[rocket985]

My desktop has gradually slowed down over the past year.  Now it won't update.  Every night it cycles through the restart-update and says it can't update.

 

I've used Geeks before so mucho thanks in advance.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by dad (administrator) on JC (ASUSTeK Computer INC. ET2230I) (04-05-2021 09:43:45)
Running from C:\Users\dad\Desktop
Loaded Profiles: dad
Platform: Windows 10 Home Version 2004 19041.746 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AOL Inc. -> AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1475711669\ee\aolsoftware.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet 5200 series\Bin\HPNetworkCommunicatorCom.exe
(HP Inc -> HP Inc.) C:\Program Files\HP\HP OfficeJet 5200 series\Bin\ScanToPCActivationApp.exe
(Intel® pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\sp6\LU1\LogitechUpdate.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\Logishrd\sp6\LU1\LULnchr.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\dad\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) [File not signed] C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe
(Microsoft Corporation) [File not signed] C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <6>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Webroot Inc. -> Webroot) C:\Program Files\Webroot\WRSA.exe <2>
(Webroot Inc. -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRCoreService.x64.exe
(Webroot Inc. -> Webroot, Inc.) C:\Program Files\Webroot\Core\WRSkyClient.x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391104 2018-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506368 2018-11-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [2109064 2020-02-05] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1475711669\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc. -> AOL Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [4907296 2021-03-15] (Webroot Inc. -> Webroot)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Run: [HP OfficeJet 5200 (NET)] => C:\Program Files\HP\HP OfficeJet 5200 series\Bin\ScanToPCActivationApp.exe [4064160 2019-03-18] (HP Inc -> HP Inc.)
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-26] (Google LLC -> Google LLC)
Startup: C:\Users\dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2020-05-17]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy-Firefox-x32: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2AA81A81-9AEE-4DC1-9B6D-D28FC9591C3D} - System32\Tasks\Apple Diagnostics => C:\Users\dad\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 2020-09-30] ()
Task: {4A99F80C-3A2B-46F9-9277-415961ECF489} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-08] (Google Inc -> Google Inc.)
Task: {51398EC5-6DF6-4557-8478-524C0B3D59D6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {521153CF-D262-4769-8B07-92D92F664327} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {65D6F99C-8104-4B31-9933-1BC9687E43D3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23103392 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {75CC6B70-0184-4107-A69E-BC09E55DB3D3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1120696 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {B59209B7-0384-4201-BB4A-D4220F266379} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-08] (Google Inc -> Google Inc.)
Task: {CAE63A45-D5E7-4901-A5C4-0D71680963F4} - System32\Tasks\HPCustParticipation HP OfficeJet 5200 series => C:\Program Files\HP\HP OfficeJet 5200 series\Bin\HPCustPartic.exe [6659488 2019-03-18] (HP Inc -> HP Inc.)
Task: {CED7A4CB-4876-48C0-A979-800B44CF1A1F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D66F70E6-40B0-4F8F-B448-FBB6EAED450C} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [696304 2021-04-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {E2CB026F-01EA-483E-8113-6C59CCA37D98} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114048 2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {E96CE2CE-19F3-4530-AE25-4DF0C0E57744} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{39834797-98f2-40d8-84c2-302e5e2cd513}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5fdfebd4-8831-4d4e-9169-af56f0545bae}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{bce14b93-9f28-4022-aa03-b85dd2cb3d34}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{fefea3be-0a60-47b4-82b5-9b279830f729}: [DhcpNameServer] 172.20.10.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
DownloadDir: C:\Users\dad\Downloads
Edge Notifications: HKU\S-1-5-21-1181104008-4076506379-556746162-1001 -> hxxps://web.skype.com
Edge Profile: C:\Users\dad\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-23]
Edge DownloadDir: C:\Users\dad\Downloads
Edge Notifications: Default -> hxxps://web.skype.com
Edge Extension: (Web Threat Shield) - C:\Users\dad\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fmkaflbamgddpjacdmjlkhbnpnlemaea [2021-03-05]

FireFox:
========
FF DefaultProfile: s1h65phj.default-1492017899708-1604440378196
FF ProfilePath: C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\s1h65phj.default-1492017899708-1604440378196 [2021-05-04]
FF Extension: (Web Threat Shield) - C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\s1h65phj.default-1492017899708-1604440378196\Extensions\webrootsecure@webroot.com.xpi [2020-11-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-06] [Legacy] [not signed]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] () [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-20] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default [2021-05-02]
CHR Notifications: Default -> hxxps://homesteading.com; hxxps://www.facebook.com; hxxps://www.jossandmain.com; hxxps://www.pinterest.com; hxxps://www.thekitchenmagpie.com; hxxps://www.tradingview.com; hxxps://www.vpnranks.com; hxxps://www.wayfair.com
CHR Extension: (Slides) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-08]
CHR Extension: (Sheets) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-21]
CHR Extension: (Web Threat Shield) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2021-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-04]
CHR Extension: (Gmail) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-23]
CHR Profile: C:\Users\dad\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-04-17]
CHR Profile: C:\Users\dad\AppData\Local\Google\Chrome\User Data\System Profile [2019-04-17]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8798600 2021-04-21] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WRCoreService; C:\Program Files\Webroot\Core\WRCoreService.x64.exe [2037856 2020-08-25] (Webroot Inc. -> Webroot, Inc.)
R3 WRSkyClient; C:\Program Files\Webroot\Core\WRSkyClient.x64.exe [3002624 2020-08-25] (Webroot Inc. -> Webroot, Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [4907296 2021-03-15] (Webroot Inc. -> Webroot)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 nuviocir; C:\WINDOWS\system32\DRIVERS\nuviocir_x64.sys [39704 2013-07-11] (Nuvoton Technology Corporation -> Nuvoton Technology Corp.)
R2 speedfan; C:\WINDOWS\SysWoW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 wanatw; C:\WINDOWS\System32\drivers\wanatw64.sys [24064 2006-11-29] (Microsoft Windows Hardware Compatibility Publisher -> America Online, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49552 2021-02-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [419040 2021-02-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-23] (Microsoft Windows -> Microsoft Corporation)
S0 WRBoot; C:\WINDOWS\System32\drivers\WRBoot.sys [15792 2020-04-22] (Microsoft Windows Early Launch Anti-malware Publisher -> )
R1 WRCore; C:\Program Files\Webroot\Core\WRCore.x64.sys [268720 2020-06-15] (Webroot Inc. -> Webroot, Inc.)
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [149224 2019-11-12] (Webroot Inc. -> Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [58304 2020-05-27] (Webroot, Inc -> Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-04 09:43 - 2021-05-04 09:46 - 000021731 _____ C:\Users\dad\Desktop\FRST.txt
2021-05-04 09:38 - 2021-05-04 09:40 - 002298368 _____ (Farbar) C:\Users\dad\Desktop\FRST64.exe
2021-04-28 13:21 - 2021-04-28 13:21 - 000510382 _____ C:\Users\dad\Downloads\GREC - Lawful Presence Verification.pdf
2021-04-28 13:21 - 2021-04-28 13:21 - 000510382 _____ C:\Users\dad\Downloads\GREC - Lawful Presence Verification (6).pdf
2021-04-28 13:21 - 2021-04-28 13:21 - 000510382 _____ C:\Users\dad\Downloads\GREC - Lawful Presence Verification (5).pdf
2021-04-28 13:21 - 2021-04-28 13:21 - 000510382 _____ C:\Users\dad\Downloads\GREC - Lawful Presence Verification (4).pdf
2021-04-28 13:21 - 2021-04-28 13:21 - 000510382 _____ C:\Users\dad\Downloads\GREC - Lawful Presence Verification (3).pdf
2021-04-28 13:21 - 2021-04-28 13:21 - 000510382 _____ C:\Users\dad\Downloads\GREC - Lawful Presence Verification (2).pdf
2021-04-28 13:21 - 2021-04-28 13:21 - 000510382 _____ C:\Users\dad\Downloads\GREC - Lawful Presence Verification (1).pdf
2021-04-20 13:56 - 2021-04-20 13:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-14 13:00 - 2021-04-14 13:00 - 000142783 _____ C:\Users\dad\Downloads\Recent Real Estate Test.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-04 09:45 - 2016-12-11 09:47 - 000000000 ____D C:\FRST
2021-05-04 09:28 - 2019-02-01 21:06 - 000000000 ____D C:\ProgramData\Mozilla
2021-05-04 09:27 - 2016-11-17 22:14 - 000000000 ____D C:\Users\dad\AppData\LocalLow\Mozilla
2021-05-04 09:27 - 2015-04-18 22:32 - 000000000 ___RD C:\Users\dad\OneDrive
2021-05-04 09:25 - 2020-10-08 10:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-04 09:25 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-04 09:25 - 2017-06-02 01:26 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-05-04 09:25 - 2015-03-22 22:18 - 000000000 __SHD C:\Users\dad\IntelGraphicsProfiles
2021-05-04 09:01 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-04 08:25 - 2020-10-06 18:58 - 000000000 ___HD C:\$WinREAgent
2021-05-04 08:23 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-04 01:10 - 2017-12-22 12:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-05-04 00:57 - 2020-10-08 10:36 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-04 00:54 - 2021-03-28 22:10 - 000270680 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2021-05-04 00:54 - 2021-03-28 22:10 - 000225736 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2021-05-04 00:54 - 2017-02-22 21:46 - 000000000 ____D C:\ProgramData\WRData
2021-05-04 00:53 - 2020-10-08 10:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-04 00:53 - 2020-10-08 10:18 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-04 00:49 - 2020-10-08 10:18 - 000438808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-05-04 00:45 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-04 00:44 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-04 00:44 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-04 00:44 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-04 00:44 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-04 00:44 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-05-04 00:44 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2021-05-04 00:35 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-01 22:38 - 2018-03-17 09:22 - 000000000 ____D C:\Users\dad\Documents\Outlook Files
2021-05-01 21:40 - 2020-10-08 10:46 - 000004136 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{0D2A5408-F299-4DB7-8697-E24FF3C48965}
2021-04-30 20:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-30 20:18 - 2020-06-19 01:00 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-30 20:18 - 2020-06-19 01:00 - 000002266 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-04-30 20:18 - 2020-06-19 01:00 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-04-30 20:18 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-28 19:25 - 2017-12-29 14:21 - 000000000 ____D C:\Users\dad\AppData\Local\PlaceholderTileLogoFolder
2021-04-28 15:39 - 2020-09-30 23:17 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-26 20:06 - 2016-10-08 10:11 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-26 20:06 - 2016-10-08 10:11 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-26 20:06 - 2016-10-08 10:11 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-26 03:12 - 2020-10-08 10:46 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-26 03:12 - 2020-10-08 10:46 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-25 10:28 - 2020-10-08 10:46 - 000003348 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1181104008-4076506379-556746162-1001
2021-04-25 10:27 - 2020-10-08 10:25 - 000002364 _____ C:\Users\dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-23 12:33 - 2016-10-05 20:08 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-21 01:58 - 2020-10-28 16:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-04-21 01:58 - 2016-10-05 19:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-21 01:57 - 2020-10-08 10:25 - 000000000 ____D C:\Users\dad
2021-04-20 21:00 - 2020-10-08 10:46 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-20 21:00 - 2020-10-08 10:46 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-20 13:56 - 2016-10-05 19:40 - 000001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-19 08:55 - 2017-02-22 21:49 - 000000000 ____D C:\Program Files\Webroot
2021-04-14 02:24 - 2016-10-05 23:00 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 02:21 - 2016-10-05 22:59 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-09 11:56 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories ========

2017-02-22 21:49 - 2017-04-26 21:07 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by dad (04-05-2021 09:47:22)
Running from C:\Users\dad\Desktop
Windows 10 Home Version 2004 19041.746 (X64) (2020-10-08 14:47:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1181104008-4076506379-556746162-500 - Administrator - Disabled)
dad (S-1-5-21-1181104008-4076506379-556746162-1001 - Administrator - Enabled) => C:\Users\dad
DefaultAccount (S-1-5-21-1181104008-4076506379-556746162-503 - Limited - Disabled)
Guest (S-1-5-21-1181104008-4076506379-556746162-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1181104008-4076506379-556746162-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {EA22F846-E33A-0128-9418-185509C86920}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Webroot SecureAnywhere (Enabled - Up to date) {DF901FA1-F926-253B-C464-B01C79DCAD48}
AV: Webroot SecureAnywhere (Enabled - Up to date) {A16A5B28-D1C0-417E-771B-123558EECC69}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {64F1FE45-DF1C-2AB5-FED4-8B6E025BE7F5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{9738288C-21BC-4F54-AB4F-72F059339376}) (Version: 8.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{DEB339C1-2687-43AB-816A-8714F3E26846}) (Version: 8.6 - Apple Inc.)
Blackboard Collaborate Launcher (HKLM-x32\...\{AEED1D32-C837-405A-8009-6660E3883C9E}) (Version: 1.6.4.0 - Blackboard)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Core (HKLM\...\{48CD9577-944F-496C-B8AE-F6150240C2D1}) (Version: 1.1.227 - Webroot) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
HP Dropbox Plugin (HKLM-x32\...\{EF65265C-816D-4992-A8CC-C91CDEC9ED33}) (Version: 36.0.102.68541 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{858E7C53-B406-4798-B4CA-761420FF2B5F}) (Version: 43.0.0.0 - HP)
HP FTP Plugin (HKLM-x32\...\{07DA4F28-63FA-43F7-A554-B159E9A7E649}) (Version: 43.0.0.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{CF634681-E024-430C-AFF2-B9EE43A7E452}) (Version: 36.0.102.68541 - HP)
HP OfficeJet 5200 series Basic Device Software (HKLM\...\{7EC4C0ED-C03F-4F7C-B654-098A74E3DA38}) (Version: 44.4.2678.1977 - HP Inc.)
HP OfficeJet 5200 series Help (HKLM-x32\...\{72C4E06A-0B41-4E4B-BA75-EFADC7DAF20C}) (Version: 44.0.0 - HP)
HP OneDrive Plugin (HKLM-x32\...\{1E191DFB-7B91-4B11-AB95-884D59ECE599}) (Version: 36.0.0.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP SharePoint Plugin (HKLM-x32\...\{1ED7BE66-39E7-4A65-8EEF-68CE80F3416C}) (Version: 43.0.0.0 - HP)
iCloud Outlook (HKLM\...\{696A65CA-2720-4D0D-A255-78123E9AC856}) (Version: 11.2.0.18 - Apple Inc.)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Logitech Options (HKLM\...\LogiOptions) (Version: 8.10.154 - Logitech)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.13929.20296 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1181104008-4076506379-556746162-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 88.0 (x64 en-US) (HKLM\...\Mozilla Firefox 88.0 (x64 en-US)) (Version: 88.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 76.0.1 - Mozilla)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13901.20462 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20462 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
Product Improvement Study for HP OfficeJet 5200 series (HKLM\...\{B4B0BAB5-6850-4690-B844-7D8C8E03E950}) (Version: 44.4.2678.1977 - HP Inc.)
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.15.5 - Quicken)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8564 - Realtek Semiconductor Corp.)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.29.62 - Webroot)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 2.0.0.0 - )

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.178.200.0_x86__kgqvnymyfvs32 [2020-10-02] (king.com)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation)
FarmVille 2: Country Escape -> C:\Program Files\WindowsApps\D52A8D61.FarmVille2CountryEscape_16.1.6106.0_x86__jwbwg6xx0377a [2020-10-06] (Zynga Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-05-27] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_11.4.12.0_x86__nzyj5cx40ttqa [2020-09-26] (Apple Inc.) [Startup Task]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2021-01-06] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-20] (Microsoft Studios) [MS Ad]
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation)
Pandora -> C:\Program Files\WindowsApps\PandoraMediaInc.29680B314EFC2_15.0.3.0_x64__n619g4d5j0fnw [2019-11-20] (Pandora Media Inc) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-05-17] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2021-05-04] (Webroot Inc. -> Webroot)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\WINDOWS\system32\WRusr.dll [2021-05-04] (Webroot Inc. -> Webroot)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\dad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2008-07-03 19:38 - 2008-07-03 19:38 - 000002048 _____ () [File not signed] C:\Program Files\Microsoft Games\Minesweeper\slc.dll
2008-07-03 19:38 - 2008-07-03 19:38 - 000002048 _____ () [File not signed] C:\Program Files\Microsoft Games\SpiderSolitaire\slc.dll
2010-03-08 03:27 - 2010-03-08 03:27 - 000578048 _____ (AOL Inc.) [File not signed] C:\Program Files (x86)\Common Files\AOL\1475711669\ee\AOLSvcMgr.dll
2010-01-06 02:19 - 2010-01-06 02:19 - 000176640 _____ (AOL Inc.) [File not signed] C:\Program Files (x86)\Common Files\AOL\AOLDiag\tbdiag.dll
2008-11-04 14:46 - 2008-11-04 14:46 - 000835584 _____ (AOL LLC) [File not signed] C:\Program Files (x86)\Common Files\AOL\1475711669\ee\coolcore54.dll
2010-05-02 23:23 - 2010-05-02 23:23 - 000155648 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1475711669\ee\services\aolsystrayservice\ver4_1_2_1\AOLSysTrayService.dll
2008-10-17 12:48 - 2008-10-17 12:48 - 000104448 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1475711669\ee\services\connection\ver7_1_2_1\connection.dll
2008-10-03 14:28 - 2008-10-03 14:28 - 000317440 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1475711669\ee\services\localStorage\ver8_1_1_1\clsSvc.dll
2008-10-03 16:29 - 2008-10-03 16:29 - 000256000 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1475711669\ee\services\metrics\ver4_1_11_1\cmls.dll
2008-10-03 15:49 - 2008-10-03 15:49 - 000130560 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1475711669\ee\services\notification\ver7_1_1_1\Notify.dll
2006-09-21 11:18 - 2006-09-21 11:18 - 000005632 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1475711669\ee\services\os\ver5_2_1_1\AOLIdleMon.dll
2006-09-21 11:19 - 2006-09-21 11:19 - 000180736 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1475711669\ee\services\os\ver5_2_1_1\OS.dll
2008-10-03 17:13 - 2008-10-03 17:13 - 000163840 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1475711669\ee\services\osInfo\ver2_1_1_1\OSInfo.dll
2008-10-03 16:16 - 2008-10-03 16:16 - 000094720 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1475711669\ee\services\preferences\ver6_1_1_1\preferences.dll
2007-09-07 11:46 - 2007-09-07 11:46 - 000281600 _____ (AOL LLC) [File not signed] c:\program files (x86)\common files\aol\1475711669\ee\services\suiteFramework\ver5_1_4_1\suiteFramework.dll
2007-03-19 22:48 - 2007-03-19 22:48 - 000249856 _____ (AOL LLC) [File not signed] C:\Program Files (x86)\Common Files\AOL\1475711669\ee\xprt5.dll
2009-12-11 13:17 - 2009-12-11 13:17 - 000248832 _____ (AOL LLC) [File not signed] C:\Program Files (x86)\Common Files\AOL\1475711669\ee\xprt6.dll
2020-04-19 18:55 - 2020-04-19 18:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2020-04-19 18:55 - 2020-04-19 18:55 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1181104008-4076506379-556746162-1001\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1181104008-4076506379-556746162-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-03] (Microsoft Corporation -> Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech Inc -> Logitech, Inc.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2020-07-22] (Webroot Inc. -> Webroot)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2017-01-03] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech Inc -> Logitech, Inc.)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2020-07-22] (Webroot Inc. -> Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-03] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-04] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-10-05 22:00 - 2016-10-05 21:58 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-03-09 07:15 - 2020-03-09 07:20 - 000000431 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1181104008-4076506379-556746162-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{202982D3-F89B-4E70-B3ED-1EADE5BBA032}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2763C560-1937-47EA-8881-DC619D3273C4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D4F1AA70-2B12-422B-B2A5-43608723D8F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2932C65E-A35B-40E0-8230-12D0D5EFE87D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{F1FC35B5-9943-484E-969D-3D5FA3A84BA1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{FC4830D4-E315-43BA-9BD1-819654613689}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{87B091A9-4659-42A1-999B-EA8430868E79}] => (Allow) C:\Users\dad\AppData\Local\Temp\7zS133D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{BB193690-A381-4176-B398-402D420247F5}] => (Allow) C:\Users\dad\AppData\Local\Temp\7zS133D\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{12FE7790-7C49-42F0-8C01-3D7C3DFEBFE2}] => (Allow) C:\Users\dad\AppData\Local\Temp\7zS12DC\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{C5598D3D-4BB8-41F5-A799-BD9D78F9B307}] => (Allow) C:\Users\dad\AppData\Local\Temp\7zS12DC\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F72F1D40-B6ED-4D52-9CA0-71F10AD7F5C9}] => (Allow) C:\Users\dad\AppData\Local\Temp\7zS120E\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{F41E5CAB-D2A9-400A-B669-B0342F1535FF}] => (Allow) C:\Users\dad\AppData\Local\Temp\7zS120E\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{49867408-8291-4DF9-9EE4-D5BFC363B3F0}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{E6DEB9C4-5614-4E2A-851C-6341FAE675E5}] => (Allow) C:\Users\dad\AppData\Local\Temp\7zS448A\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{C81C1768-ADB4-47C8-8B63-39AF81EB4858}] => (Allow) C:\Users\dad\AppData\Local\Temp\7zS448A\HPDiagnosticCoreUI.exe => No File
FirewallRules: [{9C781FFC-E506-499C-B4CA-A3A29B027D45}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B04D3D94-7C37-4E8B-A953-0C1C2F983DC5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7FA37FD2-CC78-4B34-B392-0C9885821D18}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{13A32505-23F3-4846-8385-2322616994ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6D9B9004-B3C1-4CE5-9985-F7B63722029C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0AAE3AA5-08CE-483D-BABE-FD53A9DB97CA}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2a\waol.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{518D31C0-5299-41E8-B9C2-924A4891773C}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2a\waol.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{DD9AE200-0833-4F52-B7F2-7272B22EE73F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{EF1FB62C-C1ED-440C-B056-C2E4A6344968}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{C6F09509-E5C9-4601-B510-91A1261C3BE1}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{64DC935F-450F-40AD-97AB-3CFD79593240}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{E5FE5BAC-E13F-46B6-ABE0-41F44E1A7B97}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{7C301257-AC5C-4561-A00A-E36F53C15D46}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{4870A06B-F106-4401-AEC7-DDAF3C34B6D8}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{6F778937-566B-4C18-97D0-1A82025FCBC9}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{F07ACDCF-DAE9-494B-BFDF-10E6850469F9}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1475711669\ee\aolsoftware.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{CC778198-EB17-484B-93EE-FEB6E82CBAF3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1475711669\ee\aolsoftware.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{4F1C02EF-5E3F-454D-A7B3-D0640009C8B7}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{4C5BD26A-063B-41C6-8EFC-8E4C44E6FE50}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{09D0D0DB-747F-419F-AF57-F2C993B425E7}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{AA52A6EA-B6A4-4EA3-BC28-CD6620500961}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe (AOL Inc. -> AOL Inc.)
FirewallRules: [{3E67CBF9-E887-4B55-991F-036A25451DDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E4A2F621-48DA-48D3-A238-F03E5B419E2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C8ABD930-C796-4547-8CB6-E63C3C9BA963}C:\users\dad\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\dad\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [UDP Query User{1743303B-2F73-4F2D-B89F-73E7227A3D34}C:\users\dad\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe] => (Allow) C:\users\dad\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_80\bin\javaw.exe
FirewallRules: [{F350637A-4404-4E2A-AAC9-9E8ADAEDC997}] => (Allow) C:\Users\dad\AppData\Local\Temp\7zS029B\HP.EasyStart.exe => No File
FirewallRules: [{186BB250-F2E1-4A80-A27C-589FBDC0F308}] => (Allow) C:\Program Files\HP\HP OfficeJet 5200 series\bin\FaxApplications.exe (HP Inc -> HP Inc.)
FirewallRules: [{C0BC0C46-BACE-4758-A1D9-543743FF4667}] => (Allow) C:\Program Files\HP\HP OfficeJet 5200 series\bin\DigitalWizards.exe (HP Inc -> HP Inc.)
FirewallRules: [{28A8F84E-7FC0-48C4-869D-F249AF6217E4}] => (Allow) C:\Program Files\HP\HP OfficeJet 5200 series\bin\SendAFax.exe (HP Inc -> HP Inc.)
FirewallRules: [{0641E6D2-5DAE-46A6-B926-3078353EEBBD}] => (Allow) C:\Program Files\HP\HP OfficeJet 5200 series\bin\FaxPrinterUtility.exe (HP Inc -> HP Inc.)
FirewallRules: [{EAD4B0CB-73D7-4400-A0F2-F7A4756B3A27}] => (Allow) C:\Program Files\HP\HP OfficeJet 5200 series\Bin\DeviceSetup.exe (HP Inc -> HP Inc.)
FirewallRules: [{9E58D7F4-562A-447A-9069-154F958198D6}] => (Allow) LPort=5357
FirewallRules: [{CB1D3B0A-7EC4-489A-B2DD-CA6FB825BE46}] => (Allow) C:\Program Files\HP\HP OfficeJet 5200 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc -> HP Inc.)
FirewallRules: [{A207E4CB-31F5-4CDC-966D-A4F38A005E18}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F803D5A2-96BD-4EEF-855B-D7C4CCA09DC0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{776A6D93-AE43-4803-984E-72413518A13F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{476299A9-1884-42C0-A11B-3BA4267B8A78}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CA553E17-A59A-4170-8982-0C9E4569BA6A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D1B9AFF5-6A95-4A2F-BD52-67232BD79637}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{66596A4E-AD41-4DAE-B9FF-24340D7C5A1D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5411A4C5-2562-44E8-9B87-0E77BFE32A8C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{334F1C05-E415-4A3C-8DB3-85F9C4348D4D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8C520E58-FA22-4B39-BAA0-28D801F70CC2}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.51\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EF91626C-45C9-4802-AD77-4C26871C3287}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

30-04-2021 08:51:14 Windows Modules Installer
01-05-2021 09:01:24 Windows Modules Installer
03-05-2021 07:38:09 Windows Modules Installer
04-05-2021 08:30:49 Windows Modules Installer

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/04/2021 01:12:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31250

Error: (05/04/2021 01:12:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31250

Error: (05/04/2021 01:12:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/04/2021 01:11:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15625

Error: (05/04/2021 01:11:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15625

Error: (05/04/2021 01:11:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/04/2021 12:56:00 AM) (Source: SecurityCenter) (EventID: 19) (User: )
Description: The Windows Security Center Service was unable to load instances of AntiVirusProduct from datastore.

Error: (05/04/2021 12:53:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname jc.local already in use; will try jc-2.local instead


System errors:
=============
Error: (05/04/2021 09:26:21 AM) (Source: DCOM) (EventID: 10010) (User: JC)
Description: The server Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (05/04/2021 09:05:58 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/04/2021 09:05:54 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/04/2021 09:05:50 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/04/2021 09:05:46 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/04/2021 09:05:42 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/04/2021 09:05:38 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/04/2021 09:05:34 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Windows Defender:
================
Date: 2020-10-24 17:58:07
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-10-23 09:08:22
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-10-21 08:38:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-10-20 07:13:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-10-19 09:24:59
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-10-22 08:48:09
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.325.1156.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17500.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===============
Date: 2021-05-04 01:04:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\WRusr.dll that did not meet the Windows signing level requirements.

Date: 2021-05-04 00:57:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\WRusr.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 0501 07/24/2014
Motherboard: ASUSTeK COMPUTER INC. ET2230I
Processor: Intel® Core™ i3-4150T CPU @ 3.00GHz
Percentage of memory in use: 62%
Total physical RAM: 8090.79 MB
Available physical RAM: 3008.57 MB
Total Virtual: 9370.79 MB
Available Virtual: 4128.09 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:917.05 GB) (Free:824.43 GB) NTFS
Drive f: (Seagate Slim Drive) (Fixed) (Total:465.76 GB) (Free:404.29 GB) NTFS

\\?\Volume{428f54ed-8e0f-4eee-9f6d-9ea885ee0fee}\ (Windows RE tools) (Fixed) (Total:0.78 GB) (Free:0.55 GB) NTFS
\\?\Volume{26700ab8-4408-45dc-8b04-a900de5758e3}\ (Recovery image) (Fixed) (Total:13.3 GB) (Free:2.63 GB) NTFS
\\?\Volume{51b51169-ccb0-466b-bd2d-b358190a77fb}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D1889823)

Partition: GPT.

==========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: A4A02841)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

 

[Advertisements]

Error: (05/04/2021 09:05:58 AM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

 

 

Open an elevated Command Prompt:

http://www.howtogeek...-in-windows-10/

 

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)

 

 

Once you have an elevated command prompt:

 

Type:

chkdsk  /r  c:

hit Enter.  It will say it can't do it now and ask if you want to schedule it for the next restart.  Tell it y.

 

restart 

 

The disk check should start and will take several hours.

 

Once it reboots open an elevated Command Prompt again and :

 

Type:

 

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)

Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

 

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

 

sfc  /scannow

This will also take a few minutes.  

 

When it finishes it will say one of the following:

 

Windows did not find any integrity violations (a good thing)

Windows Resource Protection found corrupt files and repaired them (a good thing)

Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

 

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt 

Hit Enter.  Then type::

 

notepad %UserProfile%\desktop\junk.txt 

Hit Enter. 

 

 Copy the text from notepad and paste it into a reply.

 

 

After you finish SFC, regardless of the result:

 

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

 

Go to:  

https://www.microsof...nload/windows10

 

Click on Update Now.  Save the file then go to the download folder and right click on the downloaded file and Run As Admin.  Then follow the instructions.  This should force an update to the latest version.

 

Does it work?

[RKinner]

Error: (05/04/2021 09:05:58 AM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

 

 

Open an elevated Command Prompt:

http://www.howtogeek...-in-windows-10/

 

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)

 

 

Once you have an elevated command prompt:

 

Type:

chkdsk  /r  c:

hit Enter.  It will say it can't do it now and ask if you want to schedule it for the next restart.  Tell it y.

 

restart 

 

The disk check should start and will take several hours.

 

Once it reboots open an elevated Command Prompt again and :

 

Type:

 

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)

Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

 

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

 

sfc  /scannow

This will also take a few minutes.  

 

When it finishes it will say one of the following:

 

Windows did not find any integrity violations (a good thing)

Windows Resource Protection found corrupt files and repaired them (a good thing)

Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

 

If you get the last result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt 

Hit Enter.  Then type::

 

notepad %UserProfile%\desktop\junk.txt 

Hit Enter. 

 

 Copy the text from notepad and paste it into a reply.

 

 

After you finish SFC, regardless of the result:

 

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

 

Go to:  

https://www.microsof...nload/windows10

 

Click on Update Now.  Save the file then go to the download folder and right click on the downloaded file and Run As Admin.  Then follow the instructions.  This should force an update to the latest version.

 

Does it work?

[rocket985]

Now have blue screen with error code:  0xe0000185.

 

Says I'll need to use recovery tools.  I have no installation media.

[rocket985]

This was after the initial disk check.

[RKinner]

https://www.microsof...nload/windows10

 

Click on Download Tool Now

 

Follow instructions under:

    Using the tool to create installation media (USB flash drive, DVD, or ISO file) to install Windows 10 on a different PC (click to show more or less information)
   

[rocket985]

Used the tool, installed windows on machine.  Machine running but empty.

[RKinner]

Guess you didn't see the option to repair your existing windows?  Or it didn't work.

 

Let's see how bad the hard drive is:

 

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 

[rocket985]

Didn't work.

Attached Files

•  DESKTOP-AD3GSKK.txt   98.6KB   220 downloads

[RKinner]

Hard drive does not look bad but temperature of CPU is showing too hot.  Speccy often reads high so let's get a second opinion.  If it is running hot that is probably what caused the failure.

 

Run Speedfan to monitor your temps in real time:



http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.  
Win 10 hides icons by default so: Settings, Personalization,  Taskbar, Select which Icons appear on Taskbar,  then turn Speedfan ON.
With no other programs running what is the highest temp you see?  Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes.  What is the highest temp now?
 

We don't really want it to go over about 65 under load.  If it does it usually means either the fan is defective (speedfan should tell you your fan speed so you can see if it is running) or (most likely) the interface between the fan and the heatsink is clogged with dust. The best fix for a clogged heatsink is to remove the fan (not the heatsink or heatpipe) and vacuum out the heatsink.  However on some PCs this is major surgery.  Sometimes you can blow air backwards through the exhaust vent while vacuuming at the input vent and if you are lucky it may clear the heatsink.  Don't do it too long as the fan may overrev.

 

If it's not running hot then I would run the built-in memory check:

 

https://www.tomshard...how-to-test-ram

 

[rocket985]

Not running hot. 

 

Ran memory test.  No problems during test.  Could not find results after it restarted.

[RKinner]

Not sure what happened then to corrupt the hard drive.

 

Let's get a benchmark:


https://www.userbenchmark.com


Click on Free Download.  Save the file then right click and Run As Admin.  Close all programs and pause your antivirus before starting.


When it finishes it will open a browser.  Copy the URL and paste it into a Reply.

[RKinner]

I take that back about not knowing why it failed.  Didn't notice that you had two hard drives and I just looked at the Seagate.  You also have a Toshiba that is showing:

 

C5
                                            Attribute name    Current Pending Sector Count
                                            Real value    136
                                            Current    100
                                            Worst    100
                                            Threshold    0
                                            Raw Value    0000000088
                                            Status    Good

 

 

No way is that good.  136 sectors have failed and need to be replaced.  Time to replace the drive.

 

It's on Amazon for about $60

Toshiba 1TB 7200 RPM 32MB Cache SATA 6.0Gb/s 3.5 Internal Hard Drive (DT01ACA100)

 

but you can use any 3.5 SATA 3.  I would stay away from Seagate.  They aren't that reliable.  If you stay with conventional consider a Western Digital Black:

Western Digital 1TB WD Black Performance Internal Hard Drive HDD - 7200 RPM, SATA 6 Gb/s, 64 MB Cache, 3.5" - WD1003FZEX

for $65.  Double the cache and the most reliable drive around.

 

If you really want to speed up the PC get a Samsung EVO SSD

SAMSUNG 870 EVO 1TB 2.5 Inch SATA III Internal SSD (MZ-77E1T0B/AM)

$120.  It's a 2.5 inch instead of a 3.5 so it may need an adapter (tho I just tiewrapped mine to the frame).  Most reliable SSD on the market.

[rocket985]

   Asus ET2230I Performance Results - UserBenchmark

[RKinner]

Benchmark is very good but  it says you are using 45% of your CPU so that's going to slow you a bit.  Let's run Process Explorer and see what is running.

 

Get Process Explorer

https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


 

[rocket985]

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
procexp(1)64.exe    2.73    27,204 K    60,820 K    8240    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
wmplayer.exe    1.44    127,232 K    68,320 K    8700    Windows Media Player    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe    0.05    139,660 K    183,596 K    2828    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
explorer.exe    0.02    63,924 K    135,276 K    5128    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
OneDrive.exe    0.02    46,584 K    63,564 K    7656    Microsoft OneDrive    Microsoft Corporation    (Verified) Microsoft Corporation
msedge.exe    0.02    53,176 K    57,168 K    2388    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
firefox.exe    0.01    198,840 K    320,372 K    3360    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
msedge.exe    0.01    49,352 K    126,760 K    9268    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
AppleMobileDeviceProcess.exe    0.01    4,428 K    14,452 K    10184    MobileDeviceProcess    Apple Inc.    (Verified) Apple Inc.
msedge.exe    < 0.01    18,552 K    39,524 K    5396    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
svchost.exe    < 0.01    3,412 K    18,728 K    6032    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
firefox.exe    < 0.01    34,876 K    50,512 K    3884    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
WinStore.App.exe    Suspended    64,212 K    2,128 K    5424    Store    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
UserOOBEBroker.exe        1,868 K    9,084 K    9664    User OOBE Broker    Microsoft Corporation    (Verified) Microsoft Windows
TextInputHost.exe        15,444 K    38,496 K    7060        Microsoft Corporation    (Verified) Microsoft Windows
taskhostw.exe        8,532 K    18,132 K    3828    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
taskhostw.exe        5,428 K    14,532 K    128            
TabTip.exe        3,908 K    15,800 K    6896            
SystemSettingsBroker.exe        7,276 K    28,820 K    9808    System Settings Broker    Microsoft Corporation    (Verified) Microsoft Windows
SystemSettings.exe    Suspended    25,944 K    2,128 K    464    Settings    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        9,780 K    25,520 K    260    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        9,848 K    41,492 K    2736    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,632 K    8,124 K    848    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,140 K    20,332 K    7872    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe        37,880 K    66,412 K    1532            (Verified) Microsoft Windows
smartscreen.exe        9,128 K    26,164 K    5868    Windows Defender SmartScreen    Microsoft Corporation    (Verified) Microsoft Windows
sihost.exe        7,648 K    31,696 K    3144    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
ShellExperienceHost.exe    Suspended    40,584 K    92,464 K    6908    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
SettingSyncHost.exe        3,864 K    5,240 K    7032    Host Process for Setting Synchronization    Microsoft Corporation    (Verified) Microsoft Windows
SecurityHealthSystray.exe        2,032 K    12,772 K    7516    Windows Security notification icon    Microsoft Corporation    (Verified) Microsoft Windows
SearchApp.exe    Suspended    113,264 K    178,884 K    6152    Search application    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        5,432 K    19,600 K    9520    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        8,360 K    30,820 K    6388    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        8,132 K    31,524 K    7044    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        6,552 K    26,216 K    3464    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        3,432 K    16,304 K    7068    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
procexp(1).exe        4,216 K    11,312 K    8524    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
msedge.exe        17,260 K    25,616 K    3876    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
msedge.exe        18,516 K    35,264 K    348    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
msedge.exe        101,084 K    109,164 K    8392    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
msedge.exe        13,040 K    21,992 K    9364    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
msedge.exe        12,688 K    17,404 K    8588    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
msedge.exe        44,592 K    88,896 K    7608    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
msedge.exe        6,092 K    7,332 K    4076    Microsoft Edge    Microsoft Corporation    (Verified) Microsoft Corporation
igfxTray.exe        2,944 K    11,140 K    5244            (Verified) Intel® pGFX
igfxHK.exe        2,492 K    9,492 K    5220    igfxHK Module    Intel Corporation    (Verified) Intel® pGFX
igfxEM.exe        3,384 K    12,096 K    5172    igfxEM Module    Intel Corporation    (Verified) Intel® pGFX
firefox.exe        26,988 K    25,732 K    9712    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        412,624 K    359,404 K    9352    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        25,612 K    36,524 K    8696    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
FileCoAuth.exe        3,688 K    13,976 K    2620    Microsoft OneDriveFile Co-Authoring Executable    Microsoft Corporation    (Verified) Microsoft Corporation
dllhost.exe        4,572 K    17,408 K    3720    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        3,720 K    10,700 K    5952    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        12,352 K    21,916 K    6876            
CompPkgSrv.exe        1,596 K    8,576 K    6276    Component Package Support Server    Microsoft Corporation    (Verified) Microsoft Windows
ApplicationFrameHost.exe        13,800 K    33,332 K    8104    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows