Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow Computer


  • Please log in to reply

#1
mandrada

mandrada

    Member

  • Member
  • PipPip
  • 19 posts

Hello,

I hope you can help me. My computer has gotten so slow that it makes it difficult to get work done. Do you have any suggestions? My text files are pasted below.

Thanks, Mary

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.06.2024
Ran by mary (administrator) on 2020WS08 (Dell Inc. OptiPlex 7070) (02-06-2024 14:35:45)
Running from C:\Users\mary\Desktop\FRST64.exe
Loaded Profiles: mary & Administrator & bob & QBDataServiceUser31 & QBDataServiceUser34
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3593 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe ->) (Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.Application.exe
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2024\qbmapi64.exe
(C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE ->) (Intuit, Inc. -> SAP SE or an SAP affiliate company) C:\Program Files\Intuit\QuickBooks 2024\QBDBMgr.exe
(C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE ->) (The CefSharp Authors) [File not signed] C:\Program Files\Intuit\QuickBooks 2024\CefSharp.BrowserSubprocess.exe <7>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.97\msedgewebview2.exe <7>
(C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe <2>
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.10.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe <7>
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxEM.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <12>
(explorer.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\MSACCESS.EXE <4>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(explorer.exe ->) (SystemServer -> Intermedia.net, Inc.) C:\Users\mary\AppData\Local\Programs\Intermedia Unite\Intermedia Unite.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\mary\AppData\Local\Microsoft\OneDrive\24.091.0505.0003\Microsoft.SharePoint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(PIRIFORM SOFTWARE LIMITED -> Piriform Software) C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_d6e4236a0f82e7b4\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_5fe2e31c542e0065\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_fbef37f5b63dca79\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_fbef37f5b63dca79\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_9bda45a3425e7880\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe
(services.exe ->) (Intuit Inc.) [File not signed] C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(services.exe ->) (Intuit Inc.) [File not signed] C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
(services.exe ->) (Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe
(services.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(services.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdateMonitorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
(services.exe ->) (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c984e9ce714075ab\RtkAudUService64.exe <2>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4d0b189ff2aba03\WavesSysSvc64.exe
(sihost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe <6>
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
(svchost.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.124.5142.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.10.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\PrintDialog\PrintDialog.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c984e9ce714075ab\RtkAudUService64.exe [1345104 2021-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4d0b189ff2aba03\WavesSvc64.exe [1774584 2021-02-18] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3427104 2022-04-13] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [781552 2021-10-11] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\Installer\setup.exe [7182800 2024-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\RunOnce: [ccleaner_update_helper] => C:\Program Files\CCleaner\ccleaner_update_helper.exe [813368 2024-05-28] (PIRIFORM SOFTWARE LIMITED -> Piriform)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [8508832 2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Run: [Intermedia Unite] => C:\Users\mary\AppData\Local\Programs\Intermedia Unite\Intermedia Unite.exe [165999464 2024-04-05] (SystemServer -> Intermedia.net, Inc.)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [45380000 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Run: [MicrosoftEdgeAutoLaunch_D93AF75D227E4510AE1D42E181D1834B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4136896 2024-05-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Run: [CCleanerBrowserAutoLaunch_012365C4288EC115F2F0C751243D3576] => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3163248 2024-05-16] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\mary\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\mary\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\RunOnce: [Uninstall 24.086.0428.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\mary\AppData\Local\Microsoft\OneDrive\24.086.0428.0003" [0 2024-05-24] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-3979886858-3466003010-52152672-500\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4211803538-2084879006-1980355138-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4211803538-2084879006-1980355138-1002\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4211803538-2084879006-1980355138-1003\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\FaxUpload Port Monitor: C:\WINDOWS\system32\FaxUpMn15.dll [743248 2015-08-27] (ImageMAKER Development Inc. -> ImageMAKER Development Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\124.0.25069.209\Installer\chrmstp.exe [2024-05-23] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\125.0.6422.141\Installer\chrmstp.exe [2024-05-30] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2022-05-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2024-03-01]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2024-03-01]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2024-03-01]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vista Fax Daemon.lnk [2022-11-08]
ShortcutTarget: Vista Fax Daemon.lnk -> C:\Program Files (x86)\Common Files\ImageMAKER\Vstdaemon.exe (ImageMAKER Development Inc. -> ImageMAKER Development Inc.)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" was unlocked. <==== ATTENTION
Task: {961B54B9-924B-4742-A0FB-FD77C10999BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {DB184396-39A2-4C99-9B78-06110472DF6C} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3427104 2022-04-13] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {6992DA9C-F6D7-4BEA-BB9D-C4EE63D0402D} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3163248 2024-05-16] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {242C17E2-A9E0-420E-B645-569388B365A8} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe [3163248 2024-05-16] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {E5D60B1C-703B-43F7-B9BB-7BEC182D089B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {655B1CA2-7C3E-4E2C-95AE-F2255BDC56CD} - System32\Tasks\CCleanerBrowserProtectS-1-5-21-3979886858-3466003010-52152672-1116 => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowserProtect.exe [1717416 2024-04-23] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
Task: {2F0323EB-71EF-49F9-A9C4-767DA1BA1228} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {518A2AB6-35C2-4C5E-A010-890BDABA914B} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [5074848 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc. All rights reserved.) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "f4ad30d1-b391-4157-ac2d-d30e803a04aa" --version "6.23.11010" --silent
Task: {B8F485D1-52C1-48A4-9DDC-1EEFC74372A8} - System32\Tasks\CCleanerSkipUAC - mary => C:\Program Files\CCleaner\CCleaner.exe [39118752 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {1A0AED4A-6AD6-45F9-B352-9B62E2C9563F} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {961CA466-F0B9-4A2A-B589-2E526551DB6C} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
Task: {32FAA249-3876-4F54-854D-2029AF2A450E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5439240 2024-05-14] (Microsoft Windows -> Microsoft Corporation)
Task: {997BF022-BFF8-43F4-B56C-4E9F7AAE12F9} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [665952 2022-06-21] (Dell Inc -> Dell Inc.) -> C:\Program Files\Dell\SupportAssistAgent\bin\AutoUpdate
Task: {66465A48-3014-404F-8045-980AC8272A2E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem127.0.6490.0{A1AF9303-C083-4C9E-83EA-D6B9B5F21709} => C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
Task: {4C0229B4-D461-4891-A5BD-024B06F88416} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28435936 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {AB0362AC-347B-4AA5-A41D-F84AFCA83390} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28435936 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {EDEBCD00-CDF0-4499-8EAD-429F2ED5E678} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309832 2024-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {8F05A58A-9F24-498A-9ED8-DE02FA5AA063} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309832 2024-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4BBD5287-C140-4084-99FB-BB20C3A937A2} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168928 2024-04-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {17CC246F-4923-428E-9212-8302E2CE9BA0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [517112 2024-05-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E336F66-C193-4C7D-BC2E-81DD4896DBAD} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe [53248 2024-03-12] (Microsoft Windows -> Microsoft Corporation)
Task: {A0D0DFF6-E582-4D8E-BCD2-8152403CCC10} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe [53248 2024-03-12] (Microsoft Windows -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {A2BFA4C3-E046-4A9D-A0BB-BF71FED3F887} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe  LogonUpdateResults (No File)
Task: {A0BAA87C-5CE3-4CA9-942B-82AED3D4C416} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC ReadyToReboot (No File)
Task: {B25636AC-0AED-4EFE-88FF-49BA5C141D03} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {2BC53148-B7B1-4C11-82AE-12402A22745D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1E68F916-3F6B-48A2-AB8E-0B6C779E79A5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E227D19E-F257-4F12-9E72-6CF44CCFA337} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3C140B93-0609-4C7E-8B0C-7974C9E72756} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6CDD7EF7-DD58-450A-8E17-1C40D804DF55} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe  (No File)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{effb5a57-65fe-4a33-ace5-bc2d29cc3452}: [NameServer] 192.168.254.2,8.8.8.8
 
Edge: 
=======
Edge Profile: C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-23]
Edge Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2024-02-29]
Edge Extension: (Dropbox for Gmail) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2021-08-31]
Edge Extension: (Google Docs Offline) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-26]
Edge Extension: (Google Mail Checker) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\glbpkcehjkihaknkjifkehdpjfngbdga [2020-10-21]
Edge Extension: (Amazon Assistant) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2023-03-30]
Edge Extension: (Cisco Webex Extension) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikdddppdhmjcdfgilpnbkdeggoiicjgo [2022-07-22]
Edge Extension: (Chrome Remote Desktop) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-07]
Edge Extension: (Pinterest Save Button) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfcjijcigimhjjdimpghneggnegiphhh [2020-10-21]
Edge Extension: (Edge relevant text changes) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-08]
Edge Extension: (Zoom Chrome Extension) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2024-04-22]
Edge Extension: (ClassLink OneClick Extension) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\liidigofnkchhgmbdfmmbfcodpecmcii [2023-10-11]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-09-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-10-11] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-10-11] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default [2024-05-08]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-07-06]
CHR Extension: (Google Docs Offline) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-11]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-04-21]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-23]
CHR Profile: C:\Users\mary\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-05-08]
CHR Profile: C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-06-02]
CHR DownloadDir: C:\Users\mary\Desktop
CHR Notifications: Profile 1 -> hxxps://buildertrend.net; hxxps://calendar.google.com; hxxps://fsastore.com; hxxps://my.norton.com; hxxps://therecipecritic.com; hxxps://www.accuweather.com; hxxps://www.crowdcast.io; hxxps://www.facebook.com; hxxps://www.fashionholla.com; hxxps://www.harney.com; hxxps://www.marthastewart.com; hxxps://www.messenger.com; hxxps://www.netflix.com; hxxps://www.pinterest.com; hxxps://www.soundstrue.com
CHR Extension: (Norton Password Manager) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\admmjipmmciaobhojoghlmleefbicajg [2024-05-16]
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-04-05]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-05-28]
CHR Extension: (Google Docs Offline) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-20]
CHR Extension: (Save to Pinterest) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-05-23]
CHR Extension: (TiltShiftMaker) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo [2022-07-20]
CHR Extension: (Crackle) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2022-07-20]
CHR Extension: (My Downloads) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ienfdfooajmkbebiaplehejbamefbboi [2024-01-21]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-05-20]
CHR Extension: (The Washington Post) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ilgaabojccagggalemipkfjbcdemjgee [2022-07-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-06]
CHR Extension: (ClassLink OneClick Extension) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jgfbgkjjlonelmpenhpfeeljjlcgnkpe [2024-05-08]
CHR Extension: (Grammarly: AI Writing and Grammar Checker App) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2024-05-30]
CHR Extension: (Zoom Chrome Extension) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2024-04-22]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-22]
CHR Extension: (Google Mail Checker) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2022-07-20]
CHR Extension: (Capital One Shopping: Save Now) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2024-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-07-20]
CHR Profile: C:\Users\mary\AppData\Local\Google\Chrome\User Data\System Profile [2024-06-02]
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3979886858-3466003010-52152672-1116\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3979886858-3466003010-52152672-1116\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3815712 2022-04-13] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3580200 2022-04-13] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\124.0.25069.209\elevation_service.exe [1745424 2024-05-16] (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe [208176 2022-12-13] (PIRIFORM SOFTWARE LIMITED -> Piriform Software)
R2 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [1085856 2024-04-10] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
R4 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14248016 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2022-05-20] (Dell Inc -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [138448 2022-05-20] (Dell Inc -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2022-05-20] (Dell Inc -> Dell Technologies Inc.)
S4 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [55712 2022-08-01] (Dell Inc -> )
S4 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [44448 2022-04-27] (Dell Inc -> )
S4 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [134560 2022-02-19] (Dell Inc -> Dell)
S2 GoogleUpdaterInternalService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
S2 GoogleUpdaterService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887344 2024-05-07] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-02] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 MicrosoftSearchInBing; C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe [21376 2020-04-20] (Microsoft Corporation -> )
R3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2023-11-10] (Intuit Inc.) [File not signed]
R2 QBUpdateMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdateMonitorService.exe [52800 2023-11-10] (Intuit, Inc. -> Intuit Inc.)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1570816 2023-11-10] (Intuit Inc.) [File not signed]
R2 QBWCMonitor; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe [47392 2024-02-26] (Intuit, Inc. -> )
S4 QuickBooksDB34; C:\Program Files\Intuit\QuickBooks 2024\QBDBMgrN.exe [142912 2024-03-12] (Intuit, Inc. -> SAP SE or an SAP affiliate company)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [137056 2022-06-21] (Dell Inc -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 QuickBooksDB31; C:\QuickBooks Premier Edition 2021\QBDBMgrN.exe -hvQuickBooksDB31 [X]
S4 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\mary\AppData\Roaming\Zoom"
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2023-04-12] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2023-04-12] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-06] (Microsoft Corporation) [File not signed]
R3 CyUcmClient_Device; C:\WINDOWS\System32\drivers\CyUcmClient.sys [156600 2019-01-30] (Cypress Semiconductor Corporation -> Cypress Semiconductor Corporation)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [37808 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 e1dexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e1d.inf_amd64_e98edae1bc7c25e7\e1d.sys [618128 2022-09-02] (Intel Corporation -> Intel Corporation)
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223184 2024-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-05-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-05-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKslb9510bdd; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDC75520-8012-48FC-AB65-F4ED351E8184}\MpKslDrv.sys [271648 2024-06-02] (Microsoft Windows -> Microsoft Corporation)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-05-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-28] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-02 14:35 - 2024-06-02 14:39 - 000042216 _____ C:\Users\mary\Desktop\FRST.txt
2024-06-02 14:35 - 2024-06-02 14:35 - 000000000 ____D C:\Users\mary\Desktop\FRST-OlderVersion
2024-06-02 14:34 - 2024-06-02 14:37 - 000000000 ____D C:\FRST
2024-06-02 14:33 - 2024-06-02 14:35 - 002395136 _____ (Farbar) C:\Users\mary\Desktop\FRST64.exe
2024-06-02 14:29 - 2024-06-02 14:29 - 002299904 _____ (Farbar) C:\Users\mary\Downloads\FRST64 (2).exe
2024-06-02 14:28 - 2024-06-02 14:28 - 002299904 _____ (Farbar) C:\Users\mary\Downloads\FRST64.exe
2024-06-02 14:28 - 2024-06-02 14:28 - 002299904 _____ (Farbar) C:\Users\mary\Downloads\FRST64 (1).exe
2024-05-31 12:08 - 2024-05-31 12:08 - 000155098 _____ C:\Users\mary\Desktop\INV 3938.pdf
2024-05-29 13:11 - 2024-05-29 13:11 - 000138617 _____ C:\Users\mary\Desktop\THAI TEST KITCHEN _ Online Receipt.pdf
2024-05-28 09:38 - 2024-05-28 09:38 - 007578108 _____ C:\Users\mary\Downloads\Samantha Set.pdf
2024-05-28 09:38 - 2024-05-28 09:38 - 003641426 _____ C:\Users\mary\Downloads\workshop archetect drawings.pdf
2024-05-28 09:37 - 2024-05-28 09:38 - 000686810 _____ C:\Users\mary\Downloads\Truss reciept.pdf
2024-05-24 11:57 - 2024-05-24 11:57 - 036750844 _____ C:\Users\mary\Downloads\KEVIN WHEELER SD CORRECTED 5-23-24 corrected (1).pdf
2024-05-24 09:23 - 2024-05-24 09:23 - 036750844 _____ C:\Users\mary\Downloads\KEVIN WHEELER SD CORRECTED 5-23-24 corrected.pdf
2024-05-23 09:06 - 2024-05-23 09:06 - 000019186 _____ C:\Users\mary\Downloads\15165585039_052324_0623 (1).pdf
2024-05-23 09:04 - 2024-05-23 09:05 - 000019186 _____ C:\Users\mary\Downloads\15165585039_052324_0623.pdf
2024-05-22 08:52 - 2024-05-22 08:52 - 000037128 _____ C:\Users\mary\Downloads\052124_2018.pdf
2024-05-16 16:49 - 2024-05-16 16:49 - 005383380 _____ C:\Users\mary\Downloads\Trailside-Fitness-12-Week-Training-Program.pdf
2024-05-14 22:05 - 2024-05-14 22:12 - 000000000 ___HD C:\$WinREAgent
2024-05-14 15:18 - 2024-05-14 15:18 - 036751974 _____ C:\Users\mary\Downloads\KEVIN WHEELER SD 5-14-24 CITY CORRECTED.pdf
2024-05-14 10:29 - 2024-05-14 10:29 - 005934884 _____ C:\Users\mary\Downloads\Full_Moon_in_Sagittarius_-_Color.pdf
2024-05-14 08:31 - 2024-05-14 08:31 - 034387145 _____ C:\Users\mary\Downloads\WWII Construction Drawings Set.pdf
2024-05-13 13:18 - 2024-05-13 13:19 - 017758280 _____ C:\Users\mary\Downloads\WEINGARDEN.zip
2024-05-10 13:06 - 2024-05-10 13:06 - 000438818 _____ C:\Users\mary\Downloads\Resource list for Transition 2024.pdf
2024-05-09 09:49 - 2024-05-09 09:49 - 000012132 _____ C:\Users\mary\Downloads\AF trust report (1).pdf
2024-05-09 08:06 - 2024-05-09 08:06 - 045439195 _____ C:\Users\mary\Downloads\iCloud Photos from James Fitzpatrick.zip
2024-05-06 15:48 - 2024-05-06 15:48 - 015928406 _____ C:\Users\mary\Downloads\424 Palomar west (#7463).zip
2024-05-06 08:27 - 2024-05-06 08:27 - 000029200 _____ C:\WINDOWS\system32\lc.dat
2024-05-06 08:26 - 2024-05-06 08:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom
2024-05-03 08:44 - 2024-05-03 08:45 - 507056932 _____ C:\Users\mary\Downloads\220 East Cliff - 2024.zip
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-02 14:42 - 2020-10-26 13:42 - 000000000 ____D C:\Users\mary\Documents\Outlook Files
2024-06-02 14:36 - 2020-10-09 14:47 - 000000128 _____ C:\WINDOWS\system32\config\netlogon.ftl
2024-06-02 14:33 - 2024-05-02 18:07 - 000000000 ____D C:\Users\mary\AppData\Local\Malwarebytes
2024-06-02 14:16 - 2023-04-12 09:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-06-02 14:16 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-02 08:48 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-06-02 06:42 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-06-01 11:32 - 2020-10-19 14:22 - 000000000 ____D C:\Users\mary\AppData\Local\D3DSCache
2024-05-31 20:58 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-31 20:58 - 2020-09-11 04:41 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-31 15:57 - 2023-04-12 10:04 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-05-31 15:27 - 2020-10-19 14:57 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Word
2024-05-31 15:10 - 2020-10-19 16:23 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Excel
2024-05-31 15:09 - 2020-10-19 14:28 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2024-05-31 14:27 - 2020-10-19 10:58 - 000000000 ____D C:\Users\mary\AppData\Local\Packages
2024-05-31 12:36 - 2020-10-19 14:53 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Access
2024-05-31 09:31 - 2020-10-19 13:56 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Outlook
2024-05-30 17:46 - 2022-06-09 10:47 - 000000000 ____D C:\Program Files\CCleaner
2024-05-30 14:31 - 2020-10-09 14:47 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-05-30 14:31 - 2020-10-09 14:47 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-05-30 11:12 - 2020-10-19 13:04 - 000000000 ____D C:\Users\mary\Desktop\Letters of inspection
2024-05-30 09:29 - 2022-02-11 12:10 - 000000000 ____D C:\Users\mary\AppData\Local\CrashDumps
2024-05-29 16:41 - 2020-10-19 13:04 - 000000000 ____D C:\Users\mary\Desktop\Inspection 1-29-19
2024-05-28 18:13 - 2020-09-11 04:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-05-28 15:32 - 2022-07-20 12:39 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-05-28 15:32 - 2022-07-20 12:39 - 000002046 _____ C:\Users\mary\Desktop\Google Drive.lnk
2024-05-28 15:32 - 2020-10-09 14:46 - 000000000 ____D C:\Program Files (x86)\Google
2024-05-28 01:51 - 2023-04-12 10:04 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-28 01:51 - 2023-04-12 10:04 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-05-24 15:25 - 2020-10-20 10:52 - 000000000 ____D C:\Users\mary\AppData\Roaming\Intermedia Unite
2024-05-24 14:30 - 2023-04-12 10:04 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3979886858-3466003010-52152672-1116
2024-05-24 14:30 - 2023-04-12 10:04 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3979886858-3466003010-52152672-1116
2024-05-24 14:30 - 2020-10-19 10:59 - 000002378 _____ C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-05-24 08:28 - 2020-10-19 10:58 - 000000000 __SHD C:\Users\mary\IntelGraphicsProfiles
2024-05-23 22:46 - 2022-05-06 22:22 - 000000000 ____D C:\WINDOWS\INF
2024-05-23 19:49 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-05-23 19:38 - 2023-04-12 09:56 - 000804924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-05-23 19:32 - 2023-04-12 09:38 - 000502712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-05-23 19:31 - 2023-04-12 10:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-05-23 19:31 - 2020-09-11 04:32 - 000000000 ____D C:\Intel
2024-05-23 19:30 - 2020-09-11 04:31 - 000012288 ___SH C:\DumpStack.log.tmp
2024-05-23 19:29 - 2022-05-06 22:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-05-23 19:26 - 2023-10-10 19:01 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\UUS
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-05-23 19:25 - 2022-05-07 00:39 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-05-23 19:25 - 2022-05-07 00:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemApps
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-05-23 19:25 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\servicing
2024-05-23 19:11 - 2020-09-11 04:50 - 000000000 ____D C:\Program Files\Microsoft Office
2024-05-23 08:28 - 2022-06-09 10:50 - 000002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2024-05-23 08:28 - 2022-06-09 10:50 - 000002354 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2024-05-23 08:28 - 2022-06-09 10:49 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2024-05-16 17:12 - 2022-10-11 14:40 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-05-16 17:12 - 2022-10-11 14:40 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-05-16 09:33 - 2020-10-19 13:04 - 000000000 ____D C:\Users\mary\Desktop\Mary's Documents
2024-05-14 23:04 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-05-14 23:03 - 2022-05-06 22:25 - 000077312 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2024-05-14 23:03 - 2022-05-06 22:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2024-05-14 22:41 - 2023-04-12 09:42 - 003214336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-05-14 21:26 - 2020-10-20 02:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-05-14 21:10 - 2020-10-20 02:17 - 196465576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-05-11 18:02 - 2020-09-11 04:58 - 000000000 ____D C:\ProgramData\Packages
2024-05-06 08:26 - 2024-03-28 17:34 - 000000000 ____D C:\Program Files\Zoom
2024-05-06 08:26 - 2020-10-20 08:04 - 000000000 ____D C:\Users\mary\AppData\Local\SquirrelTemp
2024-05-06 08:25 - 2024-03-28 17:36 - 000002411 _____ C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams classic (work or school).lnk
2024-05-06 08:25 - 2020-10-20 08:05 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Teams
 
==================== Files in the root of some directories ========
 
2024-03-01 11:08 - 2024-03-01 11:08 - 055178864 _____ (Intuit Inc.) C:\Users\mary\QuickBooksToolHub.exe
2023-11-10 16:05 - 2023-11-10 16:05 - 000514112 _____ (Intuit Inc.) C:\Program Files\Common Files\GraphSeriesCol.dll
2021-04-21 11:12 - 2021-04-21 12:33 - 000031847 _____ () C:\Users\mary\AppData\Roaming\QBFileDrTool.log
2020-10-19 14:42 - 2020-10-19 14:42 - 000000000 _____ () C:\Users\mary\AppData\Local\oobelibMkey.log
2021-12-15 10:06 - 2022-06-09 10:45 - 000007597 _____ () C:\Users\mary\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.06.2024
Ran by mary (02-06-2024 14:44:55)
Running from C:\Users\mary\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.3593 (X64) (2023-04-12 17:08:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-4211803538-2084879006-1980355138-500 - Administrator - Disabled)
bob (S-1-5-21-4211803538-2084879006-1980355138-1001 - Administrator - Enabled) => C:\Users\bob
DefaultAccount (S-1-5-21-4211803538-2084879006-1980355138-503 - Limited - Disabled)
Guest (S-1-5-21-4211803538-2084879006-1980355138-501 - Limited - Disabled)
QBDataServiceUser31 (S-1-5-21-4211803538-2084879006-1980355138-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser31
QBDataServiceUser34 (S-1-5-21-4211803538-2084879006-1980355138-1003 - Limited - Enabled) => C:\Users\QBDataServiceUser34
WDAGUtilityAccount (S-1-5-21-4211803538-2084879006-1980355138-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABS PDF Install (HKLM-x32\...\{C42DD564-7DCD-4555-A7F3-15C0F46221D0}) (Version: 4.2.2 - Atlas Business Solutions, Inc.)
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 24.002.20759 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.6.5.58 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.7.0.35 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Amazon Kindle) (Version: 1.34.1.63103 - Amazon)
CCleaner (HKLM\...\CCleaner) (Version: 6.23 - Piriform)
CCleaner Browser (HKLM-x32\...\CCleaner Browser) (Version: 124.0.25069.209 - Gen Digital Inc.)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1583.3 - Piriform Software) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
DefaultPackMSI (HKLM-x32\...\{D066B018-448B-40C5-9034-259BBCC49351}) (Version: 4.6.2.0 - Microsoft) Hidden
Dell Command | Update for Windows 10 (HKLM\...\{4CCADC13-F3AE-454F-B724-33F6D4E52022}) (Version: 4.1.0 - Dell Inc.)
Dell Digital Delivery Services (HKLM-x32\...\{E530ABB7-9DCC-421B-B751-484375E8374A}) (Version: 5.0.49.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{4F8A3BC3-641C-4B0D-AF46-EA3354016EA7}) (Version: 3.11.4.29 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{08E7C8D5-F2B5-4F09-B0EA-F28913BEFDB0}) (Version: 5.5.1.16143 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2a8bafd6-22ae-4d0e-87a4-686b2a4a2ab0}) (Version: 5.5.1.16143 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{ECFC785A-9107-4259-9288-0ABC86C0F6AB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Fax Upload (HKLM-x32\...\Fax Upload) (Version:  - )
GlanceGuest version 4.17.1.19 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.17.1.19 - Glance Networks, Inc.)
Google Chrome (HKLM\...\{5855610A-61B6-3325-AAA6-DED6B90CEF8D}) (Version: 125.0.6422.141 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 91.0.2.0 - Google LLC)
GoTo Opener (HKLM-x32\...\{C2A61D74-BB65-42AD-B81F-AC25E1F7DE02}) (Version: 1.0.536 - LogMeIn, Inc.)
Intel® Chipset Device Software (HKLM\...\{19D17223-0F9C-4155-8057-AA6F49A26E69}) (Version: 10.1.17861.8101 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{fcfc894b-0d54-4d39-826f-dcb39ce5dde7}) (Version: 10.1.17861.8101 - Intel® Corporation)
Intel® Icls (HKLM\...\{27946170-623E-45A2-9D7F-BEC95A5B78E6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® LMS (HKLM\...\{364EE9BC-EB74-4436-B502-FA8FF2F7153F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{69263849-1C5F-42A0-B973-141BA15107A0}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{DCC7FC90-C9BC-445B-A12B-ACC4278102BA}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{FEAA68D6-DA1D-4440-91B6-43906444FA49}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{E34D6B17-6F86-49F8-AECB-DE7B543A5960}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Wireless Manageability Driver (HKLM\...\{29B1F6D5-A3D3-45D8-9F53-EA9F0D4FC6DF}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Wireless Manageability Driver Extension (HKLM\...\{4088EEA3-A5CC-4CEA-ACA5-4F88191D0499}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intermedia Unite 2.15.187 (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\9962f338-b12b-54d0-a4f5-eba7ff612061) (Version: 2.15.187 - Intermedia.net, Inc.)
Malwarebytes version 5.1.4.112 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.4.112 - Malwarebytes)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.17531.20152 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 125.0.2535.79 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 125.0.2535.79 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\OneDriveSetup.exe) (Version: 24.091.0505.0003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3979886858-3466003010-52152672-500\...\OneDriveSetup.exe) (Version: 20.169.0823.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4211803538-2084879006-1980355138-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation)
Microsoft Search in Bing (HKLM-x32\...\{C17F6DEF-D34C-4B75-97E1-D81062408B4A}) (Version: 2.0.2 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Teams) (Version: 1.7.00.10152 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.38.33135 (HKLM-x32\...\{c649ede4-f16a-4486-a117-dcc2f2a35165}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135 (HKLM\...\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135 (HKLM\...\{AA0C8AB5-7297-4D46-A0D9-08096FE59E46}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17531.20152 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
QuickBooks (HKLM\...\{0A88B9C9-D3AE-4BC9-8DAB-44587CED8FF5}) (Version: 34.0.4006.3401 - Intuit Inc.) Hidden
QuickBooks Premier Edition 2024 (HKLM\...\{0B6C7039-7D8B-4F21-A87A-8CB687908C4D}) (Version: 34.0.4004.3401 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8940.1 - Realtek Semiconductor Corp.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SIP ALG Detector 1.3.0 (only current user) (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\23b40b0e-1734-5217-b8ef-22dbe914e37b) (Version: 1.3.0 - SIP ALG Detector)
Tftpd64 Standalone Edition (remove only) (HKLM-x32\...\Tftpd64) (Version:  - )
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
Zoom Outlook Plugin (HKLM-x32\...\{F4E64D16-21FD-43A3-9E5F-55D8ECC5E14B}) (Version: 5.17.10 - Zoom)
Zoom Workplace (64-bit) (HKLM\...\{57D6B477-1B0C-4C4B-8479-A89ACFDFD875}) (Version: 6.0.38135 - Zoom)
 
Packages:
=========
 
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-10-19] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC [2024-05-16] ()
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-10-19] (Adobe Systems Incorporated)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5487.0_x64__8j3eq9eme6ctt [2024-05-17] (INTEL CORP) [Startup Task]
Bountiful Cottage Gardens -> C:\Program Files\WindowsApps\Microsoft.BountifulCottageGardens_1.0.0.0_neutral__8wekyb3d8bbwe [2021-01-27] (Microsoft Corporation)
Dell Command | Update -> C:\Program Files\WindowsApps\DellInc.DellCommandUpdate_4.1.17.0_x86__htrsf667h5kn2 [2021-02-04] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.86.0_x64__htrsf667h5kn2 [2024-02-29] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.11.20.0_x64__htrsf667h5kn2 [2022-07-13] (Dell Inc)
DellTypeCStatus -> C:\Program Files\WindowsApps\MSWP.DellTypeCStatus_4.2.2629.0_x64__9j0h69dmw0fzc [2022-07-05] (WISTRON CORPORATION) [Startup Task]
DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2024.2.0.0_x64__t5j2fzbtdg37r [2024-04-15] (DTS, Inc.)
Intel® Management and Security Status -> C:\Program Files\WindowsApps\AppUp.IntelManagementandSecurityStatus_2328.5.2.0_x64__8j3eq9eme6ctt [2024-04-25] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2024-04-05] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa [2024-05-08] (Apple Inc.) [Startup Task]
Media Suite Essentials -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.15823.0_x86__mcezb6ze687jp [2024-02-27] (CYBERLINK CORPORATION.)
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe [2023-12-05] (Microsoft) [Startup Task]
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-09] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24051.39.0_x64__cw5n1h2txyewy [2024-05-30] (Microsoft Windows) [Startup Task]
Partner Promo -> C:\Program Files\WindowsApps\DellInc.PartnerPromo_1.0.21.0_x64__htrsf667h5kn2 [2020-09-11] (Dell Inc)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-11] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.4925.0_x86__mcezb6ze687jp [2022-08-11] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-09-11] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2020-10-19] (CYBERLINK CORPORATION.)
Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe [2023-06-13] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0 [2024-05-27] (Spotify AB) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2024-05-06] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2019_2.0.54.0_x64__fh4rh281wavaa [2024-05-06] (Waves Audio)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-05-23] (Microsoft Windows)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{00E36C5D-CFBD-364F-AA9E-CB902CB407BD}\InprocServer32 -> C:/Program Files/SecuriSync/OutlookPlugin/Sync.Desktop.Windows.OutlookPlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{04271989-C4D2-EAFE-AD03-E6EC7AE4ABC1} -> [OneDrive - Lovelace Engineering] => C:\Users\mary\OneDrive - Lovelace Engineering [2022-05-20 10:05]
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\mary\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.24054.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{1D8CB3CA-2453-3D6F-88F8-82C76023EE2C}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{3b9ec29f-6c5c-4076-9747-06c742b30185}\localserver32 -> C:\Users\mary\AppData\Local\Programs\Intermedia Unite\OfficeIntegrationServer\UniteOfficeIntegration.exe (SystemServer -> )
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{40d89b2c-0ffe-4d59-a2db-031a0033d713}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{518711FA-3D8A-3A0E-BCB6-3A393B688C61}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{5C156F2F-01D6-4476-A126-0DA82D7A5FC5}\InprocServer32 -> C:\Program Files\SecuriSync\OfficePlugin\adxloader64.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{61B76A32-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{61B76A34-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{63B5B272-1760-4A4F-922B-57F274900044}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{63DBFA59-747B-388B-9692-51A60A35BB0F}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{6829D1D7-7F8C-348B-9F9F-577E78B0300C}\InprocServer32 -> C:/Program Files/SecuriSync/OutlookPlugin/Sync.Desktop.Windows.OutlookPlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{7C3CD4C6-7B05-3B44-91B8-6CAA54A14685}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{8E28E7CD-6B27-3BEC-8EE5-B78FFCBE75EE}\InprocServer32 -> C:/Program Files/SecuriSync/OutlookPlugin/Sync.Desktop.Windows.OutlookPlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9FE79C69-86D8-3CE9-AD2C-48D91AEAA9A8}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A14A674B-E0BE-48C1-BAB2-6ACBA33CA8CF}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qfill.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{AC9B2B25-5613-33D2-8722-1848CFE9E54A}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{B69CEB95-E384-3916-96A9-5BADA3AD385A}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{C8353B7E-CA5F-3678-8838-2B32E9ED2BB6}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\mary\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc. -> Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA3-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA5-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FB359C2A-6927-4AD7-8F1B-B6472CA7CDE7}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit, Inc. -> Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FFFD2374-413A-429C-AFD2-AED332DFBEC7}\InprocServer32 -> C:\Program Files\SecuriSync\OutlookPlugin\adxloader64.dll => No File
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-11] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-11] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\mary\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat ()
ShortcutWithArgument: C:\Users\mary\Desktop\MARY - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\mary\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\MARY - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2024-03-12 14:54 - 2024-03-12 14:54 - 001161728 _____ () [File not signed] [File is in use] C:\Program Files\Intuit\QuickBooks 2024\CefSharp.BrowserSubprocess.Core.dll
2024-03-12 14:54 - 2024-03-12 14:54 - 001805824 _____ () [File not signed] [File is in use] C:\Program Files\Intuit\QuickBooks 2024\CefSharp.Core.Runtime.dll
2024-04-29 16:05 - 2024-04-05 06:55 - 000167424 _____ () [File not signed] \\?\C:\Users\mary\AppData\Local\Programs\Intermedia Unite\resources\app.asar.unpacked\node_modules\@uc-tools\rust-native\index-x64.node
2024-04-29 16:05 - 2024-04-05 06:55 - 000108544 _____ () [File not signed] \\?\C:\Users\mary\AppData\Local\Programs\Intermedia Unite\resources\app.asar.unpacked\node_modules\windows-focus-assist\build\Release\focus-assist.node
2024-04-29 16:05 - 2024-04-05 06:55 - 000128000 _____ () [File not signed] \\?\C:\Users\mary\AppData\Local\Programs\Intermedia Unite\resources\app.asar.unpacked\node_modules\windows-native-registry\build\Release\native.node
2024-04-29 16:05 - 2024-04-05 06:55 - 000644608 _____ () [File not signed] \\?\C:\Users\mary\AppData\Local\Programs\Intermedia Unite\resources\app.asar.unpacked\node_modules\zeromq\build\Release\zeromq.node
2023-11-10 13:38 - 2023-11-10 13:38 - 000861184 _____ () [File not signed] C:\Program Files\Intuit\QuickBooks 2024\boost_regex-vc142-mt-x64-1_71.dll
2023-11-10 13:38 - 2023-11-10 13:38 - 000237056 _____ () [File not signed] C:\Program Files\Intuit\QuickBooks 2024\boost_serialization-vc142-mt-x64-1_71.dll
2024-04-29 16:05 - 2024-04-05 06:55 - 002881536 _____ () [File not signed] C:\Users\mary\AppData\Local\Programs\Intermedia Unite\ffmpeg.dll
2024-04-29 16:05 - 2024-04-05 06:55 - 000480768 _____ () [File not signed] C:\Users\mary\AppData\Local\Programs\Intermedia Unite\libegl.dll
2024-04-29 16:05 - 2024-04-05 06:55 - 007493120 _____ () [File not signed] C:\Users\mary\AppData\Local\Programs\Intermedia Unite\libglesv2.dll
2024-04-29 16:05 - 2024-04-05 06:55 - 005126656 _____ () [File not signed] C:\Users\mary\AppData\Local\Programs\Intermedia Unite\vk_swiftshader.dll
2023-11-10 13:43 - 2023-11-10 13:43 - 005182464 _____ (Intuit Inc.) [File not signed] C:\WINDOWS\SYSTEM32\InetClnt.dll
2022-08-26 02:12 - 2022-08-26 02:12 - 000944128 _____ (Intuit, Inc.) [File not signed] C:\Program Files\Common Files\Intuit\Entitlement Client\v8\Client\EntitlementClientBootstrap.dll
2020-10-19 13:51 - 2020-10-19 13:51 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2020-10-19 13:51 - 2020-10-19 13:51 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-10-19 13:51 - 2020-10-19 13:51 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2020-10-19 13:51 - 2020-10-19 13:51 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\c2r64.dll
2024-04-05 11:31 - 2024-05-29 08:52 - 001035264 _____ (SAP SE or an SAP affiliate company) [File not signed] C:\Users\mary\AppData\Local\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1704.x64_1\dbdata17.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
SearchScopes: HKU\S-1-5-21-3979886858-3466003010-52152672-1116 -> DefaultScope {0B02DCA9-42FF-4168-BC67-986B2BDAD78B} URL = 
SearchScopes: HKU\S-1-5-21-3979886858-3466003010-52152672-1116 -> {0B02DCA9-42FF-4168-BC67-986B2BDAD78B} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3979886858-3466003010-52152672-1116 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
Handler: intu-help-qb17 - {2E3EE4ED-2928-4123-9975-20206B8E4B1C} - C:\Program Files\Intuit\QuickBooks 2024\HelpAsyncPluggableProtocol.dll [2024-03-12] (Intuit, Inc. -> Intuit, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-04-29] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2022-05-06] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\sharepoint.com -> hxxps://lovelaceeng-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 02:14 - 2019-12-07 02:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\Control Panel\Desktop\\Wallpaper -> C:\Users\mary\Desktop\Mary's Documents\A Personal Place\pngtree-purple-watercolor-sumi-vintage-floral-border-background-picture-image_1219230.jpg
HKU\S-1-5-21-3979886858-3466003010-52152672-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
HKU\S-1-5-21-4211803538-2084879006-1980355138-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
HKU\S-1-5-21-4211803538-2084879006-1980355138-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4211803538-2084879006-1980355138-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.254.2 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Vista Fax Daemon.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D93AF75D227E4510AE1D42E181D1834B"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_012365C4288EC115F2F0C751243D3576"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_809B74D231354AD3DE6C5DCCAC791EFC"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "Intermedia Unite"
HKU\S-1-5-21-3979886858-3466003010-52152672-500\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-4211803538-2084879006-1980355138-1001\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-4211803538-2084879006-1980355138-1002\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-4211803538-2084879006-1980355138-1003\...\StartupApproved\Run: => "GoogleDriveFS"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4BF91C18-2520-4DCC-9322-95AF9E980E6F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{A7F69B2C-3771-4CA8-B6EE-DB5DA538AD71}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{10D8E29A-89C3-4EC1-ADD7-AA111DA9DD4D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{2BB9C59F-4152-4ECC-8EAD-D886143A0FDE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{D6FA5B1E-E987-4F83-B3A9-51A958CE4E7A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{475E7ACF-50A8-4143-8F0B-0DB9104B0779}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{303F70AA-CF3E-4DF2-86DC-267E8F29A0AD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{7378FA67-CD78-4E07-B99A-1D08AC08263B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{66ABF64F-920A-4C8E-A3EA-03915C95FA89}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{7FDD70FF-322C-4019-AD55-B1EED0ACAAD4}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{27AD9E22-FF8C-44BD-8728-C1DD7222D8E3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{13D51DC1-D17F-4011-8310-AABAFC27EF8E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{23A4C02A-ECF3-440F-BEBC-2F8756BD477B}C:\users\mary\appdata\local\programs\sipalgelectron\sip alg detector.exe] => (Allow) C:\users\mary\appdata\local\programs\sipalgelectron\sip alg detector.exe (Systemserver -> SIP ALG Detector)
FirewallRules: [UDP Query User{939C0A7D-9676-47BB-9C9E-DAB9DD8DA23D}C:\users\mary\appdata\local\programs\sipalgelectron\sip alg detector.exe] => (Allow) C:\users\mary\appdata\local\programs\sipalgelectron\sip alg detector.exe (Systemserver -> SIP ALG Detector)
FirewallRules: [TCP Query User{2BDC60BE-07A0-404D-A80C-51A87CA82628}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe (Ph. Jounin) [File not signed]
FirewallRules: [UDP Query User{1AC858BA-6167-45BE-9B3A-469370FC3611}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe (Ph. Jounin) [File not signed]
FirewallRules: [TCP Query User{C4571315-31CF-49E7-8A3B-869A0073352B}C:\users\mary\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\mary\appdata\roaming\zoom\bin\zoom.exe => No File
FirewallRules: [UDP Query User{4ABD339F-CD23-46CC-8BE9-CA0824E2C381}C:\users\mary\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\mary\appdata\roaming\zoom\bin\zoom.exe => No File
FirewallRules: [{544D392B-2809-4210-AF06-DFFCE5D63A81}] => (Allow) C:\QuickBooks Premier Edition 2021\qbw32.exe => No File
FirewallRules: [{879C848B-4E20-44FE-A25D-4B062D5DE33F}] => (Allow) C:\QuickBooks Premier Edition 2021\qbw32.exe => No File
FirewallRules: [{FA6920D5-03D6-4664-ACED-CC15D7CA2141}] => (Allow) C:\QuickBooks Premier Edition 2021\dbmanagerexe.exe => No File
FirewallRules: [{01A2881C-F194-4566-A9B1-D484B4F8EA3E}] => (Allow) C:\QuickBooks Premier Edition 2021\dbmanagerexe.exe => No File
FirewallRules: [{900EFBBC-B2A3-4B6D-963B-A342A7EE9D12}] => (Allow) C:\QuickBooks Premier Edition 2021\filemanagement.exe => No File
FirewallRules: [{CE5D6B2E-8F08-4229-9DBB-D4CA214724CB}] => (Allow) C:\QuickBooks Premier Edition 2021\filemanagement.exe => No File
FirewallRules: [{3A6051C1-3359-42BA-826A-496D19A8AA9F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe => No File
FirewallRules: [{BFBD91C1-5850-4E7A-8F90-E62B87794B7A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe => No File
FirewallRules: [{03D14DBD-5B05-4BE5-8E3B-DE22D266A079}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe => No File
FirewallRules: [{0F76E667-E7A7-4B9D-B4A1-8B2085536767}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe => No File
FirewallRules: [{595FDFB8-7D20-4CCA-9D2C-556C6755AA58}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{8AE0B644-8A57-4246-8242-4F3C03C6AE74}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{7BACCFD8-F482-475F-9B25-A379030CA7C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{70CE0B78-3434-487E-9CAC-C9181E996F16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AA5F61BF-2116-4222-9948-97DC8DBA489F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{ECB5C45E-7A7B-480B-86C1-EE6306CEC6FA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{548D2CA8-FDD6-45F2-8B16-B67C406EBC14}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C523FB76-63BA-4B52-9FD9-9B923B5334DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{63A219B7-4578-487F-8338-C1BDF4686F47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E95BA31B-5A21-44DB-B736-252E8E31BF1B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{986FCA53-6ACC-4EB8-B86D-EF448AD46564}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{3D44382D-2164-4DD4-97DC-38C19EC85F8E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{449104D8-A378-410C-8F54-CD8BFEB3F3CB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{E9BF53D3-5294-404E-8F4E-2938DA9EA929}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{1DCA646B-88BC-4E03-973C-8AE9E6E1F9D7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{5CCC4114-BA4E-4B19-8A62-49BF3782176B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{294C8B69-4141-4DCA-973F-D7B40C03E3EF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{F0211EEC-9C9A-4A6D-BA4F-4B1D7D7F80BD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{15EE2531-08D7-443E-BF0A-B972F57EE129}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [TCP Query User{392CBC4C-FA61-44A5-9FF5-96E1BB38C56F}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{71EE2DD7-6B52-4A80-81A4-6231619270A2}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{0534412A-5128-4A64-8CA2-ADC18EC8A61D}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7E321C81-98BD-448F-BC33-40287285218B}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{30013816-28EF-4D01-880D-CB32E15DBA64}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{16173167-A240-48B5-8E23-0F132BB2A9C9}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{020225B8-79B0-4564-8BC3-D53ED177FB06}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{CC595575-5A32-4D9C-8BDF-553C11965984}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{9B0508CF-A24E-4979-A89B-BA3005A7504F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8F947C6E-1EC8-4E3A-9717-302BF98C127F}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{A44A462E-DFA0-46DA-8BB1-F9E75565BB39}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{EDA4FD33-1C75-43CB-92A0-68A7FD670C58}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{FE68E06C-0886-452D-A6BA-A8A2816B577B}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{61295796-E3D8-479A-9F1F-8F933877D75D}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A6D0A6D-1D2C-4899-A81E-B9CCE5E271FB}] => (Allow) C:\QuickBooks Premier Edition 2021\qbdbmgrn.exe => No File
FirewallRules: [{3F79E0D3-72E1-43B2-A402-2E0AA0021859}] => (Allow) C:\QuickBooks Premier Edition 2021\qbdbmgrn.exe => No File
FirewallRules: [{C143A4ED-E934-4D79-AFDA-F78559D5F2C0}] => (Allow) C:\Program Files\Intuit\QuickBooks 2024\QBDBMgrN.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{2FE64E85-22E1-43F2-8893-152382B7C6C4}] => (Allow) C:\Program Files\Intuit\QuickBooks 2024\QBDBMgrN.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{0891A67F-5E8E-4091-BA81-27F9ECC4DB61}] => (Allow) C:\Program Files\Intuit\QuickBooks 2024\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{47E09A44-0D99-41E2-B57E-A62F2EE801AB}] => (Allow) C:\Program Files\Intuit\QuickBooks 2024\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{CC73527C-BB9D-4330-8FA1-087F09CE4650}] => (Allow) C:\Program Files\Intuit\QuickBooks 2024\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{3A358ACA-CBBE-431A-A5A8-0EA09E1C192B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BFE68FD8-C196-447C-B94D-DFC41F39C04B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2AD3C678-850E-4CEB-94B4-9CC0E4276D49}] => (Allow) C:\Program Files\Intuit\QuickBooks 2024\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{701D2F65-16DB-48BC-BC6A-49ED5A6BABBC}] => (Allow) C:\Program Files\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1E9ACA3D-F85A-48A0-8FA8-B996CD213A50}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C8267A20-C9B7-4C6A-8A66-8A7ED47FCABF}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{58522210-CAD9-4C94-994E-BB7B82060B4D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C8505301-CD47-4D9E-8996-7EB3C11DEB09}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{01D6D90D-01D1-4929-BCCF-B072D70BB3F8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C62A2456-3906-4810-8402-42EB10F17F46}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0995DB68-116A-4852-A8CF-6AFDF3B0B2F4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{EC228DE4-697F-4E16-8FF7-FC36C26D7BD2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{056F9AAA-8814-47C8-970B-BF150DE17FC3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{2BB6D4FF-EE14-4115-AD3B-559B7B7F165B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{D7ED7AC2-CB90-4395-9D25-5266A07239B3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{82432110-33BC-49C2-B736-34FA204FA05A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B5D74BBA-E1FA-4B74-8377-3D4B80394E8A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B5E42A8A-7E74-42A2-8D03-1A5D1CA8E811}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7CD11D10-FA44-4BDE-A37E-CB05E3F79504}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4769BACF-9103-41EB-8F66-DE860A3D5FDE}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24102.2310.2875.4487_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{85EA1881-FD29-44A1-B186-3C96E593343C}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24102.2310.2875.4487_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E0BEEF04-4BB2-4F8B-8E40-F74A71B02C48}] => (Allow) C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe (PIRIFORM SOFTWARE LIMITED -> Gen Digital Inc.)
FirewallRules: [{03B834FE-8DC3-4B14-886E-94442D8B6FAF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EB2F3BBC-F906-4CD6-B900-5BB3A8BBB314}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C91935BA-872E-4236-BE49-CC924798718D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{275203DA-DE1B-454B-B5C2-699FE2394B9F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{70DB954E-7838-495C-B721-E63307C223CF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8C2B601C-F46F-439B-8107-CB84A66F89D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{FE217B51-4AAA-46D5-808E-C73593CDE9F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{712D8989-CCBF-4A6F-B79C-E6B015E3D4E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D758C594-FBAD-41EB-9C4B-A5272716D9AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{473612FD-6E81-433B-B569-3E760F9ADBD4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F90199B6-B5C6-450D-A1A5-74EFCEC4B9CC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F1CFC8A1-A431-4CC0-B304-8D33D9F72D46}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.79\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
01-06-2024 17:44:39 Windows Update
01-06-2024 17:44:39 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (05/31/2024 04:07:14 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Plus Edition 2024":
WPR: calling  ABORT_CLOSE
 
Error: (05/31/2024 01:24:47 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Plus Edition 2024":
WPR: AddPrinter failed - failed to add XPS printer driver lasterror=1802OS =10.0 Printdriver name :Microsoft XPS Document Writer
 
Error: (05/31/2024 01:02:38 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Plus Edition 2024":
WPR: AddPrinter failed - failed to add XPS printer driver lasterror=1802OS =10.0 Printdriver name :Microsoft XPS Document Writer
 
Error: (05/31/2024 01:01:22 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Plus Edition 2024":
WPR: AddPrinter failed - failed to add XPS printer driver lasterror=1802OS =10.0 Printdriver name :Microsoft XPS Document Writer
 
Error: (05/31/2024 01:01:22 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Plus Edition 2024":
WPR: calling  ABORT_CLOSE
 
Error: (05/31/2024 12:14:45 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Plus Edition 2024":
WPR: AddPrinter failed - failed to add XPS printer driver lasterror=1802OS =10.0 Printdriver name :Microsoft XPS Document Writer
 
Error: (05/31/2024 12:14:12 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Plus Edition 2024":
WPR: calling  ABORT_CLOSE
 
Error: (05/31/2024 12:11:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Plus Edition 2024":
Data error in MasterType::CommonRead.  Could not lookup view for master recnum 2147483647.  Error code -6020
 
 
System errors:
=============
Error: (06/02/2024 02:19:24 PM) (Source: DCOM) (EventID: 10010) (User: LOVELACE)
Description: The server {85DE1C45-2C66-101B-B02E-04021C009402} did not register with DCOM within the required timeout.
 
Error: (05/31/2024 04:11:28 PM) (Source: DCOM) (EventID: 10010) (User: LOVELACE)
Description: The server {85DE1C45-2C66-101B-B02E-04021C009402} did not register with DCOM within the required timeout.
 
Error: (05/31/2024 01:32:01 PM) (Source: DCOM) (EventID: 10010) (User: LOVELACE)
Description: The server {85DE1C45-2C66-101B-B02E-04021C009402} did not register with DCOM within the required timeout.
 
Error: (05/30/2024 03:06:58 PM) (Source: DCOM) (EventID: 10010) (User: LOVELACE)
Description: The server {85DE1C45-2C66-101B-B02E-04021C009402} did not register with DCOM within the required timeout.
 
Error: (05/30/2024 10:17:17 AM) (Source: DCOM) (EventID: 10010) (User: LOVELACE)
Description: The server {85DE1C45-2C66-101B-B02E-04021C009402} did not register with DCOM within the required timeout.
 
Error: (05/29/2024 04:38:13 PM) (Source: DCOM) (EventID: 10010) (User: LOVELACE)
Description: The server {85DE1C45-2C66-101B-B02E-04021C009402} did not register with DCOM within the required timeout.
 
Error: (05/29/2024 04:21:23 PM) (Source: DCOM) (EventID: 10010) (User: LOVELACE)
Description: The server {85DE1C45-2C66-101B-B02E-04021C009402} did not register with DCOM within the required timeout.
 
Error: (05/29/2024 03:34:02 PM) (Source: DCOM) (EventID: 10010) (User: LOVELACE)
Description: The server {85DE1C45-2C66-101B-B02E-04021C009402} did not register with DCOM within the required timeout.
 
 
Windows Defender:
================
Date: 2024-06-01 19:31:25
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-05-31 18:29:20
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-05-30 19:31:22
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-05-29 19:31:22
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-05-28 13:46:07
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2024-03-06 17:01:00
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted 
Security intelligence Version: 1.405.1133.0;1.405.1133.0
Engine Version: 1.1.24020.9 
 
Date: 2024-03-06 17:00:54
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted 
Security intelligence Version: 1.405.1152.0;1.405.1152.0
Engine Version: 1.1.24020.9 
 
Date: 2023-11-23 08:25:32
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1056.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070102
Error description: The wait operation timed out.  
 
Date: 2023-11-17 08:23:38
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.751.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070102
Error description: The wait operation timed out.  
 
Date: 2023-09-27 23:15:24
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.397.1675.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23090.2007
Error code: 0x80070102
Error description: The wait operation timed out.  
 
CodeIntegrity:
===============
Date: 2024-05-31 07:31:37
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. 
 
Date: 2024-05-31 06:54:08
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.7.0 10/19/2020
Motherboard: Dell Inc. 0YNVJG
Processor: Intel® Core™ i5-9500 CPU @ 3.00GHz
Percentage of memory in use: 89%
Total physical RAM: 7973.94 MB
Available physical RAM: 799.12 MB
Total Virtual: 16858.49 MB
Available Virtual: 2293.04 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.51 GB) (Free:288.65 GB) (Model: WDC WD5000AZLX-75K2TA1) NTFS
 
\\?\Volume{fb6d99f7-c7bc-4faf-8c1c-c6b18da8f512}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.08 GB) NTFS
\\?\Volume{598a17b2-40ab-4273-9653-5160b0e748b0}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.09 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: AB689CA2)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP
Get Process Explorer
 
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
View and check Show Processes From All Users 
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
PS.  Your event logs show a major problem with Quick Books.  It may need to be uninstalled and reinstalled

  • 0

#3
mandrada

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
AcrobatNotificationClient.exe    Suspended    10,172 K    27,736 K    7732            (Verified) Adobe Systems, Incorporated
AdobeCollabSync.exe        4,800 K    15,720 K    2876    Acrobat Collaboration Synchronizer 24.2    Adobe Systems Incorporated    (Verified) Adobe Inc.
AdobeCollabSync.exe        10,136 K    24,592 K    14300    Acrobat Collaboration Synchronizer 24.2    Adobe Systems Incorporated    (Verified) Adobe Inc.
AdobeNotificationClient.exe    Suspended    9,748 K    17,112 K    9856    Adobe Notification Client    Adobe Inc.    (Verified) Adobe Inc.
AggregatorHost.exe        2,556 K    9,664 K    6692            
ApplicationFrameHost.exe        14,588 K    29,908 K    10452    Application Frame Host    Microsoft Corporation    (Verified) Microsoft Windows
armsvc.exe        1,784 K    6,392 K    12600    Acrobat Update Service    Adobe Inc.    (Verified) Adobe Inc.
axlbridge.exe        1,308 K    7,004 K    9288    AXLBridge Module    Intuit Inc.    (Verified) Intuit, Inc.
backgroundTaskHost.exe    Suspended    22,764 K    6,360 K    15232    Background Task Host    Microsoft Corporation    (Verified) Microsoft Windows
backgroundTaskHost.exe    Suspended    17,924 K    2,212 K    7288    Background Task Host    Microsoft Corporation    (Verified) Microsoft Windows
backgroundTaskHost.exe    Suspended    2,692 K    1,888 K    11548    Background Task Host    Microsoft Corporation    (Verified) Microsoft Windows
backgroundTaskHost.exe    Suspended    17,952 K    2,208 K    14264    Background Task Host    Microsoft Corporation    (Verified) Microsoft Windows
backgroundTaskHost.exe    Suspended    8,256 K    1,736 K    12708    Background Task Host    Microsoft Corporation    (Verified) Microsoft Windows
backgroundTaskHost.exe    Suspended    3,100 K    1,716 K    11128    Background Task Host    Microsoft Corporation    (Verified) Microsoft Windows
backgroundTaskHost.exe    Suspended    2,764 K    1,724 K    3708    Background Task Host    Microsoft Corporation    (Verified) Microsoft Windows
backgroundTaskHost.exe        2,308 K    10,948 K    2620    Background Task Host    Microsoft Corporation    (Verified) Microsoft Windows
CCleanerBrowserUpdate.exe        2,212 K    432 K    6804            
CCleanerPerformanceOptimizerService.exe        8,596 K    23,856 K    4252    CCleaner Performance Optimizer Service    Piriform Software Ltd    (Verified) PIRIFORM SOFTWARE LIMITED
CefSharp.BrowserSubprocess.exe        40,680 K    50,868 K    10916    CefSharp.BrowserSubprocess    The CefSharp Authors    (No signature was present in the subject) The CefSharp Authors
CefSharp.BrowserSubprocess.exe        40,972 K    50,424 K    8504    CefSharp.BrowserSubprocess    The CefSharp Authors    (No signature was present in the subject) The CefSharp Authors
CefSharp.BrowserSubprocess.exe        72,860 K    56,096 K    6048    CefSharp.BrowserSubprocess    The CefSharp Authors    (No signature was present in the subject) The CefSharp Authors
CefSharp.BrowserSubprocess.exe        23,404 K    24,052 K    4228    CefSharp.BrowserSubprocess    The CefSharp Authors    (No signature was present in the subject) The CefSharp Authors
chrome.exe        1,880 K    7,636 K    15608    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        13,068 K    28,820 K    14560    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        15,288 K    39,196 K    15416    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        94,668 K    132,728 K    12276    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        17,760 K    41,848 K    11092    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe        33,164 K    63,624 K    5064    Google Chrome    Google LLC    (Verified) Google LLC
cmd.exe        1,908 K    3,832 K    7044    Windows Command Processor    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        5,888 K    12,344 K    5800    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        77,788 K    35,344 K    1708            
dasHost.exe        1,112 K    4,364 K    4924            
DDVCollectorSvcApi.exe        1,896 K    8,984 K    3820    Dell Data Vault Data Collector Service API    Dell Technologies Inc.    (Verified) Dell Inc
DDVDataCollector.exe        30,756 K    52,204 K    7552    DDVDataCollector    Dell Technologies Inc.    (Verified) Dell Inc
DDVRulesProcessor.exe        18,356 K    15,036 K    5780    Dell Data Vault Rules Processor    Dell Technologies Inc.    (Verified) Dell Inc
dllhost.exe        6,236 K    14,680 K    2796    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe        3,756 K    18,908 K    2244    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
fontdrvhost.exe        1,804 K    3,348 K    1160            
fontdrvhost.exe        8,920 K    13,612 K    1152            
igfxCUIService.exe        2,076 K    9,188 K    2516    igfxCUIService Module    Intel Corporation    (Verified) Intel Corporation
igfxEM.exe        3,488 K    13,584 K    7152    igfxEM Module    Intel Corporation    (Verified) Intel Corporation
IntelCpHDCPSvc.exe        1,532 K    7,208 K    1804    Intel HD Graphics Drivers for Windows®    Intel Corporation    (Verified) Intel Corporation
IntelCpHeciSvc.exe        1,420 K    6,572 K    1020    IntelCpHeciSvc Executable    Intel Corporation    (Verified) Intel Corporation
Intuit.QBDT.Webconnector.Application.exe        25,140 K    33,392 K    8372    App        (Verified) Intuit, Inc.
Intuit.QBDT.Webconnector.QBWCMonitor.exe        17,192 K    25,704 K    8992    QBWCMonitor        (Verified) Intuit, Inc.
jhi_service.exe        1,300 K    5,620 K    3824    Intel® Dynamic Application Loader Host Interface    Intel Corporation    (Verified) Intel Corporation
LMS.exe        6,432 K    13,884 K    4080    Intel® Local Management Service    Intel Corporation    (Verified) Intel Corporation
LockApp.exe    Suspended    22,524 K    70,880 K    8456    LockApp.exe    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe        13,772 K    30,944 K    760    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
Memory Compression        1,860 K    84,072 K    2464            
Microsoft.SharePoint.exe        20,324 K    4,216 K    11048    Microsoft SharePoint    Microsoft Corporation    (Verified) Microsoft Corporation
MpDefenderCoreService.exe        10,084 K    18,452 K    3248    Antimalware Core Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
msedgewebview2.exe        2,088 K    7,044 K    1444    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
msedgewebview2.exe        2,072 K    7,100 K    15388    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
msedgewebview2.exe        10,508 K    30,464 K    16252    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
msedgewebview2.exe        9,396 K    17,852 K    11948    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
msedgewebview2.exe        112,240 K    158,048 K    8836    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
msedgewebview2.exe        7,080 K    16,960 K    7612    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
msedgewebview2.exe        69,620 K    71,168 K    13300    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
msedgewebview2.exe        33,152 K    96,004 K    11528    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
msedgewebview2.exe        41,060 K    48,284 K    6812    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
msedgewebview2.exe        7,032 K    16,180 K    8076    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
msedgewebview2.exe        32,488 K    58,320 K    3984    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
NisSrv.exe        4,796 K    11,296 K    3784    Microsoft Network Realtime Inspection Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
OfficeClickToRun.exe        47,816 K    43,576 K    2560    Microsoft Office Click-to-Run (SxS)    Microsoft Corporation    (Verified) Microsoft Corporation
OneApp.IGCC.WinService.exe        38,388 K    40,148 K    4056    Intel® Graphics Command Center Service    Intel Corporation    (Verified) Intel Corporation
PhoneExperienceHost.exe        61,928 K    143,528 K    14896    Microsoft Phone Link    Microsoft Corporation    (Verified) Microsoft Corporation
procexp (1).exe        4,576 K    15,096 K    13748    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
QBIDPService.exe        15,632 K    14,944 K    3992    QBIDPService    Intuit Inc.    (No signature was present in the subject) Intuit Inc.
qbmapi64.exe        24,236 K    50,456 K    2532    QuickBooks MAPI    Intuit Inc.    (Verified) Intuit, Inc.
QBUpdateMonitorService.exe        18,744 K    27,440 K    4088         Intuit Inc.    (Verified) Intuit, Inc.
Registry        10,972 K    36,172 K    124            
RstMwService.exe        1,688 K    6,612 K    4144    Intel® Rapid Storage Technology Management Service    Intel Corporation    (Verified) Intel Corporation
RtkAudUService64.exe        2,808 K    9,380 K    4316    Realtek HD Audio Universal Service    Realtek Semiconductor    (Verified) Realtek Semiconductor Corp.
RtkAudUService64.exe        2,928 K    12,552 K    7420            
RuntimeBroker.exe        1,408 K    6,856 K    8324    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        6,248 K    24,136 K    5016    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        6,056 K    29,132 K    5924    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        2,708 K    13,328 K    9316    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        5,808 K    19,084 K    6064    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        9,008 K    34,336 K    4168    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        2,752 K    15,172 K    6180    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        1,972 K    10,476 K    3976    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
SearchHost.exe    Suspended    203,944 K    95,084 K    5872        Microsoft Corporation    (Verified) Microsoft Windows
SearchProtocolHost.exe        1,824 K    8,644 K    10364            
ShellExperienceHost.exe    Suspended    23,860 K    56,044 K    7532    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
sihost.exe        6,916 K    32,184 K    6132    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
smartscreen.exe        4,968 K    19,756 K    10608    Windows Defender SmartScreen    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        1,104 K    1,096 K    560            
splwow64.exe        10,308 K    22,136 K    12840    Print driver host for applications    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        24,104 K    36,156 K    3496    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
Spotify.exe        18,132 K    28,184 K    10852    Spotify    Spotify Ltd    (Verified) Spotify AB
Spotify.exe        75,512 K    86,400 K    11176    Spotify    Spotify Ltd    (Verified) Spotify AB
Spotify.exe        163,520 K    192,944 K    11364    Spotify    Spotify Ltd    (Verified) Spotify AB
StartMenuExperienceHost.exe        55,160 K    87,608 K    6760    Windows Start Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,612 K    9,000 K    1548    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,392 K    5,540 K    1572    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,892 K    7,596 K    1720    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,420 K    5,352 K    1812    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,268 K    9,444 K    1676    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,216 K    5,412 K    2200    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,780 K    8,016 K    2684    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,556 K    6,772 K    2964    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,452 K    6,692 K    3096    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,716 K    7,676 K    3180    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,248 K    9,908 K    3392    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,180 K    8,932 K    3752    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,228 K    5,960 K    3760    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,408 K    6,256 K    3768    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,132 K    4,980 K    3952    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,624 K    5,968 K    4024    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,384 K    10,700 K    5436    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,244 K    7,768 K    6632    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,332 K    11,240 K    2580    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,968 K    7,820 K    5484    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,872 K    13,468 K    7828    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,364 K    7,244 K    8032    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,924 K    12,800 K    7072    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,116 K    5,360 K    10896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,672 K    9,008 K    12500    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,736 K    9,404 K    9548    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,496 K    9,880 K    12704    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,012 K    9,300 K    1628    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,532 K    17,640 K    4100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,492 K    5,964 K    3320    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,236 K    4,988 K    3384    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,308 K    21,028 K    6068    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,960 K    12,344 K    3980    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,892 K    8,072 K    2692    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,692 K    7,588 K    13552    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,320 K    16,148 K    1992    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,460 K    13,980 K    4164    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,852 K    9,080 K    9988    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        16,504 K    16,964 K    2064    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        27,804 K    36,612 K    3788    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,264 K    27,372 K    5524    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        9,200 K    18,492 K    3812    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,792 K    14,064 K    5072    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,480 K    14,252 K    3316    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        21,844 K    22,768 K    3064    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,556 K    10,956 K    6060    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,716 K    6,700 K    1580    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,932 K    5,936 K    2900    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,268 K    6,996 K    1556    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,084 K    10,028 K    1304    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,864 K    9,196 K    1700    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,392 K    6,920 K    1764    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,356 K    8,560 K    4796    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,740 K    10,396 K    2252    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,256 K    8,868 K    3576    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        12,192 K    18,484 K    3588    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,000 K    20,508 K    7008    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,224 K    9,192 K    2356    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,600 K    20,128 K    6992    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,944 K    7,588 K    2208    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,176 K    15,760 K    1824    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,992 K    9,872 K    4528    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,848 K    7,024 K    2412    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,056 K    7,308 K    8900    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,836 K    15,056 K    5840    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,868 K    10,828 K    2572    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,032 K    16,068 K    10424    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        20,464 K    38,764 K    3796    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,860 K    16,968 K    7692    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,304 K    32,396 K    944    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SystemSettings.exe    Suspended    45,908 K    3,380 K    10468    Settings    Microsoft Corporation    (Verified) Microsoft Windows
taskhostw.exe        8,980 K    20,160 K    2828    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
TextInputHost.exe        79,996 K    101,336 K    7876        Microsoft Corporation    (Verified) Microsoft Windows
uhssvc.exe        1,332 K    6,124 K    8704    Microsoft Update Health Service    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,644 K    8,096 K    7328            
Widgets.exe        15,964 K    57,408 K    1900        Microsoft Corporation    (Verified) Microsoft Windows
WidgetService.exe        4,780 K    21,012 K    4532    WidgetService.exe    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,440 K    6,236 K    928            
winlogon.exe        2,536 K    12,012 K    976            
WmiPrvSE.exe        5,272 K    13,992 K    2544            
WMIRegistrationService.exe        2,744 K    11,248 K    4136    Intel® Management Engine WMI Provider Registration    Intel Corporation    (Verified) Intel Corporation
svchost.exe    < 0.01    3,460 K    11,240 K    4892    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    5,900 K    24,516 K    5660    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
ai.exe    < 0.01    49,296 K    18,420 K    12108    Artificial Intelligence (AI) Host for the Microsoft® Windows® Operating System and Platform x64.    Microsoft Corporation    (Verified) Microsoft Corporation
ai.exe    < 0.01    22,708 K    17,200 K    8844    Artificial Intelligence (AI) Host for the Microsoft® Windows® Operating System and Platform x64.    Microsoft Corporation    (Verified) Microsoft Corporation
svchost.exe    < 0.01    15,040 K    34,252 K    1108    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
msedgewebview2.exe    < 0.01    42,308 K    103,860 K    1972    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
csrss.exe    < 0.01    2,128 K    5,836 K    816            
WavesSysSvc64.exe    < 0.01    5,220 K    15,012 K    4324    WavesSysSvc Service Application    Waves Audio Ltd.    (Verified) Waves Inc
svchost.exe    < 0.01    4,272 K    10,300 K    1464    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
chrome.exe    < 0.01    8,100 K    19,344 K    13224    Google Chrome    Google LLC    (Verified) Google LLC
Spotify.exe    < 0.01    19,292 K    37,780 K    9156    Spotify    Spotify Ltd    (Verified) Spotify AB
MbamBgNativeMsg.exe    < 0.01    2,508 K    11,428 K    17244    Malwarebytes Native Message Service    Malwarebytes    (Verified) Malwarebytes Inc.
svchost.exe    < 0.01    2,292 K    8,400 K    3328    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    16,240 K    15,972 K    2152    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
msedgewebview2.exe    < 0.01    63,772 K    83,100 K    9712    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
svchost.exe    < 0.01    3,264 K    15,216 K    2932    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
OUTLOOK.EXE    < 0.01    487,228 K    498,228 K    8792    Microsoft Outlook    Microsoft Corporation    (Verified) Microsoft Corporation
chrome.exe    < 0.01    78,296 K    102,808 K    14788    Google Chrome    Google LLC    (Verified) Google LLC
chrome.exe    < 0.01    11,736 K    35,004 K    16968    Google Chrome    Google LLC    (Verified) Google LLC
QBCFMonitorService.exe    < 0.01    18,292 K    20,652 K    3092         Intuit Inc.    (Verified) Intuit, Inc.
SearchIndexer.exe    < 0.01    65,072 K    40,992 K    3004    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
chrome.exe    < 0.01    22,660 K    49,568 K    6304    Google Chrome    Google LLC    (Verified) Google LLC
svchost.exe    < 0.01    10,956 K    19,956 K    1244    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
explorer.exe    < 0.01    466,752 K    322,880 K    7360    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
Spotify.exe    < 0.01    27,288 K    53,248 K    10460    Spotify    Spotify Ltd    (Verified) Spotify AB
msedgewebview2.exe    < 0.01    10,864 K    31,040 K    5896    Microsoft Edge WebView2    Microsoft Corporation    (Verified) Microsoft Corporation
svchost.exe    < 0.01    8,780 K    18,716 K    4180    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
QBDBMgr.exe    < 0.01    548,016 K    264,604 K    8400    SQL Anywhere Personal Server    SAP SE or an SAP affiliate company    (Verified) Intuit, Inc.
services.exe    < 0.01    5,888 K    13,060 K    740            
svchost.exe    < 0.01    72,068 K    71,732 K    2192    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
CefSharp.BrowserSubprocess.exe    < 0.01    66,560 K    91,160 K    6232    CefSharp.BrowserSubprocess    The CefSharp Authors    (No signature was present in the subject) The CefSharp Authors
CefSharp.BrowserSubprocess.exe    < 0.01    68,704 K    90,344 K    10696    CefSharp.BrowserSubprocess    The CefSharp Authors    (No signature was present in the subject) The CefSharp Authors
svchost.exe    < 0.01    8,608 K    17,876 K    3852    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WmiPrvSE.exe    < 0.01    4,672 K    12,340 K    15256            
MBAMService.exe    < 0.01    30,468 K    51,948 K    4512    Malwarebytes Service    Malwarebytes    (Verified) Malwarebytes Inc.
CefSharp.BrowserSubprocess.exe    < 0.01    30,044 K    35,288 K    10796    CefSharp.BrowserSubprocess    The CefSharp Authors    (No signature was present in the subject) The CefSharp Authors
svchost.exe    < 0.01    1,768 K    7,724 K    11352    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
QBW.EXE    < 0.01    477,668 K    293,616 K    12004    QuickBooks    Intuit Inc.    (Verified) Intuit, Inc.
csrss.exe    < 0.01    2,992 K    6,900 K    904            
chrome.exe    < 0.01    117,260 K    214,224 K    14684    Google Chrome    Google LLC    (Verified) Google LLC
MsMpEng.exe    < 0.01    386,092 K    281,336 K    3224    Antimalware Service Executable    Microsoft Corporation    (Verified) Microsoft Windows Publisher
MSACCESS.EXE    < 0.01    106,632 K    144,184 K    12204    Microsoft Access    Microsoft Corporation    (Verified) Microsoft Corporation
System    < 0.01    68 K    2,332 K    4            
Interrupts    < 0.01    0 K    0 K    n/a    Hardware Interrupts and DPCs        
dwm.exe    < 0.01    371,772 K    178,780 K    1368            
Malwarebytes.exe    0.25    127,700 K    157,672 K    3832    Malwarebytes    Malwarebytes    (Verified) Malwarebytes Inc.
Spotify.exe    0.25    199,200 K    188,404 K    10872    Spotify    Spotify Ltd    (Verified) Spotify AB
audiodg.exe    0.51    40,828 K    42,340 K    7916            
procexp (1)64.exe    0.76    58,916 K    96,812 K    10596    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
System Idle Process    99.05    60 K    8 K    0            

 

 

Get Process Explorer
 
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
View and check Show Processes From All Users 
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
PS.  Your event logs show a major problem with Quick Books.  It may need to be uninstalled and reinstalled

 


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP

Doesn't look slow as far as the CPU is concerned.

 

Quick books is using a lot of memory.  Have you tried reinstalling it yet?

 

Right click on the clock and select Task Manager
(More Details)
Select Performance
Open Resource Monitor
Disk
Make it full screen
Look in the top pane and find the process with the highest Total (B/Sec)
and check the box in front of the process. 
Take a screenshot and post it.
 
To take a screenshot:
 
Use Full-screen Snip
Save the file as Type: jpg
 
To attach a file:
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
Only files with .txt, .jpg or .zip are allowed.
 
Get the Free Version of Speccy:
 
 
Download, Save move to the Downloads folder and right click on the file and Run As Admin.
 
Was you get it installed (try not to let it install CCleaner -if it installs CCleaner then just uninstall CCleaner) and it loads completely then Click on File then Save As Text File to your desktop.  Close Speccy.
Open the file and delete the line that starts with
Serial Number: Then save and close the file.  Attach it to a Reply.
 
 
 

  • 0

#5
mandrada

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Hi. I haven't reinstalled QuickBooks yet, I will do that next. In the meantime, I have attached my screenshot.

Thanks, Mary

Attached Thumbnails

  • Screenshot 2024-06-06 070556.jpg

  • 0

#6
mandrada

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Attached is my Speccy txt file


  • 0

#7
mandrada

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Here it is.

Attached Files


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP

If you haven't reinstalled QB yet when you do so see if running without QB fixes your slowness issue.

 

I think I am going to have to adjust my instruction for the disk usage page since it doesn't show the bottom pane and things are not sorted by biggest usage but I do see that Memory Compression is a big user.  Memory Compression comes into play when the RAM is close to be used up.  If we look at your memory stats in the Addition.txt we see that this is the case:

 

Percentage of memory in use: 89%
Total physical RAM: 7973.94 MB
Available physical RAM: 799.12 MB
Total Virtual: 16858.49 MB
Available Virtual: 2293.04 MB

 

 

Even your Virtual memory is almost used up.  This is unusual.  If we look at mine:
 
Percentage of memory in use: 38%
Total physical RAM: 15574.91 MB
Available physical RAM: 9530.82 MB
Total Virtual: 31446.91 MB
Available Virtual: 25892.11 MB

 

 

Looking at a random Win 11 system with the same amount of memory we see:

Percentage of memory in use: 61%
Total physical RAM: 8069.98 MB
Available physical RAM: 3074.74 MB
Total Virtual: 8581.98 MB
Available Virtual: 3214.79 MB

 

 

Looking at Speccy and Process Explorer the biggest user of your RAM is QB so I suspect it's our culprit.  If you haven't uninstalled QB yet when you do it would be nice to have another Addition.txt from a new FRST scan after you have uninstalled it (and rebooted).  

 

Looking at:

 

https://quickbooks.i...CSOf2x_US_en_US

 

We see:

 

RAM (workstation) 8 GB minimum, 16 GB recommended
RAM (server)
• 1-5 Users: 8 GB
• 10 Users: 12 GB
• 15 Users: 16 GB
• 20+ users: 20+ GB

 

 
   

 

 

So it looks like your system is marginally able to handle QB and the fact that QB is throwing errors is probably not helping;

 

.Error: (05/31/2024 04:07:14 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks Premier Plus Edition 2024":
WPR: calling  ABORT_CLOSE
 
Error: (05/31/2024 01:24:47 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Plus Edition 2024":
WPR: AddPrinter failed - failed to add XPS printer driver lasterror=1802OS =10.0 Printdriver name :Microsoft XPS Document Writer

 

 

Above from your Addition.txt file.

 

Uninstall any programs you can live without:

I would start with CCleaner.  (Before uninstalling make sure that you do not have any parts of the program to be uninstalled unchecked in msconfig or Task manager as that makes it difficult to remove all parts of a program.)


  • 0

#9
mandrada

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Thanks for your instructions. I removed CCleaner. I also uninstalled QuickBooks, rebooted, and ran FRST64 so we can see what difference it makes without QuickBooks installed.. Logs are below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.06.2024
Ran by mary (administrator) on 2020WS08 (Dell Inc. OptiPlex 7070) (06-06-2024 16:21:11)
Running from C:\Users\mary\Desktop\FRST64.exe
Loaded Profiles: mary
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3593 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe ->) (Adobe Systems, Incorporated -> ) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\FullTrustNotifier.exe
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14>
(C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe <13>
(C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe <2>
(C:\Windows\UUS\amd64\wuaucltcore.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.413.138.0.exe
(C:\Windows\UUS\amd64\wuaucltcore.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxEM.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\mary\AppData\Local\Microsoft\OneDrive\24.091.0505.0003\Microsoft.SharePoint.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(msiexec.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe <2>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Inc -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_d6e4236a0f82e7b4\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_5fe2e31c542e0065\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_fbef37f5b63dca79\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_fbef37f5b63dca79\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_9bda45a3425e7880\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe <3>
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c984e9ce714075ab\RtkAudUService64.exe <2>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4d0b189ff2aba03\WavesSysSvc64.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Dell Inc -> Dell Inc.) C:\Config.Msi\6f9ed.rbf
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftTeams_24124.2404.2914.2538_x64__8wekyb3d8bbwe\msteamsupdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.10.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\wuaucltcore.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c984e9ce714075ab\RtkAudUService64.exe [1345104 2021-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4d0b189ff2aba03\WavesSvc64.exe [1774584 2021-02-18] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [781552 2021-10-11] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [8508832 2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Run: [Intermedia Unite] => C:\Users\mary\AppData\Local\Programs\Intermedia Unite\Intermedia Unite.exe [165999464 2024-04-05] (SystemServer -> Intermedia.net, Inc.)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Run: [MicrosoftEdgeAutoLaunch_D93AF75D227E4510AE1D42E181D1834B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4137000 2024-06-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4211803538-2084879006-1980355138-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4211803538-2084879006-1980355138-1002\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4211803538-2084879006-1980355138-1003\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\FaxUpload Port Monitor: C:\WINDOWS\system32\FaxUpMn15.dll [743248 2015-08-27] (ImageMAKER Development Inc. -> ImageMAKER Development Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\125.0.6422.142\Installer\chrmstp.exe [2024-06-04] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2022-05-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vista Fax Daemon.lnk [2022-11-08]
ShortcutTarget: Vista Fax Daemon.lnk -> C:\Program Files (x86)\Common Files\ImageMAKER\Vstdaemon.exe (ImageMAKER Development Inc. -> ImageMAKER Development Inc.)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {961B54B9-924B-4742-A0FB-FD77C10999BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {860365BE-D41E-40F2-B9E3-DBC253FB1FA6} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {62BC1EB5-B8BE-46CD-B3E3-F00E6C86BEB2} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {32FAA249-3876-4F54-854D-2029AF2A450E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5439240 2024-05-14] (Microsoft Windows -> Microsoft Corporation)
Task: {997BF022-BFF8-43F4-B56C-4E9F7AAE12F9} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [964936 2024-04-25] (Dell Technologies Inc. -> Dell Inc.) -> C:\Program Files\Dell\SupportAssistAgent\bin\AutoUpdate
Task: {66465A48-3014-404F-8045-980AC8272A2E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem127.0.6490.0{A1AF9303-C083-4C9E-83EA-D6B9B5F21709} => C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
Task: {29E39180-B327-438D-8ADB-77775C4D7920} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28498912 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {BBFB6EB2-376F-4C02-AA00-B5C2595DEF2E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28498912 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {71E7891D-4413-4495-872C-924462DC1C1C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309912 2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A3098E64-E595-4821-9CB8-6BC4FC85694D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309912 2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A43E0B5-87C3-4C62-9CFC-7437238CC541} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [169648 2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {17CC246F-4923-428E-9212-8302E2CE9BA0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [504304 2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E336F66-C193-4C7D-BC2E-81DD4896DBAD} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe [53248 2024-03-12] (Microsoft Windows -> Microsoft Corporation)
Task: {A0D0DFF6-E582-4D8E-BCD2-8152403CCC10} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe [53248 2024-03-12] (Microsoft Windows -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {A2BFA4C3-E046-4A9D-A0BB-BF71FED3F887} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe  LogonUpdateResults (No File)
Task: {A0BAA87C-5CE3-4CA9-942B-82AED3D4C416} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC ReadyToReboot (No File)
Task: {B25636AC-0AED-4EFE-88FF-49BA5C141D03} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {2BC53148-B7B1-4C11-82AE-12402A22745D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1E68F916-3F6B-48A2-AB8E-0B6C779E79A5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E227D19E-F257-4F12-9E72-6CF44CCFA337} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3C140B93-0609-4C7E-8B0C-7974C9E72756} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6CDD7EF7-DD58-450A-8E17-1C40D804DF55} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe  (No File)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{effb5a57-65fe-4a33-ace5-bc2d29cc3452}: [NameServer] 192.168.254.2,8.8.8.8
 
Edge: 
=======
Edge Profile: C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-03]
Edge Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2024-02-29]
Edge Extension: (Dropbox for Gmail) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2021-08-31]
Edge Extension: (Google Docs Offline) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-26]
Edge Extension: (Google Mail Checker) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\glbpkcehjkihaknkjifkehdpjfngbdga [2020-10-21]
Edge Extension: (Amazon Assistant) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2023-03-30]
Edge Extension: (Cisco Webex Extension) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikdddppdhmjcdfgilpnbkdeggoiicjgo [2022-07-22]
Edge Extension: (Chrome Remote Desktop) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-07]
Edge Extension: (Pinterest Save Button) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfcjijcigimhjjdimpghneggnegiphhh [2020-10-21]
Edge Extension: (Edge relevant text changes) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-08]
Edge Extension: (Zoom Chrome Extension) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2024-04-22]
Edge Extension: (ClassLink OneClick Extension) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\liidigofnkchhgmbdfmmbfcodpecmcii [2023-10-11]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-09-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-10-11] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-10-11] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default [2024-06-03]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-07-06]
CHR Extension: (Google Docs Offline) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-11]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-04-21]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-23]
CHR Profile: C:\Users\mary\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-06-03]
CHR Profile: C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-06-06]
CHR DownloadDir: C:\Users\mary\Desktop
CHR Notifications: Profile 1 -> hxxps://buildertrend.net; hxxps://calendar.google.com; hxxps://fsastore.com; hxxps://my.norton.com; hxxps://therecipecritic.com; hxxps://www.accuweather.com; hxxps://www.crowdcast.io; hxxps://www.facebook.com; hxxps://www.fashionholla.com; hxxps://www.harney.com; hxxps://www.marthastewart.com; hxxps://www.messenger.com; hxxps://www.netflix.com; hxxps://www.pinterest.com; hxxps://www.soundstrue.com
CHR Extension: (Norton Password Manager) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\admmjipmmciaobhojoghlmleefbicajg [2024-05-16]
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-06-05]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-05-28]
CHR Extension: (Google Docs Offline) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-03]
CHR Extension: (Save to Pinterest) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-06-04]
CHR Extension: (TiltShiftMaker) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo [2022-07-20]
CHR Extension: (Crackle) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2022-07-20]
CHR Extension: (My Downloads) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ienfdfooajmkbebiaplehejbamefbboi [2024-01-21]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-05-20]
CHR Extension: (The Washington Post) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ilgaabojccagggalemipkfjbcdemjgee [2022-07-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-06]
CHR Extension: (ClassLink OneClick Extension) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jgfbgkjjlonelmpenhpfeeljjlcgnkpe [2024-05-08]
CHR Extension: (Grammarly: AI Writing and Grammar Checker App) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2024-06-06]
CHR Extension: (Zoom Chrome Extension) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2024-06-05]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-22]
CHR Extension: (Google Mail Checker) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2024-06-04]
CHR Extension: (Capital One Shopping: Save Now) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2024-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-07-20]
CHR Profile: C:\Users\mary\AppData\Local\Google\Chrome\User Data\System Profile [2024-06-06]
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3979886858-3466003010-52152672-1116\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3979886858-3466003010-52152672-1116\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14012520 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [55712 2022-08-01] (Dell Inc -> )
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-12-11] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [159664 2023-12-22] (Dell Technologies Inc. -> Dell)
S2 GoogleUpdaterInternalService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
S2 GoogleUpdaterService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887344 2024-05-07] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-02] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 MicrosoftSearchInBing; C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe [21376 2020-04-20] (Microsoft Corporation -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [159048 2024-04-25] (Dell Technologies Inc. -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 CCleanerPerformanceOptimizerService; "C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe" [X]
S2 QBWCMonitor; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe" [X]
S4 QuickBooksDB31; C:\QuickBooks Premier Edition 2021\QBDBMgrN.exe -hvQuickBooksDB31 [X]
S4 QuickBooksDB34; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB34 [X]
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\mary\AppData\Roaming\Zoom"
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2023-04-12] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2023-04-12] (Microsoft Corporation) [File not signed]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-06] (Microsoft Corporation) [File not signed]
R3 CyUcmClient_Device; C:\WINDOWS\System32\drivers\CyUcmClient.sys [156600 2019-01-30] (Cypress Semiconductor Corporation -> Cypress Semiconductor Corporation)
S3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [37808 2022-05-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 e1dexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e1d.inf_amd64_e98edae1bc7c25e7\e1d.sys [618128 2022-09-02] (Intel Corporation -> Intel Corporation)
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223184 2024-06-06] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-05-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-05-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl0272eb8c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8B01679-4709-42ED-B544-F0901C722E0F}\MpKslDrv.sys [271648 2024-06-06] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl4b904ef1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8B01679-4709-42ED-B544-F0901C722E0F}\MpKslDrv.sys [271648 2024-06-06] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-05-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-28] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-06 16:18 - 2024-06-06 16:18 - 000000000 ____D C:\ProgramData\SupportAssistDbBackup
2024-06-06 15:58 - 2024-06-06 15:58 - 000003530 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2024-06-06 15:54 - 2024-06-06 15:54 - 000000000 _____ C:\WINDOWS\invcol.tmp
2024-06-06 07:25 - 2024-06-06 07:25 - 000461963 _____ C:\Users\mary\Desktop\2020WS08 (3).txt
2024-06-06 07:25 - 2024-06-06 07:25 - 000461963 _____ C:\Users\mary\Desktop\2020WS08 (2).txt
2024-06-06 07:24 - 2024-06-06 07:24 - 000461963 _____ C:\Users\mary\Desktop\2020WS08 (1).txt
2024-06-06 07:20 - 2024-06-06 07:22 - 000461963 _____ C:\Users\mary\Desktop\2020WS08.txt
2024-06-06 07:15 - 2024-06-06 07:15 - 000000839 _____ C:\Users\Public\Desktop\Speccy.lnk
2024-06-06 07:15 - 2024-06-06 07:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2024-06-06 07:15 - 2024-06-06 07:15 - 000000000 ____D C:\Program Files\Speccy
2024-06-06 07:14 - 2024-06-06 07:14 - 008995336 _____ (Piriform Software Ltd) C:\Users\mary\Desktop\spsetup132 (2).exe
2024-06-06 07:12 - 2024-06-06 07:12 - 008995336 _____ (Piriform Software Ltd) C:\Users\mary\Desktop\spsetup132 (1).exe
2024-06-06 07:11 - 2024-06-06 07:11 - 008995336 _____ (Piriform Software Ltd) C:\Users\mary\Downloads\spsetup132.exe
2024-06-05 14:09 - 2024-06-05 14:09 - 000026131 _____ C:\Users\mary\Desktop\Registry.txt
2024-06-03 17:01 - 2024-06-03 17:01 - 000035248 _____ C:\WINDOWS\system32\lc.dat
2024-06-03 16:59 - 2024-06-03 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom
2024-06-03 16:54 - 2024-06-03 16:54 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-06-03 16:32 - 2024-06-05 08:47 - 000041628 _____ C:\Users\mary\Desktop\AR Report.pdf
2024-06-02 14:44 - 2024-06-02 14:57 - 000082607 _____ C:\Users\mary\Desktop\Addition.txt
2024-06-02 14:35 - 2024-06-06 16:27 - 000033911 _____ C:\Users\mary\Desktop\FRST.txt
2024-06-02 14:35 - 2024-06-06 16:21 - 000000000 ____D C:\Users\mary\Desktop\FRST-OlderVersion
2024-06-02 14:34 - 2024-06-06 16:23 - 000000000 ____D C:\FRST
2024-06-02 14:33 - 2024-06-06 16:21 - 002395136 _____ (Farbar) C:\Users\mary\Desktop\FRST64.exe
2024-06-02 14:29 - 2024-06-02 14:29 - 002299904 _____ (Farbar) C:\Users\mary\Downloads\FRST64 (2).exe
2024-06-02 14:28 - 2024-06-02 14:28 - 002299904 _____ (Farbar) C:\Users\mary\Downloads\FRST64.exe
2024-06-02 14:28 - 2024-06-02 14:28 - 002299904 _____ (Farbar) C:\Users\mary\Downloads\FRST64 (1).exe
2024-05-28 09:38 - 2024-05-28 09:38 - 007578108 _____ C:\Users\mary\Downloads\Samantha Set.pdf
2024-05-28 09:38 - 2024-05-28 09:38 - 003641426 _____ C:\Users\mary\Downloads\workshop archetect drawings.pdf
2024-05-28 09:37 - 2024-05-28 09:38 - 000686810 _____ C:\Users\mary\Downloads\Truss reciept.pdf
2024-05-24 11:57 - 2024-05-24 11:57 - 036750844 _____ C:\Users\mary\Downloads\KEVIN WHEELER SD CORRECTED 5-23-24 corrected (1).pdf
2024-05-24 09:23 - 2024-05-24 09:23 - 036750844 _____ C:\Users\mary\Downloads\KEVIN WHEELER SD CORRECTED 5-23-24 corrected.pdf
2024-05-23 09:06 - 2024-05-23 09:06 - 000019186 _____ C:\Users\mary\Downloads\15165585039_052324_0623 (1).pdf
2024-05-23 09:04 - 2024-05-23 09:05 - 000019186 _____ C:\Users\mary\Downloads\15165585039_052324_0623.pdf
2024-05-22 08:52 - 2024-05-22 08:52 - 000037128 _____ C:\Users\mary\Downloads\052124_2018.pdf
2024-05-16 16:49 - 2024-05-16 16:49 - 005383380 _____ C:\Users\mary\Downloads\Trailside-Fitness-12-Week-Training-Program.pdf
2024-05-14 22:05 - 2024-05-14 22:12 - 000000000 ___HD C:\$WinREAgent
2024-05-14 15:18 - 2024-05-14 15:18 - 036751974 _____ C:\Users\mary\Downloads\KEVIN WHEELER SD 5-14-24 CITY CORRECTED.pdf
2024-05-14 10:29 - 2024-05-14 10:29 - 005934884 _____ C:\Users\mary\Downloads\Full_Moon_in_Sagittarius_-_Color.pdf
2024-05-14 08:31 - 2024-05-14 08:31 - 034387145 _____ C:\Users\mary\Downloads\WWII Construction Drawings Set.pdf
2024-05-13 13:18 - 2024-05-13 13:19 - 017758280 _____ C:\Users\mary\Downloads\WEINGARDEN.zip
2024-05-10 13:06 - 2024-05-10 13:06 - 000438818 _____ C:\Users\mary\Downloads\Resource list for Transition 2024.pdf
2024-05-09 09:49 - 2024-05-09 09:49 - 000012132 _____ C:\Users\mary\Downloads\AF trust report (1).pdf
2024-05-09 08:06 - 2024-05-09 08:06 - 045439195 _____ C:\Users\mary\Downloads\iCloud Photos from James Fitzpatrick.zip
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-06 16:38 - 2024-05-02 18:07 - 000000000 ____D C:\Users\mary\AppData\Local\Malwarebytes
2024-06-06 16:30 - 2020-09-11 04:43 - 000000000 ____D C:\Program Files\Dell
2024-06-06 16:28 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-06-06 16:26 - 2023-04-12 10:04 - 000003948 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2024-06-06 16:23 - 2020-09-11 04:56 - 000000000 ____D C:\ProgramData\Dell
2024-06-06 16:20 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-06-06 16:20 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-06 16:19 - 2020-09-11 04:43 - 000000000 ____D C:\Program Files (x86)\Dell
2024-06-06 16:15 - 2020-10-19 14:22 - 000000000 ____D C:\Users\mary\AppData\Local\D3DSCache
2024-06-06 16:14 - 2022-04-06 08:09 - 000000000 ____D C:\Program Files\dotnet
2024-06-06 16:13 - 2020-09-11 04:48 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2024-06-06 16:13 - 2020-09-11 04:44 - 000000000 ____D C:\ProgramData\Package Cache
2024-06-06 16:11 - 2022-02-11 12:10 - 000000000 ____D C:\Users\mary\AppData\Local\CrashDumps
2024-06-06 16:11 - 2020-10-26 13:42 - 000000000 ____D C:\Users\mary\Documents\Outlook Files
2024-06-06 16:09 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-06 16:07 - 2020-10-19 10:58 - 000000000 __SHD C:\Users\mary\IntelGraphicsProfiles
2024-06-06 16:06 - 2023-04-12 10:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-06-06 16:06 - 2020-10-09 14:47 - 000000128 _____ C:\WINDOWS\system32\config\netlogon.ftl
2024-06-06 16:06 - 2020-09-11 04:32 - 000000000 ____D C:\Intel
2024-06-06 16:05 - 2023-04-12 09:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-06-06 16:05 - 2022-05-06 22:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-06-06 16:05 - 2020-09-11 04:31 - 000012288 ___SH C:\DumpStack.log.tmp
2024-06-06 16:03 - 2020-10-19 14:53 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Access
2024-06-06 16:02 - 2020-10-19 15:52 - 000000000 ____D C:\Program Files (x86)\Intuit
2024-06-06 16:01 - 2024-02-28 17:47 - 000000000 ____D C:\Program Files\Intuit
2024-06-06 16:01 - 2020-10-19 16:09 - 000000000 ____D C:\Users\mary\AppData\Local\Intuit
2024-06-06 16:01 - 2020-10-19 15:55 - 000000090 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2024-06-06 16:00 - 2024-02-28 17:47 - 000000000 ____D C:\Program Files\Common Files\Intuit
2024-06-06 16:00 - 2020-10-19 16:36 - 000000000 ____D C:\ProgramData\Intuit
2024-06-06 15:58 - 2023-04-12 10:04 - 000003506 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2024-06-06 15:58 - 2020-10-19 14:28 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2024-06-06 15:55 - 2022-05-06 22:22 - 000000000 ____D C:\WINDOWS\INF
2024-06-06 15:53 - 2023-04-12 10:04 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-06-05 17:39 - 2020-10-19 10:58 - 000000000 ____D C:\Users\mary\AppData\Local\Packages
2024-06-05 17:20 - 2020-10-19 13:56 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Outlook
2024-06-05 15:01 - 2023-04-12 09:44 - 000000000 ____D C:\Users\mary
2024-06-05 11:12 - 2020-09-11 04:58 - 000000000 ____D C:\ProgramData\Packages
2024-06-05 08:40 - 2020-10-19 13:04 - 000000000 ____D C:\Users\mary\Desktop\Inspection 1-29-19
2024-06-04 18:57 - 2020-09-11 04:41 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-04 14:54 - 2020-10-19 16:23 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Excel
2024-06-04 14:52 - 2020-10-19 14:57 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Word
2024-06-04 14:32 - 2020-10-09 14:47 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-04 14:32 - 2020-10-09 14:47 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-06-04 08:36 - 2023-04-12 09:56 - 000804924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-06-03 17:30 - 2020-10-20 10:52 - 000000000 ____D C:\Users\mary\AppData\Roaming\Intermedia Unite
2024-06-03 17:00 - 2024-03-28 17:36 - 000002411 _____ C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams classic (work or school).lnk
2024-06-03 17:00 - 2020-10-20 08:04 - 000000000 ____D C:\Users\mary\AppData\Local\SquirrelTemp
2024-06-03 16:59 - 2024-03-28 17:34 - 000000000 ____D C:\Program Files\Zoom
2024-06-03 16:59 - 2020-10-20 08:05 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Teams
2024-06-03 16:49 - 2020-09-11 04:50 - 000000000 ____D C:\Program Files\Microsoft Office
2024-05-30 11:12 - 2020-10-19 13:04 - 000000000 ____D C:\Users\mary\Desktop\Letters of inspection
2024-05-28 18:13 - 2020-09-11 04:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-05-28 15:32 - 2022-07-20 12:39 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-05-28 15:32 - 2022-07-20 12:39 - 000002046 _____ C:\Users\mary\Desktop\Google Drive.lnk
2024-05-28 15:32 - 2020-10-09 14:46 - 000000000 ____D C:\Program Files (x86)\Google
2024-05-28 01:51 - 2023-04-12 10:04 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-28 01:51 - 2023-04-12 10:04 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-05-24 14:30 - 2023-04-12 10:04 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3979886858-3466003010-52152672-1116
2024-05-24 14:30 - 2023-04-12 10:04 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3979886858-3466003010-52152672-1116
2024-05-24 14:30 - 2020-10-19 10:59 - 000002378 _____ C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-05-23 19:49 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-05-23 19:32 - 2023-04-12 09:38 - 000502712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-05-23 19:26 - 2023-10-10 19:01 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\UUS
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-05-23 19:25 - 2022-05-07 00:39 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-05-23 19:25 - 2022-05-07 00:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemApps
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-05-23 19:25 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\servicing
2024-05-16 17:12 - 2022-10-11 14:40 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-05-16 17:12 - 2022-10-11 14:40 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-05-16 09:33 - 2020-10-19 13:04 - 000000000 ____D C:\Users\mary\Desktop\Mary's Documents
2024-05-14 23:04 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-05-14 23:03 - 2022-05-06 22:25 - 000077312 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2024-05-14 23:03 - 2022-05-06 22:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2024-05-14 22:41 - 2023-04-12 09:42 - 003214336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-05-14 21:26 - 2020-10-20 02:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-05-14 21:10 - 2020-10-20 02:17 - 196465576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories ========
 
2024-03-01 11:08 - 2024-03-01 11:08 - 055178864 _____ (Intuit Inc.) C:\Users\mary\QuickBooksToolHub.exe
2021-04-21 11:12 - 2021-04-21 12:33 - 000031847 _____ () C:\Users\mary\AppData\Roaming\QBFileDrTool.log
2020-10-19 14:42 - 2020-10-19 14:42 - 000000000 _____ () C:\Users\mary\AppData\Local\oobelibMkey.log
2021-12-15 10:06 - 2022-06-09 10:45 - 000007597 _____ () C:\Users\mary\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.06.2024
Ran by mary (06-06-2024 16:39:59)
Running from C:\Users\mary\Desktop
Microsoft Windows 11 Pro Version 23H2 22631.3593 (X64) (2023-04-12 17:08:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-4211803538-2084879006-1980355138-500 - Administrator - Disabled)
bob (S-1-5-21-4211803538-2084879006-1980355138-1001 - Administrator - Enabled) => C:\Users\bob
DefaultAccount (S-1-5-21-4211803538-2084879006-1980355138-503 - Limited - Disabled)
Guest (S-1-5-21-4211803538-2084879006-1980355138-501 - Limited - Disabled)
QBDataServiceUser31 (S-1-5-21-4211803538-2084879006-1980355138-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser31
QBDataServiceUser34 (S-1-5-21-4211803538-2084879006-1980355138-1003 - Limited - Enabled) => C:\Users\QBDataServiceUser34
WDAGUtilityAccount (S-1-5-21-4211803538-2084879006-1980355138-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABS PDF Install (HKLM-x32\...\{C42DD564-7DCD-4555-A7F3-15C0F46221D0}) (Version: 4.2.2 - Atlas Business Solutions, Inc.)
Adobe Acrobat (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 24.002.20759 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.6.5.58 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.4.0.63 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Amazon Kindle) (Version: 1.34.1.63103 - Amazon)
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1583.3 - Piriform Software) Hidden
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
DefaultPackMSI (HKLM-x32\...\{D066B018-448B-40C5-9034-259BBCC49351}) (Version: 4.6.2.0 - Microsoft) Hidden
Dell Command | Update for Windows 10 (HKLM\...\{4CCADC13-F3AE-454F-B724-33F6D4E52022}) (Version: 4.1.0 - Dell Inc.)
Dell Digital Delivery Services (HKLM-x32\...\{E530ABB7-9DCC-421B-B751-484375E8374A}) (Version: 5.0.49.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{A1FC489C-7909-4E08-9685-6C77BA2053DE}) (Version: 4.0.3.61632 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{08E7C8D5-F2B5-4F09-B0EA-F28913BEFDB0}) (Version: 5.5.1.16143 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2a8bafd6-22ae-4d0e-87a4-686b2a4a2ab0}) (Version: 5.5.1.16143 - Dell Inc.)
Dynamic Application Loader Host Interface Service (HKLM\...\{ECFC785A-9107-4259-9288-0ABC86C0F6AB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Fax Upload (HKLM-x32\...\Fax Upload) (Version:  - )
GlanceGuest version 4.17.1.19 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.17.1.19 - Glance Networks, Inc.)
Google Chrome (HKLM\...\{5855610A-61B6-3325-AAA6-DED6B90CEF8D}) (Version: 125.0.6422.142 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 91.0.2.0 - Google LLC)
GoTo Opener (HKLM-x32\...\{C2A61D74-BB65-42AD-B81F-AC25E1F7DE02}) (Version: 1.0.536 - LogMeIn, Inc.)
Intel® Chipset Device Software (HKLM\...\{19D17223-0F9C-4155-8057-AA6F49A26E69}) (Version: 10.1.17861.8101 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{fcfc894b-0d54-4d39-826f-dcb39ce5dde7}) (Version: 10.1.17861.8101 - Intel® Corporation)
Intel® Icls (HKLM\...\{27946170-623E-45A2-9D7F-BEC95A5B78E6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® LMS (HKLM\...\{364EE9BC-EB74-4436-B502-FA8FF2F7153F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2036.15.0.1835 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{69263849-1C5F-42A0-B973-141BA15107A0}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{DCC7FC90-C9BC-445B-A12B-ACC4278102BA}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{FEAA68D6-DA1D-4440-91B6-43906444FA49}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{E34D6B17-6F86-49F8-AECB-DE7B543A5960}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Wireless Manageability Driver (HKLM\...\{29B1F6D5-A3D3-45D8-9F53-EA9F0D4FC6DF}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Wireless Manageability Driver Extension (HKLM\...\{4088EEA3-A5CC-4CEA-ACA5-4F88191D0499}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intermedia Unite 2.15.187 (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\9962f338-b12b-54d0-a4f5-eba7ff612061) (Version: 2.15.187 - Intermedia.net, Inc.)
Malwarebytes version 5.1.4.112 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.4.112 - Malwarebytes)
Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.26 (x64) (HKLM\...\{87EBA554-A002-4EF4-A612-4FFD06092B5B}) (Version: 48.104.7000 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.26 (x64) (HKLM\...\{D81A418F-966D-4069-B3E8-5EE4843CA862}) (Version: 48.104.7000 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation)
Microsoft .NET Runtime - 6.0.26 (x64) (HKLM\...\{1A02C1B1-05BB-49F7-9DFF-99A66C6877FC}) (Version: 48.104.7000 - Microsoft Corporation) Hidden
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.17628.20110 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 125.0.2535.85 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 125.0.2535.85 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\OneDriveSetup.exe) (Version: 24.091.0505.0003 - Microsoft Corporation)
Microsoft Search in Bing (HKLM-x32\...\{C17F6DEF-D34C-4B75-97E1-D81062408B4A}) (Version: 2.0.2 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Teams) (Version: 1.7.00.13456 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135 (HKLM-x32\...\{46c3b171-c15c-4137-8e1d-67eeb2985b44}) (Version: 14.38.33135.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.38.33135 (HKLM-x32\...\{9C19C103-7DB1-44D1-A039-2C076A633A38}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.38.33135 (HKLM-x32\...\{286DC39B-5FB7-4AFF-9DD4-22DB47664CD7}) (Version: 14.38.33135 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.26 (x64) (HKLM\...\{1F0EB53C-BE30-436A-BC54-FA364227A870}) (Version: 48.104.6996 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.26 (x64) (HKLM-x32\...\{b2476903-b8da-4dcc-903f-378730bb4c48}) (Version: 6.0.26.33205 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17628.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8940.1 - Realtek Semiconductor Corp.)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
SIP ALG Detector 1.3.0 (only current user) (HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\23b40b0e-1734-5217-b8ef-22dbe914e37b) (Version: 1.3.0 - SIP ALG Detector)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Tftpd64 Standalone Edition (remove only) (HKLM-x32\...\Tftpd64) (Version:  - )
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
Zoom Outlook Plugin (HKLM-x32\...\{F4E64D16-21FD-43A3-9E5F-55D8ECC5E14B}) (Version: 5.17.10 - Zoom)
Zoom Workplace (64-bit) (HKLM\...\{4C11E02E-9F49-49B2-84D9-5B3083EA58C5}) (Version: 6.0.39959 - Zoom)
 
Packages:
=========
 
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-10-19] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC [2024-05-16] ()
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc [2020-10-19] (Adobe Systems Incorporated)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5487.0_x64__8j3eq9eme6ctt [2024-05-17] (INTEL CORP) [Startup Task]
Bountiful Cottage Gardens -> C:\Program Files\WindowsApps\Microsoft.BountifulCottageGardens_1.0.0.0_neutral__8wekyb3d8bbwe [2021-01-27] (Microsoft Corporation)
Dell Command | Update -> C:\Program Files\WindowsApps\DellInc.DellCommandUpdate_4.1.17.0_x86__htrsf667h5kn2 [2021-02-04] (Dell Inc)
Dell Digital Delivery -> C:\Program Files\WindowsApps\DellInc.DellDigitalDelivery_5.0.86.0_x64__htrsf667h5kn2 [2024-02-29] (Dell Inc)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.11.20.0_x64__htrsf667h5kn2 [2022-07-13] (Dell Inc)
DellTypeCStatus -> C:\Program Files\WindowsApps\MSWP.DellTypeCStatus_4.2.2629.0_x64__9j0h69dmw0fzc [2022-07-05] (WISTRON CORPORATION) [Startup Task]
DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2024.2.0.0_x64__t5j2fzbtdg37r [2024-04-15] (DTS, Inc.)
Intel® Management and Security Status -> C:\Program Files\WindowsApps\AppUp.IntelManagementandSecurityStatus_2328.5.2.0_x64__8j3eq9eme6ctt [2024-04-25] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1041.0_x64__8j3eq9eme6ctt [2024-04-05] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa [2024-05-08] (Apple Inc.) [Startup Task]
Media Suite Essentials -> C:\Program Files\WindowsApps\DB6EA5DB.MediaSuiteEssentialsforDell_2.6.15823.0_x86__mcezb6ze687jp [2024-02-27] (CYBERLINK CORPORATION.)
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe [2023-12-05] (Microsoft) [Startup Task]
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-09] (Microsoft Corporation)
MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24051.39.0_x64__cw5n1h2txyewy [2024-05-30] (Microsoft Windows) [Startup Task]
Partner Promo -> C:\Program Files\WindowsApps\DellInc.PartnerPromo_1.0.21.0_x64__htrsf667h5kn2 [2020-09-11] (Dell Inc)
Photos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11050.29009.0_x64__8wekyb3d8bbwe [2024-06-04] (Microsoft Corporation) [Startup Task]
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-11] (Microsoft Corporation)
Power Media Player for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerMediaPlayerforDell_14.2.4925.0_x86__mcezb6ze687jp [2022-08-11] (CYBERLINK CORPORATION.)
Power2Go for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.Power2GoforDell_11.0.3920.0_x86__mcezb6ze687jp [2020-09-11] (CYBERLINK CORPORATION.) [Startup Task]
PowerDirector for Dell -> C:\Program Files\WindowsApps\DB6EA5DB.PowerDirectorforDell_15.0.4409.0_x64__mcezb6ze687jp [2020-10-19] (CYBERLINK CORPORATION.)
Remote Desktop -> C:\Program Files\WindowsApps\Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe [2023-06-13] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0 [2024-06-06] (Spotify AB) [Startup Task]
Translator -> C:\Program Files\WindowsApps\Microsoft.BingTranslator_5.6.0.0_x64__8wekyb3d8bbwe [2024-05-06] (Microsoft Corporation)
Waves MaxxAudio Pro for Dell 2019 -> C:\Program Files\WindowsApps\WavesAudio.MaxxAudioProforDell2019_2.0.54.0_x64__fh4rh281wavaa [2024-05-06] (Waves Audio)
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.119.156.0_x64__8wekyb3d8bbwe [2024-06-05] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.119.156.0_x64__8wekyb3d8bbwe [2024-06-05] (Microsoft Corp.)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.LKG_cw5n1h2txyewy [2024-05-23] (Microsoft Windows)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{00E36C5D-CFBD-364F-AA9E-CB902CB407BD}\InprocServer32 -> C:/Program Files/SecuriSync/OutlookPlugin/Sync.Desktop.Windows.OutlookPlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{04271989-C4D2-EAFE-AD03-E6EC7AE4ABC1} -> [OneDrive - Lovelace Engineering] => C:\Users\mary\OneDrive - Lovelace Engineering [2022-05-20 10:05]
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\mary\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.24130.8\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{1D8CB3CA-2453-3D6F-88F8-82C76023EE2C}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{3b9ec29f-6c5c-4076-9747-06c742b30185}\localserver32 -> C:\Users\mary\AppData\Local\Programs\Intermedia Unite\OfficeIntegrationServer\UniteOfficeIntegration.exe (SystemServer -> )
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{40d89b2c-0ffe-4d59-a2db-031a0033d713}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{518711FA-3D8A-3A0E-BCB6-3A393B688C61}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{5C156F2F-01D6-4476-A126-0DA82D7A5FC5}\InprocServer32 -> C:\Program Files\SecuriSync\OfficePlugin\adxloader64.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{61B76A32-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{61B76A34-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{63B5B272-1760-4A4F-922B-57F274900044}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{63DBFA59-747B-388B-9692-51A60A35BB0F}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{6829D1D7-7F8C-348B-9F9F-577E78B0300C}\InprocServer32 -> C:/Program Files/SecuriSync/OutlookPlugin/Sync.Desktop.Windows.OutlookPlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{7C3CD4C6-7B05-3B44-91B8-6CAA54A14685}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{8E28E7CD-6B27-3BEC-8EE5-B78FFCBE75EE}\InprocServer32 -> C:/Program Files/SecuriSync/OutlookPlugin/Sync.Desktop.Windows.OutlookPlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9FE79C69-86D8-3CE9-AD2C-48D91AEAA9A8}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A14A674B-E0BE-48C1-BAB2-6ACBA33CA8CF}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qfill.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{AC9B2B25-5613-33D2-8722-1848CFE9E54A}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{B69CEB95-E384-3916-96A9-5BADA3AD385A}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{C8353B7E-CA5F-3678-8838-2B32E9ED2BB6}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\mary\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA3-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA5-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FB359C2A-6927-4AD7-8F1B-B6472CA7CDE7}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FFFD2374-413A-429C-AFD2-AED332DFBEC7}\InprocServer32 -> C:\Program Files\SecuriSync\OutlookPlugin\adxloader64.dll => No File
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-11] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_357b728ba88fb99a\OptaneShellExt.dll [2022-12-18] (Intel Corporation -> )
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\91.0.2.0\drivefsext.dll [2024-05-28] (Google LLC -> Google, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-01-06] (Adobe Inc. -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-03-11] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-05-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\mary\Desktop\Google Drive.lnk -> C:\Program Files\Google\Drive File Stream\launch.bat ()
ShortcutWithArgument: C:\Users\mary\Desktop\MARY - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\mary\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\MARY - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) =============
 
2017-08-13 08:49 - 2017-08-13 08:49 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Windows\system32\StartMenuHelper64.dll
2020-10-19 13:51 - 2020-10-19 13:51 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2020-10-19 13:51 - 2020-10-19 13:51 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2020-10-19 13:51 - 2020-10-19 13:51 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2020-10-19 13:51 - 2020-10-19 13:51 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\c2r64.dll
2018-03-08 07:18 - 2018-03-08 07:18 - 000015360 _____ (NHibernate community) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll
2022-08-01 12:19 - 2022-08-01 12:19 - 001548800 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\Dell Digital Delivery Services\SQLite.Interop.dll
2018-02-06 17:25 - 2018-02-06 17:25 - 000176640 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll
2018-03-23 12:10 - 2018-03-23 12:10 - 000028160 _____ (rubicon IT GmbH) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll
2021-02-17 04:19 - 2021-02-17 04:19 - 000124928 _____ (Stateless Contributors) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll
2021-12-17 05:45 - 2021-12-17 05:45 - 000258048 _____ (The Apache Software Foundation) [File not signed] [File is in use] C:\Program Files\Dell\SupportAssistAgent\bin\log4net.dll
2016-12-18 08:55 - 2016-12-18 08:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
URLSearchHook: [S-1-5-21-4211803538-2084879006-1980355138-1001] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-4211803538-2084879006-1980355138-1002] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-4211803538-2084879006-1980355138-1003] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-3979886858-3466003010-52152672-1116 -> DefaultScope {0B02DCA9-42FF-4168-BC67-986B2BDAD78B} URL = 
SearchScopes: HKU\S-1-5-21-3979886858-3466003010-52152672-1116 -> {0B02DCA9-42FF-4168-BC67-986B2BDAD78B} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3979886858-3466003010-52152672-1116 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
Handler: intu-help-qb17 - {2E3EE4ED-2928-4123-9975-20206B8E4B1C} -  No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2022-05-06] (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\sharepoint.com -> hxxps://lovelaceeng-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 02:14 - 2019-12-07 02:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\Control Panel\Desktop\\Wallpaper -> C:\Users\mary\Desktop\Mary's Documents\A Personal Place\pngtree-purple-watercolor-sumi-vintage-floral-border-background-picture-image_1219230.jpg
DNS Servers: 192.168.254.2 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "Vista Fax Daemon.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "SecurityHealth"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D93AF75D227E4510AE1D42E181D1834B"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_012365C4288EC115F2F0C751243D3576"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_809B74D231354AD3DE6C5DCCAC791EFC"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4BF91C18-2520-4DCC-9322-95AF9E980E6F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{A7F69B2C-3771-4CA8-B6EE-DB5DA538AD71}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{10D8E29A-89C3-4EC1-ADD7-AA111DA9DD4D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{2BB9C59F-4152-4ECC-8EAD-D886143A0FDE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{D6FA5B1E-E987-4F83-B3A9-51A958CE4E7A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{475E7ACF-50A8-4143-8F0B-0DB9104B0779}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{303F70AA-CF3E-4DF2-86DC-267E8F29A0AD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{7378FA67-CD78-4E07-B99A-1D08AC08263B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{66ABF64F-920A-4C8E-A3EA-03915C95FA89}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{7FDD70FF-322C-4019-AD55-B1EED0ACAAD4}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{27AD9E22-FF8C-44BD-8728-C1DD7222D8E3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{13D51DC1-D17F-4011-8310-AABAFC27EF8E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{23A4C02A-ECF3-440F-BEBC-2F8756BD477B}C:\users\mary\appdata\local\programs\sipalgelectron\sip alg detector.exe] => (Allow) C:\users\mary\appdata\local\programs\sipalgelectron\sip alg detector.exe (Systemserver -> SIP ALG Detector)
FirewallRules: [UDP Query User{939C0A7D-9676-47BB-9C9E-DAB9DD8DA23D}C:\users\mary\appdata\local\programs\sipalgelectron\sip alg detector.exe] => (Allow) C:\users\mary\appdata\local\programs\sipalgelectron\sip alg detector.exe (Systemserver -> SIP ALG Detector)
FirewallRules: [TCP Query User{2BDC60BE-07A0-404D-A80C-51A87CA82628}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe (Ph. Jounin) [File not signed]
FirewallRules: [UDP Query User{1AC858BA-6167-45BE-9B3A-469370FC3611}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe (Ph. Jounin) [File not signed]
FirewallRules: [TCP Query User{C4571315-31CF-49E7-8A3B-869A0073352B}C:\users\mary\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\mary\appdata\roaming\zoom\bin\zoom.exe => No File
FirewallRules: [UDP Query User{4ABD339F-CD23-46CC-8BE9-CA0824E2C381}C:\users\mary\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\mary\appdata\roaming\zoom\bin\zoom.exe => No File
FirewallRules: [{544D392B-2809-4210-AF06-DFFCE5D63A81}] => (Allow) C:\QuickBooks Premier Edition 2021\qbw32.exe => No File
FirewallRules: [{879C848B-4E20-44FE-A25D-4B062D5DE33F}] => (Allow) C:\QuickBooks Premier Edition 2021\qbw32.exe => No File
FirewallRules: [{FA6920D5-03D6-4664-ACED-CC15D7CA2141}] => (Allow) C:\QuickBooks Premier Edition 2021\dbmanagerexe.exe => No File
FirewallRules: [{01A2881C-F194-4566-A9B1-D484B4F8EA3E}] => (Allow) C:\QuickBooks Premier Edition 2021\dbmanagerexe.exe => No File
FirewallRules: [{900EFBBC-B2A3-4B6D-963B-A342A7EE9D12}] => (Allow) C:\QuickBooks Premier Edition 2021\filemanagement.exe => No File
FirewallRules: [{CE5D6B2E-8F08-4229-9DBB-D4CA214724CB}] => (Allow) C:\QuickBooks Premier Edition 2021\filemanagement.exe => No File
FirewallRules: [{3A6051C1-3359-42BA-826A-496D19A8AA9F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe => No File
FirewallRules: [{BFBD91C1-5850-4E7A-8F90-E62B87794B7A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe => No File
FirewallRules: [{03D14DBD-5B05-4BE5-8E3B-DE22D266A079}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe => No File
FirewallRules: [{0F76E667-E7A7-4B9D-B4A1-8B2085536767}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe => No File
FirewallRules: [{595FDFB8-7D20-4CCA-9D2C-556C6755AA58}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{8AE0B644-8A57-4246-8242-4F3C03C6AE74}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{7BACCFD8-F482-475F-9B25-A379030CA7C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{70CE0B78-3434-487E-9CAC-C9181E996F16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AA5F61BF-2116-4222-9948-97DC8DBA489F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{ECB5C45E-7A7B-480B-86C1-EE6306CEC6FA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{548D2CA8-FDD6-45F2-8B16-B67C406EBC14}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C523FB76-63BA-4B52-9FD9-9B923B5334DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{63A219B7-4578-487F-8338-C1BDF4686F47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E95BA31B-5A21-44DB-B736-252E8E31BF1B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{986FCA53-6ACC-4EB8-B86D-EF448AD46564}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{3D44382D-2164-4DD4-97DC-38C19EC85F8E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{449104D8-A378-410C-8F54-CD8BFEB3F3CB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{E9BF53D3-5294-404E-8F4E-2938DA9EA929}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{1DCA646B-88BC-4E03-973C-8AE9E6E1F9D7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{5CCC4114-BA4E-4B19-8A62-49BF3782176B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{294C8B69-4141-4DCA-973F-D7B40C03E3EF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{F0211EEC-9C9A-4A6D-BA4F-4B1D7D7F80BD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{15EE2531-08D7-443E-BF0A-B972F57EE129}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [TCP Query User{392CBC4C-FA61-44A5-9FF5-96E1BB38C56F}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{71EE2DD7-6B52-4A80-81A4-6231619270A2}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{0534412A-5128-4A64-8CA2-ADC18EC8A61D}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7E321C81-98BD-448F-BC33-40287285218B}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{30013816-28EF-4D01-880D-CB32E15DBA64}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{16173167-A240-48B5-8E23-0F132BB2A9C9}C:\users\mary\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mary\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{020225B8-79B0-4564-8BC3-D53ED177FB06}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{CC595575-5A32-4D9C-8BDF-553C11965984}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{9B0508CF-A24E-4979-A89B-BA3005A7504F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8F947C6E-1EC8-4E3A-9717-302BF98C127F}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{A44A462E-DFA0-46DA-8BB1-F9E75565BB39}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{EDA4FD33-1C75-43CB-92A0-68A7FD670C58}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{FE68E06C-0886-452D-A6BA-A8A2816B577B}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{61295796-E3D8-479A-9F1F-8F933877D75D}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3314.2555.9628_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A6D0A6D-1D2C-4899-A81E-B9CCE5E271FB}] => (Allow) C:\QuickBooks Premier Edition 2021\qbdbmgrn.exe => No File
FirewallRules: [{3F79E0D3-72E1-43B2-A402-2E0AA0021859}] => (Allow) C:\QuickBooks Premier Edition 2021\qbdbmgrn.exe => No File
FirewallRules: [{C143A4ED-E934-4D79-AFDA-F78559D5F2C0}] => (Allow) C:\Program Files\Intuit\QuickBooks 2024\QBDBMgrN.exe => No File
FirewallRules: [{2FE64E85-22E1-43F2-8893-152382B7C6C4}] => (Allow) C:\Program Files\Intuit\QuickBooks 2024\QBDBMgrN.exe => No File
FirewallRules: [{3A358ACA-CBBE-431A-A5A8-0EA09E1C192B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BFE68FD8-C196-447C-B94D-DFC41F39C04B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2AD3C678-850E-4CEB-94B4-9CC0E4276D49}] => (Allow) C:\Program Files\Intuit\QuickBooks 2024\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{58522210-CAD9-4C94-994E-BB7B82060B4D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C8505301-CD47-4D9E-8996-7EB3C11DEB09}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{01D6D90D-01D1-4929-BCCF-B072D70BB3F8}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C62A2456-3906-4810-8402-42EB10F17F46}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{0995DB68-116A-4852-A8CF-6AFDF3B0B2F4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{EC228DE4-697F-4E16-8FF7-FC36C26D7BD2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{056F9AAA-8814-47C8-970B-BF150DE17FC3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{2BB6D4FF-EE14-4115-AD3B-559B7B7F165B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{82432110-33BC-49C2-B736-34FA204FA05A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B5D74BBA-E1FA-4B74-8377-3D4B80394E8A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B5E42A8A-7E74-42A2-8D03-1A5D1CA8E811}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7CD11D10-FA44-4BDE-A37E-CB05E3F79504}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FE673F22-F2A0-4909-9115-8658F0F553FB}] => (Allow) C:\Program Files\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{11ADD91F-C83C-4D05-810D-9403A5F523F0}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{918196CF-5673-49BF-9A28-E1FF7399E3F8}] => (Allow) C:\Program Files\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{698D5BB9-9B94-4B09-82EF-CA1D7DFCCF06}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24124.2404.2914.2538_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{68C4B464-999A-46A8-9914-135EF8F62C50}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24124.2404.2914.2538_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{65F7459D-7A31-4354-AAC6-248E3D03B432}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4B80B651-2C25-4DCE-B249-B2D5116DC081}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{21CE7EDE-13B6-4362-9106-5E77AA5B933B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E9289498-1AEF-4A42-B1E6-5C9AD74797A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{EAC0F51D-4719-499D-82E9-07CC5FE3C412}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D5AFBA18-C403-4F56-B312-6F53062E8585}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{32F07A9A-C6D6-48FA-BAAF-401AC89EB82B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{404FA2DA-E11F-4A09-9B2D-4E735CF70B2B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{482DAE5F-2EBC-442A-9313-74BCB786E117}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{CB8C1E42-9038-4640-A1D7-816CC73110A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{902BA21D-DCA4-42A2-AE10-90624589AED8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0007ADDF-C804-4B8A-B59F-68548AD01385}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.239.578.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
 
==================== Restore Points =========================
 
04-06-2024 18:12:40 Windows Update
06-06-2024 16:01:19 Removed QuickBooks Runtime Redistributable.
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (06/06/2024 04:18:08 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program ShellExperienceHost.exe version 10.0.22621.3527 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (06/06/2024 04:11:17 PM) (Source: Application Error) (EventID: 1000) (User: LOVELACE)
Description: Faulting application name: explorer.exe, version: 10.0.22621.3527, time stamp: 0x00c8ba7a
Faulting module name: ntdll.dll, version: 10.0.22621.3527, time stamp: 0x92b2df34
Exception code: 0xc0000374
Fault offset: 0x000000000010c769
Faulting process id: 0x0x1248
Faulting application start time: 0x0x1dab866c09d9a60
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 9bb28b53-356a-4c0f-b8f6-38b908b009e6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/06/2024 04:10:41 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program explorer.exe version 10.0.22621.3527 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Error: (06/06/2024 04:04:43 PM) (Source: Application Error) (EventID: 1000) (User: NT AUTHORITY)
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x0000000000000000
Faulting process id: 0x0x10e4
Faulting application start time: 0x0x1dab69452c5fc4f
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: 43dd55b7-2384-47e5-800a-096760465ab8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/06/2024 04:01:06 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: LOVELACE)
Description: Application or service 'QBIDPService' could not be restarted.
 
Error: (06/06/2024 04:01:06 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: LOVELACE)
Description: Application or service 'QBUpdateMonitorService' could not be restarted.
 
Error: (06/06/2024 04:01:06 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: LOVELACE)
Description: Application or service 'QBWCMonitor' could not be restarted.
 
Error: (06/06/2024 04:01:06 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: LOVELACE)
Description: Application or service 'QBCFMonitorService' could not be restarted.
 
 
System errors:
=============
Error: (06/06/2024 04:18:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Service API service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (06/06/2024 04:18:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Collector service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (06/06/2024 04:18:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dell Data Vault Processor service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (06/06/2024 04:16:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The QBWCMonitor service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/06/2024 04:16:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service hung on starting.
 
Error: (06/06/2024 04:13:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Dell Data Vault Processor service hung on starting.
 
Error: (06/06/2024 04:11:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.
 
Error: (06/06/2024 04:07:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MicrosoftSearchInBing service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
Windows Defender:
================
Date: 2024-06-05 18:32:25
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-06-04 18:46:48
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-06-04 11:14:02
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-06-02 18:44:12
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-06-01 19:31:25
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
 
Date: 2024-03-06 17:01:00
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted 
Security intelligence Version: 1.405.1133.0;1.405.1133.0
Engine Version: 1.1.24020.9 
 
Date: 2024-03-06 17:00:54
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted 
Security intelligence Version: 1.405.1152.0;1.405.1152.0
Engine Version: 1.1.24020.9 
 
Date: 2023-11-23 08:25:32
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.1056.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070102
Error description: The wait operation timed out.  
 
Date: 2023-11-17 08:23:38
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.401.751.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23100.2009
Error code: 0x80070102
Error description: The wait operation timed out.  
 
Date: 2023-09-27 23:15:24
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.397.1675.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23090.2007
Error code: 0x80070102
Error description: The wait operation timed out.  
 
CodeIntegrity:
===============
Date: 2024-05-31 07:31:37
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. 
 
Date: 2024-05-31 06:54:08
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. 
 
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. 1.7.0 10/19/2020
Motherboard: Dell Inc. 0YNVJG
Processor: Intel® Core™ i5-9500 CPU @ 3.00GHz
Percentage of memory in use: 85%
Total physical RAM: 7973.94 MB
Available physical RAM: 1182.2 MB
Total Virtual: 15141.94 MB
Available Virtual: 7683.63 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.51 GB) (Free:296.61 GB) (Model: WDC WD5000AZLX-75K2TA1) NTFS
 
\\?\Volume{fb6d99f7-c7bc-4faf-8c1c-c6b18da8f512}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.08 GB) NTFS
\\?\Volume{598a17b2-40ab-4273-9653-5160b0e748b0}\ (ESP) (Fixed) (Total:0.14 GB) (Free:0.09 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: AB689CA2)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP

Uninstall:

Microsoft Search in Bing  (it's causing errors)

Speccy (we don't need it any more)

 

Hopefully you haven't reinstalled QB yet.  (If you have reinstalled QB DO NOT run the Fixlist at the bottom of this post!)

 

Open Edge

click on the 3 dots in the upper right.

Click on Settings.

 

Click on System and Performance.

Turn off

 

Startup boost
 
Continue running background extensions and apps when Microsoft Edge is closed
 
Close Edge.
 
Open Chrome
Click on the three dots in the upper corner.
Scroll down to Settings and click on it.
Click on System (near the bottom of the list)
Turn off
Continue running background apps when Google Chrome is closed
Now go back up to Performance
Under Speed
Turn Off
Preload pages.
Close Chrome
 
Search for
 
task scheduler
 
When it finds it, right click and Run As Administrator
 
Click on the arrow in front of Task Scheduler Library then
 
Click on the arrow in front of Microsoft
 
Click on the arrow in front of Windows
 
Click on Application Experience.  In the next pane to the right, right click on each Task and Delete.  Should be three or four (later versions) tasks. I understand that Win 11 will not let you remove one of the tasks.  That's OK.
 
Click on Customer Experience Improvement Program.  In the next pane to the right, right click on each Task and Delete.  Should be two tasks.
 
Close Task Scheduler.
 
Search for
services.msc
hit Enter
 
Find SysMain
Right click on it and select Properties.  Change the Startup Type from Automatic to Disabled.  OK
 
 
 
Download OOSU10.exe:
 
 
Download and Save it (You will get a popup while it's downloading.  You can X out of it)
then go to the Download folder and Right click on the downloaded file and Run As Admin.
Allow it to make a System Restore Point.
Click on Actions then on Apply Recommended Settings.
 
Close the program but don't reboot yet.
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   56.3KB   48 downloads
 
Run FRST and press Fix.  This will remove some deadwood (references to files that are no longer there) and check your system files for problems.  Normally takes about 30 minutes but will time out after an hour on a super slow one.  Be patient.
It will reboot on its own when it finishes.
A fix log will be generated please post that 
 
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 
If it is still running slow then open Process Explorer again but this time click on the column header that says Working Set.  That will sort things with the big memory users at the top.  Wait 1 minute then File Save As and note where it saves it and what the file is called.  Close Process Explorer and open the log file and copy and paste it to a Reply.
 
How old is your PC?  What is the model number or serial number?
 
 
 
 
 
 

  • 0

Advertisements


#11
mandrada

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Thank you.

I have not re-installed QB.

I have done the following:

Uninstalled Microsoft Search in Bing and Speccy

I did all he other things in your instructions.

I will post the logs in the next post

This computer is about 3 years old and it is a Dell Optiplex 7070


  • 0

#12
mandrada

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 07.06.2024
Ran by mary (07-06-2024 07:26:16) Run:1
Running from C:\Users\mary\Desktop
Loaded Profiles: mary & bob & QBDataServiceUser31 & QBDataServiceUser34
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {A2BFA4C3-E046-4A9D-A0BB-BF71FED3F887} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe  LogonUpdateResults (No File)
Task: {A0BAA87C-5CE3-4CA9-942B-82AED3D4C416} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC ReadyToReboot (No File)
Task: {B25636AC-0AED-4EFE-88FF-49BA5C141D03} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery ReadyToReboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {6CDD7EF7-DD58-450A-8E17-1C40D804DF55} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe  (No File)
S2 MicrosoftSearchInBing; C:\Program Files (x86)\Microsoft\Microsoft Search in Bing\MicrosoftSearchInBing.exe [21376 2020-04-20] (Microsoft Corporation -> )
S2 CCleanerPerformanceOptimizerService; "C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe" [X]
S2 QBWCMonitor; "C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe" [X]
S4 QuickBooksDB31; C:\QuickBooks Premier Edition 2021\QBDBMgrN.exe -hvQuickBooksDB31 [X]
S4 QuickBooksDB34; C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB34 [X]
QBDataServiceUser31 (S-1-5-21-4211803538-2084879006-1980355138-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser31
QBDataServiceUser34 (S-1-5-21-4211803538-2084879006-1980355138-1003 - Limited - Enabled) => C:\Users\QBDataServiceUser34
CCleaner Update Helper (HKLM-x32\...\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}) (Version: 1.8.1583.3 - Piriform Software) Hidden
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{00E36C5D-CFBD-364F-AA9E-CB902CB407BD}\InprocServer32 -> C:/Program Files/SecuriSync/OutlookPlugin/Sync.Desktop.Windows.OutlookPlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{1D8CB3CA-2453-3D6F-88F8-82C76023EE2C}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{40d89b2c-0ffe-4d59-a2db-031a0033d713}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{518711FA-3D8A-3A0E-BCB6-3A393B688C61}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{5C156F2F-01D6-4476-A126-0DA82D7A5FC5}\InprocServer32 -> C:\Program Files\SecuriSync\OfficePlugin\adxloader64.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{61B76A32-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{61B76A34-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{63B5B272-1760-4A4F-922B-57F274900044}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{63DBFA59-747B-388B-9692-51A60A35BB0F}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{6829D1D7-7F8C-348B-9F9F-577E78B0300C}\InprocServer32 -> C:/Program Files/SecuriSync/OutlookPlugin/Sync.Desktop.Windows.OutlookPlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{7C3CD4C6-7B05-3B44-91B8-6CAA54A14685}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{8E28E7CD-6B27-3BEC-8EE5-B78FFCBE75EE}\InprocServer32 -> C:/Program Files/SecuriSync/OutlookPlugin/Sync.Desktop.Windows.OutlookPlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9FE79C69-86D8-3CE9-AD2C-48D91AEAA9A8}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A14A674B-E0BE-48C1-BAB2-6ACBA33CA8CF}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qfill.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{AC9B2B25-5613-33D2-8722-1848CFE9E54A}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{B69CEB95-E384-3916-96A9-5BADA3AD385A}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{C8353B7E-CA5F-3678-8838-2B32E9ED2BB6}\InprocServer32 -> C:/Program Files/SecuriSync/OfficePlugin/Sync.Desktop.Windows.OfficePlugin.Connector.DLL => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA3-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA5-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2024\QBW.EXE => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FB359C2A-6927-4AD7-8F1B-B6472CA7CDE7}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FFFD2374-413A-429C-AFD2-AED332DFBEC7}\InprocServer32 -> C:\Program Files\SecuriSync\OutlookPlugin\adxloader64.dll => No File
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\StartupApproved\Run: => "CCleanerBrowserAutoLaunch_012365C4288EC115F2F0C751243D3576"
FirewallRules: [{4BF91C18-2520-4DCC-9322-95AF9E980E6F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{A7F69B2C-3771-4CA8-B6EE-DB5DA538AD71}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{10D8E29A-89C3-4EC1-ADD7-AA111DA9DD4D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{2BB9C59F-4152-4ECC-8EAD-D886143A0FDE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{D6FA5B1E-E987-4F83-B3A9-51A958CE4E7A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{475E7ACF-50A8-4143-8F0B-0DB9104B0779}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{303F70AA-CF3E-4DF2-86DC-267E8F29A0AD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{7378FA67-CD78-4E07-B99A-1D08AC08263B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.92.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{66ABF64F-920A-4C8E-A3EA-03915C95FA89}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{7FDD70FF-322C-4019-AD55-B1EED0ACAAD4}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [TCP Query User{2BDC60BE-07A0-404D-A80C-51A87CA82628}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe (Ph. Jounin) [File not signed]
FirewallRules: [UDP Query User{1AC858BA-6167-45BE-9B3A-469370FC3611}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe (Ph. Jounin) [File not signed]
FirewallRules: [TCP Query User{C4571315-31CF-49E7-8A3B-869A0073352B}C:\users\mary\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\mary\appdata\roaming\zoom\bin\zoom.exe => No File
FirewallRules: [UDP Query User{4ABD339F-CD23-46CC-8BE9-CA0824E2C381}C:\users\mary\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\mary\appdata\roaming\zoom\bin\zoom.exe => No File
FirewallRules: [{544D392B-2809-4210-AF06-DFFCE5D63A81}] => (Allow) C:\QuickBooks Premier Edition 2021\qbw32.exe => No File
FirewallRules: [{879C848B-4E20-44FE-A25D-4B062D5DE33F}] => (Allow) C:\QuickBooks Premier Edition 2021\qbw32.exe => No File
FirewallRules: [{FA6920D5-03D6-4664-ACED-CC15D7CA2141}] => (Allow) C:\QuickBooks Premier Edition 2021\dbmanagerexe.exe => No File
FirewallRules: [{01A2881C-F194-4566-A9B1-D484B4F8EA3E}] => (Allow) C:\QuickBooks Premier Edition 2021\dbmanagerexe.exe => No File
FirewallRules: [{900EFBBC-B2A3-4B6D-963B-A342A7EE9D12}] => (Allow) C:\QuickBooks Premier Edition 2021\filemanagement.exe => No File
FirewallRules: [{CE5D6B2E-8F08-4229-9DBB-D4CA214724CB}] => (Allow) C:\QuickBooks Premier Edition 2021\filemanagement.exe => No File
FirewallRules: [{3A6051C1-3359-42BA-826A-496D19A8AA9F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe => No File
FirewallRules: [{BFBD91C1-5850-4E7A-8F90-E62B87794B7A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe => No File
FirewallRules: [{03D14DBD-5B05-4BE5-8E3B-DE22D266A079}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe => No File
FirewallRules: [{0F76E667-E7A7-4B9D-B4A1-8B2085536767}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe => No File
FirewallRules: [{595FDFB8-7D20-4CCA-9D2C-556C6755AA58}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{8AE0B644-8A57-4246-8242-4F3C03C6AE74}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{7BACCFD8-F482-475F-9B25-A379030CA7C4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{70CE0B78-3434-487E-9CAC-C9181E996F16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{AA5F61BF-2116-4222-9948-97DC8DBA489F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{ECB5C45E-7A7B-480B-86C1-EE6306CEC6FA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{548D2CA8-FDD6-45F2-8B16-B67C406EBC14}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{C523FB76-63BA-4B52-9FD9-9B923B5334DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{63A219B7-4578-487F-8338-C1BDF4686F47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{E95BA31B-5A21-44DB-B736-252E8E31BF1B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.160.672.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{986FCA53-6ACC-4EB8-B86D-EF448AD46564}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{3D44382D-2164-4DD4-97DC-38C19EC85F8E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{449104D8-A378-410C-8F54-CD8BFEB3F3CB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{E9BF53D3-5294-404E-8F4E-2938DA9EA929}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{1DCA646B-88BC-4E03-973C-8AE9E6E1F9D7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe => No File
FirewallRules: [{5CCC4114-BA4E-4B19-8A62-49BF3782176B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{294C8B69-4141-4DCA-973F-D7B40C03E3EF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{F0211EEC-9C9A-4A6D-BA4F-4B1D7D7F80BD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{15EE2531-08D7-443E-BF0A-B972F57EE129}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe => No File
FirewallRules: [{020225B8-79B0-4564-8BC3-D53ED177FB06}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{CC595575-5A32-4D9C-8BDF-553C11965984}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{8F947C6E-1EC8-4E3A-9717-302BF98C127F}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{A44A462E-DFA0-46DA-8BB1-F9E75565BB39}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{EDA4FD33-1C75-43CB-92A0-68A7FD670C58}] => (Allow) C:\QuickBooks Premier Edition 2021\CefSharp.BrowserSubprocess.exe => No File
FirewallRules: [{1A6D0A6D-1D2C-4899-A81E-B9CCE5E271FB}] => (Allow) C:\QuickBooks Premier Edition 2021\qbdbmgrn.exe => No File
FirewallRules: [{3F79E0D3-72E1-43B2-A402-2E0AA0021859}] => (Allow) C:\QuickBooks Premier Edition 2021\qbdbmgrn.exe => No File
FirewallRules: [{C143A4ED-E934-4D79-AFDA-F78559D5F2C0}] => (Allow) C:\Program Files\Intuit\QuickBooks 2024\QBDBMgrN.exe => No File
FirewallRules: [{2FE64E85-22E1-43F2-8893-152382B7C6C4}] => (Allow) C:\Program Files\Intuit\QuickBooks 2024\QBDBMgrN.exe => No File
CMD: sc config MapsBroker Start= Disabled
 
 
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A2BFA4C3-E046-4A9D-A0BB-BF71FED3F887}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2BFA4C3-E046-4A9D-A0BB-BF71FED3F887}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0BAA87C-5CE3-4CA9-942B-82AED3D4C416}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0BAA87C-5CE3-4CA9-942B-82AED3D4C416}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B25636AC-0AED-4EFE-88FF-49BA5C141D03}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B25636AC-0AED-4EFE-88FF-49BA5C141D03}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CDD7EF7-DD58-450A-8E17-1C40D804DF55}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CDD7EF7-DD58-450A-8E17-1C40D804DF55}" => removed successfully
C:\WINDOWS\System32\Tasks\QBScheduledReport => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QBScheduledReport" => removed successfully
MicrosoftSearchInBing => service not found.
HKLM\System\CurrentControlSet\Services\CCleanerPerformanceOptimizerService => removed successfully
CCleanerPerformanceOptimizerService => service removed successfully
HKLM\System\CurrentControlSet\Services\QBWCMonitor => removed successfully
QBWCMonitor => service removed successfully
HKLM\System\CurrentControlSet\Services\QuickBooksDB31 => removed successfully
QuickBooksDB31 => service removed successfully
HKLM\System\CurrentControlSet\Services\QuickBooksDB34 => removed successfully
QuickBooksDB34 => service removed successfully
QBDataServiceUser31 (S-1-5-21-4211803538-2084879006-1980355138-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser31 => removed successfully
QBDataServiceUser34 (S-1-5-21-4211803538-2084879006-1980355138-1003 - Limited - Enabled) => C:\Users\QBDataServiceUser34 => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4EAC0E2-A80B-479F-BA45-DCDA595C9A93}\\SystemComponent" => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{00E36C5D-CFBD-364F-AA9E-CB902CB407BD} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{1D8CB3CA-2453-3D6F-88F8-82C76023EE2C} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{40d89b2c-0ffe-4d59-a2db-031a0033d713} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{518711FA-3D8A-3A0E-BCB6-3A393B688C61} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{5C156F2F-01D6-4476-A126-0DA82D7A5FC5} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{61B76A32-6422-11D5-A590-0050DABD6B8C} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{61B76A34-6422-11D5-A590-0050DABD6B8C} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{63B5B272-1760-4A4F-922B-57F274900044} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{63DBFA59-747B-388B-9692-51A60A35BB0F} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{6829D1D7-7F8C-348B-9F9F-577E78B0300C} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{7C3CD4C6-7B05-3B44-91B8-6CAA54A14685} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{8E28E7CD-6B27-3BEC-8EE5-B78FFCBE75EE} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{9FE79C69-86D8-3CE9-AD2C-48D91AEAA9A8} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A14A674B-E0BE-48C1-BAB2-6ACBA33CA8CF} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{AC9B2B25-5613-33D2-8722-1848CFE9E54A} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{B69CEB95-E384-3916-96A9-5BADA3AD385A} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{C8353B7E-CA5F-3678-8838-2B32E9ED2BB6} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{CBEF1FB5-78FF-4B14-9B0F-275493FB589C} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA3-A54B-11D4-A516-0050DA68678D} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA5-A54B-11D4-A516-0050DA68678D} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FB359C2A-6927-4AD7-8F1B-B6472CA7CDE7} => removed successfully
HKU\S-1-5-21-3979886858-3466003010-52152672-1116_Classes\CLSID\{FFFD2374-413A-429C-AFD2-AED332DFBEC7} => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\QuickBooks_Standard_21.lnk" => removed successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\QuickBooks Update Agent.lnk" => removed successfully
"HKU\S-1-5-21-3979886858-3466003010-52152672-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\CCleaner Smart Cleaning" => removed successfully
"HKU\S-1-5-21-3979886858-3466003010-52152672-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CCleaner Smart Cleaning" => not found
"HKU\S-1-5-21-3979886858-3466003010-52152672-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\CCleanerBrowserAutoLaunch_012365C4288EC115F2F0C751243D3576" => removed successfully
"HKU\S-1-5-21-3979886858-3466003010-52152672-1116\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CCleanerBrowserAutoLaunch_012365C4288EC115F2F0C751243D3576" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4BF91C18-2520-4DCC-9322-95AF9E980E6F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A7F69B2C-3771-4CA8-B6EE-DB5DA538AD71}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{10D8E29A-89C3-4EC1-ADD7-AA111DA9DD4D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2BB9C59F-4152-4ECC-8EAD-D886143A0FDE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6FA5B1E-E987-4F83-B3A9-51A958CE4E7A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{475E7ACF-50A8-4143-8F0B-0DB9104B0779}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{303F70AA-CF3E-4DF2-86DC-267E8F29A0AD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7378FA67-CD78-4E07-B99A-1D08AC08263B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66ABF64F-920A-4C8E-A3EA-03915C95FA89}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FDD70FF-322C-4019-AD55-B1EED0ACAAD4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2BDC60BE-07A0-404D-A80C-51A87CA82628}C:\program files\tftpd64\tftpd64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1AC858BA-6167-45BE-9B3A-469370FC3611}C:\program files\tftpd64\tftpd64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C4571315-31CF-49E7-8A3B-869A0073352B}C:\users\mary\appdata\roaming\zoom\bin\zoom.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4ABD339F-CD23-46CC-8BE9-CA0824E2C381}C:\users\mary\appdata\roaming\zoom\bin\zoom.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{544D392B-2809-4210-AF06-DFFCE5D63A81}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{879C848B-4E20-44FE-A25D-4B062D5DE33F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA6920D5-03D6-4664-ACED-CC15D7CA2141}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01A2881C-F194-4566-A9B1-D484B4F8EA3E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{900EFBBC-B2A3-4B6D-963B-A342A7EE9D12}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE5D6B2E-8F08-4229-9DBB-D4CA214724CB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A6051C1-3359-42BA-826A-496D19A8AA9F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFBD91C1-5850-4E7A-8F90-E62B87794B7A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{03D14DBD-5B05-4BE5-8E3B-DE22D266A079}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F76E667-E7A7-4B9D-B4A1-8B2085536767}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{595FDFB8-7D20-4CCA-9D2C-556C6755AA58}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8AE0B644-8A57-4246-8242-4F3C03C6AE74}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BACCFD8-F482-475F-9B25-A379030CA7C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70CE0B78-3434-487E-9CAC-C9181E996F16}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AA5F61BF-2116-4222-9948-97DC8DBA489F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ECB5C45E-7A7B-480B-86C1-EE6306CEC6FA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{548D2CA8-FDD6-45F2-8B16-B67C406EBC14}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C523FB76-63BA-4B52-9FD9-9B923B5334DC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63A219B7-4578-487F-8338-C1BDF4686F47}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E95BA31B-5A21-44DB-B736-252E8E31BF1B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{986FCA53-6ACC-4EB8-B86D-EF448AD46564}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D44382D-2164-4DD4-97DC-38C19EC85F8E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{449104D8-A378-410C-8F54-CD8BFEB3F3CB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9BF53D3-5294-404E-8F4E-2938DA9EA929}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1DCA646B-88BC-4E03-973C-8AE9E6E1F9D7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5CCC4114-BA4E-4B19-8A62-49BF3782176B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{294C8B69-4141-4DCA-973F-D7B40C03E3EF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F0211EEC-9C9A-4A6D-BA4F-4B1D7D7F80BD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15EE2531-08D7-443E-BF0A-B972F57EE129}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{020225B8-79B0-4564-8BC3-D53ED177FB06}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CC595575-5A32-4D9C-8BDF-553C11965984}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8F947C6E-1EC8-4E3A-9717-302BF98C127F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A44A462E-DFA0-46DA-8BB1-F9E75565BB39}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EDA4FD33-1C75-43CB-92A0-68A7FD670C58}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A6D0A6D-1D2C-4899-A81E-B9CCE5E271FB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3F79E0D3-72E1-43B2-A402-2E0AA0021859}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C143A4ED-E934-4D79-AFDA-F78559D5F2C0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2FE64E85-22E1-43F2-8893-152382B7C6C4}" => removed successfully
 
========= sc config MapsBroker Start= Disabled =========
 
[SC] ChangeServiceConfig SUCCESS
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.22621.2792
 
Image Version: 10.0.22631.3593
 
 
[==                         3.8%                           ] 
 
[==                         3.8%                           ] 
 
[==                         3.9%                           ] 
 
[==                         4.1%                           ] 
 
[==                         4.2%                           ] 
 
[==                         4.4%                           ] 
 
[==                         4.5%                           ] 
 
[==                         4.7%                           ] 
 
[==                         4.9%                           ] 
 
[==                         5.1%                           ] 
 
[===                        5.2%                           ] 
 
[===                        5.4%                           ] 
 
[===                        5.7%                           ] 
 
[===                        5.8%                           ] 
 
[===                        5.9%                           ] 
 
[===                        6.2%                           ] 
 
[===                        6.3%                           ] 
 
[===                        6.5%                           ] 
 
[===                        6.6%                           ] 
 
[===                        6.8%                           ] 
 
[===                        6.8%                           ] 
 
[===                        6.9%                           ] 
 
[====                       6.9%                           ] 
 
[====                       7.2%                           ] 
 
[====                       7.3%                           ] 
 
[====                       7.5%                           ] 
 
[====                       7.5%                           ] 
 
[====                       7.5%                           ] 
 
[====                       7.8%                           ] 
 
[====                       8.1%                           ] 
 
[====                       8.2%                           ] 
 
[====                       8.3%                           ] 
 
[====                       8.4%                           ] 
 
[====                       8.6%                           ] 
 
[=====                      8.8%                           ] 
 
[=====                      9.1%                           ] 
 
[=====                      10.1%                          ] 
 
[======                     11.1%                          ] 
 
[======                     11.5%                          ] 
 
[======                     11.8%                          ] 
 
[=======                    12.2%                          ] 
 
[=======                    12.2%                          ] 
 
[=======                    12.2%                          ] 
 
[=======                    12.5%                          ] 
 
[=======                    12.7%                          ] 
 
[=======                    13.1%                          ] 
 
[=======                    13.4%                          ] 
 
[=======                    13.7%                          ] 
 
[========                   14.0%                          ] 
 
[========                   14.4%                          ] 
 
[========                   14.6%                          ] 
 
[========                   14.9%                          ] 
 
[========                   15.4%                          ] 
 
[=========                  15.7%                          ] 
 
[=========                  15.9%                          ] 
 
[=========                  16.4%                          ] 
 
[=========                  16.7%                          ] 
 
[=========                  17.0%                          ] 
 
[==========                 17.3%                          ] 
 
[==========                 17.7%                          ] 
 
[==========                 17.9%                          ] 
 
[==========                 18.0%                          ] 
 
[==========                 18.3%                          ] 
 
[==========                 18.6%                          ] 
 
[==========                 18.9%                          ] 
 
[===========                19.2%                          ] 
 
[===========                19.5%                          ] 
 
[===========                19.8%                          ] 
 
[===========                20.1%                          ] 
 
[===========                20.2%                          ] 
 
[===========                20.5%                          ] 
 
[===========                20.6%                          ] 
 
[============               20.8%                          ] 
 
[============               20.8%                          ] 
 
[============               20.8%                          ] 
 
[============               21.0%                          ] 
 
[============               21.0%                          ] 
 
[============               21.1%                          ] 
 
[============               21.1%                          ] 
 
[============               21.3%                          ] 
 
[============               21.4%                          ] 
 
[============               21.6%                          ] 
 
[============               21.7%                          ] 
 
[============               21.7%                          ] 
 
[============               21.8%                          ] 
 
[============               22.0%                          ] 
 
[============               22.3%                          ] 
 
[=============              22.4%                          ] 
 
[=============              22.7%                          ] 
 
[=============              22.9%                          ] 
 
[=============              22.9%                          ] 
 
[=============              23.1%                          ] 
 
[=============              23.1%                          ] 
 
[=============              23.2%                          ] 
 
[=============              23.4%                          ] 
 
[=============              23.5%                          ] 
 
[=============              23.8%                          ] 
 
[=============              23.9%                          ] 
 
[=============              24.0%                          ] 
 
[==============             24.2%                          ] 
 
[==============             24.2%                          ] 
 
[==============             24.4%                          ] 
 
[==============             24.5%                          ] 
 
[==============             24.8%                          ] 
 
[==============             25.0%                          ] 
 
[==============             25.2%                          ] 
 
[==============             25.4%                          ] 
 
[==============             25.6%                          ] 
 
[==============             25.7%                          ] 
 
[===============            26.0%                          ] 
 
[===============            26.3%                          ] 
 
[===============            26.5%                          ] 
 
[===============            26.7%                          ] 
 
[===============            26.9%                          ] 
 
[===============            26.9%                          ] 
 
[===============            27.0%                          ] 
 
[===============            27.1%                          ] 
 
[===============            27.2%                          ] 
 
[===============            27.2%                          ] 
 
[===============            27.3%                          ] 
 
[================           27.7%                          ] 
 
[================           27.8%                          ] 
 
[================           27.9%                          ] 
 
[================           28.2%                          ] 
 
[================           28.5%                          ] 
 
[================           28.5%                          ] 
 
[================           28.7%                          ] 
 
[================           28.9%                          ] 
 
[================           29.0%                          ] 
 
[================           29.2%                          ] 
 
[=================          29.4%                          ] 
 
[=================          29.4%                          ] 
 
[=================          29.4%                          ] 
 
[=================          29.6%                          ] 
 
[=================          29.6%                          ] 
 
[=================          29.7%                          ] 
 
[=================          29.8%                          ] 
 
[=================          30.0%                          ] 
 
[=================          30.1%                          ] 
 
[=================          30.2%                          ] 
 
[=================          30.3%                          ] 
 
[=================          30.4%                          ] 
 
[=================          30.5%                          ] 
 
[=================          30.8%                          ] 
 
[=================          30.9%                          ] 
 
[=================          31.0%                          ] 
 
[==================         31.1%                          ] 
 
[==================         31.2%                          ] 
 
[==================         31.5%                          ] 
 
[==================         31.6%                          ] 
 
[==================         31.8%                          ] 
 
[==================         31.9%                          ] 
 
[==================         32.1%                          ] 
 
[==================         32.2%                          ] 
 
[==================         32.2%                          ] 
 
[==================         32.2%                          ] 
 
[==================         32.3%                          ] 
 
[==================         32.4%                          ] 
 
[==================         32.5%                          ] 
 
[==================         32.5%                          ] 
 
[==================         32.6%                          ] 
 
[==================         32.7%                          ] 
 
[===================        32.8%                          ] 
 
[===================        32.8%                          ] 
 
[===================        32.9%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.3%                          ] 
 
[===================        33.7%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.3%                          ] 
 
[===================        34.4%                          ] 
 
[====================       34.5%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.7%                          ] 
 
[====================       34.9%                          ] 
 
[====================       35.1%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.4%                          ] 
 
[====================       35.5%                          ] 
 
[====================       35.5%                          ] 
 
[====================       35.6%                          ] 
 
[====================       35.8%                          ] 
 
[====================       35.8%                          ] 
 
[====================       35.9%                          ] 
 
[=====================      36.2%                          ] 
 
[=====================      36.4%                          ] 
 
[=====================      36.5%                          ] 
 
[=====================      36.7%                          ] 
 
[=====================      36.8%                          ] 
 
[=====================      37.0%                          ] 
 
[=====================      37.3%                          ] 
 
[=====================      37.3%                          ] 
 
[=====================      37.4%                          ] 
 
[=====================      37.7%                          ] 
 
[=====================      37.8%                          ] 
 
[=====================      37.9%                          ] 
 
[======================     38.0%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.2%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.4%                          ] 
 
[======================     38.5%                          ] 
 
[======================     38.6%                          ] 
 
[======================     38.7%                          ] 
 
[======================     38.7%                          ] 
 
[======================     38.8%                          ] 
 
[======================     38.9%                          ] 
 
[======================     38.9%                          ] 
 
[======================     39.0%                          ] 
 
[======================     39.0%                          ] 
 
[======================     39.1%                          ] 
 
[======================     39.2%                          ] 
 
[======================     39.2%                          ] 
 
[======================     39.3%                          ] 
 
[======================     39.4%                          ] 
 
[======================     39.5%                          ] 
 
[======================     39.5%                          ] 
 
[======================     39.6%                          ] 
 
[=======================    39.7%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.8%                          ] 
 
[=======================    39.9%                          ] 
 
[=======================    40.1%                          ] 
 
[=======================    40.1%                          ] 
 
[=======================    40.3%                          ] 
 
[=======================    40.4%                          ] 
 
[=======================    40.5%                          ] 
 
[=======================    40.7%                          ] 
 
[=======================    40.8%                          ] 
 
[=======================    41.0%                          ] 
 
[=======================    41.1%                          ] 
 
[=======================    41.3%                          ] 
 
[=======================    41.3%                          ] 
 
[=======================    41.4%                          ] 
 
[========================   41.4%                          ] 
 
[========================   41.5%                          ] 
 
[========================   41.5%                          ] 
 
[========================   41.6%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.7%                          ] 
 
[========================   41.8%                          ] 
 
[========================   41.8%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.1%                          ] 
 
[========================   42.2%                          ] 
 
[========================   42.3%                          ] 
 
[========================   42.4%                          ] 
 
[========================   42.4%                          ] 
 
[========================   42.5%                          ] 
 
[========================   42.6%                          ] 
 
[========================   42.7%                          ] 
 
[========================   42.8%                          ] 
 
[========================   42.9%                          ] 
 
[========================   43.0%                          ] 
 
[========================   43.1%                          ] 
 
[=========================  43.2%                          ] 
 
[=========================  43.2%                          ] 
 
[=========================  43.3%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  43.5%                          ] 
 
[=========================  43.7%                          ] 
 
[=========================  43.8%                          ] 
 
[=========================  44.0%                          ] 
 
[=========================  44.2%                          ] 
 
[=========================  44.2%                          ] 
 
[=========================  44.3%                          ] 
 
[=========================  44.5%                          ] 
 
[=========================  44.5%                          ] 
 
[=========================  44.7%                          ] 
 
[=========================  44.8%                          ] 
 
[========================== 44.8%                          ] 
 
[========================== 44.9%                          ] 
 
[========================== 45.0%                          ] 
 
[========================== 45.1%                          ] 
 
[========================== 45.3%                          ] 
 
[========================== 45.4%                          ] 
 
[========================== 45.4%                          ] 
 
[========================== 45.5%                          ] 
 
[========================== 45.7%                          ] 
 
[========================== 45.7%                          ] 
 
[========================== 45.8%                          ] 
 
[========================== 46.0%                          ] 
 
[========================== 46.0%                          ] 
 
[========================== 46.1%                          ] 
 
[========================== 46.3%                          ] 
 
[========================== 46.4%                          ] 
 
[===========================46.6%                          ] 
 
[===========================46.8%                          ] 
 
[===========================46.9%                          ] 
 
[===========================47.3%                          ] 
 
[===========================47.4%                          ] 
 
[===========================47.6%                          ] 
 
[===========================48.2%                          ] 
 
[===========================48.5%                          ] 
 
[===========================48.7%                          ] 
 
[===========================49.2%                          ] 
 
[===========================49.6%                          ] 
 
[===========================50.0%                          ] 
 
[===========================50.3%                          ] 
 
[===========================50.5%                          ] 
 
[===========================50.8%                          ] 
 
[===========================51.1%                          ] 
 
[===========================51.5%                          ] 
 
[===========================51.6%                          ] 
 
[===========================52.0%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.8%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.6%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.5%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.9%                          ] 
 
[===========================55.9%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.3%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.5%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.6%                          ] 
 
[===========================56.7%                          ] 
 
[===========================56.7%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.8%                          ] 
 
[===========================56.9%=                         ] 
 
[===========================56.9%=                         ] 
 
[===========================56.9%=                         ] 
 
[===========================57.0%=                         ] 
 
[===========================57.0%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.1%=                         ] 
 
[===========================57.2%=                         ] 
 
[===========================57.2%=                         ] 
 
[===========================57.2%=                         ] 
 
[===========================57.4%=                         ] 
 
[===========================57.5%=                         ] 
 
[===========================57.5%=                         ] 
 
[===========================57.5%=                         ] 
 
[===========================57.6%=                         ] 
 
[===========================57.7%=                         ] 
 
[===========================57.7%=                         ] 
 
[===========================57.7%=                         ] 
 
[===========================57.9%=                         ] 
 
[===========================57.9%=                         ] 
 
[===========================58.0%=                         ] 
 
[===========================58.0%=                         ] 
 
[===========================58.5%=                         ] 
 
[===========================58.5%=                         ] 
 
[===========================58.6%=                         ] 
 
[===========================58.6%==                        ] 
 
[===========================58.9%==                        ] 
 
[===========================59.0%==                        ] 
 
[===========================59.5%==                        ] 
 
[===========================59.5%==                        ] 
 
[===========================59.7%==                        ] 
 
[===========================59.7%==                        ] 
 
[===========================59.8%==                        ] 
 
[===========================60.1%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
Beginning system scan.  This process will take some time.
 
Beginning verification phase of system scan.
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 88% complete.
Verification 88% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
 
 
========= End of CMD: =========
 
 
========= findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log =========
 
2024-06-07 08:08:15, Info                  CSI    00000011 [SR] Verifying 100 components
2024-06-07 08:08:15, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2024-06-07 08:08:17, Info                  CSI    00000013 [SR] Verify complete
2024-06-07 08:08:17, Info                  CSI    00000014 [SR] Verifying 100 components
2024-06-07 08:08:17, Info                  CSI    00000015 [SR] Beginning Verify and Repair transaction
2024-06-07 08:08:17, Info                  CSI    00000016 [SR] Verify complete
2024-06-07 08:08:17, Info                  CSI    00000017 [SR] Verifying 100 components
2024-06-07 08:08:17, Info                  CSI    00000018 [SR] Beginning Verify and Repair transaction
2024-06-07 08:08:21, Info                  CSI    00000019 [SR] Verify complete
2024-06-07 08:08:21, Info                  CSI    0000001a [SR] Verifying 100 components
2024-06-07 08:08:21, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
2024-06-07 08:08:22, Info                  CSI    0000001c [SR] Verify complete
2024-06-07 08:08:22, Info                  CSI    0000001d [SR] Verifying 100 components
2024-06-07 08:08:22, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2024-06-07 08:08:27, Info                  CSI    0000001f [SR] Verify complete
2024-06-07 08:08:27, Info                  CSI    00000020 [SR] Verifying 100 components
2024-06-07 08:08:27, Info                  CSI    00000021 [SR] Beginning Verify and Repair transaction
2024-06-07 08:08:30, Info                  CSI    00000022 [SR] Verify complete
2024-06-07 08:08:30, Info                  CSI    00000023 [SR] Verifying 100 components
2024-06-07 08:08:30, Info                  CSI    00000024 [SR] Beginning Verify and Repair transaction
2024-06-07 08:08:36, Info                  CSI    00000025 [SR] Verify complete
2024-06-07 08:08:36, Info                  CSI    00000026 [SR] Verifying 100 components
2024-06-07 08:08:36, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
2024-06-07 08:08:46, Info                  CSI    00000028 [SR] Verify complete
2024-06-07 08:08:46, Info                  CSI    00000029 [SR] Verifying 100 components
2024-06-07 08:08:46, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2024-06-07 08:08:51, Info                  CSI    0000002b [SR] Verify complete
2024-06-07 08:08:52, Info                  CSI    0000002c [SR] Verifying 100 components
2024-06-07 08:08:52, Info                  CSI    0000002d [SR] Beginning Verify and Repair transaction
2024-06-07 08:08:54, Info                  CSI    0000002e [SR] Verify complete
2024-06-07 08:08:54, Info                  CSI    0000002f [SR] Verifying 100 components
2024-06-07 08:08:54, Info                  CSI    00000030 [SR] Beginning Verify and Repair transaction
2024-06-07 08:08:57, Info                  CSI    00000032 [SR] Verify complete
2024-06-07 08:08:57, Info                  CSI    00000033 [SR] Verifying 100 components
2024-06-07 08:08:57, Info                  CSI    00000034 [SR] Beginning Verify and Repair transaction
2024-06-07 08:09:09, Info                  CSI    00000036 [SR] Verify complete
2024-06-07 08:09:09, Info                  CSI    00000037 [SR] Verifying 100 components
2024-06-07 08:09:09, Info                  CSI    00000038 [SR] Beginning Verify and Repair transaction
2024-06-07 08:09:10, Info                  CSI    00000039 [SR] Verify complete
2024-06-07 08:09:11, Info                  CSI    0000003a [SR] Verifying 100 components
2024-06-07 08:09:11, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
2024-06-07 08:09:14, Info                  CSI    0000003c [SR] Verify complete
2024-06-07 08:09:14, Info                  CSI    0000003d [SR] Verifying 100 components
2024-06-07 08:09:14, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2024-06-07 08:09:19, Info                  CSI    0000003f [SR] Verify complete
2024-06-07 08:09:19, Info                  CSI    00000040 [SR] Verifying 100 components
2024-06-07 08:09:19, Info                  CSI    00000041 [SR] Beginning Verify and Repair transaction
2024-06-07 08:09:24, Info                  CSI    00000042 [SR] Verify complete
2024-06-07 08:09:24, Info                  CSI    00000043 [SR] Verifying 100 components
2024-06-07 08:09:24, Info                  CSI    00000044 [SR] Beginning Verify and Repair transaction
2024-06-07 08:09:32, Info                  CSI    00000045 [SR] Verify complete
2024-06-07 08:09:32, Info                  CSI    00000046 [SR] Verifying 100 components
2024-06-07 08:09:32, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
2024-06-07 08:09:41, Info                  CSI    00000048 [SR] Verify complete
2024-06-07 08:09:41, Info                  CSI    00000049 [SR] Verifying 100 components
2024-06-07 08:09:41, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2024-06-07 08:09:48, Info                  CSI    0000004c [SR] Verify complete
2024-06-07 08:09:48, Info                  CSI    0000004d [SR] Verifying 100 components
2024-06-07 08:09:48, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2024-06-07 08:09:53, Info                  CSI    0000004f [SR] Verify complete
2024-06-07 08:09:53, Info                  CSI    00000050 [SR] Verifying 100 components
2024-06-07 08:09:53, Info                  CSI    00000051 [SR] Beginning Verify and Repair transaction
2024-06-07 08:10:03, Info                  CSI    00000053 [SR] Verify complete
2024-06-07 08:10:03, Info                  CSI    00000054 [SR] Verifying 100 components
2024-06-07 08:10:03, Info                  CSI    00000055 [SR] Beginning Verify and Repair transaction
2024-06-07 08:10:15, Info                  CSI    00000057 [SR] Verify complete
2024-06-07 08:10:16, Info                  CSI    00000058 [SR] Verifying 100 components
2024-06-07 08:10:16, Info                  CSI    00000059 [SR] Beginning Verify and Repair transaction
2024-06-07 08:10:30, Info                  CSI    0000005b [SR] Verify complete
2024-06-07 08:10:30, Info                  CSI    0000005c [SR] Verifying 100 components
2024-06-07 08:10:30, Info                  CSI    0000005d [SR] Beginning Verify and Repair transaction
2024-06-07 08:10:33, Info                  CSI    0000005e [SR] Verify complete
2024-06-07 08:10:33, Info                  CSI    0000005f [SR] Verifying 100 components
2024-06-07 08:10:33, Info                  CSI    00000060 [SR] Beginning Verify and Repair transaction
2024-06-07 08:10:38, Info                  CSI    00000061 [SR] Verify complete
2024-06-07 08:10:38, Info                  CSI    00000062 [SR] Verifying 100 components
2024-06-07 08:10:38, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
2024-06-07 08:10:44, Info                  CSI    00000065 [SR] Verify complete
2024-06-07 08:10:44, Info                  CSI    00000066 [SR] Verifying 100 components
2024-06-07 08:10:44, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
2024-06-07 08:10:51, Info                  CSI    00000068 [SR] Verify complete
2024-06-07 08:10:51, Info                  CSI    00000069 [SR] Verifying 100 components
2024-06-07 08:10:51, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2024-06-07 08:10:57, Info                  CSI    0000006b [SR] Verify complete
2024-06-07 08:10:57, Info                  CSI    0000006c [SR] Verifying 100 components
2024-06-07 08:10:57, Info                  CSI    0000006d [SR] Beginning Verify and Repair transaction
2024-06-07 08:11:00, Info                  CSI    0000006e [SR] Verify complete
2024-06-07 08:11:00, Info                  CSI    0000006f [SR] Verifying 100 components
2024-06-07 08:11:00, Info                  CSI    00000070 [SR] Beginning Verify and Repair transaction
2024-06-07 08:11:02, Info                  CSI    00000071 [SR] Verify complete
2024-06-07 08:11:02, Info                  CSI    00000072 [SR] Verifying 100 components
2024-06-07 08:11:02, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
2024-06-07 08:11:05, Info                  CSI    00000074 [SR] Verify complete
2024-06-07 08:11:05, Info                  CSI    00000075 [SR] Verifying 100 components
2024-06-07 08:11:05, Info                  CSI    00000076 [SR] Beginning Verify and Repair transaction
2024-06-07 08:11:08, Info                  CSI    00000077 [SR] Verify complete
2024-06-07 08:11:08, Info                  CSI    00000078 [SR] Verifying 100 components
2024-06-07 08:11:08, Info                  CSI    00000079 [SR] Beginning Verify and Repair transaction
2024-06-07 08:11:12, Info                  CSI    0000007a [SR] Verify complete
2024-06-07 08:11:12, Info                  CSI    0000007b [SR] Verifying 100 components
2024-06-07 08:11:12, Info                  CSI    0000007c [SR] Beginning Verify and Repair transaction
2024-06-07 08:11:17, Info                  CSI    0000007d [SR] Verify complete
2024-06-07 08:11:17, Info                  CSI    0000007e [SR] Verifying 100 components
2024-06-07 08:11:17, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
2024-06-07 08:11:21, Info                  CSI    00000080 [SR] Verify complete
2024-06-07 08:11:21, Info                  CSI    00000081 [SR] Verifying 100 components
2024-06-07 08:11:21, Info                  CSI    00000082 [SR] Beginning Verify and Repair transaction
2024-06-07 08:11:26, Info                  CSI    00000083 [SR] Verify complete
2024-06-07 08:11:26, Info                  CSI    00000084 [SR] Verifying 100 components
2024-06-07 08:11:26, Info                  CSI    00000085 [SR] Beginning Verify and Repair transaction
2024-06-07 08:11:31, Info                  CSI    00000087 [SR] Verify complete
2024-06-07 08:11:31, Info                  CSI    00000088 [SR] Verifying 100 components
2024-06-07 08:11:31, Info                  CSI    00000089 [SR] Beginning Verify and Repair transaction
2024-06-07 08:11:38, Info                  CSI    0000008b [SR] Verify complete
2024-06-07 08:11:38, Info                  CSI    0000008c [SR] Verifying 100 components
2024-06-07 08:11:38, Info                  CSI    0000008d [SR] Beginning Verify and Repair transaction
2024-06-07 08:11:43, Info                  CSI    0000008e [SR] Verify complete
2024-06-07 08:11:43, Info                  CSI    0000008f [SR] Verifying 100 components
2024-06-07 08:11:43, Info                  CSI    00000090 [SR] Beginning Verify and Repair transaction
2024-06-07 08:11:51, Info                  CSI    00000092 [SR] Verify complete
2024-06-07 08:11:52, Info                  CSI    00000093 [SR] Verifying 100 components
2024-06-07 08:11:52, Info                  CSI    00000094 [SR] Beginning Verify and Repair transaction
2024-06-07 08:12:04, Info                  CSI    00000096 [SR] Verify complete
2024-06-07 08:12:04, Info                  CSI    00000097 [SR] Verifying 100 components
2024-06-07 08:12:04, Info                  CSI    00000098 [SR] Beginning Verify and Repair transaction
2024-06-07 08:12:16, Info                  CSI    0000009c [SR] Verify complete
2024-06-07 08:12:16, Info                  CSI    0000009d [SR] Verifying 100 components
2024-06-07 08:12:16, Info                  CSI    0000009e [SR] Beginning Verify and Repair transaction
2024-06-07 08:12:20, Info                  CSI    0000009f [SR] Verify complete
2024-06-07 08:12:20, Info                  CSI    000000a0 [SR] Verifying 100 components
2024-06-07 08:12:20, Info                  CSI    000000a1 [SR] Beginning Verify and Repair transaction
2024-06-07 08:12:29, Info                  CSI    000000a3 [SR] Verify complete
2024-06-07 08:12:29, Info                  CSI    000000a4 [SR] Verifying 100 components
2024-06-07 08:12:29, Info                  CSI    000000a5 [SR] Beginning Verify and Repair transaction
2024-06-07 08:12:32, Info                  CSI    000000a6 [SR] Verify complete
2024-06-07 08:12:32, Info                  CSI    000000a7 [SR] Verifying 100 components
2024-06-07 08:12:32, Info                  CSI    000000a8 [SR] Beginning Verify and Repair transaction
2024-06-07 08:12:33, Info                  CSI    000000a9 [SR] Verify complete
2024-06-07 08:12:33, Info                  CSI    000000aa [SR] Verifying 100 components
2024-06-07 08:12:33, Info                  CSI    000000ab [SR] Beginning Verify and Repair transaction
2024-06-07 08:12:34, Info                  CSI    000000ac [SR] Verify complete
2024-06-07 08:12:34, Info                  CSI    000000ad [SR] Verifying 100 components
2024-06-07 08:12:34, Info                  CSI    000000ae [SR] Beginning Verify and Repair transaction
2024-06-07 08:12:41, Info                  CSI    000000b0 [SR] Verify complete
2024-06-07 08:12:41, Info                  CSI    000000b1 [SR] Verifying 100 components
2024-06-07 08:12:41, Info                  CSI    000000b2 [SR] Beginning Verify and Repair transaction
2024-06-07 08:12:47, Info                  CSI    000000b4 [SR] Verify complete
2024-06-07 08:12:47, Info                  CSI    000000b5 [SR] Verifying 100 components
2024-06-07 08:12:47, Info                  CSI    000000b6 [SR] Beginning Verify and Repair transaction
2024-06-07 08:12:53, Info                  CSI    000000b7 [SR] Verify complete
2024-06-07 08:12:53, Info                  CSI    000000b8 [SR] Verifying 100 components
2024-06-07 08:12:53, Info                  CSI    000000b9 [SR] Beginning Verify and Repair transaction
2024-06-07 08:12:56, Info                  CSI    000000ba [SR] Verify complete
2024-06-07 08:12:56, Info                  CSI    000000bb [SR] Verifying 100 components
2024-06-07 08:12:56, Info                  CSI    000000bc [SR] Beginning Verify and Repair transaction
2024-06-07 08:13:00, Info                  CSI    000000bd [SR] Verify complete
2024-06-07 08:13:00, Info                  CSI    000000be [SR] Verifying 100 components
2024-06-07 08:13:00, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2024-06-07 08:13:02, Info                  CSI    000000c0 [SR] Verify complete
2024-06-07 08:13:02, Info                  CSI    000000c1 [SR] Verifying 100 components
2024-06-07 08:13:02, Info                  CSI    000000c2 [SR] Beginning Verify and Repair transaction
2024-06-07 08:13:07, Info                  CSI    000000c3 [SR] Verify complete
2024-06-07 08:13:07, Info                  CSI    000000c4 [SR] Verifying 100 components
2024-06-07 08:13:07, Info                  CSI    000000c5 [SR] Beginning Verify and Repair transaction
2024-06-07 08:13:17, Info                  CSI    000000c8 [SR] Verify complete
2024-06-07 08:13:17, Info                  CSI    000000c9 [SR] Verifying 100 components
2024-06-07 08:13:17, Info                  CSI    000000ca [SR] Beginning Verify and Repair transaction
2024-06-07 08:13:23, Info                  CSI    000000cb [SR] Verify complete
2024-06-07 08:13:23, Info                  CSI    000000cc [SR] Verifying 100 components
2024-06-07 08:13:23, Info                  CSI    000000cd [SR] Beginning Verify and Repair transaction
2024-06-07 08:13:29, Info                  CSI    000000cf [SR] Verify complete
2024-06-07 08:13:29, Info                  CSI    000000d0 [SR] Verifying 100 components
2024-06-07 08:13:29, Info                  CSI    000000d1 [SR] Beginning Verify and Repair transaction
2024-06-07 08:13:37, Info                  CSI    000000d3 [SR] Verify complete
2024-06-07 08:13:37, Info                  CSI    000000d4 [SR] Verifying 100 components
2024-06-07 08:13:37, Info                  CSI    000000d5 [SR] Beginning Verify and Repair transaction
2024-06-07 08:13:42, Info                  CSI    000000d6 [SR] Verify complete
2024-06-07 08:13:42, Info                  CSI    000000d7 [SR] Verifying 100 components
2024-06-07 08:13:42, Info                  CSI    000000d8 [SR] Beginning Verify and Repair transaction
2024-06-07 08:13:46, Info                  CSI    000000d9 [SR] Verify complete
2024-06-07 08:13:46, Info                  CSI    000000da [SR] Verifying 100 components
2024-06-07 08:13:46, Info                  CSI    000000db [SR] Beginning Verify and Repair transaction
2024-06-07 08:13:54, Info                  CSI    000000dc [SR] Verify complete
2024-06-07 08:13:54, Info                  CSI    000000dd [SR] Verifying 100 components
2024-06-07 08:13:54, Info                  CSI    000000de [SR] Beginning Verify and Repair transaction
2024-06-07 08:14:00, Info                  CSI    000000df [SR] Verify complete
2024-06-07 08:14:00, Info                  CSI    000000e0 [SR] Verifying 100 components
2024-06-07 08:14:00, Info                  CSI    000000e1 [SR] Beginning Verify and Repair transaction
2024-06-07 08:14:09, Info                  CSI    000000e2 [SR] Verify complete
2024-06-07 08:14:09, Info                  CSI    000000e3 [SR] Verifying 100 components
2024-06-07 08:14:09, Info                  CSI    000000e4 [SR] Beginning Verify and Repair transaction
2024-06-07 08:14:21, Info                  CSI    000000e6 [SR] Verify complete
2024-06-07 08:14:21, Info                  CSI    000000e7 [SR] Verifying 100 components
2024-06-07 08:14:21, Info                  CSI    000000e8 [SR] Beginning Verify and Repair transaction
2024-06-07 08:14:26, Info                  CSI    000000e9 [SR] Verify complete
2024-06-07 08:14:26, Info                  CSI    000000ea [SR] Verifying 100 components
2024-06-07 08:14:26, Info                  CSI    000000eb [SR] Beginning Verify and Repair transaction
2024-06-07 08:14:31, Info                  CSI    000000ec [SR] Verify complete
2024-06-07 08:14:31, Info                  CSI    000000ed [SR] Verifying 100 components
2024-06-07 08:14:31, Info                  CSI    000000ee [SR] Beginning Verify and Repair transaction
2024-06-07 08:14:36, Info                  CSI    000000ef [SR] Verify complete
2024-06-07 08:14:36, Info                  CSI    000000f0 [SR] Verifying 100 components
2024-06-07 08:14:36, Info                  CSI    000000f1 [SR] Beginning Verify and Repair transaction
2024-06-07 08:14:43, Info                  CSI    000000f2 [SR] Verify complete
2024-06-07 08:14:43, Info                  CSI    000000f3 [SR] Verifying 100 components
2024-06-07 08:14:43, Info                  CSI    000000f4 [SR] Beginning Verify and Repair transaction
2024-06-07 08:14:48, Info                  CSI    000000f5 [SR] Verify complete
2024-06-07 08:14:48, Info                  CSI    000000f6 [SR] Verifying 100 components
2024-06-07 08:14:48, Info                  CSI    000000f7 [SR] Beginning Verify and Repair transaction
2024-06-07 08:14:52, Info                  CSI    000000f8 [SR] Verify complete
2024-06-07 08:14:52, Info                  CSI    000000f9 [SR] Verifying 100 components
2024-06-07 08:14:52, Info                  CSI    000000fa [SR] Beginning Verify and Repair transaction
2024-06-07 08:14:57, Info                  CSI    000000fb [SR] Verify complete
2024-06-07 08:14:58, Info                  CSI    000000fc [SR] Verifying 100 components
2024-06-07 08:14:58, Info                  CSI    000000fd [SR] Beginning Verify and Repair transaction
2024-06-07 08:15:02, Info                  CSI    000000fe [SR] Verify complete
2024-06-07 08:15:02, Info                  CSI    000000ff [SR] Verifying 100 components
2024-06-07 08:15:02, Info                  CSI    00000100 [SR] Beginning Verify and Repair transaction
2024-06-07 08:15:07, Info                  CSI    00000101 [SR] Verify complete
2024-06-07 08:15:07, Info                  CSI    00000102 [SR] Verifying 100 components
2024-06-07 08:15:07, Info                  CSI    00000103 [SR] Beginning Verify and Repair transaction
2024-06-07 08:15:12, Info                  CSI    00000104 [SR] Verify complete
2024-06-07 08:15:12, Info                  CSI    00000105 [SR] Verifying 100 components
2024-06-07 08:15:12, Info                  CSI    00000106 [SR] Beginning Verify and Repair transaction
2024-06-07 08:15:18, Info                  CSI    00000107 [SR] Verify complete
2024-06-07 08:15:18, Info                  CSI    00000108 [SR] Verifying 100 components
2024-06-07 08:15:18, Info                  CSI    00000109 [SR] Beginning Verify and Repair transaction
2024-06-07 08:15:23, Info                  CSI    0000010a [SR] Verify complete
2024-06-07 08:15:23, Info                  CSI    0000010b [SR] Verifying 100 components
2024-06-07 08:15:23, Info                  CSI    0000010c [SR] Beginning Verify and Repair transaction
2024-06-07 08:15:29, Info                  CSI    0000010d [SR] Verify complete
2024-06-07 08:15:29, Info                  CSI    0000010e [SR] Verifying 100 components
2024-06-07 08:15:29, Info                  CSI    0000010f [SR] Beginning Verify and Repair transaction
2024-06-07 08:15:38, Info                  CSI    00000112 [SR] Verify complete
2024-06-07 08:15:38, Info                  CSI    00000113 [SR] Verifying 100 components
2024-06-07 08:15:38, Info                  CSI    00000114 [SR] Beginning Verify and Repair transaction
2024-06-07 08:15:49, Info                  CSI    00000115 [SR] Verify complete
2024-06-07 08:15:49, Info                  CSI    00000116 [SR] Verifying 100 components
2024-06-07 08:15:49, Info                  CSI    00000117 [SR] Beginning Verify and Repair transaction
2024-06-07 08:15:59, Info                  CSI    00000119 [SR] Verify complete
2024-06-07 08:15:59, Info                  CSI    0000011a [SR] Verifying 100 components
2024-06-07 08:15:59, Info                  CSI    0000011b [SR] Beginning Verify and Repair transaction
2024-06-07 08:16:06, Info                  CSI    0000011d [SR] Verify complete
2024-06-07 08:16:06, Info                  CSI    0000011e [SR] Verifying 100 components
2024-06-07 08:16:06, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
2024-06-07 08:16:12, Info                  CSI    00000120 [SR] Verify complete
2024-06-07 08:16:12, Info                  CSI    00000121 [SR] Verifying 100 components
2024-06-07 08:16:12, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
2024-06-07 08:16:17, Info                  CSI    00000123 [SR] Verify complete
2024-06-07 08:16:17, Info                  CSI    00000124 [SR] Verifying 100 components
2024-06-07 08:16:17, Info                  CSI    00000125 [SR] Beginning Verify and Repair transaction
2024-06-07 08:16:21, Info                  CSI    00000126 [SR] Verify complete
2024-06-07 08:16:21, Info                  CSI    00000127 [SR] Verifying 100 components
2024-06-07 08:16:21, Info                  CSI    00000128 [SR] Beginning Verify and Repair transaction
2024-06-07 08:16:27, Info                  CSI    0000012a [SR] Verify complete
2024-06-07 08:16:27, Info                  CSI    0000012b [SR] Verifying 100 components
2024-06-07 08:16:27, Info                  CSI    0000012c [SR] Beginning Verify and Repair transaction
2024-06-07 08:16:32, Info                  CSI    0000012d [SR] Verify complete
2024-06-07 08:16:32, Info                  CSI    0000012e [SR] Verifying 100 components
2024-06-07 08:16:32, Info                  CSI    0000012f [SR] Beginning Verify and Repair transaction
2024-06-07 08:16:38, Info                  CSI    00000131 [SR] Verify complete
2024-06-07 08:16:38, Info                  CSI    00000132 [SR] Verifying 100 components
2024-06-07 08:16:38, Info                  CSI    00000133 [SR] Beginning Verify and Repair transaction
2024-06-07 08:16:51, Info                  CSI    00000135 [SR] Verify complete
2024-06-07 08:16:51, Info                  CSI    00000136 [SR] Verifying 100 components
2024-06-07 08:16:51, Info                  CSI    00000137 [SR] Beginning Verify and Repair transaction
2024-06-07 08:16:58, Info                  CSI    00000138 [SR] Verify complete
2024-06-07 08:16:58, Info                  CSI    00000139 [SR] Verifying 100 components
2024-06-07 08:16:58, Info                  CSI    0000013a [SR] Beginning Verify and Repair transaction
2024-06-07 08:17:03, Info                  CSI    0000013b [SR] Verify complete
2024-06-07 08:17:03, Info                  CSI    0000013c [SR] Verifying 100 components
2024-06-07 08:17:03, Info                  CSI    0000013d [SR] Beginning Verify and Repair transaction
2024-06-07 08:17:11, Info                  CSI    0000013e [SR] Verify complete
2024-06-07 08:17:11, Info                  CSI    0000013f [SR] Verifying 100 components
2024-06-07 08:17:11, Info                  CSI    00000140 [SR] Beginning Verify and Repair transaction
2024-06-07 08:17:18, Info                  CSI    00000141 [SR] Verify complete
2024-06-07 08:17:18, Info                  CSI    00000142 [SR] Verifying 100 components
2024-06-07 08:17:18, Info                  CSI    00000143 [SR] Beginning Verify and Repair transaction
2024-06-07 08:17:22, Info                  CSI    00000144 [SR] Verify complete
2024-06-07 08:17:22, Info                  CSI    00000145 [SR] Verifying 100 components
2024-06-07 08:17:22, Info                  CSI    00000146 [SR] Beginning Verify and Repair transaction
2024-06-07 08:17:26, Info                  CSI    00000147 [SR] Verify complete
2024-06-07 08:17:26, Info                  CSI    00000148 [SR] Verifying 100 components
2024-06-07 08:17:26, Info                  CSI    00000149 [SR] Beginning Verify and Repair transaction
2024-06-07 08:17:34, Info                  CSI    0000014a [SR] Verify complete
2024-06-07 08:17:34, Info                  CSI    0000014b [SR] Verifying 100 components
2024-06-07 08:17:34, Info                  CSI    0000014c [SR] Beginning Verify and Repair transaction
2024-06-07 08:17:40, Info                  CSI    0000014d [SR] Verify complete
2024-06-07 08:17:40, Info                  CSI    0000014e [SR] Verifying 100 components
2024-06-07 08:17:40, Info                  CSI    0000014f [SR] Beginning Verify and Repair transaction
2024-06-07 08:17:48, Info                  CSI    00000150 [SR] Verify complete
2024-06-07 08:17:48, Info                  CSI    00000151 [SR] Verifying 100 components
2024-06-07 08:17:48, Info                  CSI    00000152 [SR] Beginning Verify and Repair transaction
2024-06-07 08:17:51, Info                  CSI    00000153 [SR] Verify complete
2024-06-07 08:17:51, Info                  CSI    00000154 [SR] Verifying 100 components
2024-06-07 08:17:51, Info                  CSI    00000155 [SR] Beginning Verify and Repair transaction
2024-06-07 08:17:54, Info                  CSI    00000156 [SR] Verify complete
2024-06-07 08:17:54, Info                  CSI    00000157 [SR] Verifying 100 components
2024-06-07 08:17:54, Info                  CSI    00000158 [SR] Beginning Verify and Repair transaction
2024-06-07 08:17:57, Info                  CSI    00000159 [SR] Verify complete
2024-06-07 08:17:57, Info                  CSI    0000015a [SR] Verifying 100 components
2024-06-07 08:17:57, Info                  CSI    0000015b [SR] Beginning Verify and Repair transaction
2024-06-07 08:17:59, Info                  CSI    0000015d [SR] Verify complete
2024-06-07 08:18:00, Info                  CSI    0000015e [SR] Verifying 100 components
2024-06-07 08:18:00, Info                  CSI    0000015f [SR] Beginning Verify and Repair transaction
2024-06-07 08:18:02, Info                  CSI    00000160 [SR] Verify complete
2024-06-07 08:18:02, Info                  CSI    00000161 [SR] Verifying 100 components
2024-06-07 08:18:02, Info                  CSI    00000162 [SR] Beginning Verify and Repair transaction
2024-06-07 08:18:05, Info                  CSI    00000163 [SR] Verify complete
2024-06-07 08:18:05, Info                  CSI    00000164 [SR] Verifying 100 components
2024-06-07 08:18:05, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
2024-06-07 08:18:09, Info                  CSI    00000166 [SR] Verify complete
2024-06-07 08:18:09, Info                  CSI    00000167 [SR] Verifying 100 components
2024-06-07 08:18:09, Info                  CSI    00000168 [SR] Beginning Verify and Repair transaction
2024-06-07 08:18:12, Info                  CSI    00000169 [SR] Verify complete
2024-06-07 08:18:12, Info                  CSI    0000016a [SR] Verifying 100 components
2024-06-07 08:18:12, Info                  CSI    0000016b [SR] Beginning Verify and Repair transaction
2024-06-07 08:18:17, Info                  CSI    0000016c [SR] Verify complete
2024-06-07 08:18:17, Info                  CSI    0000016d [SR] Verifying 100 components
2024-06-07 08:18:17, Info                  CSI    0000016e [SR] Beginning Verify and Repair transaction
2024-06-07 08:18:25, Info                  CSI    0000016f [SR] Verify complete
2024-06-07 08:18:25, Info                  CSI    00000170 [SR] Verifying 100 components
2024-06-07 08:18:25, Info                  CSI    00000171 [SR] Beginning Verify and Repair transaction
2024-06-07 08:18:29, Info                  CSI    00000172 [SR] Verify complete
2024-06-07 08:18:30, Info                  CSI    00000173 [SR] Verifying 100 components
2024-06-07 08:18:30, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
2024-06-07 08:18:59, Info                  CSI    00000179 [SR] Verify complete
2024-06-07 08:18:59, Info                  CSI    0000017a [SR] Verifying 100 components
2024-06-07 08:18:59, Info                  CSI    0000017b [SR] Beginning Verify and Repair transaction
2024-06-07 08:19:10, Info                  CSI    0000017e [SR] Verify complete
2024-06-07 08:19:10, Info                  CSI    0000017f [SR] Verifying 100 components
2024-06-07 08:19:10, Info                  CSI    00000180 [SR] Beginning Verify and Repair transaction
2024-06-07 08:19:13, Info                  CSI    00000181 [SR] Verify complete
2024-06-07 08:19:13, Info                  CSI    00000182 [SR] Verifying 100 components
2024-06-07 08:19:13, Info                  CSI    00000183 [SR] Beginning Verify and Repair transaction
2024-06-07 08:19:16, Info                  CSI    00000184 [SR] Verify complete
2024-06-07 08:19:16, Info                  CSI    00000185 [SR] Verifying 100 components
2024-06-07 08:19:16, Info                  CSI    00000186 [SR] Beginning Verify and Repair transaction
2024-06-07 08:19:21, Info                  CSI    00000187 [SR] Verify complete
2024-06-07 08:19:21, Info                  CSI    00000188 [SR] Verifying 100 components
2024-06-07 08:19:21, Info                  CSI    00000189 [SR] Beginning Verify and Repair transaction
2024-06-07 08:19:28, Info                  CSI    0000018a [SR] Verify complete
2024-06-07 08:19:28, Info                  CSI    0000018b [SR] Verifying 100 components
2024-06-07 08:19:28, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
2024-06-07 08:19:41, Info                  CSI    0000018d [SR] Verify complete
2024-06-07 08:19:41, Info                  CSI    0000018e [SR] Verifying 100 components
2024-06-07 08:19:41, Info                  CSI    0000018f [SR] Beginning Verify and Repair transaction
2024-06-07 08:19:46, Info                  CSI    00000190 [SR] Verify complete
2024-06-07 08:19:46, Info                  CSI    00000191 [SR] Verifying 100 components
2024-06-07 08:19:46, Info                  CSI    00000192 [SR] Beginning Verify and Repair transaction
2024-06-07 08:19:51, Info                  CSI    00000193 [SR] Verify complete
2024-06-07 08:19:51, Info                  CSI    00000194 [SR] Verifying 100 components
2024-06-07 08:19:51, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2024-06-07 08:19:57, Info                  CSI    00000196 [SR] Verify complete
2024-06-07 08:19:57, Info                  CSI    00000197 [SR] Verifying 100 components
2024-06-07 08:19:57, Info                  CSI    00000198 [SR] Beginning Verify and Repair transaction
2024-06-07 08:20:02, Info                  CSI    00000199 [SR] Verify complete
2024-06-07 08:20:02, Info                  CSI    0000019a [SR] Verifying 100 components
2024-06-07 08:20:02, Info                  CSI    0000019b [SR] Beginning Verify and Repair transaction
2024-06-07 08:20:06, Info                  CSI    0000019c [SR] Verify complete
2024-06-07 08:20:06, Info                  CSI    0000019d [SR] Verifying 100 components
2024-06-07 08:20:06, Info                  CSI    0000019e [SR] Beginning Verify and Repair transaction
2024-06-07 08:20:10, Info                  CSI    0000019f [SR] Verify complete
2024-06-07 08:20:11, Info                  CSI    000001a0 [SR] Verifying 100 components
2024-06-07 08:20:11, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2024-06-07 08:20:16, Info                  CSI    000001a2 [SR] Verify complete
2024-06-07 08:20:16, Info                  CSI    000001a3 [SR] Verifying 100 components
2024-06-07 08:20:16, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
2024-06-07 08:20:20, Info                  CSI    000001a5 [SR] Verify complete
2024-06-07 08:20:20, Info                  CSI    000001a6 [SR] Verifying 100 components
2024-06-07 08:20:20, Info                  CSI    000001a7 [SR] Beginning Verify and Repair transaction
2024-06-07 08:20:24, Info                  CSI    000001a8 [SR] Verify complete
2024-06-07 08:20:24, Info                  CSI    000001a9 [SR] Verifying 100 components
2024-06-07 08:20:24, Info                  CSI    000001aa [SR] Beginning Verify and Repair transaction
2024-06-07 08:20:25, Info                  CSI    000001ab [SR] Verify complete
2024-06-07 08:20:25, Info                  CSI    000001ac [SR] Verifying 100 components
2024-06-07 08:20:25, Info                  CSI    000001ad [SR] Beginning Verify and Repair transaction
2024-06-07 08:20:29, Info                  CSI    000001ae [SR] Verify complete
2024-06-07 08:20:29, Info                  CSI    000001af [SR] Verifying 100 components
2024-06-07 08:20:29, Info                  CSI    000001b0 [SR] Beginning Verify and Repair transaction
2024-06-07 08:20:36, Info                  CSI    000001b1 [SR] Verify complete
2024-06-07 08:20:36, Info                  CSI    000001b2 [SR] Verifying 100 components
2024-06-07 08:20:36, Info                  CSI    000001b3 [SR] Beginning Verify and Repair transaction
2024-06-07 08:20:40, Info                  CSI    000001b4 [SR] Verify complete
2024-06-07 08:20:40, Info                  CSI    000001b5 [SR] Verifying 100 components
2024-06-07 08:20:40, Info                  CSI    000001b6 [SR] Beginning Verify and Repair transaction
2024-06-07 08:20:45, Info                  CSI    000001b7 [SR] Verify complete
2024-06-07 08:20:45, Info                  CSI    000001b8 [SR] Verifying 100 components
2024-06-07 08:20:45, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2024-06-07 08:20:50, Info                  CSI    000001ba [SR] Verify complete
2024-06-07 08:20:50, Info                  CSI    000001bb [SR] Verifying 100 components
2024-06-07 08:20:50, Info                  CSI    000001bc [SR] Beginning Verify and Repair transaction
2024-06-07 08:20:55, Info                  CSI    000001bd [SR] Verify complete
2024-06-07 08:20:55, Info                  CSI    000001be [SR] Verifying 100 components
2024-06-07 08:20:55, Info                  CSI    000001bf [SR] Beginning Verify and Repair transaction
2024-06-07 08:21:01, Info                  CSI    000001c1 [SR] Verify complete
2024-06-07 08:21:01, Info                  CSI    000001c2 [SR] Verifying 100 components
2024-06-07 08:21:01, Info                  CSI    000001c3 [SR] Beginning Verify and Repair transaction
2024-06-07 08:21:06, Info                  CSI    000001c4 [SR] Verify complete
2024-06-07 08:21:06, Info                  CSI    000001c5 [SR] Verifying 100 components
2024-06-07 08:21:06, Info                  CSI    000001c6 [SR] Beginning Verify and Repair transaction
2024-06-07 08:21:21, Info                  CSI    000001c7 [SR] Verify complete
2024-06-07 08:21:22, Info                  CSI    000001c8 [SR] Verifying 100 components
2024-06-07 08:21:22, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2024-06-07 08:21:32, Info                  CSI    000001ca [SR] Verify complete
2024-06-07 08:21:32, Info                  CSI    000001cb [SR] Verifying 100 components
2024-06-07 08:21:32, Info                  CSI    000001cc [SR] Beginning Verify and Repair transaction
2024-06-07 08:21:38, Info                  CSI    000001cd [SR] Verify complete
2024-06-07 08:21:38, Info                  CSI    000001ce [SR] Verifying 100 components
2024-06-07 08:21:38, Info                  CSI    000001cf [SR] Beginning Verify and Repair transaction
2024-06-07 08:21:44, Info                  CSI    000001d0 [SR] Verify complete
2024-06-07 08:21:44, Info                  CSI    000001d1 [SR] Verifying 100 components
2024-06-07 08:21:44, Info                  CSI    000001d2 [SR] Beginning Verify and Repair transaction
2024-06-07 08:21:49, Info                  CSI    000001d3 [SR] Verify complete
2024-06-07 08:21:49, Info                  CSI    000001d4 [SR] Verifying 100 components
2024-06-07 08:21:49, Info                  CSI    000001d5 [SR] Beginning Verify and Repair transaction
2024-06-07 08:21:54, Info                  CSI    000001d6 [SR] Verify complete
2024-06-07 08:21:54, Info                  CSI    000001d7 [SR] Verifying 100 components
2024-06-07 08:21:54, Info                  CSI    000001d8 [SR] Beginning Verify and Repair transaction
2024-06-07 08:21:59, Info                  CSI    000001d9 [SR] Verify complete
2024-06-07 08:21:59, Info                  CSI    000001da [SR] Verifying 100 components
2024-06-07 08:21:59, Info                  CSI    000001db [SR] Beginning Verify and Repair transaction
2024-06-07 08:22:07, Info                  CSI    000001dc [SR] Verify complete
2024-06-07 08:22:07, Info                  CSI    000001dd [SR] Verifying 100 components
2024-06-07 08:22:07, Info                  CSI    000001de [SR] Beginning Verify and Repair transaction
2024-06-07 08:22:12, Info                  CSI    000001df [SR] Verify complete
2024-06-07 08:22:12, Info                  CSI    000001e0 [SR] Verifying 100 components
2024-06-07 08:22:12, Info                  CSI    000001e1 [SR] Beginning Verify and Repair transaction
2024-06-07 08:22:18, Info                  CSI    000001e2 [SR] Verify complete
2024-06-07 08:22:18, Info                  CSI    000001e3 [SR] Verifying 100 components
2024-06-07 08:22:18, Info                  CSI    000001e4 [SR] Beginning Verify and Repair transaction
2024-06-07 08:22:23, Info                  CSI    000001e5 [SR] Verify complete
2024-06-07 08:22:23, Info                  CSI    000001e6 [SR] Verifying 100 components
2024-06-07 08:22:23, Info                  CSI    000001e7 [SR] Beginning Verify and Repair transaction
2024-06-07 08:22:36, Info                  CSI    000001e8 [SR] Verify complete
2024-06-07 08:22:36, Info                  CSI    000001e9 [SR] Verifying 100 components
2024-06-07 08:22:36, Info                  CSI    000001ea [SR] Beginning Verify and Repair transaction
2024-06-07 08:22:50, Info                  CSI    000001eb [SR] Verify complete
2024-06-07 08:22:50, Info                  CSI    000001ec [SR] Verifying 100 components
2024-06-07 08:22:50, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
2024-06-07 08:22:55, Info                  CSI    000001ee [SR] Verify complete
2024-06-07 08:22:55, Info                  CSI    000001ef [SR] Verifying 100 components
2024-06-07 08:22:55, Info                  CSI    000001f0 [SR] Beginning Verify and Repair transaction
2024-06-07 08:22:59, Info                  CSI    000001f1 [SR] Verify complete
2024-06-07 08:22:59, Info                  CSI    000001f2 [SR] Verifying 100 components
2024-06-07 08:22:59, Info                  CSI    000001f3 [SR] Beginning Verify and Repair transaction
2024-06-07 08:23:02, Info                  CSI    000001f4 [SR] Verify complete
2024-06-07 08:23:02, Info                  CSI    000001f5 [SR] Verifying 100 components
2024-06-07 08:23:02, Info                  CSI    000001f6 [SR] Beginning Verify and Repair transaction
2024-06-07 08:23:08, Info                  CSI    000001f7 [SR] Verify complete
2024-06-07 08:23:08, Info                  CSI    000001f8 [SR] Verifying 100 components
2024-06-07 08:23:08, Info                  CSI    000001f9 [SR] Beginning Verify and Repair transaction
2024-06-07 08:23:11, Info                  CSI    000001fa [SR] Verify complete
2024-06-07 08:23:11, Info                  CSI    000001fb [SR] Verifying 100 components
2024-06-07 08:23:11, Info                  CSI    000001fc [SR] Beginning Verify and Repair transaction
2024-06-07 08:23:17, Info                  CSI    000001fd [SR] Verify complete
2024-06-07 08:23:17, Info                  CSI    000001fe [SR] Verifying 100 components
2024-06-07 08:23:17, Info                  CSI    000001ff [SR] Beginning Verify and Repair transaction
2024-06-07 08:23:21, Info                  CSI    00000201 [SR] Verify complete
2024-06-07 08:23:21, Info                  CSI    00000202 [SR] Verifying 100 components
2024-06-07 08:23:21, Info                  CSI    00000203 [SR] Beginning Verify and Repair transaction
2024-06-07 08:23:23, Info                  CSI    00000204 [SR] Verify complete
2024-06-07 08:23:23, Info                  CSI    00000205 [SR] Verifying 20 components
2024-06-07 08:23:23, Info                  CSI    00000206 [SR] Beginning Verify and Repair transaction
2024-06-07 08:23:24, Info                  CSI    00000207 [SR] Verify complete
2024-06-07 08:23:24, Info                  CSI    00000208 [SR] Repairing 0 components
2024-06-07 08:23:24, Info                  CSI    00000209 [SR] Beginning Verify and Repair transaction
2024-06-07 08:23:24, Info                  CSI    0000020a [SR] Repair complete
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
C:\Users\mary\Desktop>wevtutil cl "AMSI/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "AirSpaceChannel" 
 
C:\Users\mary\Desktop>wevtutil cl "Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Application" 
 
C:\Users\mary\Desktop>wevtutil cl "Dell" 
 
C:\Users\mary\Desktop>wevtutil cl "DirectShowFilterGraph" 
 
C:\Users\mary\Desktop>wevtutil cl "DirectShowPluginControl" 
 
C:\Users\mary\Desktop>wevtutil cl "Els_Hyphenation/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "EndpointMapper" 
 
C:\Users\mary\Desktop>wevtutil cl "FirstUXPerf-Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "ForwardedEvents" 
 
C:\Users\mary\Desktop>wevtutil cl "General Logging" 
 
C:\Users\mary\Desktop>wevtutil cl "HardwareEvents" 
 
C:\Users\mary\Desktop>wevtutil cl "IHM_DebugChannel" 
 
C:\Users\mary\Desktop>wevtutil cl "Intel-GFX-Info/Application" 
 
C:\Users\mary\Desktop>wevtutil cl "Intel-GFX-Info/System" 
 
C:\Users\mary\Desktop>wevtutil cl "Intel-iaLPSS-GPIO/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Intel-iaLPSS-I2C/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Intel-iaLPSS2-GPIO2/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Intel-iaLPSS2-GPIO2/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Intel-iaLPSS2-I2C/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Intel-iaLPSS2-I2C/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Intel-iaLPSS2-SPI/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Intel-iaLPSS2-SPI/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Intel-iaLPSS2-UART2/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Internet Explorer" 
 
C:\Users\mary\Desktop>wevtutil cl "Key Management Service" 
 
C:\Users\mary\Desktop>wevtutil cl "MF_MediaFoundationDeviceMFT" 
 
C:\Users\mary\Desktop>wevtutil cl "MF_MediaFoundationDeviceProxy" 
 
C:\Users\mary\Desktop>wevtutil cl "MF_MediaFoundationFrameServer" 
 
C:\Users\mary\Desktop>wevtutil cl "MedaFoundationVideoProc" 
 
C:\Users\mary\Desktop>wevtutil cl "MedaFoundationVideoProcD3D" 
 
C:\Users\mary\Desktop>wevtutil cl "MediaFoundationAsyncWrapper" 
 
C:\Users\mary\Desktop>wevtutil cl "MediaFoundationContentProtection" 
 
C:\Users\mary\Desktop>wevtutil cl "MediaFoundationDS" 
 
C:\Users\mary\Desktop>wevtutil cl "MediaFoundationDeviceProxy" 
 
C:\Users\mary\Desktop>wevtutil cl "MediaFoundationMP4" 
 
C:\Users\mary\Desktop>wevtutil cl "MediaFoundationMediaEngine" 
 
C:\Users\mary\Desktop>wevtutil cl "MediaFoundationPerformance" 
 
C:\Users\mary\Desktop>wevtutil cl "MediaFoundationPerformanceCore" 
 
C:\Users\mary\Desktop>wevtutil cl "MediaFoundationPipeline" 
 
C:\Users\mary\Desktop>wevtutil cl "MediaFoundationPlatform" 
 
C:\Users\mary\Desktop>wevtutil cl "MediaFoundationSrcPrefetch" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-AppV-Client-Streamingux/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-AppV-Client/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-AppV-Client/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-AppV-Client/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-AppV-Client/Virtual Applications" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-AppV-SharedPerformance/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Client-License-Flexible-Platform/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Client-License-Flexible-Platform/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Client-License-Flexible-Platform/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Client-Licensing-Platform/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Client-Licensing-Platform/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Client-Licensing-Platform/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-IE/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-IEFRAME/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-JSDumpHeap/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-OneCore-Setup/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-PerfTrack-IEFRAME/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-PerfTrack-MSHTML/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-System-Diagnostics-DiagnosticInvoker/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-Admin/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-Agent Driver/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-Agent Driver/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-App Agent/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-App Agent/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-App Agent/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-IPC/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AAD/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AAD/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ADSI/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ASN1/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ATAPort/General" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ATAPort/SATA-LPM" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ActionQueue/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-All-User-Install-Agent/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AllJoyn/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AllJoyn/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppHost/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppHost/ApplicationTracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppHost/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppHost/Internal" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppID/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/EXE and DLL" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/MSI and Script" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/Packaged app-Deployment" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/Packaged app-Execution" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Diagnostics" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppModel-State/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppModel-State/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppReadiness/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppReadiness/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppReadiness/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppSruProv" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppXDeployment-Server/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppXDeployment/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppXDeployment/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Restricted" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ApplicabilityEngine/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ApplicabilityEngine/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Inventory" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Telemetry" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Steps-Recorder" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppxPackaging/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppxPackaging/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AppxPackaging/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccess/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccess/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccessBroker/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccessBroker/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AsynchronousCausality/Causality" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Audio/CaptureMonitor" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Audio/GlitchDetection" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Audio/Informational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Audio/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Audio/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Audio/PlaybackManager" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Audit/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Authentication User Interface/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Authentication/ProtectedUser-Client" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-AxInstallService/Log" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHPORT/HCI" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHPORT/L2CAP" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHUSB/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHUSB/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BackgroundTaskInfrastructure/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Backup" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Base-Filtering-Engine-Connections/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Battery/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Biometrics/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Biometrics/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BitLocker-Driver-Performance/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BitLocker/BitLocker Management" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BitLocker/BitLocker Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BitLocker/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Bits-Client/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Bits-Client/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-Bthmini/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-MTPEnum/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-Policy/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BranchCache/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheEventProvider/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheMonitoring/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheSMB/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheSMB/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CAPI2/Catalog Database Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CAPI2/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CDROM/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-COM/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-COM/ApartmentInitialize" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-COM/ApartmentUninitialize" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-COM/Call" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-COM/CreateInstance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-COM/ExtensionCatalog" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-COM/FreeUnusedLibrary" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-COM/RundownInstrumentation" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-COMRuntime/Activations" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-COMRuntime/MessageProcessing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-COMRuntime/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CertPoleEng/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Cleanmgr/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ClearTypeTextTuner/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CloudRestoreLauncher/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CloudStore/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CloudStore/Initialization" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CloudStore/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CmiSetup/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CodeIntegrity/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CodeIntegrity/Verbose" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ComDlg32/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ComDlg32/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Compat-Appraiser/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Compat-Appraiser/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Containers-BindFlt/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Containers-BindFlt/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcifs/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcifs/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcnfs/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcnfs/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CoreApplication/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CoreApplication/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CoreApplication/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CoreWindow/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CoreWindow/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CorruptedFileRecovery-Client/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CorruptedFileRecovery-Server/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Crashdump/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Crashdump/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-CredUI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Crypto-BCRYPT/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Crypto-CNG/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DPAPI/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DPAPI/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DSSEnh/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Crypto-NCrypt/CertInUse" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Crypto-NCrypt/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Crypto-RNG/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Crypto-RSAEnh/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-D3D10Level9/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-D3D10Level9/PerfTiming" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DAL-Provider/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DAL-Provider/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DAMM/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DCLocator/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DDisplay/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DDisplay/Logging" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DLNA-Namespace/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DNS-Client/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DSC/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DSC/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DSC/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DSC/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DUI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DUSER/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DXGI/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DXGI/Logging" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DXP/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Data-Pdf/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DataIntegrityScan/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DataIntegrityScan/CrashRecovery" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DateTimeControlPanel/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DateTimeControlPanel/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DateTimeControlPanel/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Scrubbing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Defrag-Core/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Deplorch/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DesktopActivityModerator/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceAssociationService/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceConfidence/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceGuard/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceGuard/Verbose" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Autopilot" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceSync/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceSync/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceUpdateAgent/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceUx/Informational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DeviceUx/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Devices-Background/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Devices-Query/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dhcp-Client/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dhcp-Client/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dhcpv6-Client/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dhcpv6-Client/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DiagCpl/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-DPS/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-DPS/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-DPS/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-MSDE/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PCW/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PCW/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PCW/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PLA/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PLA/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Perfhost/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scheduled/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-WDC/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-WDI/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Networking/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Networking/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Performance/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Direct3D10/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Direct3D10_1/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Direct3D11/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Direct3D11/Logging" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Direct3D11/PerfTiming" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Direct3D12/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Direct3D12/Logging" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Direct3D12/PerfTiming" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Direct3D9/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Direct3DShaderCache/Default" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DirectComposition/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DirectManipulation/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DirectShow-KernelSupport/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DirectSound/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Disk/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DiskDiagnostic/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DiskDiagnosticDataCollector/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DiskDiagnosticResolver/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dism-Api/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dism-Api/ExternalAnalytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dism-Api/InternalAnalytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dism-Cli/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DisplayColorCalibration/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DisplayColorCalibration/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DisplaySwitch/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Documents/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dot3MM/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DriverFrameworks-UserMode/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DucUpdateAgent/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dwm-API/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Compositor/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Core/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Dwm/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Redir/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Udwm/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl-Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl-Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl-SysMm/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl-SysMm/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Contention" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Power" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-DxpTaskSyncProvider/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EDP-Application-Learning/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EDP-Audit-Regular/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EDP-Audit-TCB/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EFS/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EFS/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ESE/IODiagnose" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ESE/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EapHost/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EapHost/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EapHost/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-RasChap/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-RasTls/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-Sim/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-Ttls/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EaseOfAccess/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Energy-Estimation-Engine/EventLog" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Energy-Estimation-Engine/Trace" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EnhancedStorage-EhStorClass/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EventCollector/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EventCollector/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EventLog-WMIProvider/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EventLog/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-EventLog/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FMS/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FMS/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FMS/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FailoverClustering-Client/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Fault-Tolerant-Heap/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FeatureConfiguration/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FeatureConfiguration/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Feedback-Service-TriggerProvider" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Catalog/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Catalog/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-ConfigManager/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-ConfigManager/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Core/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Core/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Core/WHC" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Engine/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Engine/BackupLog" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Engine/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-EventListener/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-EventListener/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Service/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Service/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-UI-Events/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-UI-Events/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-FileInfoMinifilter/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Firewall-CPL/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Folder Redirection/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Forwarding/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Forwarding/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-GPIO-ClassExtension/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-GenericRoaming/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-GroupPolicy/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HAL/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HealthCenter/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HealthCenter/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HealthCenterCPL/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HelloForBusiness/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HelloForBusiness/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Help/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Control Panel/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Listener Service/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Provider Service/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup-ListenerService" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HotspotAuth/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HotspotAuth/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HttpService/Log" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-HttpService/Trace" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Hypervisor-Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Hypervisor-Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Hypervisor-Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-KMCL-Child/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-NETVSC/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-VID-Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-VID-Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IE-SmartScreen" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IKE/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IKEDBG/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-Broker/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-CandidateUI/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-CustomerFeedbackManager/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-JPAPI/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-JPLMP/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-JPPRED/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-JPSetting/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-JPTIP/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-KRAPI/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-KRTIP/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-OEDCompiler/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-TCCORE/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-TCTIP/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IME-TIP/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IPNAT/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IPSEC-SRV/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IPxlatCfg/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IPxlatCfg/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IdCtrls/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IdCtrls/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Input-HIDCLASS-Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-InputSwitch/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-International-RegionalOptionsControlPanel/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Iphlpsvc/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Iphlpsvc/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Iphlpsvc/Trace" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-KdsSvc/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kerberos/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Acpi/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-AppCompat/General" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-AppCompat/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ApphelpCache/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ApphelpCache/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ApphelpCache/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Boot/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Boot/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-CPU-Starvation/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Cache/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Disk/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Dump/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-EventTracing/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-EventTracing/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-File/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-IO/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-IoTrace/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-LiveDump/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-LiveDump/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Memory/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Network/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PRM/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Pdc/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Pep/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Configuration" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Device Management" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Power/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Power/Thermal-Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Power/Thermal-Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Prefetch/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Process/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Processor-Power/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Registry/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Registry/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ShimEngine/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ShimEngine/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ShimEngine/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-StoreMgr/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-StoreMgr/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WDI/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WDI/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WDI/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WHEA/Errors" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WHEA/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Kernel-XDV/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-KeyboardFilter/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-KeyboardFilter/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-KeyboardFilter/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Known Folders API Service" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-L2NA/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LAPS/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LDAP-Client/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LSA/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LSA/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LSA/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LUA-ConsentUI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LanguagePackSetup/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LanguagePackSetup/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LanguagePackSetup/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LimitsManagement/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LiveId/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-LiveId/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MPS-CLNT/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MPS-DRV/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MPS-SRV/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MSFTEDIT/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MSPaint/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MSPaint/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MSPaint/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MUI/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MUI/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MUI/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MUI/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Media-Streaming/DMC" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Media-Streaming/DMR" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Media-Streaming/MDE" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFReadWrite/Transform" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-Performance/SARStreamResource" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-PlayAPI/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MemoryDiagnostics-Results/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Minstore/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Minstore/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MobilityCenter/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Diagnostics" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MosHost/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-MosHost/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Mprddm/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NCSI/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NCSI/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NDF-HelperClassDiscovery/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NDIS-PacketCapture/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NDIS/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NDIS/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NTLM/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NWiFi/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Narrator/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Ncasvc/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NcdAutoSetup/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NcdAutoSetup/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NdisImPlatform/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Ndu/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NetShell/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Network-Connection-Broker" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Network-DataUsage/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Network-ExecutionContext/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Network-Setup/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Network-and-Sharing-Center/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NetworkBridge/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NetworkLocationWizard/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NetworkProfile/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NetworkProfile/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NetworkProvider/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NetworkProvisioning/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NetworkProvisioning/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NetworkSecurity/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NetworkStatus/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Networking-Correlation/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Networking-RealTimeCommunication/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NlaSvc/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-NlaSvc/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Ntfs/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Ntfs/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Ntfs/WHC" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OLE/Clipboard-Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OLEACC/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OLEACC/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-Core/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-DUI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-DUI/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OcpUpdateAgent/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/SyncLog" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OneBackup/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OneX/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OneX/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OobeLdr/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-OtpCredentialProvider/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PCI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PackageStateRoaming/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PackageStateRoaming/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PackageStateRoaming/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ParentalControls/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Partition/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Partition/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PerceptionRuntime/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PerceptionSensorDataService/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Perflib/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-Nvdimm/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-Nvdimm/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-PmemDisk/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-PmemDisk/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Certification" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Diagnose" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PhotoAcq/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PlayToManager/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Policy/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Policy/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PortableDeviceStatusProvider/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PortableDeviceSyncProvider/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Power-Meter-Polling/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PowerCfg/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PowerCpl/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PrimaryNetworkIcon/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PrintBRM/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PrintService-USBMon/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PrintService/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PrintService/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PrintService/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Privacy-Auditing-PermissiveLearningMode/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Privacy-Auditing/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ProcessStateManager/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Program-Compatibility-Assistant/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Proximity-Common/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Proximity-Common/Informational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Proximity-Common/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Developer/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-InProc/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Platform/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Platform/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Platform/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-QoS-Pacer/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-QoS-qWAVE/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RPC-Proxy/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RPC/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RPC/EEInfo" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RRAS/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RRAS/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RadioManager/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RasAgileVpn/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RasAgileVpn/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ReFS/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoost/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoost/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoostDriver/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoostDriver/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Regsvr32/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RemoteAssistance/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RemoteAssistance/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RemoteAssistance/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Remotefs-Rdbss/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Remotefs-Rdbss/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ResetEng-Trace/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Resource-Exhaustion-Detector/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ResourcePublication/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RestartManager/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RetailDemo/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-RetailDemo/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Graphics/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Networking/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Web-Http/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Runtime-WebAPI/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Runtime/CreateInstance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Runtime/Error" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SENSE/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/HelperClassDiagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/ObjectStateDiagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBDirect/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBDirect/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBDirect/Netmon" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Audit" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Connectivity" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Security" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBWitnessClient/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SMBWitnessClient/Informational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SPB-ClassExtension/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SPB-HIDI2C/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Schannel-Events/Perf" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Sdbus/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Sdbus/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Sdstor/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Search-Core/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SearchUI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SearchUI/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SecureAssessment/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-Adminless/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-Audit-Configuration-Client/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-IdentityListener/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-IdentityStore/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-Isolation-BrokeringFileSystem/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-Mitigations/KernelMode" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-Mitigations/UserMode" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-Netlogon/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX-GC/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP/Perf" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-UserConsentVerifier/Audit" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Security-Vault/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SecurityMitigationsBroker/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SecurityMitigationsBroker/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SecurityMitigationsBroker/Perf" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SendTo/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Sens/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SenseIR/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Sensors/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Sensors/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Serial-ClassExtension-V2/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Serial-ClassExtension/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ServiceReportingApi/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Services-Svchost/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Services/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Servicing/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-Azure/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-Azure/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-OneDrive/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-OneDrive/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-OneDrive/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/VerboseDebug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Setup/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SetupCl/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SetupPlatform/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SetupQueue/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SetupUGC/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-AppWizCpl/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/ActionCenter" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/AppDefaults" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/LogonTasksChannel" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-LockScreenContent/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-OpenWith/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-Shwebsvc" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shell-ZipFolder/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Shsvcs/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SleepStudy/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-Audit/Authentication" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-DeviceEnum/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SmartScreen/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Audit" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Connectivity" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Security" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Speech-UserExperience/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Spell-Checking/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SpellChecker/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Spellchecking-Host/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SruMon/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SrumTelemetry" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Restricted" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorDiag/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorPort/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Diagnose" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Diagnose" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Diagnose" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-NvmeDisk/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-NvmeDisk/Diagnose" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-NvmeDisk/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Diagnose" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Health" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-Tiering-IoHeat/Heat" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storage-Tiering/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorageManagement-PartUtil/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorageManagement/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorageManagement/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorageSettings/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Api/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Driver/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Driver/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Driver/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-ManagementAgent/WHC" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Parser/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Parser/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-SpaceManager/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Store/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Storsvc/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Subsys-Csr/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Subsys-SMSS/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Superfetch/Main" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Superfetch/PfApLog" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Superfetch/StoreLog" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Sysprep/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-System-Profile-HardwareId/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsHandlers/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsThreshold/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsThreshold/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsThreshold/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TCPIP/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TCPIP/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TSF-msctf/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TSF-msctf/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TSF-msutb/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TSF-msutb/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TTS/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TWinAPI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TWinUI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TWinUI/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TZSync/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TZSync/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TZUtil/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Maintenance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TaskbarCPL/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TenantRestrictions/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-MediaRedirection/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Tethering-Manager/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Tethering-Station/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ThemeCPL/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ThemeUI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Threat-Intelligence/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Time-Service/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Troubleshooting-Recommended/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Troubleshooting-Recommended/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-TunnelDriver" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UAC-FileVirtualization/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UAC/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UI-Shell/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UIAnimation/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UIAutomationCore/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UIAutomationCore/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UIAutomationCore/Perf" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UIRibbon/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-USB-MAUSBHOST-Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-USB-UCX-Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-USB-USBHUB/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-USB-USBHUB3-Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-USB-USBPORT/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-USB-USBXHCI-Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UniversalTelemetryClient/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel Performance/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel Usage/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-User Device Registration/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-User Device Registration/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-User Profile Service/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-User Profile Service/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-User-Loader/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-User-Loader/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UserAccountControl/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UserModePowerService/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/ActionCenter" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/DeviceInstall" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/DeviceMetadata/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/SchedulerOperations" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UserSettingsBackup-BackupUnitProcessor/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UserSettingsBackup-EarlyDownloader/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UserSettingsBackup-Orchestrator/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UxInit/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-UxTheme/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-VAN/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-VDRVROOT/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-VHDMP-Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-VHDMP-Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-VIRTDISK-Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-VPN-Client/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-VPN/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-VWiFi/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-VerifyHardwareSecurity/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-VerifyHardwareSecurity/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Volume/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-VolumeControl/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-VolumeSnapshot-Driver/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-VolumeSnapshot-Driver/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WABSyncProvider/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WCN-Config-Registrar/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WCNWiz/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WDAG-PolicyEvaluator-CSP/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WDAG-PolicyEvaluator-GP/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WEPHOSTSVC/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WER-Diag/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WER-PayloadHealth/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WFP/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WFP/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WLAN-AutoConfig/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WLAN-Autoconfig/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WLAN-Driver/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WLAN-MediaManager/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WLANConnectionFlow/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WMI-Activity/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WMI-Activity/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WMI-Activity/Trace" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WMPDMCUI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WMPNSS-Service/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WMPNSS-Service/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WMPNSSUI/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WPD-API/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WPD-ClassInstaller/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WPD-ClassInstaller/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WPD-CompositeClassDriver/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WPD-CompositeClassDriver/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPBT/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPClassDriver/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPClassDriver/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPIP/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPUS/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WSC-SRV/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WUSA/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WWAN-CFE/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WWAN-MM-Events/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WWAN-MediaManager/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WWAN-SVC-Events/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WWAN-SVC-Events/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Watchdog-Events/WdLog" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Wcmsvc/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Wcmsvc/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WebAuth/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WebAuthN/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WebIO-NDF/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WebIO/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WebIO/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WebPlatStorage-Server" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WebServices/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WebcamProvider/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Websocket-Protocol-Component/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WerKernel/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WiFiDisplay/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Concurrency" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Contention" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Messages" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Power" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Render" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Win32k/UIPI" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinHTTP-NDF/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinHttp-Pca" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinHttp/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinHttp/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinINet-Capture/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinINet-Config/ProxyConfigChanged" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinINet/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinINet/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinINet/Pca" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinINet/UsageLog" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinINet/WebSocket" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinMDE/MDE" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinML/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinNat/Oper" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinNat/Trace" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinRM/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinRM/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinRM/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WinURLMon/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Windeploy/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Windows Defender/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Windows Defender/WHC" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallDiagnostics" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WindowsBackup/ActionCenter" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WindowsColorSystem/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WindowsColorSystem/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WindowsSystemAssessmentTool/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WindowsSystemAssessmentTool/Tracing" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WindowsUIImmersive/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WindowsUIImmersive/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WindowsUpdateClient/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WindowsUpdateClient/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Wininit/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Winlogon/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Winlogon/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Winsock-AFD/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Winsock-NameResolution/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Winsock-WS2HELP/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Winsrv/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Wired-AutoConfig/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Wired-AutoConfig/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WlanDlg/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Wordpad/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Wordpad/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Wordpad/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/WHC" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-Workplace Join/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-XAML-Diagnostics/Default" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-XAML/Default" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-XAudio2/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-XAudio2/Performance" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ZTraceMaps/Function" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ZTraceMaps/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-glcnd/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-glcnd/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-glcnd/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-hidcfu/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-mobsync/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ntshrui" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-ntshrui-perf" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-osk/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-stobject/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-wmbclass/Analytic" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-Windows-wmbclass/Trace" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-WindowsPhone-Connectivity-WiFiConnSvc-Channel" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-WindowsPhone-LocationServiceProvider/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-WindowsPhone-Net-Cellcore-CellManager/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "Microsoft-WindowsPhone-Net-Cellcore-CellularAPI/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "NIS-Driver-WFP/Diagnostic" 
 
C:\Users\mary\Desktop>wevtutil cl "Navigator" 
 
C:\Users\mary\Desktop>wevtutil cl "Network Isolation Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "OAlerts" 
 
C:\Users\mary\Desktop>wevtutil cl "OSK_SoftKeyboard_Channel" 
 
C:\Users\mary\Desktop>wevtutil cl "OfficeChannel" 
 
C:\Users\mary\Desktop>wevtutil cl "OfficeDebugChannel" 
 
C:\Users\mary\Desktop>wevtutil cl "OneApp_IGCC" 
 
C:\Users\mary\Desktop>wevtutil cl "OpenSSH/Admin" 
 
C:\Users\mary\Desktop>wevtutil cl "OpenSSH/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "OpenSSH/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Physical_Keyboard_Manager_Channel" 
 
C:\Users\mary\Desktop>wevtutil cl "PlayReadyPerformanceChannel" 
 
C:\Users\mary\Desktop>wevtutil cl "RTWorkQueueExtended" 
 
C:\Users\mary\Desktop>wevtutil cl "RTWorkQueueTheading" 
 
C:\Users\mary\Desktop>wevtutil cl "SMSApi" 
 
C:\Users\mary\Desktop>wevtutil cl "Security" 
 
C:\Users\mary\Desktop>wevtutil cl "Setup" 
 
C:\Users\mary\Desktop>wevtutil cl "SmbWmiAnalytic" 
 
C:\Users\mary\Desktop>wevtutil cl "System" 
 
C:\Users\mary\Desktop>wevtutil cl "SystemEventsBroker" 
 
C:\Users\mary\Desktop>wevtutil cl "TabletPC_InputPanel_Channel" 
 
C:\Users\mary\Desktop>wevtutil cl "TabletPC_InputPanel_Channel/IHM" 
 
C:\Users\mary\Desktop>wevtutil cl "TimeBroker" 
 
C:\Users\mary\Desktop>wevtutil cl "UIManager_Channel" 
 
C:\Users\mary\Desktop>wevtutil cl "Uac/Debug" 
 
C:\Users\mary\Desktop>wevtutil cl "WINDOWS_KS_CHANNEL" 
 
C:\Users\mary\Desktop>wevtutil cl "WINDOWS_MFH264Enc_CHANNEL" 
 
C:\Users\mary\Desktop>wevtutil cl "WINDOWS_MP4SDECD_CHANNEL" 
 
C:\Users\mary\Desktop>wevtutil cl "WINDOWS_MSMPEG2ADEC_CHANNEL" 
 
C:\Users\mary\Desktop>wevtutil cl "WINDOWS_MSMPEG2VDEC_CHANNEL" 
 
C:\Users\mary\Desktop>wevtutil cl "WINDOWS_VC1ENC_CHANNEL" 
 
C:\Users\mary\Desktop>wevtutil cl "WINDOWS_WMPHOTO_CHANNEL" 
 
C:\Users\mary\Desktop>wevtutil cl "WINDOWS_wmvdecod_CHANNEL" 
 
C:\Users\mary\Desktop>wevtutil cl "WMPSetup" 
 
C:\Users\mary\Desktop>wevtutil cl "WMPSyncEngine" 
 
C:\Users\mary\Desktop>wevtutil cl "Windows Networking Vpn Plugin Platform/Operational" 
 
C:\Users\mary\Desktop>wevtutil cl "Windows Networking Vpn Plugin Platform/OperationalVerbose" 
 
C:\Users\mary\Desktop>wevtutil cl "Windows PowerShell" 
 
C:\Users\mary\Desktop>wevtutil cl "WordChannel" 
 
C:\Users\mary\Desktop>wevtutil cl "muxencode" 
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 08:24:54 ====

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,699 posts
  • MVP

Do you have new FRST logs for me?


  • 0

#14
mandrada

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Just finished scanning, here you go. Will post Process Employer next.

 

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07.06.2024

Ran by mary (administrator) on 2020WS08 (Dell Inc. OptiPlex 7070) (07-06-2024 09:03:56)
Running from C:\Users\mary\Desktop\FRST64.exe
Loaded Profiles: mary
Platform: Microsoft Windows 11 Pro Version 23H2 22631.3593 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe ->) (Adobe Inc. -> Adobe Systems Incorporated.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrodist.exe <2>
(C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe ->) (Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe <2>
(C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.UserProcess.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\DCF\Dell.DCF.UA.Bradbury.API.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Inc -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.CoreServices.Client.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\AnalyticsSubAgent\Dell.TechHub.Analytics.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\DataManagerSubAgent\Dell.TechHub.DataManager.SubAgent.exe
(C:\Program Files\Dell\TechHub\Dell.TechHub.exe ->) (Dell Technologies Inc. -> Dell, Inc.) C:\Program Files\Dell\DTP\InstrumentationSubAgent\Dell.TechHub.Instrumentation.SubAgent.exe
(C:\Program Files\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\91.0.2.0\crashpad_handler.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <13>
(C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.10.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.85\msedgewebview2.exe <13>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe <2>
(C:\Windows\UUS\amd64\wuaucltcore.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.413.146.0.exe
(C:\Windows\UUS\amd64\wuaucltcore.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxEM.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2404.10.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(explorer.exe ->) (SystemServer -> Intermedia.net, Inc.) C:\Users\mary\AppData\Local\Programs\Intermedia Unite\Intermedia Unite.exe <6>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe
(services.exe ->) (Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(services.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TechHub\Dell.TechHub.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_b18a4e283f67c0b5\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_d6e4236a0f82e7b4\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_5fe2e31c542e0065\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_fbef37f5b63dca79\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_fbef37f5b63dca79\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_9bda45a3425e7880\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c984e9ce714075ab\RtkAudUService64.exe <2>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4d0b189ff2aba03\WavesSysSvc64.exe
(services.exe ->) (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) C:\Program Files\Common Files\Zoom\Support\CptService.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_2.0.1.8_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21904.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftTeams_24124.2404.2914.2538_x64__8wekyb3d8bbwe\msteamsupdate.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.10.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dsregcmd.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\wuaucltcore.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c984e9ce714075ab\RtkAudUService64.exe [1345104 2021-09-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo8de.inf_amd64_b4d0b189ff2aba03\WavesSvc64.exe [1774584 2021-02-18] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [781552 2021-10-11] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [8508832 2024-05-11] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Run: [Intermedia Unite] => C:\Users\mary\AppData\Local\Programs\Intermedia Unite\Intermedia Unite.exe [165999464 2024-04-05] (SystemServer -> Intermedia.net, Inc.)
HKU\S-1-5-21-3979886858-3466003010-52152672-1116\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-4211803538-2084879006-1980355138-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\91.0.2.0\GoogleDriveFS.exe [60955424 2024-05-28] (Google LLC -> Google, Inc.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\FaxUpload Port Monitor: C:\WINDOWS\system32\FaxUpMn15.dll [743248 2015-08-27] (ImageMAKER Development Inc. -> ImageMAKER Development Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\125.0.6422.142\Installer\chrmstp.exe [2024-06-04] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
Startup: C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2022-05-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vista Fax Daemon.lnk [2022-11-08]
ShortcutTarget: Vista Fax Daemon.lnk -> C:\Program Files (x86)\Common Files\ImageMAKER\Vstdaemon.exe (ImageMAKER Development Inc. -> ImageMAKER Development Inc.)
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {961B54B9-924B-4742-A0FB-FD77C10999BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {860365BE-D41E-40F2-B9E3-DBC253FB1FA6} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {62BC1EB5-B8BE-46CD-B3E3-F00E6C86BEB2} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {32FAA249-3876-4F54-854D-2029AF2A450E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5439240 2024-05-14] (Microsoft Windows -> Microsoft Corporation)
Task: {A6FA90BD-3CD1-4454-882D-FF86AC906B35} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [964936 2024-04-25] (Dell Technologies Inc. -> Dell Inc.) -> C:\Program Files\Dell\SupportAssistAgent\bin\AutoUpdate
Task: {66465A48-3014-404F-8045-980AC8272A2E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem127.0.6490.0{A1AF9303-C083-4C9E-83EA-D6B9B5F21709} => C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
Task: {29E39180-B327-438D-8ADB-77775C4D7920} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28498912 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {BBFB6EB2-376F-4C02-AA00-B5C2595DEF2E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28498912 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {71E7891D-4413-4495-872C-924462DC1C1C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309912 2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A3098E64-E595-4821-9CB8-6BC4FC85694D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309912 2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A43E0B5-87C3-4C62-9CFC-7437238CC541} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [169648 2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {17CC246F-4923-428E-9212-8302E2CE9BA0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [504304 2024-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E336F66-C193-4C7D-BC2E-81DD4896DBAD} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe [53248 2024-03-12] (Microsoft Windows -> Microsoft Corporation)
Task: {A0D0DFF6-E582-4D8E-BCD2-8152403CCC10} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe [53248 2024-03-12] (Microsoft Windows -> Microsoft Corporation)
Task: {2BC53148-B7B1-4C11-82AE-12402A22745D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1E68F916-3F6B-48A2-AB8E-0B6C779E79A5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E227D19E-F257-4F12-9E72-6CF44CCFA337} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3C140B93-0609-4C7E-8B0C-7974C9E72756} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpCmdRun.exe [1678960 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{effb5a57-65fe-4a33-ace5-bc2d29cc3452}: [NameServer] 192.168.254.2,8.8.8.8
 
Edge: 
=======
Edge Profile: C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default [2024-06-07]
Edge Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2024-02-29]
Edge Extension: (Dropbox for Gmail) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2021-08-31]
Edge Extension: (Google Docs Offline) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-26]
Edge Extension: (Google Mail Checker) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\glbpkcehjkihaknkjifkehdpjfngbdga [2020-10-21]
Edge Extension: (Amazon Assistant) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2023-03-30]
Edge Extension: (Cisco Webex Extension) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikdddppdhmjcdfgilpnbkdeggoiicjgo [2022-07-22]
Edge Extension: (Chrome Remote Desktop) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-07]
Edge Extension: (Pinterest Save Button) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jfcjijcigimhjjdimpghneggnegiphhh [2020-10-21]
Edge Extension: (Edge relevant text changes) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-08]
Edge Extension: (Zoom Chrome Extension) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2024-06-07]
Edge Extension: (ClassLink OneClick Extension) - C:\Users\mary\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\liidigofnkchhgmbdfmmbfcodpecmcii [2023-10-11]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-09-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-10-11] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-10-11] (Adobe Inc. -> Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default [2024-06-03]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-07-06]
CHR Extension: (Google Docs Offline) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-11]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-04-21]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-09-23]
CHR Profile: C:\Users\mary\AppData\Local\Google\Chrome\User Data\Guest Profile [2024-06-03]
CHR Profile: C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-06-07]
CHR DownloadDir: C:\Users\mary\Desktop
CHR Notifications: Profile 1 -> hxxps://buildertrend.net; hxxps://calendar.google.com; hxxps://fsastore.com; hxxps://my.norton.com; hxxps://therecipecritic.com; hxxps://www.accuweather.com; hxxps://www.crowdcast.io; hxxps://www.facebook.com; hxxps://www.fashionholla.com; hxxps://www.harney.com; hxxps://www.marthastewart.com; hxxps://www.messenger.com; hxxps://www.netflix.com; hxxps://www.pinterest.com; hxxps://www.soundstrue.com
CHR Extension: (Norton Password Manager) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\admmjipmmciaobhojoghlmleefbicajg [2024-05-16]
CHR Extension: (PayPal Honey: Automatic Coupons & Cash Back) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-06-05]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-05-28]
CHR Extension: (Google Docs Offline) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-06-03]
CHR Extension: (Save to Pinterest) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2024-06-04]
CHR Extension: (TiltShiftMaker) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo [2022-07-20]
CHR Extension: (Crackle) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2022-07-20]
CHR Extension: (My Downloads) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ienfdfooajmkbebiaplehejbamefbboi [2024-01-21]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-05-20]
CHR Extension: (The Washington Post) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ilgaabojccagggalemipkfjbcdemjgee [2022-07-20]
CHR Extension: (Chrome Remote Desktop) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2022-12-06]
CHR Extension: (ClassLink OneClick Extension) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jgfbgkjjlonelmpenhpfeeljjlcgnkpe [2024-05-08]
CHR Extension: (Grammarly: AI Writing and Grammar Checker App) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2024-06-06]
CHR Extension: (Zoom Chrome Extension) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2024-06-05]
CHR Extension: (Application Launcher For Drive (by Google)) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-22]
CHR Extension: (Google Mail Checker) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2024-06-04]
CHR Extension: (Capital One Shopping: Save Now) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2024-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-07-20]
CHR Profile: C:\Users\mary\AppData\Local\Google\Chrome\User Data\System Profile [2024-06-07]
CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3979886858-3466003010-52152672-1116\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-3979886858-3466003010-52152672-1116\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [4555744 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14012520 2024-05-26] (Microsoft Corporation -> Microsoft Corporation)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458128 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [159632 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [481680 2023-12-07] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 Dell Digital Delivery Services; C:\Program Files (x86)\Dell Digital Delivery Services\Dell.D3.WinSvc.exe [55712 2022-08-01] (Dell Inc -> )
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-12-11] (Dell Inc -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [159664 2023-12-22] (Dell Technologies Inc. -> Dell)
S2 GoogleUpdaterInternalService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
S2 GoogleUpdaterService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887344 2024-05-07] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-02] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe [1505416 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [159048 2024-04-25] (Dell Technologies Inc. -> Dell Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe [3236728 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe [133704 2024-05-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZoomCptService; "C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\mary\AppData\Roaming\Zoom"
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 CyUcmClient_Device; C:\WINDOWS\System32\drivers\CyUcmClient.sys [156600 2019-01-30] (Cypress Semiconductor Corporation -> Cypress Semiconductor Corporation)
R3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46640 2024-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 e1dexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e1d.inf_amd64_e98edae1bc7c25e7\e1d.sys [618128 2022-09-02] (Intel Corporation -> Intel Corporation)
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223184 2024-06-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-05-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-05-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl848c89d0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA6CAAED-1C14-4597-96E6-2DE3CACC2322}\MpKslDrv.sys [271648 2024-06-06] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-06] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602520 2024-05-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-28] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-07 09:17 - 2024-06-07 09:17 - 000000000 ____D C:\Users\mary\Downloads\ProcessExplorer
2024-06-07 09:16 - 2024-06-07 09:17 - 003459165 _____ C:\Users\mary\Downloads\ProcessExplorer (1).zip
2024-06-07 09:14 - 2024-06-07 09:14 - 003459165 _____ C:\Users\mary\Downloads\ProcessExplorer.zip
2024-06-07 07:26 - 2024-06-07 08:24 - 000233649 _____ C:\Users\mary\Desktop\Fixlog.txt
2024-06-07 07:22 - 2024-06-07 07:24 - 000016780 _____ C:\Users\mary\Downloads\OOSU10.cfg
2024-06-07 07:22 - 2024-06-07 07:22 - 000000000 ____D C:\Users\mary\AppData\Local\OO Software
2024-06-07 07:22 - 2024-06-07 07:20 - 001989904 _____ (O&O Software GmbH) C:\Users\mary\Downloads\OOSU10.exe
2024-06-07 07:20 - 2024-06-07 07:20 - 001989904 _____ (O&O Software GmbH) C:\Users\mary\Desktop\OOSU10.exe
2024-06-06 16:18 - 2024-06-06 16:37 - 000000000 ____D C:\ProgramData\SupportAssistDbBackup
2024-06-06 15:58 - 2024-06-06 15:58 - 000003530 _____ C:\WINDOWS\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2024-06-06 15:54 - 2024-06-06 15:54 - 000000000 _____ C:\WINDOWS\invcol.tmp
2024-06-06 07:25 - 2024-06-06 07:25 - 000461963 _____ C:\Users\mary\Desktop\2020WS08 (3).txt
2024-06-06 07:25 - 2024-06-06 07:25 - 000461963 _____ C:\Users\mary\Desktop\2020WS08 (2).txt
2024-06-06 07:24 - 2024-06-06 07:24 - 000461963 _____ C:\Users\mary\Desktop\2020WS08 (1).txt
2024-06-06 07:20 - 2024-06-06 07:22 - 000461963 _____ C:\Users\mary\Desktop\2020WS08.txt
2024-06-06 07:14 - 2024-06-06 07:14 - 008995336 _____ (Piriform Software Ltd) C:\Users\mary\Desktop\spsetup132 (2).exe
2024-06-06 07:12 - 2024-06-06 07:12 - 008995336 _____ (Piriform Software Ltd) C:\Users\mary\Desktop\spsetup132 (1).exe
2024-06-06 07:11 - 2024-06-06 07:11 - 008995336 _____ (Piriform Software Ltd) C:\Users\mary\Downloads\spsetup132.exe
2024-06-05 14:09 - 2024-06-05 14:09 - 000026131 _____ C:\Users\mary\Desktop\Registry.txt
2024-06-03 17:01 - 2024-06-03 17:01 - 000035248 _____ C:\WINDOWS\system32\lc.dat
2024-06-03 16:59 - 2024-06-03 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom
2024-06-03 16:54 - 2024-06-03 16:54 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-06-03 16:32 - 2024-06-05 08:47 - 000041628 _____ C:\Users\mary\Desktop\AR Report.pdf
2024-06-02 14:44 - 2024-06-06 16:51 - 000079652 _____ C:\Users\mary\Desktop\Addition.txt
2024-06-02 14:35 - 2024-06-07 09:09 - 000034273 _____ C:\Users\mary\Desktop\FRST.txt
2024-06-02 14:35 - 2024-06-07 07:26 - 000000000 ____D C:\Users\mary\Desktop\FRST-OlderVersion
2024-06-02 14:34 - 2024-06-07 09:06 - 000000000 ____D C:\FRST
2024-06-02 14:33 - 2024-06-07 07:26 - 002395136 _____ (Farbar) C:\Users\mary\Desktop\FRST64.exe
2024-06-02 14:29 - 2024-06-02 14:29 - 002299904 _____ (Farbar) C:\Users\mary\Downloads\FRST64 (2).exe
2024-06-02 14:28 - 2024-06-02 14:28 - 002299904 _____ (Farbar) C:\Users\mary\Downloads\FRST64.exe
2024-06-02 14:28 - 2024-06-02 14:28 - 002299904 _____ (Farbar) C:\Users\mary\Downloads\FRST64 (1).exe
2024-05-28 09:38 - 2024-05-28 09:38 - 007578108 _____ C:\Users\mary\Downloads\Samantha Set.pdf
2024-05-28 09:38 - 2024-05-28 09:38 - 003641426 _____ C:\Users\mary\Downloads\workshop archetect drawings.pdf
2024-05-28 09:37 - 2024-05-28 09:38 - 000686810 _____ C:\Users\mary\Downloads\Truss reciept.pdf
2024-05-24 11:57 - 2024-05-24 11:57 - 036750844 _____ C:\Users\mary\Downloads\KEVIN WHEELER SD CORRECTED 5-23-24 corrected (1).pdf
2024-05-24 09:23 - 2024-05-24 09:23 - 036750844 _____ C:\Users\mary\Downloads\KEVIN WHEELER SD CORRECTED 5-23-24 corrected.pdf
2024-05-23 09:06 - 2024-05-23 09:06 - 000019186 _____ C:\Users\mary\Downloads\15165585039_052324_0623 (1).pdf
2024-05-23 09:04 - 2024-05-23 09:05 - 000019186 _____ C:\Users\mary\Downloads\15165585039_052324_0623.pdf
2024-05-22 08:52 - 2024-05-22 08:52 - 000037128 _____ C:\Users\mary\Downloads\052124_2018.pdf
2024-05-16 16:49 - 2024-05-16 16:49 - 005383380 _____ C:\Users\mary\Downloads\Trailside-Fitness-12-Week-Training-Program.pdf
2024-05-14 22:05 - 2024-05-14 22:12 - 000000000 ___HD C:\$WinREAgent
2024-05-14 15:18 - 2024-05-14 15:18 - 036751974 _____ C:\Users\mary\Downloads\KEVIN WHEELER SD 5-14-24 CITY CORRECTED.pdf
2024-05-14 10:29 - 2024-05-14 10:29 - 005934884 _____ C:\Users\mary\Downloads\Full_Moon_in_Sagittarius_-_Color.pdf
2024-05-14 08:31 - 2024-05-14 08:31 - 034387145 _____ C:\Users\mary\Downloads\WWII Construction Drawings Set.pdf
2024-05-13 13:18 - 2024-05-13 13:19 - 017758280 _____ C:\Users\mary\Downloads\WEINGARDEN.zip
2024-05-10 13:06 - 2024-05-10 13:06 - 000438818 _____ C:\Users\mary\Downloads\Resource list for Transition 2024.pdf
2024-05-09 09:49 - 2024-05-09 09:49 - 000012132 _____ C:\Users\mary\Downloads\AF trust report (1).pdf
2024-05-09 08:06 - 2024-05-09 08:06 - 045439195 _____ C:\Users\mary\Downloads\iCloud Photos from James Fitzpatrick.zip
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-06-07 09:17 - 2024-05-02 18:07 - 000000000 ____D C:\Users\mary\AppData\Local\Malwarebytes
2024-06-07 09:14 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-06-07 09:09 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-06-07 09:09 - 2020-09-11 04:48 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery Services
2024-06-07 08:59 - 2020-10-20 10:52 - 000000000 ____D C:\Users\mary\AppData\Roaming\Intermedia Unite
2024-06-07 08:58 - 2020-10-26 13:42 - 000000000 ____D C:\Users\mary\Documents\Outlook Files
2024-06-07 08:57 - 2020-10-19 14:22 - 000000000 ____D C:\Users\mary\AppData\Local\D3DSCache
2024-06-07 08:54 - 2020-10-19 10:58 - 000000000 ___SD C:\Users\mary\AppData\Roaming\Microsoft\Credentials
2024-06-07 08:51 - 2020-10-19 10:58 - 000000000 __SHD C:\Users\mary\IntelGraphicsProfiles
2024-06-07 08:47 - 2023-04-12 10:04 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-06-07 08:47 - 2022-05-06 22:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-06-07 08:47 - 2020-10-09 14:47 - 000000128 _____ C:\WINDOWS\system32\config\netlogon.ftl
2024-06-07 08:47 - 2020-09-11 04:32 - 000000000 ____D C:\Intel
2024-06-07 08:47 - 2020-09-11 04:31 - 000012288 ___SH C:\DumpStack.log.tmp
2024-06-07 08:45 - 2023-04-12 09:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-06-07 08:08 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-06-07 07:57 - 2023-04-12 10:04 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-06-07 07:57 - 2023-04-12 10:04 - 000003412 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-06-07 07:30 - 2022-05-06 22:22 - 000000000 ____D C:\WINDOWS\INF
2024-06-07 07:17 - 2020-10-19 16:16 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\MMC
2024-06-07 02:33 - 2022-02-11 12:10 - 000000000 ____D C:\Users\mary\AppData\Local\CrashDumps
2024-06-06 19:06 - 2020-10-19 14:28 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2024-06-06 17:25 - 2020-09-11 04:44 - 000000000 ____D C:\ProgramData\Package Cache
2024-06-06 17:25 - 2020-09-11 04:43 - 000000000 ____D C:\Program Files\Dell
2024-06-06 16:57 - 2020-09-11 04:56 - 000000000 ____D C:\ProgramData\Dell
2024-06-06 16:45 - 2022-05-06 22:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-06-06 16:45 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-06-06 16:26 - 2023-04-12 10:04 - 000003948 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2024-06-06 16:19 - 2020-09-11 04:43 - 000000000 ____D C:\Program Files (x86)\Dell
2024-06-06 16:14 - 2022-04-06 08:09 - 000000000 ____D C:\Program Files\dotnet
2024-06-06 16:03 - 2020-10-19 14:53 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Access
2024-06-06 16:02 - 2020-10-19 15:52 - 000000000 ____D C:\Program Files (x86)\Intuit
2024-06-06 16:01 - 2024-02-28 17:47 - 000000000 ____D C:\Program Files\Intuit
2024-06-06 16:01 - 2020-10-19 16:09 - 000000000 ____D C:\Users\mary\AppData\Local\Intuit
2024-06-06 16:01 - 2020-10-19 15:55 - 000000090 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2024-06-06 16:00 - 2024-02-28 17:47 - 000000000 ____D C:\Program Files\Common Files\Intuit
2024-06-06 16:00 - 2020-10-19 16:36 - 000000000 ____D C:\ProgramData\Intuit
2024-06-06 15:58 - 2023-04-12 10:04 - 000003506 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2024-06-06 15:53 - 2023-04-12 10:04 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-06-05 17:39 - 2020-10-19 10:58 - 000000000 ____D C:\Users\mary\AppData\Local\Packages
2024-06-05 17:20 - 2020-10-19 13:56 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Outlook
2024-06-05 15:01 - 2023-04-12 09:44 - 000000000 ____D C:\Users\mary
2024-06-05 11:12 - 2020-09-11 04:58 - 000000000 ____D C:\ProgramData\Packages
2024-06-05 08:40 - 2020-10-19 13:04 - 000000000 ____D C:\Users\mary\Desktop\Inspection 1-29-19
2024-06-04 18:57 - 2020-09-11 04:41 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-06-04 14:54 - 2020-10-19 16:23 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Excel
2024-06-04 14:52 - 2020-10-19 14:57 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Word
2024-06-04 14:32 - 2020-10-09 14:47 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-06-04 14:32 - 2020-10-09 14:47 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-06-04 08:36 - 2023-04-12 09:56 - 000804924 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-06-03 17:00 - 2024-03-28 17:36 - 000002411 _____ C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams classic (work or school).lnk
2024-06-03 17:00 - 2020-10-20 08:04 - 000000000 ____D C:\Users\mary\AppData\Local\SquirrelTemp
2024-06-03 16:59 - 2024-03-28 17:34 - 000000000 ____D C:\Program Files\Zoom
2024-06-03 16:59 - 2020-10-20 08:05 - 000000000 ____D C:\Users\mary\AppData\Roaming\Microsoft\Teams
2024-06-03 16:49 - 2020-09-11 04:50 - 000000000 ____D C:\Program Files\Microsoft Office
2024-05-30 11:12 - 2020-10-19 13:04 - 000000000 ____D C:\Users\mary\Desktop\Letters of inspection
2024-05-28 18:13 - 2020-09-11 04:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-05-28 15:32 - 2022-07-20 12:39 - 000002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-05-28 15:32 - 2022-07-20 12:39 - 000002046 _____ C:\Users\mary\Desktop\Google Drive.lnk
2024-05-28 15:32 - 2020-10-09 14:46 - 000000000 ____D C:\Program Files (x86)\Google
2024-05-24 14:30 - 2023-04-12 10:04 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3979886858-3466003010-52152672-1116
2024-05-24 14:30 - 2023-04-12 10:04 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3979886858-3466003010-52152672-1116
2024-05-24 14:30 - 2020-10-19 10:59 - 000002378 _____ C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-05-23 19:49 - 2022-05-06 22:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-05-23 19:32 - 2023-04-12 09:38 - 000502712 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-05-23 19:26 - 2023-10-10 19:01 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\UUS
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-05-23 19:26 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-05-23 19:25 - 2022-05-07 00:39 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-05-23 19:25 - 2022-05-07 00:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\SystemApps
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-05-23 19:25 - 2022-05-06 22:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-05-23 19:25 - 2022-05-06 22:17 - 000000000 ____D C:\WINDOWS\servicing
2024-05-16 17:12 - 2022-10-11 14:40 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-05-16 17:12 - 2022-10-11 14:40 - 000002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-05-16 09:33 - 2020-10-19 13:04 - 000000000 ____D C:\Users\mary\Desktop\Mary's Documents
2024-05-14 23:03 - 2022-05-06 22:25 - 000077312 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2024-05-14 23:03 - 2022-05-06 22:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2024-05-14 22:41 - 2023-04-12 09:42 - 003214336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-05-14 21:26 - 2020-10-20 02:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-05-14 21:10 - 2020-10-20 02:17 - 196465576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories ========
 
2024-03-01 11:08 - 2024-03-01 11:08 - 055178864 _____ (Intuit Inc.) C:\Users\mary\QuickBooksToolHub.exe
2021-04-21 11:12 - 2021-04-21 12:33 - 000031847 _____ () C:\Users\mary\AppData\Roaming\QBFileDrTool.log
2020-10-19 14:42 - 2020-10-19 14:42 - 000000000 _____ () C:\Users\mary\AppData\Local\oobelibMkey.log
2021-12-15 10:06 - 2022-06-09 10:45 - 000007597 _____ () C:\Users\mary\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

  • 0

#15
mandrada

mandrada

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
explorer.exe < 0.01 227,996 K 315,400 K 8004 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
OUTLOOK.EXE < 0.01 142,568 K 308,432 K 9396 Microsoft Outlook Microsoft Corporation (Verified) Microsoft Corporation
SupportAssistAgent.exe < 0.01 224,976 K 297,532 K 1040 SupportAssist Dell Inc. (Verified) Dell Technologies Inc.
MsMpEng.exe 3.06 310,000 K 290,640 K 3948 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 131,524 K 240,344 K 4320 Google Chrome Google LLC (Verified) Google LLC
chrome.exe < 0.01 1,644,836 K 226,060 K 9252 Google Chrome Google LLC (Verified) Google LLC
GoogleDriveFS.exe < 0.01 65,364 K 169,064 K 5860 Google Drive Google, Inc. (Verified) Google LLC
dwm.exe < 0.01 137,408 K 164,260 K 1380
Intermedia Unite.exe < 0.01 102,472 K 156,752 K 11432 Intermedia Unite Intermedia.net, Inc. (Verified) SystemServer
Dell.D3.WinSvc.exe 114,808 K 152,124 K 7016 Dell.D3.WinSvc (Verified) Dell Inc
chrome.exe < 0.01 115,772 K 140,200 K 7700 Google Chrome Google LLC (Verified) Google LLC
msedgewebview2.exe 95,168 K 138,144 K 12252 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
chrome.exe 101,908 K 128,972 K 14392 Google Chrome Google LLC (Verified) Google LLC
Dell.TechHub.Instrumentation.SubAgent.exe < 0.01 96,896 K 118,848 K 3464
Intermedia Unite.exe < 0.01 43,020 K 107,568 K 4304 Intermedia Unite Intermedia.net, Inc. (Verified) SystemServer
Intermedia Unite.exe < 0.01 67,052 K 107,324 K 4880 Intermedia Unite Intermedia.net, Inc. (Verified) SystemServer
chrome.exe 78,828 K 107,152 K 6556 Google Chrome Google LLC (Verified) Google LLC
msedgewebview2.exe 35,400 K 106,648 K 13652 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
msedgewebview2.exe 32,744 K 104,700 K 12828 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
procexp64.exe 0.25 56,004 K 99,172 K 10004 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
DDVDataCollector.exe 61,644 K 98,788 K 7460 DDVDataCollector Dell Technologies Inc. (Verified) Dell Technologies Inc.
msedgewebview2.exe 56,584 K 98,076 K 14316 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
chrome.exe < 0.01 48,592 K 96,316 K 8408 Google Chrome Google LLC (Verified) Google LLC
Malwarebytes.exe < 0.01 86,548 K 96,260 K 4904 Malwarebytes Malwarebytes (Verified) Malwarebytes Inc.
SearchHost.exe Suspended 160,708 K 93,280 K 7360 Microsoft Corporation (Verified) Microsoft Windows
Notepad.exe 36,492 K 84,828 K 11392 (Verified) Microsoft Corporation
Intermedia Unite.exe < 0.01 51,516 K 83,968 K 11500 Intermedia Unite Intermedia.net, Inc. (Verified) SystemServer
chrome.exe < 0.01 37,544 K 81,176 K 15016 Google Chrome Google LLC (Verified) Google LLC
Dell.TechHub.Instrumentation.UserProcess.exe < 0.01 49,416 K 77,296 K 5268
Dell.TechHub.exe 41,888 K 75,936 K 3960 Dell.TechHub Dell (Verified) Dell Technologies Inc.
msedgewebview2.exe 52,476 K 75,912 K 2244 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
Dell.CoreServices.Client.exe 37,436 K 74,032 K 1664
Dell.TechHub.Analytics.SubAgent.exe 52,316 K 73,616 K 3208
MBAMService.exe < 0.01 29,464 K 71,872 K 4016 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Inc.
Dell.TechHub.DataManager.SubAgent.exe 50,336 K 69,860 K 3528
msedgewebview2.exe 28,976 K 68,780 K 14116 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
GoogleDriveFS.exe 31,452 K 68,072 K 4220 Google Drive Google, Inc. (Verified) Google LLC
chrome.exe 38,564 K 66,684 K 15020 Google Chrome Google LLC (Verified) Google LLC
GoogleDriveFS.exe 41,820 K 65,856 K 8068 Google Drive Google, Inc. (Verified) Google LLC
msedgewebview2.exe 43,196 K 65,596 K 13852 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
ShellExperienceHost.exe Suspended 26,496 K 61,696 K 9636 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
StartMenuExperienceHost.exe 56,084 K 61,492 K 4188 Windows Start Experience Host Microsoft Corporation (Verified) Microsoft Windows
Registry 9,640 K 61,104 K 124
Dell.TechHub.Diagnostics.SubAgent.exe 47,948 K 60,676 K 3836
OfficeClickToRun.exe 37,724 K 60,592 K 4140 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
TextInputHost.exe 77,872 K 57,476 K 7348 Microsoft Corporation (Verified) Microsoft Windows
ServiceShell.exe < 0.01 53,772 K 56,892 K 7716 ServiceShell (Verified) Dell Inc
chrome.exe < 0.01 30,784 K 54,540 K 12276 Google Chrome Google LLC (Verified) Google LLC
Intermedia Unite.exe 12,148 K 52,980 K 12644 Intermedia Unite Intermedia.net, Inc. (Verified) SystemServer
Widgets.exe 11,252 K 52,840 K 7748 Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 14,396 K 50,232 K 6960 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
Intermedia Unite.exe 15,020 K 46,972 K 9488 Intermedia Unite Intermedia.net, Inc. (Verified) SystemServer
Dell.DCF.UA.Bradbury.API.SubAgent.exe < 0.01 41,704 K 44,232 K 3808
chrome.exe 22,724 K 44,028 K 12944 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 22,124 K 43,560 K 4992 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
OneApp.IGCC.WinService.exe < 0.01 38,172 K 43,324 K 3828 Intel® Graphics Command Center Service Intel Corporation (Verified) Intel Corporation
chrome.exe < 0.01 17,708 K 39,116 K 12416 Google Chrome Google LLC (Verified) Google LLC
ai.exe < 0.01 22,544 K 36,776 K 5100 Artificial Intelligence (AI) Host for the Microsoft® Windows® Operating System and Platform x64. Microsoft Corporation (Verified) Microsoft Corporation
SearchIndexer.exe 26,548 K 35,500 K 8844 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
MoUsoCoreWorker.exe 13,484 K 34,040 K 5512
msedgewebview2.exe 11,008 K 33,524 K 13860 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
GoogleDriveFS.exe 14,028 K 33,044 K 10304 Google Drive Google, Inc. (Verified) Google LLC
GoogleDriveFS.exe 17,928 K 32,556 K 10352 Google Drive Google, Inc. (Verified) Google LLC
sihost.exe 6,704 K 32,148 K 6088 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
msedgewebview2.exe 10,600 K 32,092 K 11416 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
ctfmon.exe 10,640 K 30,800 K 8448
lsass.exe 10,128 K 28,140 K 780 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,576 K 27,780 K 2512 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9,904 K 27,340 K 1100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
msteamsupdate.exe 7,228 K 27,100 K 12676 Microsoft Teams Updater (personal) Microsoft Corporation (Verified) Microsoft Corporation
msteamsupdate.exe 6,984 K 26,908 K 12684 Microsoft Teams Updater (personal) Microsoft Corporation (Verified) Microsoft Corporation
RuntimeBroker.exe 6,320 K 26,812 K 5648 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6,916 K 26,500 K 7608 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 14,620 K 24,964 K 792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
GoogleDriveFS.exe 12,732 K 24,780 K 10176 Google Drive Google, Inc. (Verified) Google LLC
svchost.exe < 0.01 16,640 K 24,368 K 3500 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,076 K 24,196 K 9896 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
msedgewebview2.exe 12,748 K 23,844 K 1156 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
WidgetService.exe 4,692 K 23,736 K 852 WidgetService.exe Microsoft Corporation (Verified) Microsoft Windows
AdobeCollabSync.exe < 0.01 7,808 K 22,552 K 3308 Acrobat Collaboration Synchronizer 24.2 Adobe Systems Incorporated (Verified) Adobe Inc.
svchost.exe < 0.01 10,200 K 22,300 K 3588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 17,224 K 21,996 K 2296 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
MpDefenderCoreService.exe 8,836 K 21,760 K 3720 Antimalware Core Service Microsoft Corporation (Verified) Microsoft Windows Publisher
AdobeCollabSync.exe 5,196 K 21,588 K 8308 Acrobat Collaboration Synchronizer 24.2 Adobe Systems Incorporated (Verified) Adobe Inc.
chrome.exe < 0.01 12,600 K 21,288 K 13096 Google Chrome Google LLC (Verified) Google LLC
WmiPrvSE.exe 11,604 K 21,276 K 6060
SystemSettingsBroker.exe 4,176 K 21,148 K 12832 System Settings Broker Microsoft Corporation (Verified) Microsoft Windows
acrotray.exe 5,936 K 20,864 K 3444 Acrobat Licensing Service Adobe Systems Inc. (Verified) Adobe Inc.
acrotray.exe 5,996 K 20,816 K 11168 Acrobat Licensing Service Adobe Systems Inc. (Verified) Adobe Inc.
GoogleDriveFS.exe 15,412 K 20,560 K 8608 Google Drive Google, Inc. (Verified) Google LLC
backgroundTaskHost.exe Suspended 8,096 K 20,416 K 7044 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,932 K 19,972 K 3848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
taskhostw.exe 8,236 K 19,240 K 3644 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 6,068 K 18,328 K 3340 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,256 K 18,324 K 11080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,284 K 18,232 K 7564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
msedgewebview2.exe 6,964 K 18,136 K 14004 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
System < 0.01 88 K 17,688 K 4
DDVRulesProcessor.exe 18,160 K 17,312 K 7680 Dell Data Vault Rules Processor Dell Technologies Inc. (Verified) Dell Technologies Inc.
LMS.exe 6,500 K 17,184 K 3768 Intel® Local Management Service Intel Corporation (Verified) Intel Corporation
dllhost.exe 7,392 K 17,160 K 8348 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,360 K 17,052 K 1960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,980 K 16,976 K 3684 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,152 K 16,884 K 1540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,780 K 16,752 K 3196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
WavesSysSvc64.exe < 0.01 4,384 K 16,476 K 4284 WavesSysSvc Service Application Waves Audio Ltd. (Verified) Waves Inc
conhost.exe 6,132 K 16,264 K 7292 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,888 K 16,224 K 5248 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 7,512 K 15,868 K 1248 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,944 K 15,364 K 3484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,940 K 15,140 K 11000 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,280 K 14,872 K 3024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,096 K 14,632 K 9600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
igfxEM.exe 3,496 K 14,604 K 2156 igfxEM Module Intel Corporation (Verified) Intel Corporation
svchost.exe < 0.01 6,384 K 14,552 K 2652 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,228 K 14,520 K 7960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
AGMService.exe 4,544 K 14,048 K 4416 Adobe Genuine Software Monitor Service Adobe Systems, Incorporated (Verified) Adobe Inc.
WMIRegistrationService.exe 2,748 K 14,008 K 3776 Intel® Management Engine WMI Provider Registration Intel Corporation (Verified) Intel Corporation
svchost.exe 3,028 K 13,920 K 7624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
RtkAudUService64.exe 2,892 K 13,880 K 8112
procexp.exe 5,164 K 13,848 K 8508 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
svchost.exe 3,460 K 13,832 K 4476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,388 K 13,372 K 4484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,956 K 13,364 K 6848 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,916 K 13,284 K 10232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe < 0.01 5,704 K 12,988 K 3580
svchost.exe 2,680 K 12,908 K 7048 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe < 0.01 5,692 K 12,816 K 3408
conhost.exe < 0.01 5,688 K 12,808 K 3596
conhost.exe < 0.01 5,692 K 12,808 K 3852
conhost.exe < 0.01 5,704 K 12,804 K 3896
WmiPrvSE.exe 3,940 K 12,736 K 11972
winlogon.exe 2,444 K 12,684 K 992
NisSrv.exe 4,476 K 12,632 K 2308 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe 5,812 K 12,420 K 11908 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
MbamBgNativeMsg.exe 2,456 K 11,476 K 13632 Malwarebytes Native Message Service Malwarebytes (Verified) Malwarebytes Inc.
fontdrvhost.exe 6,284 K 11,292 K 1140
services.exe 0.25 5,484 K 11,188 K 744
svchost.exe 2,664 K 11,080 K 2132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,180 K 11,004 K 2400 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,500 K 10,908 K 6272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
backgroundTaskHost.exe Suspended 2,600 K 10,660 K 10080 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
RtkAudUService64.exe 2,472 K 10,656 K 4228 Realtek HD Audio Universal Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
svchost.exe 3,344 K 10,620 K 5052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,228 K 10,616 K 1784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,056 K 10,596 K 8704 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,636 K 10,508 K 1568 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,852 K 10,492 K 1472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,224 K 10,428 K 1224 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,192 K 10,208 K 3096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,152 K 10,044 K 2664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,764 K 10,012 K 1724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,152 K 10,012 K 2304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,004 K 9,964 K 1792 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,436 K 9,948 K 1884 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,228 K 9,892 K 2444 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,684 K 9,776 K 9028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
igfxCUIService.exe 1,880 K 9,592 K 2492 igfxCUIService Module Intel Corporation (Verified) Intel Corporation
backgroundTaskHost.exe Suspended 2,556 K 9,564 K 11760 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
DDVCollectorSvcApi.exe 1,852 K 9,516 K 2736 Dell Data Vault Data Collector Service API Dell Technologies Inc. (Verified) Dell Technologies Inc.
svchost.exe 2,336 K 9,460 K 4204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
backgroundTaskHost.exe Suspended 4,624 K 9,456 K 12612 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
VSSVC.exe < 0.01 1,884 K 9,408 K 9828 Microsoft® Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 1,884 K 9,032 K 12664 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,888 K 8,840 K 4812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 6,572 K 8,816 K 10860 Google Chrome Google LLC (Verified) Google LLC
svchost.exe 2,104 K 8,692 K 6928 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,280 K 8,684 K 3384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2,444 K 8,672 K 1292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,776 K 8,620 K 2532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,792 K 8,520 K 1920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
msedgewebview2.exe 2,080 K 8,260 K 13676 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 2,048 K 8,216 K 2336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
RuntimeBroker.exe 1,840 K 8,204 K 14840 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,136 K 8,092 K 1676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
unsecapp.exe 1,520 K 8,064 K 5440
msedgewebview2.exe 2,072 K 7,952 K 11756 Microsoft Edge WebView2 Microsoft Corporation (Verified) Microsoft Corporation
backgroundTaskHost.exe Suspended 2,828 K 7,948 K 12464 Background Task Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,372 K 7,936 K 1860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
unsecapp.exe 1,412 K 7,880 K 7316
IntelCpHDCPSvc.exe 1,452 K 7,848 K 1600 Intel HD Graphics Drivers for Windows® Intel Corporation (Verified) Intel Corporation
svchost.exe 2,452 K 7,832 K 2084 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,696 K 7,800 K 1708 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
dllhost.exe 1,548 K 7,724 K 12116 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
RstMwService.exe 1,872 K 7,608 K 3744 Intel® Rapid Storage Technology Management Service Intel Corporation (Verified) Intel Corporation
svchost.exe 1,696 K 7,604 K 4268 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,740 K 7,596 K 2540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
IntelCpHeciSvc.exe 1,460 K 7,504 K 2192 IntelCpHeciSvc Executable Intel Corporation (Verified) Intel Corporation
wininit.exe 1,436 K 7,472 K 920
svchost.exe 1,476 K 7,280 K 3492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,596 K 7,252 K 10292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,628 K 7,212 K 3676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,428 K 7,200 K 3056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe < 0.01 2,784 K 6,900 K 928
armsvc.exe 1,676 K 6,760 K 3708 Acrobat Update Service Adobe Inc. (Verified) Adobe Inc.
svchost.exe 1,240 K 6,744 K 3476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
uhssvc.exe 1,268 K 6,656 K 2500 Microsoft Update Health Service Microsoft Corporation (Verified) Microsoft Windows
crashpad_handler.exe 1,428 K 6,632 K 10792 (Verified) Google LLC
svchost.exe 1,448 K 6,600 K 2692 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
jhi_service.exe 1,300 K 6,504 K 3728 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation
svchost.exe 1,636 K 6,420 K 3508 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe < 0.01 1,960 K 6,220 K 832
CptService.exe 1,272 K 6,036 K 3616 Zoom Sharing Service Zoom Video Communications, Inc. (Verified) Zoom Video Communications, Inc.
svchost.exe 1,104 K 5,988 K 15256 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,420 K 5,940 K 1624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,196 K 5,932 K 2328 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,132 K 5,816 K 3668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,228 K 5,744 K 3752 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
dasHost.exe 1,144 K 5,588 K 4076
svchost.exe 1,224 K 5,500 K 1716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
fontdrvhost.exe 1,712 K 3,996 K 1148
cmd.exe 1,964 K 3,872 K 15216 Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
ONENOTEM.EXE 3,128 K 2,864 K 11596 Send to OneNote Tool Microsoft Corporation (Verified) Microsoft Corporation
smss.exe 1,112 K 1,316 K 584
System Idle Process 95.84 60 K 8 K 0
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP