-31 21:46 - 2020-03-31 21:46 - 000052271 _____ C:\Users\tracy\Downloads\Excessive_Animals_Application_other_than_cats__dogs.pdf
2020-03-30 22:31 - 2020-03-30 22:35 - 1054938573 _____ C:\Users\tracy\Downloads\Dogs In Space - 1986 with Michael Hutchence [720p].mp4
2020-03-30 02:52 - 2020-03-30 02:52 - 000012281 _____ C:\Users\tracy\Downloads\Forrest-Facebook.mp4
2020-03-30 02:51 - 2020-03-30 02:51 - 000731266 _____ C:\Users\tracy\Downloads\Tracy-Wilson.mp4
2020-03-30 02:43 - 2020-03-30 02:43 - 006631103 _____ C:\Users\tracy\Downloads\Forrest Facebook.html
2020-03-30 02:43 - 2020-03-30 02:43 - 000000000 ____D C:\Users\tracy\Downloads\Forrest Facebook_files
2020-03-29 23:09 - 2020-03-29 23:09 - 000171698 _____ C:\Users\tracy\Downloads\invoice_52237175.pdf
2020-03-29 23:09 - 2020-03-29 23:09 - 000171685 _____ C:\Users\tracy\Downloads\invoice_51603010(1).pdf
2020-03-29 23:09 - 2020-03-29 23:09 - 000156126 _____ C:\Users\tracy\Downloads\invoice_52264923.pdf
2020-03-29 23:09 - 2020-03-29 23:09 - 000156126 _____ C:\Users\tracy\Downloads\invoice_52264923(1).pdf
2020-03-28 14:25 - 2020-03-28 14:25 - 000424891 _____ C:\Users\tracy\Downloads\LO-4F6767354P20A_FT.pdf
2020-03-28 03:11 - 2020-03-28 03:11 - 002070180 _____ C:\Users\tracy\Downloads\inspiron-15-5555-laptop_reference guide_en-us.pdf
2020-03-27 18:43 - 2020-03-27 18:43 - 000731266 _____ C:\Users\tracy\Downloads\(1)-Tracy-Wilson--Tracy-Wilson-shared-a-memory--with-Lukas-Michael....mp4
2020-03-27 15:38 - 2020-03-27 15:38 - 014562400 _____ (ESET spol. s r.o.) C:\Users\tracy\Downloads\esetonlinescanner_enu.exe
2020-03-27 15:38 - 2020-03-27 15:38 - 002660528 _____ (Trend Micro Inc.) C:\Users\tracy\Downloads\HousecallLauncher64.exe
2020-03-27 15:38 - 2020-03-27 15:38 - 000000772 _____ C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-03-27 02:00 - 2020-03-27 02:00 - 000221184 _____ C:\Users\tracy\Downloads\Fully_Parametric_Mirror_wboarder_12026.rfa
2020-03-26 19:18 - 2020-03-26 19:18 - 000007606 _____ C:\Users\tracy\AppData\Local\Resmon.ResmonCfg
2020-03-26 12:15 - 2020-03-26 12:15 - 000234304 _____ C:\Users\tracy\Downloads\CrucialScan.exe
2020-03-26 12:04 - 2020-03-26 12:04 - 000172032 _____ C:\Users\tracy\Downloads\Skylight_7801400_10187.rfa
2020-03-26 11:28 - 2020-03-26 11:28 - 000159744 _____ C:\Users\tracy\Downloads\skylight_3835.rfa
2020-03-26 11:26 - 2020-03-26 11:26 - 000132096 _____ C:\Users\tracy\Downloads\Generic_Skylight_Component_1900.rfa
2020-03-26 00:25 - 2020-03-26 00:25 - 000504110 _____ C:\Users\tracy\Downloads\NBS_VisionAGILtd_FrmdRflghts_TheOpeningRoofWindow_Electric_Revit(1).zip
2020-03-26 00:16 - 2020-03-26 00:16 - 000504110 _____ C:\Users\tracy\Downloads\NBS_VisionAGILtd_FrmdRflghts_TheOpeningRoofWindow_Electric_Revit.zip
2020-03-26 00:11 - 2020-03-26 00:11 - 003655574 _____ C:\Users\tracy\Downloads\NBS_VeluxCompanyLtd_FrmdRflghts_Longlight5-25_Revit.zip
2020-03-26 00:09 - 2020-03-26 00:09 - 000663903 _____ C:\Users\tracy\Downloads\_NBS_VisionAGILtd_FrmdRflghts_TheMultiPanelRooflightWithOpeningSections_Revit.zip
2020-03-25 23:41 - 2020-03-25 23:41 - 001450413 _____ C:\Users\tracy\Downloads\NBS_GlazingVisionLtd_FrmdRflghts_SkyhatchElectricRooflight_Revit.zip
2020-03-25 23:41 - 2020-03-25 23:41 - 000684375 _____ C:\Users\tracy\Downloads\_NBS_VisionAGILtd_FrmdRflghts_TheFramelessMultiPanelRooflight_Fixed_Revit.zip
2020-03-25 21:30 - 2020-03-25 21:30 - 001526258 _____ C:\Users\tracy\Downloads\NBS_GlazingVisionLtd_FrmdRflghts_VisionVentPoweredOperationRooflight_Revit.zip
2020-03-25 19:13 - 2020-03-25 19:13 - 001688002 _____ C:\Users\tracy\Downloads\NBS_VeluxCompanyLtd_WoodFrmRfWndwUnits_GDL_Cabrio_Revit.zip
2020-03-24 22:43 - 2020-03-24 22:43 - 000171557 _____ C:\Users\tracy\Downloads\invoice_51574902.pdf
2020-03-24 22:35 - 2020-03-24 22:35 - 000171685 _____ C:\Users\tracy\Downloads\invoice_51603010.pdf
2020-03-24 19:11 - 2020-03-24 19:11 - 000801330 _____ C:\Users\tracy\Downloads\SEW__11198743_20200324.pdf
2020-03-24 01:49 - 2020-03-24 01:49 - 000027855 _____ C:\Users\tracy\Downloads\HWEND4N0.pat
2020-03-24 01:49 - 2020-03-24 01:49 - 000024035 _____ C:\Users\tracy\Downloads\HWEND2N0.pat
2020-03-24 01:49 - 2020-03-24 01:49 - 000018536 _____ C:\Users\tracy\Downloads\HWOOD8E1.pat
2020-03-24 01:48 - 2020-03-24 01:48 - 000077464 _____ C:\Users\tracy\Downloads\HWOOD6E1.pat
2020-03-23 03:41 - 2020-03-23 03:41 - 001052672 _____ C:\Users\tracy\Downloads\Door_Barn_Cube.rfa
2020-03-22 16:59 - 2020-03-22 16:59 - 002786263 _____ C:\Users\tracy\Downloads\ScarletFever.pdf
2020-03-21 21:34 - 2020-04-19 21:24 - 003866624 _____ C:\Users\tracy\Downloads\hewi_push_pull_handle_set_162xadg06.rfa
2020-03-21 21:34 - 2020-04-13 04:47 - 003866624 _____ C:\Users\tracy\Downloads\hewi_push_pull_handle_set_162xadg06.0002.rfa
2020-03-21 21:34 - 2020-03-21 21:34 - 003538944 _____ C:\Users\tracy\Downloads\hewi_push_pull_handle_set_162xadg06.0001.rfa
2020-03-21 21:06 - 2020-03-21 21:06 - 000401408 _____ C:\Users\tracy\Downloads\Doors-Hardware- BRICARD-BRC010119.rfa
2020-03-21 20:45 - 2020-03-21 20:45 - 002183168 _____ C:\Users\tracy\Downloads\Doors_Sliding_Avanti_Systems_Eclipse-Sliding-Single-Glass-Barn-Doors-Dbl-Glazed.rfa
2020-03-21 20:43 - 2020-03-21 20:43 - 000004990 _____ C:\Users\tracy\Downloads\Doors_Sliding_Avanti_Systems_Eclipse-Sliding-Pair-Glass-Barn-Doors-Sgl-Glazed.txt
2020-03-21 20:43 - 2020-03-21 20:43 - 000004986 _____ C:\Users\tracy\Downloads\Doors_Sliding_Avanti_Systems_Eclipse-Sliding-Pair-Glass-Barn-Doors-Dbl-Glazed.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-20 00:14 - 2019-03-19 14:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-19 23:35 - 2020-01-12 01:00 - 000008791 _____ C:\Users\tracy\Desktop\Double Names.xlsx
2020-04-19 22:55 - 2019-10-30 10:55 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-04-19 22:00 - 2019-10-30 00:13 - 000840852 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-19 22:00 - 2019-03-19 14:50 - 000000000 ____D C:\Windows\INF
2020-04-19 21:54 - 2019-10-30 01:08 - 000000000 ____D C:\Users\tracy\AppData\LocalLow\Mozilla
2020-04-19 21:52 - 2019-10-30 10:55 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-19 21:25 - 2019-03-19 14:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-04-19 21:17 - 2019-10-31 23:07 - 000000000 ____D C:\Users\tracy\AppData\Local\SquirrelTemp
2020-04-19 21:14 - 2019-11-02 01:45 - 000000000 ____D C:\Users\tracy\Desktop\Tempix
2020-04-19 04:13 - 2019-07-07 10:22 - 000002113 _____ C:\Users\tracy\Desktop\New ramblings.txt
2020-04-18 21:15 - 2019-11-02 06:14 - 000000000 ____D C:\ProgramData\Autodesk
2020-04-18 03:32 - 2019-11-13 18:40 - 000000000 ____D C:\Users\tracy\AppData\Roaming\vlc
2020-04-17 20:04 - 2019-10-30 10:55 - 000458816 _____ C:\Windows\system32\FNTCACHE.DAT
2020-04-17 16:19 - 2019-10-30 00:23 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-04-17 16:18 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\SystemResources
2020-04-17 16:18 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2020-04-17 16:18 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\system32\migwiz
2020-04-17 16:18 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\ShellExperiences
2020-04-17 16:18 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\Provisioning
2020-04-17 16:18 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\bcastdvr
2020-04-17 16:12 - 2019-10-30 00:17 - 000000000 ____D C:\Users\tracy\AppData\Local\Packages
2020-04-17 10:33 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\AppReadiness
2020-04-16 03:26 - 2019-03-19 14:37 - 000000000 ____D C:\Windows\CbsTemp
2020-04-16 03:19 - 2015-07-10 23:20 - 000410838 __RSH C:\bootmgr
2020-04-16 00:18 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\LiveKernelReports
2020-04-15 23:10 - 2019-10-30 11:09 - 000000000 ____D C:\Windows\minidump
2020-04-15 20:29 - 2019-03-19 14:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-15 14:23 - 2019-10-31 04:14 - 000000000 ___RD C:\Users\tracy\OneDrive - The Gordon
2020-04-15 14:23 - 2019-10-30 00:22 - 000003370 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-792678858-599442959-1286739730-1001
2020-04-15 14:23 - 2019-10-30 00:22 - 000000000 ___RD C:\Users\tracy\OneDrive
2020-04-15 14:23 - 2019-10-30 00:14 - 000002366 _____ C:\Users\tracy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-15 03:29 - 2020-03-17 16:47 - 000503808 _____ C:\Users\tracy\Downloads\Cube_Pendant_10985.rfa
2020-04-13 22:50 - 2019-10-30 00:21 - 000000000 ____D C:\Users\tracy\AppData\Local\PlaceholderTileLogoFolder
2020-04-13 18:56 - 2019-03-19 14:52 - 000000000 ____D C:\Windows\Registration
2020-04-13 04:08 - 2019-10-30 10:55 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-04-13 03:37 - 2019-11-11 14:54 - 000000000 ____D C:\Users\tracy\AppData\Local\ElevatedDiagnostics
2020-04-12 12:08 - 2019-11-02 07:14 - 000097784 _____ C:\Users\tracy\AppData\Local\GDIPFONTCACHEV1.DAT
2020-04-12 10:33 - 2019-10-30 00:24 - 000000000 ____D C:\Users\tracy\AppData\Local\AMD
2020-04-12 10:28 - 2019-07-01 06:00 - 000000000 ____D C:\AMD
2020-04-12 03:47 - 2019-10-30 02:34 - 000744808 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-04-12 03:45 - 2019-10-30 00:23 - 000000000 ____D C:\Program Files\AMD
2020-04-12 03:39 - 2019-10-30 00:31 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2020-04-11 11:59 - 2019-11-01 18:21 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-04-11 11:59 - 2019-10-30 01:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-11 09:13 - 2019-11-26 22:19 - 000000827 _____ C:\Users\tracy\Desktop\Downloads.lnk
2020-04-11 05:38 - 2019-10-30 01:08 - 000001008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-04-10 21:38 - 2020-01-11 01:08 - 000002044 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2020-04-10 21:38 - 2020-01-11 01:08 - 000002044 _____ C:\ProgramData\Desktop\HP Print and Scan Doctor.lnk
2020-04-08 15:29 - 2019-10-31 03:29 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-07 05:02 - 2020-03-16 17:10 - 000372736 _____ C:\Users\tracy\Downloads\fixed_trapezoidal_window_11265.0004.rfa
2020-04-07 03:28 - 2019-11-02 07:09 - 000000000 ____D C:\Users\tracy\AppData\Roaming\Autodesk
2020-04-07 03:28 - 2019-11-02 06:57 - 000000000 ____D C:\Users\tracy\AppData\Local\Autodesk
2020-04-06 23:13 - 2020-02-16 23:59 - 000000000 ____D C:\Users\tracy\Autodesk
2020-04-06 23:12 - 2019-11-02 06:51 - 000000000 ____D C:\Program Files (x86)\Autodesk
2020-04-06 23:12 - 2019-11-02 06:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2020-04-06 23:07 - 2019-11-02 07:03 - 000000000 ____D C:\Users\Public\Documents\Autodesk
2020-04-06 23:07 - 2019-11-02 07:03 - 000000000 ____D C:\ProgramData\Documents\Autodesk
2020-04-06 23:07 - 2019-11-02 06:23 - 000000000 ____D C:\Program Files\Autodesk
2020-04-06 22:15 - 2019-10-30 00:24 - 000000000 ____D C:\ProgramData\Package Cache
2020-04-06 21:17 - 2019-06-11 23:36 - 000000000 ____D C:\Autodesk
2020-04-06 17:55 - 2019-07-01 22:37 - 000540497 ____N C:\Windows\Minidump\040620-81921-01.dmp
2020-04-06 17:16 - 2019-11-02 06:09 - 000000000 ____D C:\Program Files\Common Files\Apple
2020-04-06 06:34 - 2020-02-29 21:35 - 000000000 ____D C:\ProgramData\Zipware
2020-04-06 01:15 - 2020-03-13 17:46 - 001200128 _____ C:\Users\tracy\Downloads\Cake_Display_Unit_-_Stivi_6181.rfa
2020-04-06 00:49 - 2020-03-15 13:28 - 000372736 _____ C:\Users\tracy\Downloads\Square_Dining_Table_17923.rfa
2020-04-05 17:44 - 2019-10-30 17:29 - 000000000 ____D C:\Users\tracy\AppData\LocalLow\AMD
2020-04-05 16:32 - 2020-03-13 17:46 - 001212416 _____ C:\Users\tracy\Downloads\Cake_Display_Unit_-_Stivi_6181.0004.rfa
2020-04-05 00:30 - 2019-10-30 00:17 - 000000000 ____D C:\Users\tracy\AppData\Local\VirtualStore
2020-04-04 22:53 - 2019-10-30 00:28 - 000000000 ____D C:\ProgramData\Packages
2020-04-04 22:07 - 2019-10-30 00:14 - 000000000 ____D C:\Users\tracy
2020-04-04 00:17 - 2020-03-13 17:46 - 001208320 _____ C:\Users\tracy\Downloads\Cake_Display_Unit_-_Stivi_6181.0003.rfa
2020-04-03 17:09 - 2020-03-17 16:47 - 000512000 _____ C:\Users\tracy\Downloads\Cube_Pendant_10985.0005.rfa
2020-04-01 23:25 - 2020-03-14 19:07 - 000471040 _____ C:\Users\tracy\Downloads\Pocket_Slider_Door_5851.rfa
2020-04-01 22:34 - 2020-03-13 19:46 - 000401408 _____ C:\Users\tracy\Downloads\Shelf_cubes_15524.rfa
2020-04-01 15:44 - 2020-03-17 16:47 - 000503808 _____ C:\Users\tracy\Downloads\Cube_Pendant_10985.0004.rfa
2020-04-01 03:00 - 2020-03-17 16:47 - 000495616 _____ C:\Users\tracy\Downloads\Cube_Pendant_10985.0003.rfa
2020-03-28 17:18 - 2019-07-01 22:37 - 000441908 ____N C:\Windows\Minidump\032820-77609-01.dmp
2020-03-28 09:43 - 2019-03-19 14:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-03-27 22:26 - 2019-10-30 00:18 - 000000000 ____D C:\Users\tracy\AppData\Local\Publishers
2020-03-27 15:44 - 2019-12-27 02:14 - 000000010 _____ C:\Users\tracy\AppData\Local\sponge.last.runtime.cache
2020-03-26 12:03 - 2020-03-16 17:04 - 000212992 _____ C:\Users\tracy\Downloads\Simple_adjustable_skylight_8300.rfa
2020-03-26 11:22 - 2020-03-16 17:02 - 000090112 _____ C:\Users\tracy\Downloads\Operable_Skylight_911.rfa
2020-03-23 05:40 - 2020-03-16 17:10 - 000368640 _____ C:\Users\tracy\Downloads\fixed_trapezoidal_window_11265.0003.rfa
2020-03-21 21:42 - 2020-03-14 19:07 - 000471040 _____ C:\Users\tracy\Downloads\Pocket_Slider_Door_5851.0004.rfa
2020-03-21 18:02 - 2019-03-19 14:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-03-21 18:00 - 2019-10-30 21:16 - 000000000 ____D C:\Program Files\Microsoft Office
2020-03-21 11:23 - 2019-10-31 03:28 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-21 11:23 - 2019-10-31 03:28 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories ========

2020-04-06 18:44 - 2020-04-06 18:44 - 000141864 _____ () C:\Program Files (x86)\bluescreenview_setup.exe
2020-04-20 02:01 - 2020-04-20 02:08 - 000141766 _____ () C:\Program Files (x86)\FRST.txt
2020-04-06 18:44 - 2020-04-20 02:01 - 002281984 _____ (Farbar) C:\Program Files (x86)\FRST64.exe
2020-04-11 08:49 - 2020-04-11 08:49 - 001030520 _____ (O&O Software GmbH) C:\Program Files (x86)\OOSU10.exe
2020-04-15 20:02 - 2020-04-15 20:08 - 000009742 _____ () C:\Program Files (x86)\Search.txt
2019-12-27 04:25 - 2019-12-27 04:25 - 000439380 _____ () C:\Users\tracy\AppData\Local\ars.cache
2019-12-27 04:26 - 2019-12-27 04:26 - 001124599 _____ () C:\Users\tracy\AppData\Local\census.cache
2020-03-26 19:18 - 2020-03-26 19:18 - 000007606 _____ () C:\Users\tracy\AppData\Local\Resmon.ResmonCfg
2019-12-27 02:14 - 2020-03-27 15:44 - 000000010 _____ () C:\Users\tracy\AppData\Local\sponge.last.runtime.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


  • 0

#58
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

ShellExView was run. Things were clicked. Things were disabled.

 

Process explorer underwent a similar treatment and the generated file is below.

 

As for the identical files something something checksum something words I know but don't know how to implement bit, I'm taking a blind stab, but are these files replicated on both my C: and D: drives? I'm not sure if it has become apparent, but I do have two full Windows installs on my laptop, one on C: and one on D: This hearkens back to when I installed the SSD for the first time and had trouble transferring Windows to the new SSD and so ended up just leaving it in place on my HDD and starting afresh on the SSD. This has had the consequence of being highly beneficial when Windows died one day, I can't recall why, it probably involved me doing something dumb like the time I deleted System32 many years ago... but it allowed me to boot into a familiar interface to correct the problem. Anyway, just wondering if that has anything to do with the confusing presence of duplicate files.

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    74.58    60 K    8 K    0            
procexp64.exe    9.21    30,764 K    63,256 K    3632    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
dwm.exe    5.44    37,596 K    73,072 K    1032            
System    2.60    204 K    384 K    4            
Interrupts    1.02    0 K    0 K    n/a    Hardware Interrupts and DPCs        
csrss.exe    0.26    1,832 K    5,004 K    668            
firefox.exe    0.32    157,112 K    263,960 K    8180    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
WizFile64.exe    0.57    520,608 K    41,720 K    5664            
firefox.exe    0.41    212,724 K    371,976 K    6644    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
MsMpEng.exe    0.40    170,596 K    169,556 K    4428    Antimalware Service Executable    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WMIADAP.exe    0.18    2,824 K    8,164 K    8472            
explorer.exe    3.29    35,300 K    105,204 K    2736    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
SpeechRuntime.exe    0.04    16,056 K    26,280 K    7324    Speech Runtime Executable    Microsoft Corporation    (Verified) Microsoft Windows
taskhostw.exe        2,724 K    10,840 K    2404            
RadeonSoftware.exe    0.01    109,944 K    71,144 K    8136    Radeon Software: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
RadeonSoftware.exe    0.01    110,852 K    64,100 K    9064    Radeon Software: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices, Inc.
WavesSvc64.exe    0.01    1,352 K    6,444 K    9132    Waves MaxxAudio Service Application    Waves Audio Ltd.    (Verified) Waves Inc
svchost.exe    0.01    7,744 K    16,416 K    3924    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,372 K    8,556 K    4288    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
RAVBg64.exe    < 0.01    4,332 K    12,516 K    8400    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
svchost.exe        4,468 K    15,724 K    2392    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.01    5,644 K    20,340 K    6484    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    0.03    102,640 K    156,880 K    8496    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe    0.02    112,900 K    189,824 K    8672    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
spoolsv.exe    < 0.01    6,736 K    18,720 K    3888    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
YourPhoneServer.exe        3,348 K    14,376 K    9044            (No signature was present in the subject)
YourPhone.exe    Suspended    13,464 K    20,100 K    8392            (No signature was present in the subject)
WUDFHost.exe        1,920 K    7,932 K    2028            
WmiPrvSE.exe        2,316 K    8,664 K    1192            
WinStore.App.exe    Suspended    15,468 K    28,852 K    1044    Store    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
winlogon.exe        2,356 K    10,388 K    756            
wininit.exe        1,344 K    6,556 K    652            
WindscribeService.exe        1,344 K    6,044 K    4444    Manages the firewall and controls the VPN tunnel    Windscribe Limited    (Verified) Windscribe Limited
WavesSysSvc64.exe        2,336 K    6,512 K    4408    WavesSysSvc Service Application    Waves Audio Ltd.    (Verified) Waves Inc
taskhostw.exe        6,020 K    14,100 K    5704    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
SystemSettings.exe    Suspended    19,224 K    54,492 K    6140    Settings    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        6,896 K    14,940 K    1872    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.05    7,284 K    15,164 K    816    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.01    11,852 K    30,496 K    508    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,424 K    7,856 K    820    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,724 K    13,444 K    2956    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,984 K    7,840 K    3968    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,364 K    5,672 K    2304    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.01    1,392 K    5,760 K    2856    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,916 K    17,512 K    4172    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,780 K    11,520 K    7512    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,828 K    14,196 K    3820    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,884 K    20,872 K    5584    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,724 K    16,412 K    4192    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,108 K    15,444 K    7564    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,832 K    7,596 K    6020    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,096 K    6,960 K    4580    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    4,932 K    21,684 K    4488    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,744 K    8,732 K    9208    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,088 K    11,796 K    1236    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        9,040 K    21,380 K    4044    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,692 K    33,120 K    5452    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,872 K    9,936 K    1612    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.01    17,396 K    19,448 K    1548    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,488 K    19,096 K    7804    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    0.03    6,412 K    20,416 K    3660    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,840 K    7,088 K    3508    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,220 K    8,024 K    2164    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,508 K    12,140 K    1908    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,380 K    7,512 K    1792    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    4,820 K    29,964 K    5244    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,372 K    13,752 K    4160    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    3,072 K    10,808 K    3104    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,908 K    7,984 K    2444    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,656 K    25,872 K    9620    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,464 K    12,784 K    2292    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,880 K    7,644 K    2508    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        25,596 K    35,680 K    9536    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,028 K    14,940 K    1392    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,816 K    9,688 K    1072    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,944 K    7,484 K    2312    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,984 K    7,624 K    10032    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,476 K    9,420 K    10092    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    2,788 K    12,948 K    2000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,588 K    8,516 K    1704    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    2,868 K    8,692 K    2420    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,924 K    8,124 K    1940    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,768 K    8,176 K    3536    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,072 K    9,868 K    2592    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,420 K    10,336 K    8540    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,604 K    12,456 K    4460    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    2,528 K    8,496 K    5616    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,120 K    11,600 K    4320    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,584 K    7,072 K    5628    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,280 K    5,464 K    4368    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,744 K    7,048 K    2280    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    2,592 K    10,468 K    1228    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    1,736 K    6,460 K    3092    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,848 K    8,748 K    3456    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,400 K    6,900 K    2996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,788 K    7,440 K    2496    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,652 K    6,884 K    1652    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,752 K    7,676 K    1148    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,108 K    11,700 K    1436    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,820 K    7,332 K    1084    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,580 K    7,388 K    1136    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,484 K    10,836 K    1144    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        892 K    3,808 K    1004    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,528 K    5,788 K    1488    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,024 K    7,352 K    2224    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,328 K    10,744 K    2756    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,512 K    11,928 K    3280    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,612 K    7,668 K    2808    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,552 K    6,428 K    4304    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,572 K    5,912 K    4556    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,856 K    5,816 K    5000    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,452 K    12,232 K    5032    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,448 K    8,224 K    6172    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,268 K    5,464 K    8460    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe    0.01    22,904 K    63,392 K    6872            (Verified) Microsoft Windows
sqlwriter.exe        1,628 K    7,516 K    4328    SQL Server VSS Writer - 64 Bit    Microsoft Corporation    (Verified) Microsoft Corporation
smss.exe        1,176 K    1,184 K    372            
sihost.exe        6,092 K    25,172 K    5224    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
ShellExperienceHost.exe        12,012 K    51,592 K    4364    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
SgrmBroker.exe        3,120 K    6,156 K    9948    System Guard Runtime Monitor Broker Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SettingSyncHost.exe        2,832 K    6,864 K    6852    Host Process for Setting Synchronization    Microsoft Corporation    (Verified) Microsoft Windows
services.exe    0.01    4,912 K    9,776 K    868            
SecurityHealthService.exe        2,448 K    10,380 K    10232    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SecurityHealthHost.exe        2,312 K    14,416 K    1836    Windows Security Health Host    Microsoft Corporation    (Verified) Microsoft Windows
SearchUI.exe    Suspended    73,144 K    135,788 K    7840    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    < 0.01    27,820 K    33,996 K    6700    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe    < 0.01    4,400 K    23,252 K    5464    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe    0.01    5,772 K    22,204 K    5740    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        2,248 K    8,896 K    9472    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        6,292 K    24,620 K    7148    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        1,936 K    8,300 K    9460    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        2,916 K    17,032 K    6120    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
rundll32.exe        1,920 K    9,712 K    6216    Windows host process (Rundll32)    Microsoft Corporation    (Verified) Microsoft Windows
RtkNGUI64.exe        4,688 K    13,776 K    7164    Realtek HD Audio Manager    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtkAudioService64.exe        1,796 K    7,452 K    3040    Realtek Audio Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RevitAccelerator.exe        38,056 K    51,024 K    8444    RevitAccelerator    Autodesk    (Verified) Autodesk, Inc.
RemindersServer.exe    Suspended    8,276 K    21,612 K    7408    Reminders WinRT OOP Server    Microsoft Corporation    (Verified) Microsoft Windows
Registry        8,852 K    82,712 K    104            
RAVBg64.exe        9,340 K    17,892 K    8304    HD Audio Background Process    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RAVBg64.exe        6,020 K    13,996 K    3340            
RAVBg64.exe        6,276 K    14,688 K    3328            
procexp.exe        4,356 K    10,872 K    10100    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
OfficeClickToRun.exe        13,540 K    35,188 K    4184    Microsoft Office Click-to-Run (SxS)    Microsoft Corporation    (Verified) Microsoft Corporation
NisSrv.exe        5,636 K    10,532 K    4360    Microsoft Network Realtime Inspection Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
Memory Compression        76 K    3,468 K    2360            
lsass.exe    0.01    6,064 K    15,884 K    876    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
GoogleCrashHandler64.exe        1,724 K    680 K    2608            
GoogleCrashHandler.exe        1,704 K    792 K    8104            
fontdrvhost.exe    < 0.01    14,076 K    33,800 K    72            
fontdrvhost.exe        1,564 K    3,280 K    76            
FNPLicensingService.exe        2,388 K    10,120 K    4204    Activation Licensing Service    Flexera    (Verified) Flexera Software LLC
firefox.exe        32,640 K    86,584 K    2864    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        33,256 K    80,164 K    2812    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        16,412 K    45,820 K    7156    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
dllhost.exe        1,668 K    6,596 K    6608    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        2,904 K    9,908 K    6880            
dasHost.exe        3,340 K    11,888 K    1840            
dasHost.exe        876 K    4,064 K    2728            
ctfmon.exe    1.40    3,512 K    13,588 K    6108            
csrss.exe    < 0.01    1,708 K    5,248 K    576            
audiodg.exe        9,312 K    14,112 K    3988            
atiesrxx.exe        1,368 K    6,004 K    2008    AMD External Events Service Module    AMD    (Verified) Advanced Micro Devices, Inc.
armsvc.exe        1,328 K    6,528 K    4128    Adobe Acrobat Update Service    Adobe Systems    (Verified) Adobe Inc.
ApplicationFrameHost.exe        14,484 K    28,900 K    4232    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows
AMDRSServ.exe        5,360 K    88,104 K    8756            
amdow.exe        2,288 K    1,680 K    8376            
AdskLicensingService.exe        26,468 K    12,132 K    4136    Autodesk Desktop Licensing Service    Autodesk    (Verified) Autodesk, Inc.
AdAppMgrSvc.exe        4,036 K    18,192 K    4120    Autodesk Desktop App    Autodesk Inc.    (Verified) Autodesk, Inc.
AcrobatNotificationClient.exe    Suspended    5,412 K    12,888 K    9836            (Verified) Adobe Systems, Incorporated


 


  • 0

#59
RiffRaffMama

RiffRaffMama

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

I think I am now up to date with your instructions. And thus I will leave you with my latest cavalcade of operational challenges and once again, thank you for your dedication to my dramas. I believe it has had some benefit as Revit is noticeably less laggy and painful, so something has gone right. Thank you.


  • 0

#60
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP

You hit the SCAN button in FRST instead of the Search Files.  That's why you got the two files.  Try again.

 

As for virtual memory I would double whatever Windows assigned.  Mine says it uses 768 M so I would bump it up to 1600 M.  I would think that would be enough.

 

How many instances of Frefox do you see in Process Explorer when using your magical extension?


  • 0






Similar Topics


Also tagged with one or more of these keywords: rendering, Revit, GPU, Dell, AMD, graphics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP