Solved Scan showed a Keylogger...Now I'm concerned

[Emills83]

Hello.

My Windows 10 PC has been running very slow lately and acting up. I've also noticed that people have been trying to log into my bank accounts and other accounts. Luckily I use two-stage authorization on most everything. I ran an online scanner (ESET) and it said it removed the file sinvfct.dll which is a Keylogger. I'm concerned there may be other Malware or malicious programs on this PC. I have ran the FRST scan and attached the Logs as instructed. Any help would be appreciated.

Windows 10 Pro
Norton 360 Antivirus

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

Please observe forum rules. All logs have to be pasted not attached.

 

[Emills83]

I have read the above. What is the next step? This is my first time getting help on this forum. I tried to copy and paste the log and it keeps telling me " Please enter a message with no more than 50000 characters. "

 

[Emills83]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2021

Ran by emill (administrator) on MILLS-AIO (ASUSTeK COMPUTER INC. Zen AIO 24 ZN242GD) (22-01-2021 10:40:47)
Running from C:\Users\emill\Desktop
Loaded Profiles: emill
Platform: Windows 10 Pro Version 20H2 19042.746 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsMonStartupTask64.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\ATKOSD2.exe
(ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy\ATK Package\HControl.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\113.4.507\QtWebEngineProcess.exe <3>
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_31a8dbbf39dcdc3b\jhi_service.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_49599d441c87af7f\Intel_PIE_Service.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2012.16655.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2011.16.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.20.5.39\nsWscSvc.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.5.39\NortonSecurity.exe <2>
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Utilities Premium\x64\LBGovernor.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

 

[Emills83]

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1076728 2020-03-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [752168 2019-03-25] (Acronis International GmbH -> )
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321112 2019-07-29] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-01-13] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [665568 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [870368 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5866032 2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4971688 2019-03-25] (Acronis International GmbH -> )
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [441448 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [285544 2020-12-07] (IDSA Production signing key -> Intel)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1938296 2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3375904 2020-06-04] (Valve -> Valve Corporation)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5491248 2020-12-07] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\Run: [SmartSwitchPDLR.exe] => C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe [1126568 2020-07-03] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\MountPoints2: {8a0c2418-1e0e-11eb-af40-94b86d73ee6a} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [39936 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65496 2020-10-22] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON PC-FAX Driver2 64Monitor: C:\Windows\system32\EFXLM16A.DLL [182784 2018-12-26] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON WF-7720 Series 64MonitorBE: C:\Windows\system32\E_YLMBSAE.DLL [182784 2016-08-01] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{97E1814E-5601-41c8-9971-10C319EF61CC}] -> C:\Windows\system32\SRCredentialProvider.dll [2020-09-30] (Splashtop Inc. -> Splashtop Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {161318E0-4292-4DD3-9DCF-3E9238B8EF00} - System32\Tasks\AutomaticCare => C:\Program Files\Norton Utilities Premium\nup.exe [630952 2020-08-10] (Symantec Corporation -> Symantec Corporation)
Task: {1B10284B-E522-4542-8960-098CD84EC8D1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {21C80D43-07B2-4410-9602-13256020A71A} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe [117192 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {26FFE179-44FE-4B25-BBE7-958F564EF565} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe [117192 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {3F52CA62-A27A-406E-97ED-40017D902FDD} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {58277082-78DE-40C2-A862-4E71B7ADF4C0} - System32\Tasks\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities Premium\activesync.exe [244904 2020-08-10] (Symantec Corporation -> Symantec Corporation)
Task: {652EE8E5-376D-49FF-835F-252E609F99EE} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe [244904 2020-08-10] (Symantec Corporation -> Symantec Corporation)
Task: {668A2ACB-009D-444A-A70D-A29FD4CA7593} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.20.5.39\WSCStub.exe [644608 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {6E5429D9-E81B-4022-B739-5396A964482C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {74A6D751-271F-428C-933B-9BC83D4BD562} - System32\Tasks\tmh => c:\program files (x86)\sysconfig\tmh.exe
Task: {7B202DD7-029E-48DE-90B8-E64400400FC4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-09-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7E1D7C48-31A8-4D38-8C42-78077265CCC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-06] (Google LLC -> Google LLC)
Task: {85D173BE-C6F6-4B09-A56D-FBDDB58C8F7F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {85D18C34-3CAA-44C1-A866-CD574892BCEB} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHotkeyExec64.exe [176064 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {8B8F8A2F-4798-437E-B797-7928C69CF8D5} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.3.102\DADUpdater.exe
Task: {8BC049FF-53B3-4741-84DF-11874EB71D2D} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2776440 2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D5C0F47-D395-4C23-B376-C846FC4A569C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2162328 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {A6089F6E-26CE-46E3-BBFC-3C1E1EFB28FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {B3A1B702-D115-4927-9A96-88B18DDF5C38} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {C28B89E8-06FC-4F07-A4A7-E56CFBEB02BE} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {C9D5B027-2C78-4446-8455-E2F07EA7AB2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-06] (Google LLC -> Google LLC)
Task: {CA4A75F1-FD12-435A-A83B-48CBC0DDC930} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {DC262750-BD38-425F-824B-72A0FF536866} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [3047944 2020-10-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {E757F4B6-F80E-45C2-AEBF-1561EA5BA570} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe [117192 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {ED714A9E-724F-4342-A9C6-21456F37993B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-09-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F385B0D2-0FFD-49A3-ACB2-D53B90845B82} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {FBC288B1-1095-42AF-86CA-0C4860DCF4EA} - System32\Tasks\Live Boost Process Governor => C:\Program Files\Norton Utilities Premium\x64\LBgovernor.exe [1061544 2020-08-10] (Symantec Corporation -> Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5c289324-cf82-4f8b-b3a2-26575291de1c}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{73e80b19-3a10-4ea5-b44b-227d4f5f7161}: [DhcpNameServer] 192.168.1.254

Edge:
=======
DownloadDir: C:\Users\emill\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001 -> hxxps://www.google.com/
Edge Notifications: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001 -> hxxps://my.dotloop.com; hxxps://bakerrfinancial.securefilepro.com
Edge Extension: (No Name) -> EdgeExtension_EbatesEbatesCashBack_qvn24pjydtpgr => C:\Program Files\WindowsApps\Ebates.EbatesCashBack_4.36.0.0_neutral__qvn24pjydtpgr [not found]
Edge Extension: (Honey) -> EdgeExtension_HoneyScienceCorporationHoney_cbe4c63gm1mzr => C:\Program Files\WindowsApps\HoneyScienceCorporation.Honey_11.4.2.0_neutral__cbe4c63gm1mzr [2019-09-12]
Edge Extension: (Keeper® Password Manager & Digital Vault) -> EdgeExtension_KeeperSecurityIncKeeperBrowserExtension_kejf07qmg0jnm => C:\Program Files\WindowsApps\KeeperSecurityInc.KeeperBrowserExtension_12.6.188.0_neutral__kejf07qmg0jnm [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\emill\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-22]
Edge DownloadDir: C:\Users\emill\Downloads
Edge Notifications: Default -> hxxps://bakerrfinancial.securefilepro.com; hxxps://c2.qbo.intuit.com; hxxps://calendar.google.com; hxxps://markets.businessinsider.com; hxxps://my.dotloop.com; hxxps://postmates.com; hxxps://www.ctoagent.com
Edge HomePage: Default -> hxxps://www.google.com/
Edge StartupUrls: Default -> "hxxps://www.google.com/"
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Honey) - C:\Users\emill\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2020-11-16]
Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\emill\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmmlpenookphoknnpfilofakghemolmg [2020-12-13]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-07-31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [4383760 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1155344 2019-03-25] (Acronis International GmbH -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6341824 2019-12-02] (Acronis International GmbH -> )
S3 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AsHidService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe [173504 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 ASLDRService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe [227776 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-09-04] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-09-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-01-13] (Dropbox, Inc -> Dropbox, Inc.)
S2 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326136 2020-02-19] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-03-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\FileSyncHelper.exe [2191224 2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1774784 2019-03-25] (Acronis International GmbH -> )
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.20.5.39\NortonSecurity.exe [344760 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.20.5.39\nsWscSvc.exe [1056096 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\OneDriveUpdaterService.exe [2556280 2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-06-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-06-25] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [935352 2020-06-25] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7182560 2019-03-25] (Acronis International GmbH -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12757520 2020-12-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [7099408 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\atkwmiacpi64.sys [36368 2019-03-04] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.18.0.213\Definitions\BASHDefs\20210119.001\BHDrvx64.sys [1991536 2020-11-03] (Symantec Corporation -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\ccSetx64.sys [192248 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516960 2020-08-04] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154464 2020-08-05] (Symantec Corporation -> Broadcom)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [667144 2019-12-02] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [390592 2019-12-02] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.18.0.213\Definitions\IPSDefs\20210121.061\IDSvia64.sys [1479536 2021-01-18] (Symantec Corporation -> Broadcom)
R0 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [134000 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SRTSP64.SYS [889704 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SRTSPX64.SYS [50920 2020-07-23] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166768 2020-06-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-06-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SYMEFASI64.SYS [1964384 2020-07-23] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SymELAM.sys [25080 2020-07-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99848 2019-09-04] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.18.0.213\SymPlatform\SymEvnt.sys [712368 2020-01-17] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\Ironx64.SYS [316488 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\symnets.sys [575328 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52104 2018-10-16] (Symantec Corporation -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-09-12] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tib; C:\WINDOWS\system32\DRIVERS\tib.sys [885880 2019-12-02] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [171976 2019-12-02] (Acronis International GmbH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [693768 2019-12-02] (Acronis International GmbH -> Acronis International GmbH)
S3 USB28xxBGA; C:\WINDOWS\system32\DRIVERS\emBDA64.sys [641536 2008-04-03] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\system32\DRIVERS\emOEM64.sys [74624 2008-04-07] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2019-12-02] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2019-12-02] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\wpCtrlDrv.sys [1013792 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

[Emills83]

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-22 10:40 - 2021-01-22 10:41 - 000035106 _____ C:\Users\emill\Desktop\FRST.txt
2021-01-22 10:40 - 2021-01-22 10:41 - 000000000 ____D C:\FRST
2021-01-22 09:54 - 2021-01-22 09:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2021-01-22 09:49 - 2021-01-22 09:49 - 002296320 _____ (Farbar) C:\Users\emill\Desktop\FRST64.exe
2021-01-22 09:33 - 2021-01-22 09:33 - 015012440 _____ (ESET spol. s r.o.) C:\Users\emill\Desktop\esetonlinescanner.exe
2021-01-22 09:33 - 2021-01-22 09:33 - 000000815 _____ C:\Users\emill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-01-22 09:33 - 2021-01-22 09:33 - 000000669 _____ C:\Users\emill\Desktop\ESET Online Scanner.lnk
2021-01-22 09:33 - 2021-01-22 09:33 - 000000000 ____D C:\Users\emill\AppData\Local\ESET
2021-01-21 13:56 - 2021-01-21 13:56 - 000627601 _____ C:\Users\emill\Downloads\Credit_Invoice_Statement_20210121_025634PM.pdf
2021-01-21 13:55 - 2021-01-21 13:55 - 000056140 _____ C:\Users\emill\Downloads\Credit_Invoice_Statement_20210121_025551PM.pdf
2021-01-21 13:54 - 2021-01-21 13:54 - 000058872 _____ C:\Users\emill\Downloads\Credit_Invoice_Statement_20210121_025414PM.pdf
2021-01-21 13:52 - 2021-01-21 13:52 - 000058872 _____ C:\Users\emill\Downloads\Credit_Invoice_Statement_20210121_025209PM.pdf
2021-01-21 08:02 - 2021-01-21 08:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-01-20 08:18 - 2021-01-20 08:18 - 000000000 ____D C:\WINDOWS\system32\N360_BACKUP
2021-01-19 20:18 - 2021-01-19 20:21 - 000462547 _____ C:\Users\emill\Desktop\2020 Tax Organizer (MILLS EMERY).pdf
2021-01-19 20:16 - 2021-01-22 09:06 - 000712692 _____ C:\Users\emill\Desktop\2020 Tax Organizer (MILLS ERIC & MALORI).pdf
2021-01-19 19:55 - 2021-01-19 19:55 - 000139346 _____ C:\Users\emill\Downloads\MOHELAtaxinfo.pdf
2021-01-19 18:58 - 2021-01-19 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-01-19 18:04 - 2021-01-19 18:04 - 000919312 _____ C:\Users\emill\Downloads\2020 Tax Organizer (MILLS ERIC & MALORI).pdf
2021-01-19 18:04 - 2021-01-19 18:04 - 000558580 _____ C:\Users\emill\Downloads\2020 Tax Organizer (MILLS EMERY).pdf
2021-01-19 18:02 - 2021-01-19 18:02 - 000682610 _____ C:\Users\emill\Downloads\XXXX6662_2020_1099_01-17-2021.pdf
2021-01-19 13:49 - 2021-01-19 13:49 - 000000994 _____ C:\Users\Public\Desktop\IPVanish.lnk
2021-01-19 13:49 - 2021-01-19 13:49 - 000000994 _____ C:\ProgramData\Desktop\IPVanish.lnk
2021-01-19 13:49 - 2021-01-19 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IPVanish
2021-01-15 17:35 - 2021-01-15 17:35 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-01-14 11:00 - 2021-01-14 11:00 - 000078650 _____ C:\Users\emill\Downloads\XXXX6662-12_2020-edj-statement.pdf
2021-01-14 08:56 - 2021-01-14 08:56 - 000683285 _____ C:\Users\emill\Downloads\Loan Agreement, Note and Related Documents_197184.pdf
2021-01-14 08:56 - 2021-01-14 08:56 - 000012262 _____ C:\Users\emill\Downloads\3300039989.pdf
2021-01-14 08:38 - 2021-01-14 08:38 - 000591715 _____ C:\Users\emill\Downloads\CT Company Documents.pdf
2021-01-14 08:37 - 2021-01-14 08:37 - 001303976 _____ C:\Users\emill\Downloads\Mortgage - recorded.pdf
2021-01-14 08:37 - 2021-01-14 08:37 - 000688901 _____ C:\Users\emill\Downloads\Final Signed Closing Disclosure.pdf
2021-01-14 08:36 - 2021-01-14 08:36 - 000240386 _____ C:\Users\emill\Downloads\Final Signed Borrowers Statement.pdf
2021-01-14 08:36 - 2021-01-14 08:36 - 000147990 _____ C:\Users\emill\Downloads\Note.pdf
2021-01-14 08:36 - 2021-01-14 08:36 - 000051862 _____ C:\Users\emill\Downloads\Rescission Notice.pdf
2021-01-14 08:28 - 2021-01-14 08:28 - 000001676 _____ C:\Users\emill\Documents\Where are my files.lnk
2021-01-13 20:43 - 2021-01-13 20:43 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-01-13 20:43 - 2021-01-13 20:43 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-01-13 20:43 - 2021-01-13 20:43 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-01-13 20:43 - 2021-01-13 20:43 - 000044064 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-01-13 09:04 - 2021-01-13 09:04 - 000059344 _____ C:\Users\emill\Downloads\Credit_Invoice_Statement_20210113_100433AM.pdf
2021-01-12 21:29 - 2021-01-12 21:29 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-12 21:29 - 2021-01-12 21:29 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-12 21:29 - 2021-01-12 21:29 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-12 21:29 - 2021-01-12 21:29 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-12 21:29 - 2021-01-12 21:29 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-12 21:29 - 2021-01-12 21:29 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-12 21:29 - 2021-01-12 21:29 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-12 21:29 - 2021-01-12 21:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-12 21:29 - 2021-01-12 21:29 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-12 21:29 - 2021-01-12 21:29 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-12 21:29 - 2021-01-12 21:29 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-12 21:29 - 2021-01-12 21:29 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-12 21:29 - 2021-01-12 21:29 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-12 21:29 - 2021-01-12 21:29 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-12 21:29 - 2021-01-12 21:29 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-12 21:29 - 2021-01-12 21:29 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-12 21:29 - 2021-01-12 21:29 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-12 21:29 - 2021-01-12 21:29 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-12 21:29 - 2021-01-12 21:29 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-12 21:29 - 2021-01-12 21:29 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-12 21:29 - 2021-01-12 21:29 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-12 21:28 - 2021-01-12 21:28 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-12 21:28 - 2021-01-12 21:28 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-12 21:28 - 2021-01-12 21:28 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-12 21:28 - 2021-01-12 21:28 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-12 21:28 - 2021-01-12 21:28 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-12 21:28 - 2021-01-12 21:28 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-12 21:28 - 2021-01-12 21:28 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-12 21:28 - 2021-01-12 21:28 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-12 21:27 - 2021-01-12 21:27 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-12 21:27 - 2021-01-12 21:27 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-12 21:27 - 2021-01-12 21:27 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-12 21:27 - 2021-01-12 21:27 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-12 21:27 - 2021-01-12 21:27 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-11 09:45 - 2021-01-11 09:45 - 000147728 _____ C:\Users\emill\Desktop\CFD - AR Breakdown - Dec 2020.pdf
2021-01-11 09:39 - 2021-01-11 09:39 - 000087599 _____ C:\Users\emill\Downloads\20210111093934_ffcra_paid_sick_and_family_leave_credit_report_e6b18ce4.pdf
2021-01-11 09:37 - 2021-01-11 09:37 - 000152596 _____ C:\Users\emill\Downloads\0DN442021011352EA344AC_payroll-distributed-summary_5cfabe0.pdf
2021-01-11 09:36 - 2021-01-11 09:36 - 000111221 _____ C:\Users\emill\Downloads\0DN442021011352EA344AC_cashrequirement_acac218.pdf
2021-01-10 20:45 - 2021-01-10 20:45 - 000081222 _____ C:\Users\emill\Downloads\20210110204514_direct_deposit_register_5f4e0fa7.pdf
2021-01-10 20:24 - 2021-01-10 20:32 - 000014227 _____ C:\Users\emill\Downloads\20210110202452_Advanced_Report_Writer_5968366f.xlsx
2021-01-10 20:23 - 2021-01-10 20:23 - 000031119 _____ C:\Users\emill\Downloads\20210110202336_Advanced_Report_Writer_47919d56.pdf
2021-01-10 20:17 - 2021-01-10 20:17 - 000061218 _____ C:\Users\emill\Downloads\20210110201723_Wage_And_Tax_Report_1a2715db.pdf
2021-01-10 20:13 - 2021-01-10 20:13 - 000091360 _____ C:\Users\emill\Downloads\20210110201308_Wage_And_Tax_Report_5ceb6f1e.pdf
2021-01-10 20:00 - 2021-01-10 20:00 - 000016972 _____ C:\Users\emill\Downloads\20210110200022_Employee_YTD_Balances_Report_13851eb6.pdf
2021-01-10 19:57 - 2021-01-10 19:57 - 000445313 _____ C:\Users\emill\Downloads\0DN4400000000MYARCHIVE_ Statement of Deposits And Filings 2020 Q1 FEIN 141981193_U.PDF
2021-01-10 19:44 - 2021-01-10 19:44 - 000022290 _____ C:\Users\emill\Downloads\20210110194353_Withholdings Reports_7ab11936.pdf
2021-01-10 19:34 - 2021-01-10 19:34 - 000016979 _____ C:\Users\emill\Downloads\20210110193437_Staff ER Payroll Report_4f1ed8d9.pdf
2021-01-10 19:30 - 2021-01-10 19:30 - 000013807 _____ C:\Users\emill\Downloads\20210110193032_Staff ER Payroll Report_fbfb9f40.pdf
2021-01-10 19:28 - 2021-01-10 19:28 - 000013925 _____ C:\Users\emill\Downloads\20210110192814_Staff ER Payroll Report_0d596503.pdf
2021-01-10 19:06 - 2021-01-10 19:06 - 000013989 _____ C:\Users\emill\Downloads\20210110190647_Withholdings Reports_d5687b1d.pdf
2021-01-10 19:05 - 2021-01-10 19:05 - 000014071 _____ C:\Users\emill\Downloads\20210110190522_Withholdings Reports_28e9abc7.pdf
2021-01-10 18:53 - 2021-01-10 18:53 - 000129643 _____ C:\Users\emill\Downloads\20210110185302_payroll_distributed_summary_report_15d33bea.pdf
2021-01-10 18:48 - 2021-01-10 18:48 - 000148127 _____ C:\Users\emill\Downloads\20210110184845_payroll_distributed_summary_report_88eb5d1f.pdf
2021-01-10 18:45 - 2021-01-10 18:45 - 000160242 _____ C:\Users\emill\Downloads\20210110184522_payroll_distributed_summary_report_20ced44a.pdf
2021-01-10 18:42 - 2021-01-10 18:42 - 000155005 _____ C:\Users\emill\Downloads\20210110184246_payroll_distributed_summary_report_e94e7b86.pdf
2021-01-10 18:40 - 2021-01-10 18:40 - 000159823 _____ C:\Users\emill\Downloads\20210110184034_payroll_distributed_summary_report_86f2f359.pdf
2021-01-10 18:38 - 2021-01-10 18:38 - 000153159 _____ C:\Users\emill\Downloads\20210110183840_payroll_distributed_summary_report_dff6c27d.pdf
2021-01-10 18:34 - 2021-01-10 18:34 - 000153767 _____ C:\Users\emill\Downloads\20210110183456_payroll_distributed_summary_report_7fc2f225.pdf
2021-01-10 18:30 - 2021-01-10 18:30 - 000153201 _____ C:\Users\emill\Downloads\20210110183019_payroll_distributed_summary_report_904f4f6b.pdf
2021-01-10 18:28 - 2021-01-10 18:28 - 000147650 _____ C:\Users\emill\Downloads\20210110182808_payroll_distributed_summary_report_5f8a7333.pdf
2021-01-10 18:14 - 2021-01-10 18:14 - 000152613 _____ C:\Users\emill\Downloads\20210110181443_payroll_distributed_summary_report_7abea949.pdf
2021-01-10 18:12 - 2021-01-10 18:12 - 000146705 _____ C:\Users\emill\Downloads\20210110181245_payroll_distributed_summary_report_799f1002.pdf
2021-01-10 18:07 - 2021-01-10 18:07 - 000159714 _____ C:\Users\emill\Downloads\20210110180752_payroll_distributed_summary_report_c8a731c4.pdf
2021-01-10 16:43 - 2021-01-10 16:43 - 000158577 _____ C:\Users\emill\Downloads\20210110164337_payroll_distributed_summary_report_19d73244.pdf
2021-01-10 16:38 - 2021-01-10 16:38 - 000154305 _____ C:\Users\emill\Downloads\20210110163804_payroll_distributed_summary_report_07409782.pdf
2021-01-10 16:38 - 2021-01-10 16:38 - 000128889 _____ C:\Users\emill\Downloads\20210110163815_payroll_distributed_summary_report_fc283282.pdf
2021-01-10 16:14 - 2021-01-10 16:14 - 000148372 _____ C:\Users\emill\Downloads\20210110161424_payroll_distributed_summary_report_f520ca52.pdf
2021-01-10 16:14 - 2021-01-10 16:14 - 000123138 _____ C:\Users\emill\Downloads\20210110161411_payroll_distributed_summary_report_c45d802d.pdf
2021-01-10 16:09 - 2021-01-10 16:09 - 000154991 _____ C:\Users\emill\Downloads\20210110160909_payroll_distributed_summary_report_fac13823.pdf
2021-01-10 16:09 - 2021-01-10 16:09 - 000128077 _____ C:\Users\emill\Downloads\20210110160920_payroll_distributed_summary_report_e8f06b87.pdf
2021-01-10 16:06 - 2021-01-10 16:06 - 000120472 _____ C:\Users\emill\Downloads\20210110160610_payroll_distributed_summary_report_038c8898.pdf
2021-01-10 16:03 - 2021-01-10 16:03 - 000153751 _____ C:\Users\emill\Downloads\20210110160311_payroll_distributed_summary_report_3e1c5cfd.pdf
2021-01-10 15:59 - 2021-01-10 15:59 - 000159011 _____ C:\Users\emill\Downloads\20210110155930_payroll_distributed_summary_report_842fc730.pdf
2021-01-10 15:56 - 2021-01-10 15:56 - 000127746 _____ C:\Users\emill\Downloads\20210110155625_payroll_distributed_summary_report_63249332.pdf
2021-01-10 15:43 - 2021-01-10 15:43 - 000147190 _____ C:\Users\emill\Downloads\20210110154321_payroll_distributed_summary_report_e24ffde7.pdf
2021-01-10 15:39 - 2021-01-10 15:39 - 000151210 _____ C:\Users\emill\Downloads\20210110153913_payroll_distributed_summary_report_f52c110f.pdf
2021-01-10 15:35 - 2021-01-10 15:35 - 000139865 _____ C:\Users\emill\Downloads\20210110153537_payroll_distributed_summary_report_7e278644.pdf
2021-01-10 15:30 - 2021-01-10 15:30 - 000146916 _____ C:\Users\emill\Downloads\20210110153049_payroll_distributed_summary_report_6873ace6.pdf
2021-01-10 15:20 - 2021-01-10 15:20 - 000151266 _____ C:\Users\emill\Downloads\20210110152049_payroll_distributed_summary_report_3595dda6.pdf
2021-01-10 15:14 - 2021-01-10 15:14 - 000158329 _____ C:\Users\emill\Downloads\20210110151447_payroll_distributed_summary_report_3b2e7854.pdf
2021-01-10 15:07 - 2021-01-10 15:07 - 000154339 _____ C:\Users\emill\Downloads\20210110150756_payroll_distributed_summary_report_ea4ab9c9.pdf
2021-01-10 14:51 - 2021-01-10 14:51 - 000151207 _____ C:\Users\emill\Downloads\20210110145127_payroll_distributed_summary_report_adcaa99e.pdf
2021-01-10 14:44 - 2021-01-10 14:44 - 000159517 _____ C:\Users\emill\Downloads\20210110144408_payroll_distributed_summary_report_e1b3a247.pdf
2021-01-10 14:38 - 2021-01-10 14:38 - 000238393 _____ C:\Users\emill\Downloads\0DN44 Cash Requirements Statement.pdf
2021-01-10 14:23 - 2021-01-10 14:23 - 000156640 _____ C:\Users\emill\Downloads\20210110142308_payroll_distributed_summary_report_e7fd23fb.pdf
2021-01-10 14:18 - 2021-01-10 14:18 - 000123945 _____ C:\Users\emill\Downloads\20210110141809_payroll_distributed_summary_report_2e452dbd.pdf
2021-01-10 13:25 - 2021-01-10 13:25 - 000134320 _____ C:\Users\emill\Downloads\20210110132514_payroll_distributed_summary_report_6dee1fd4.pdf
2021-01-10 13:22 - 2021-01-10 13:22 - 000128888 _____ C:\Users\emill\Downloads\20210110132211_payroll_distributed_summary_report_9914df55.pdf
2021-01-10 13:13 - 2021-01-10 13:13 - 000014924 _____ C:\Users\emill\Downloads\20210110131253_Withholdings Reports_fdbad243.pdf
2021-01-10 13:07 - 2021-01-10 13:07 - 000123546 _____ C:\Users\emill\Downloads\0DN4420201231B091AEC24_payroll-distributed-summary_1983bfd (2).pdf
2021-01-10 13:02 - 2021-01-10 13:02 - 000017001 _____ C:\Users\emill\Downloads\20210110130246_Advanced_Report_Writer_41cf8654.pdf
2021-01-10 12:59 - 2021-01-10 12:59 - 000181870 _____ C:\Users\emill\Downloads\20210110125941_Staff Payoll Report_3bdac4c2.pdf
2021-01-10 12:52 - 2021-01-10 12:52 - 000252461 _____ C:\Users\emill\Downloads\0DN4400000000MYARCHIVE_2020W2Report_U.PDF
2021-01-10 12:44 - 2021-01-10 12:44 - 000021407 _____ C:\Users\emill\Downloads\20210110124408_Withholdings Reports_3cb9af42.pdf
2021-01-10 12:43 - 2021-01-10 12:43 - 000022319 _____ C:\Users\emill\Downloads\20210110124304_Advanced_Report_Writer_318afde6.pdf
2021-01-10 12:42 - 2021-01-10 12:42 - 000021162 _____ C:\Users\emill\Downloads\20210110123325_Advanced_Report_Writer_4eb96128 (1).pdf
2021-01-10 12:42 - 2021-01-10 12:42 - 000020386 _____ C:\Users\emill\Downloads\20210110124208_Advanced_Report_Writer_115867f8.pdf
2021-01-10 12:33 - 2021-01-10 12:33 - 000021162 _____ C:\Users\emill\Downloads\20210110123325_Advanced_Report_Writer_4eb96128.pdf
2021-01-06 13:39 - 2021-01-06 13:39 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-06 13:39 - 2021-01-06 13:39 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-06 13:39 - 2021-01-06 13:39 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2021-01-06 13:39 - 2021-01-06 13:39 - 000002243 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2021-01-06 13:39 - 2021-01-06 13:39 - 000002243 _____ C:\ProgramData\Desktop\Google Earth Pro.lnk
2021-01-06 13:39 - 2021-01-06 13:39 - 000000000 ____D C:\Users\emill\AppData\LocalLow\Google
2021-01-06 13:39 - 2021-01-06 13:39 - 000000000 ____D C:\Program Files\Google
2021-01-05 12:57 - 2021-01-05 12:57 - 000252461 _____ C:\Users\emill\Downloads\0DN4400000000MYARCHIVE_2020W2ReportPreview_U (1).PDF
2021-01-05 12:55 - 2021-01-05 12:55 - 000252461 _____ C:\Users\emill\Downloads\0DN4400000000MYARCHIVE_2020W2ReportPreview_U.PDF
2021-01-05 10:41 - 2021-01-05 10:41 - 000097552 _____ C:\Users\emill\Downloads\11761400000053.pdf
2021-01-05 10:30 - 2021-01-05 10:30 - 000058872 _____ C:\Users\emill\Downloads\Credit_Invoice_Statement_20210105_113011AM.pdf
2021-01-05 10:18 - 2021-01-05 10:18 - 000369389 _____ C:\Users\emill\Downloads\statement (1).pdf
2021-01-05 10:16 - 2021-01-05 10:16 - 000370299 _____ C:\Users\emill\Downloads\statement.pdf
2020-12-31 11:50 - 2021-01-11 09:40 - 000000000 ____D C:\Users\emill\Desktop\Paycom reports
2020-12-31 11:50 - 2020-12-31 11:54 - 000000000 ____D C:\Users\emill\Desktop\House Plans
2020-12-31 11:50 - 2020-12-31 11:50 - 000000000 ____D C:\Users\emill\Desktop\Reports for Blake
2020-12-31 11:50 - 2020-12-31 11:50 - 000000000 ____D C:\Users\emill\Desktop\Junior Football Season
2020-12-31 11:50 - 2020-12-31 11:50 - 000000000 ____D C:\Users\emill\Desktop\Fitness
2020-12-31 11:50 - 2020-12-27 10:50 - 000002434 _____ C:\Users\emill\Desktop\QuickBooks.lnk
2020-12-31 11:50 - 2020-12-14 11:54 - 000115267 _____ C:\Users\emill\Desktop\Eric Mills - Passport Renewal.pdf
2020-12-31 11:50 - 2020-11-27 10:22 - 000011417 _____ C:\Users\emill\Desktop\Building House - Money Required.xlsx
2020-12-31 11:50 - 2020-11-15 21:56 - 002668072 _____ C:\Users\emill\Desktop\AmaraChristmasStocking.pdf
2020-12-31 11:50 - 2020-11-15 20:40 - 007254759 _____ C:\Users\emill\Desktop\TheAlpineStocking.pdf
2020-12-31 11:50 - 2020-08-17 10:53 - 000311258 _____ C:\Users\emill\Desktop\giftcard.pdf
2020-12-31 11:50 - 2020-08-10 18:20 - 000001975 _____ C:\Users\emill\Desktop\Norton Utilities Premium.lnk
2020-12-31 11:50 - 2020-06-15 19:19 - 000002013 _____ C:\Users\emill\Desktop\CTOAgentONE.lnk
2020-12-31 11:50 - 2020-05-08 16:35 - 000010197 _____ C:\Users\emill\Desktop\Accounts.xlsx
2020-12-31 11:50 - 2019-09-10 12:30 - 000011876 _____ C:\Users\emill\Desktop\S4account.pdf
2020-12-31 09:38 - 2020-12-31 09:38 - 000604995 _____ C:\Users\emill\Downloads\0DN4400000000MYARCHIVE_ Statement of Deposits And Filings 2020 Q2 FEIN 141981193_U.PDF
2020-12-31 09:38 - 2020-12-31 09:38 - 000577672 _____ C:\Users\emill\Downloads\0DN4400000000MYARCHIVE_ Statement of Deposits And Filings 2020 Q3 FEIN 141981193_U.PDF
2020-12-31 08:56 - 2020-12-31 08:56 - 000110966 _____ C:\Users\emill\Downloads\0DN4420201231B091AEC24_cashrequirement_3924777 (1).pdf
2020-12-31 08:56 - 2020-12-31 08:56 - 000093823 _____ C:\Users\emill\Downloads\0DN4420201231B091AEC24_check-register_1caff6d.pdf
2020-12-31 08:56 - 2020-12-31 08:56 - 000080833 _____ C:\Users\emill\Downloads\0DN4420201231B091AEC24_direct-deposit-register_ce22acd.pdf
2020-12-31 08:55 - 2020-12-31 08:55 - 000123546 _____ C:\Users\emill\Downloads\0DN4420201231B091AEC24_payroll-distributed-summary_1983bfd.pdf
2020-12-31 08:55 - 2020-12-31 08:55 - 000110966 _____ C:\Users\emill\Downloads\0DN4420201231B091AEC24_cashrequirement_3924777.pdf
2020-12-29 08:39 - 2020-12-29 08:39 - 000091320 _____ C:\Users\emill\Downloads\20201229083945_ffcra_paid_sick_and_family_leave_credit_report_87a70713.pdf
2020-12-29 08:22 - 2020-12-29 08:22 - 000091122 _____ C:\Users\emill\Downloads\20201229082219_ffcra_paid_sick_and_family_leave_credit_report_2b595c67.pdf
2020-12-29 08:21 - 2020-12-29 08:21 - 000148136 _____ C:\Users\emill\Downloads\0DN44202012309EDD96FF3_payroll-distributed-summary_b6b3fd0.pdf
2020-12-29 08:21 - 2020-12-29 08:21 - 000111430 _____ C:\Users\emill\Downloads\0DN44202012309EDD96FF3_cashrequirement_51636a4.pdf
2020-12-27 10:39 - 2020-12-27 10:39 - 000002442 _____ C:\Users\emill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickBooks.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-22 10:37 - 2020-08-24 12:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-22 10:26 - 2019-09-27 15:17 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2021-01-22 09:51 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-22 09:45 - 2019-10-17 08:27 - 000000000 ___HD C:\Program Files (x86)\sysconfig
2021-01-22 09:38 - 2020-01-15 17:04 - 000000000 ____D C:\Users\emill\AppData\Roaming\QuickBooks
2021-01-22 09:00 - 2019-10-01 16:12 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-01-22 09:00 - 2019-10-01 16:12 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-01-22 08:49 - 2020-08-24 12:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360
2021-01-22 08:49 - 2020-08-24 12:11 - 000842414 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-22 08:49 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-22 08:42 - 2020-08-24 12:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-22 08:42 - 2020-08-24 12:08 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-22 08:42 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-22 08:42 - 2019-09-05 06:47 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-22 08:42 - 2019-09-04 14:39 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-01-22 08:42 - 2019-09-04 14:39 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-01-22 08:41 - 2019-12-07 03:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-22 07:57 - 2020-08-24 12:18 - 000003998 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-01-22 07:57 - 2020-08-24 12:18 - 000003766 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-01-21 12:54 - 2019-09-07 08:41 - 000000000 ____D C:\Users\emill\AppData\Roaming\Keeper Password Manager
2021-01-21 08:12 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-21 08:12 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-21 08:00 - 2019-09-04 14:20 - 000000000 ____D C:\Users\emill\AppData\Local\ElevatedDiagnostics
2021-01-21 07:56 - 2019-09-05 07:46 - 000000000 ____D C:\Users\emill\AppData\Local\D3DSCache
2021-01-20 09:53 - 2020-03-26 13:38 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log
2021-01-20 09:53 - 2020-03-26 13:38 - 000000000 ____D C:\ProgramData\Documents\NativeFus_Log
2021-01-20 09:32 - 2019-09-05 13:12 - 000000000 ____D C:\Users\emill\AppData\Local\IPVanish
2021-01-20 09:31 - 2019-12-07 03:03 - 000016384 _____ C:\WINDOWS\system32\config\ELAM
2021-01-19 18:58 - 2019-09-04 14:39 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-01-19 13:49 - 2019-09-05 09:05 - 000000000 ____D C:\Program Files\IPVanish VPN
2021-01-19 13:49 - 2018-10-17 11:03 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-19 13:09 - 2019-09-07 08:41 - 000000000 ____D C:\Users\emill\AppData\Local\keeperpasswordmanager
2021-01-17 23:06 - 2020-08-24 12:19 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-17 23:06 - 2020-08-24 12:19 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-15 17:35 - 2018-10-17 11:04 - 000000000 ____D C:\Program Files (x86)\Intel
2021-01-14 08:28 - 2020-08-24 12:09 - 000000000 ____D C:\Users\emill
2021-01-13 08:25 - 2019-09-05 09:01 - 000000000 ____D C:\Users\emill\AppData\LocalLow\Mozilla
2021-01-12 22:00 - 2020-08-24 12:08 - 000292152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-12 21:59 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-12 21:59 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-12 21:59 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-12 21:31 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-12 21:27 - 2020-08-24 12:10 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-12 21:16 - 2019-09-04 23:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-12 21:14 - 2019-09-04 23:14 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-11 17:01 - 2019-09-04 14:16 - 000000000 ____D C:\Users\emill\AppData\Local\PlaceholderTileLogoFolder
2021-01-09 03:30 - 2020-01-17 16:13 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-07 14:13 - 2019-09-04 14:14 - 000000000 ____D C:\Users\emill\AppData\Local\Packages
2021-01-06 14:49 - 2020-08-24 12:18 - 000002672 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-01-06 14:48 - 2020-08-24 12:18 - 000003232 _____ C:\WINDOWS\system32\Tasks\Live Boost Process Governor
2021-01-06 13:39 - 2019-09-12 10:23 - 000000000 ____D C:\Program Files (x86)\Google
2021-01-05 21:29 - 2019-09-04 16:04 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-30 07:59 - 2019-09-04 14:14 - 000000000 ____D C:\ProgramData\Packages
2020-12-23 21:05 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-12-23 09:56 - 2020-08-21 12:34 - 000000000 ___DC C:\WINDOWS\Panther

==================== Files in the root of some directories ========

2019-09-05 07:47 - 2019-09-05 07:47 - 000000410 _____ () C:\Users\emill\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[Emills83]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2021

Ran by emill (22-01-2021 10:43:35)

Running from C:\Users\emill\Desktop

Windows 10 Pro Version 20H2 19042.746 (X64) (2020-08-24 18:19:07)

Boot Mode: Normal

==========================================================





==================== Accounts: =============================



Administrator (S-1-5-21-3035062442-2361230617-2382509328-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3035062442-2361230617-2382509328-503 - Limited - Disabled)

emill (S-1-5-21-3035062442-2361230617-2382509328-1001 - Administrator - Enabled) => C:\Users\emill

Guest (S-1-5-21-3035062442-2361230617-2382509328-501 - Limited - Disabled)

malor (S-1-5-21-3035062442-2361230617-2382509328-1002 - Limited - Disabled)

WDAGUtilityAccount (S-1-5-21-3035062442-2361230617-2382509328-504 - Limited - Disabled)



==================== Security Center ========================



(If an entry is included in the fixlist, it will be removed.)



AV: Norton 360 (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}

AV: Norton 360 (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}

AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton 360 (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}

FW: Norton 360 (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}



==================== Installed Programs ======================



(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)



Acronis True Image (HKLM-x32\...\{4FC35DD9-82DB-496D-AE43-43B7DE0A2CF8}) (Version: 23.5.17750 - Acronis) Hidden

Acronis True Image (HKLM-x32\...\{4FC35DD9-82DB-496D-AE43-43B7DE0A2CF8}Visible) (Version: 23.5.17750 - Acronis)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.125 - Adobe)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated)

Adobe InDesign 2020 (HKLM-x32\...\IDSN_15_0) (Version: 15.0 - Adobe Systems Incorporated)

Adobe Lightroom (HKLM-x32\...\LRCC_3_0) (Version: 3.0 - Adobe Systems Incorporated)

Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0) (Version: 21.0 - Adobe Systems Incorporated)

Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_7) (Version: 20.0.7 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)

ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.7.0 - ASUSTeK COMPUTER INC.)

ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)

ASUS Sync Drivers (HKLM\...\{EC1454B0-F2A3-4665-A26C-E68F5B272D00}) (Version: 2.3.6748 - Screenovate Technologies Ltd.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CTOAgentONE (HKLM-x32\...\CTOAgentONE_is1) (Version: - PalmAgent Software)

C-Value! v2.1 (HKLM-x32\...\{786E56D3-26AA-4499-AB7F-6B59261768C6}_is1) (Version: 2.0 - Pine Grove Software, LLC)

CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2231 - CyberLink Corp.) Hidden

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2231 - CyberLink Corp.)

CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4006 - CyberLink Corp.)

Documentation Manager (HKLM\...\{EC7D2299-EAEC-498A-947B-ADC4495AA6D6}) (Version: 22.20.0.6 - Intel Corporation) Hidden

Dropbox (HKLM-x32\...\Dropbox) (Version: 113.4.507 - Dropbox, Inc.)

Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden

Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.2 - Seiko Epson Corporation)

Epson Event Manager (HKLM-x32\...\{AB8BE3EA-01D3-44B7-8E77-A9601CBDEBDE}) (Version: 3.10.0085 - Seiko Epson Corporation)

Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.56.00 - Seiko Epson Corporation)

Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)

Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.2.0 - Seiko Epson Corporation)

Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)

EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)

Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)

EPSON WF-7720 Series Printer Uninstall (HKLM\...\EPSON WF-7720 Series) (Version: - Seiko Epson Corporation)

EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)

GlanceGuest version 4.8.1.7 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.8.1.7 - Glance Networks, Inc.)

Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden

GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)

Intel Driver && Support Assistant (HKLM-x32\...\{513BFF20-438E-4C8B-9C41-DE06B47D3148}) (Version: 20.11.50.9 - Intel) Hidden

Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden

Intel(R) Computing Improvement Program (HKLM\...\{44C40B2E-7285-4A9F-A9BC-DF433772AAEE}) (Version: 2.4.05929 - Intel Corporation)

Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10500.5526 - Intel Corporation)

Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1003 - Intel Corporation)

Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)

Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden

Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden

Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000020-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.20.0.3 - Intel Corporation)

Intel® Driver & Support Assistant (HKLM-x32\...\{7972bdc2-99e9-4a54-b071-e7f08bdf056d}) (Version: 20.11.50.9 - Intel)

Intel® PROSet/Wireless Software (HKLM-x32\...\{86310f5b-bdb9-47b7-9ff9-d633944adc43}) (Version: 20.80.0.0u - Intel Corporation)

Intel® Software Installer (HKLM-x32\...\{76cc8e2a-8308-43d3-a3c3-423d2a1ca435}) (Version: 22.20.0.6 - Intel Corporation) Hidden

IPVanish (HKLM\...\{DF6274BF-A14B-4644-88A8-4407CB8E9907}) (Version: 3.6.5.0 - Mudhook Marketing, Inc) Hidden

IPVanish (HKLM-x32\...\{1568fda7-cb17-4769-bc1b-e21983b35aeb}) (Version: 3.6.5.0 - Mudhook Marketing, Inc)

Keeper Password Manager (HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\keeperpasswordmanager) (Version: 15.0.13 - Keeper Security, Inc.)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.75 - Microsoft Corporation)

Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )

Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)

Norton 360 (HKLM-x32\...\NGC) (Version: 22.20.5.39 - Symantec Corporation)

Norton Secure VPN (HKLM-x32\...\Norton Secure VPN) (Version: 2.7.0.630 - Symantec Corporation) Hidden

Norton Utilities Premium (HKLM\...\{36896A40-D958-486B-8A43-31A41E129FE2}) (Version: 17.0.5.701 - NortonLifeLock)

NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)

NVIDIA Graphics Driver 442.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.50 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)

PowerDirector (HKLM\...\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}) (Version: 10.00.0000 - CyberLink Corp.) Hidden

QuickBooks 4.3.0 (HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\05fb5a8b-5c9d-57ac-a4b7-ecf271235d3f) (Version: 4.3.0 - Intuit Inc.)

QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)

Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 6.2.1.260 - Samsung Electronics)

Samsung NVM Express Driver (HKLM-x32\...\{351c8533-38f0-47f1-b380-a75f267986bd}) (Version: 3.2.0.1910 - Samsung Electronics)

Samsung NVM Express Driver 3.2.0.1910 (HKLM\...\{4F8B373B-04FB-4094-9B42-271D680CC47A}) (Version: 3.2.0.1910 - Samsung Electronics Co., Ltd) Hidden

Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.31.0 - Samsung Electronics Co., Ltd.)

SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32\...\{8D6181F3-CACB-4B48-8B08-981F3A7F318B}) (Version: 13.0.0.99 - SAP)

Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.20072.4 - Samsung Electronics Co., Ltd.) Hidden

Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.20072.4 - Samsung Electronics Co., Ltd.)

Splashtop Business (HKLM-x32\...\{6A4CA92E-2579-4C4D-9C8B-44735449C64E}) (Version: 3.4.2.0 - Splashtop Inc.)

Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.17 - Splashtop Inc.)

Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.4.2.2 - Splashtop Inc.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.13.6 - TeamViewer)

VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)

VUDU To Go (HKLM-x32\...\{779C62CE-D787-C2F7-BB7E-52D9A9231F02}) (Version: 2.3.4 - Vudu) Hidden

VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.3.4 - Vudu)

Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.10.0 - ASUSTeK COMPUTER INC.)

WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

Zoom (HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)



Packages:

=========

Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-06-02] (Adobe Systems Incorporated)

Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-09-05] (Adobe Systems Incorporated)

Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-19] (Amazon.com)

ASUS Keyboard Hotkeys -> C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy [2019-09-19] (ASUSTeK COMPUTER INC.) [Startup Task]

Honey -> C:\Program Files\WindowsApps\HoneyScienceCorporation.Honey_11.4.2.0_neutral__cbe4c63gm1mzr [2019-09-12] (Honey Science Corporation)

HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-30] (HP Inc.)

iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-11-19] (Apple Inc.) [Startup Task]

Keeper® for Microsoft Edge - Password Manager & Digital Vault -> C:\Program Files\WindowsApps\KeeperSecurityInc.KeeperBrowserExtension_14.4.0.0_neutral__kejf07qmg0jnm [2020-08-27] (Keeper Security Inc)

Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)

Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)

Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)

Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)

Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)

Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)

Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Studios) [MS Ad]

Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)

MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_2.3.11.0_x64__qmba6cd70vzyy [2021-01-21] (ASUSTeK COMPUTER INC.)

MyASUS-Service Center -> C:\Program Files\WindowsApps\b9eced6f.myasus_3.3.11.0_x86__qmba6cd70vzyy [2019-09-04] (ASUSTeK COMPUTER INC.) [Startup Task]

OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.11.0_x64__8wekyb3d8bbwe [2020-07-23] (Microsoft Corporation)

Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2021-01-06] (Microsoft Corporation)

Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation)

Rakuten: Get Cash Back For Shopping -> C:\Program Files\WindowsApps\Ebates.EbatesCashBack_4.46.1.0_neutral__qvn24pjydtpgr [2020-12-15] (Rakuten)

Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2020-06-13] (Realtek Semiconductor Corp)

Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.13.154.0_x64__43tkc6nmykmb6 [2021-01-21] (Ookla)

Splendid -> C:\Program Files\WindowsApps\B9ECED6F.Splendid_1.0.15.0_x64__qmba6cd70vzyy [2019-11-18] (ASUSTeK COMPUTER INC.) [Startup Task]

Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-09-04] (Microsoft Corporation)



==================== Custom CLSID (Whitelisted): ==============



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



CustomCLSID: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0

CustomCLSID: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001_Classes\CLSID\{04271989-C4D2-9306-C568-CFC45B2639B1} -> [OneDrive - Contemporary Family Dentistry] => D:\OneDrive - Contemporary Family Dentistry [2020-12-29 14:17]

CustomCLSID: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F767E44CF7DF} -> [Creative Cloud Files] => C:\Users\emill\Creative Cloud Files [2019-09-05 07:51]

CustomCLSID: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)

CustomCLSID: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => D:\Dropbox [2019-09-04 14:42]

CustomCLSID: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2019-03-25] (Acronis International GmbH -> )

ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2019-03-25] (Acronis International GmbH -> )

ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2019-03-25] (Acronis International GmbH -> )

ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2019-03-25] (Acronis International GmbH -> )

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File

ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-07-30] (Adobe Inc. -> Adobe Systems Inc.)

ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File

ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File

ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.5.39\NavShExt.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.5.39\NavShExt.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File

ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File

ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-02-24] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )

ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-07-30] (Adobe Inc. -> Adobe Systems Inc.)

ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File

ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.5.39\NavShExt.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

 

[Emills83]

==================== Codecs (Whitelisted) ====================



==================== Shortcuts & WMI ========================



==================== Loaded Modules (Whitelisted) =============



2020-12-07 11:31 - 2020-12-07 11:31 - 000126464 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\DSASsdInterop.dll

2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll

2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll

2016-09-14 13:31 - 2016-09-14 13:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll

2020-06-16 16:28 - 2020-06-16 16:28 - 001918464 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

2019-03-25 20:30 - 2019-03-25 20:30 - 025338368 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icudt54.dll

2019-03-25 20:30 - 2019-03-25 20:30 - 002056704 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuin54.dll

2019-03-25 20:30 - 2019-03-25 20:30 - 001425408 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuuc54.dll



==================== Alternate Data Streams (Whitelisted) ========



(If an entry is included in the fixlist, only the ADS will be removed.)



AlternateDataStreams: C:\Users\emill\.DS_Store:AFP_AfpInfo [122]



==================== Safe Mode (Whitelisted) ==================



==================== Association (Whitelisted) =================



==================== Internet Explorer (Whitelisted) ==========



HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE

HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE

SearchScopes: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.20.5.39\coIEPlg.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-07-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-07-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.20.5.39\coIEPlg.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-07-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-07-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.20.5.39\coIEPlg.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-07-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.20.5.39\coIEPlg.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-07-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File



==================== Hosts content: =========================



(If needed Hosts: directive could be included in the fixlist to reset Hosts.)



2018-04-11 17:38 - 2018-04-11 17:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts



==================== Other Areas ===========================



(Currently there is no automatic fix for this section.)



HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\QuickTime\QTSystem\

HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\emill\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\malori-mills-twin-newborn-session-yukon-mustang-photographer-edmond-okc-photography-family-photography014.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )

Windows Firewall is enabled.



==================== MSCONFIG/TASK MANAGER disabled items ==



(If an entry is included in the fixlist, it will be removed.)



MSCONFIG\Services: AGMService => 2

MSCONFIG\Services: AGSService => 2

MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2

MSCONFIG\Services: NvTelemetryContainer => 2

HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"

HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"

HKLM\...\StartupApproved\Run32: => "FUFAXRCV"

HKLM\...\StartupApproved\Run32: => "FUFAXSTM"

HKLM\...\StartupApproved\Run32: => "QuickTime Task"

HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\StartupApproved\Run: => "CCXProcess"

HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\StartupApproved\Run: => "SurfEasy"

HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\StartupApproved\Run: => "Steam"

HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"

HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\StartupApproved\Run: => "SmartSwitchPDLR.exe"



==================== FirewallRules (Whitelisted) ================



(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)



FirewallRules: [{9506F0C8-DBB1-409C-9FE8-D431FFEF72EC}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )

FirewallRules: [{99839E74-FD0B-4DB9-A289-B71344F3DD07}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )

FirewallRules: [{8047376D-5D7D-4A36-81E8-274402B8C49D}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )

FirewallRules: [{0B2C19DE-5CD7-4543-8AB3-F86CB61E2F4A}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )

FirewallRules: [{AEFAF8AF-635B-49D5-B091-BD06A2F83689}] => (Allow) LPort=6600

FirewallRules: [{82382CDA-A608-4553-B5FB-991ED60817AC}] => (Allow) LPort=6600

FirewallRules: [{6F65B22B-7FCC-40BC-A32F-F8C76E09C563}] => (Allow) C:\Users\emill\AppData\Roaming\Zoom\bin\airhost.exe => No File

FirewallRules: [{10A93505-044F-46B6-9481-9F36F6013673}] => (Allow) C:\Users\emill\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{FCD19B54-54C1-40DA-BAED-A2F7C4478A68}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{D01FF524-F5C7-4A79-97AC-6D8A4D8776D6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{94A4401A-A04A-4E6C-9F3E-14DD078BB57F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )

FirewallRules: [{A838E8C0-B94A-4A42-AF87-B3FBDABFA235}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )

FirewallRules: [{FEB9913F-E280-4571-BCF4-5C981DBD3C58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX12.exe (Stardock Entertainment, Inc. -> Stardock Entertainment / Oxide Games)

FirewallRules: [{BA179F24-FB07-43E4-A82D-39E736C2265A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX12.exe (Stardock Entertainment, Inc. -> Stardock Entertainment / Oxide Games)

FirewallRules: [{6E1E3E89-7EF7-4A44-9ECD-0CB734EAD61C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX11.exe (Stardock Entertainment, Inc. -> Stardock Entertainment / Oxide Games)

FirewallRules: [{38D49939-499E-4CA1-A647-149F8DFF24B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX11.exe (Stardock Entertainment, Inc. -> Stardock Entertainment / Oxide Games)

FirewallRules: [{F1F32FA2-80D7-4B86-A0B0-991F13A5C4E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe (Valve -> )

FirewallRules: [{898160B4-4353-4798-8751-EBE6F45812A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe (Valve -> )

FirewallRules: [{AAEAEDA4-3E23-4EA3-BA2B-EACFC9751199}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{1BBD978D-A009-4647-B217-0439B40A8B7E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)

FirewallRules: [{A05F0810-8EC3-42F4-97DC-E9D7DCF6B19B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)

FirewallRules: [{84B7E1BD-458A-41EA-9A0E-FF8351D6BCB6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)

FirewallRules: [{B03CA9D6-4B81-48C4-A93F-A3E0307686AB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{452DC9A3-6FA1-434D-9725-964FB58A7BC6}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink -> CyberLink Corp.)

FirewallRules: [{5F8E2A2B-C708-4C14-824A-71C6D017EC98}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{AB57B80B-7E6E-46D0-BE27-7F5C7AF207EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{FC97148C-FA0F-444F-9D54-6BDE43CD9ED3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{F514C281-F073-4B36-B034-8D6A2D6DBF32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{03F968FA-62D3-4C73-B21E-D8FE4B9DCCEA}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> Acronis International GmbH)

FirewallRules: [{D17F885E-C6DE-44A5-ADB1-005A83B7F9E0}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Home\report_sender.exe (Acronis International GmbH -> )

FirewallRules: [{98131B93-D89B-4C9C-B540-141BD8388DAD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\LicenseActivator.exe (Acronis International GmbH -> )

FirewallRules: [{DEFFF6D3-D0B0-4492-9271-5BBFD936BFD2}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )

FirewallRules: [{8F80FE7A-BED6-463E-8DFE-2943C31E732C}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )

FirewallRules: [{2C386951-D922-451F-ADA2-3E60F5110F1C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)

FirewallRules: [{388D4B8D-400F-4796-8402-F3DD3C90ABED}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )

FirewallRules: [{720F7AD5-7063-4F58-9A49-7348527FCF3B}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )

FirewallRules: [{E42786FA-E4CB-4601-926E-53E34080A116}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )

FirewallRules: [{A8545685-69EB-4925-B352-398F4D87A7D5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> )

FirewallRules: [{50C8E477-41AB-424F-9698-5454DDC60832}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> )

FirewallRules: [{E711EDB1-1AF6-4984-9CB8-B7B65746A72B}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )

FirewallRules: [{29B8FCA3-D814-44F5-8BE6-D52C6A5FD1C9}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )

FirewallRules: [{06C9C9EE-1BFE-44E6-B9D3-060932F4D5DA}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)

FirewallRules: [{5132DF42-05E9-46C5-A40F-464E79906BDB}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )

FirewallRules: [{54F84402-BD28-4C9F-844E-2C4F08FF1133}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FirewallRules: [{FAE80FE1-90CD-4511-A1C1-B745799B510E}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FirewallRules: [{2E25E6D4-79A1-4930-8048-7B09101F9DB4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{7199A7A3-1EDF-4B55-A8BF-794D463CD046}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{52EC7549-A687-4338-A2B5-19E221CD9033}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{DB7477AA-F46B-41D6-9D59-EE2321A8D6CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [UDP Query User{71C6CB2A-5406-4F48-A5FC-A7FAB1C54ECD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FirewallRules: [TCP Query User{4F809925-D08B-4C2A-A10D-E0231949165C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FirewallRules: [{DE785BDF-2A04-4E06-BB16-E67C3A5C90FC}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]

FirewallRules: [{5FF1F69E-3509-4F12-9788-7B10C109B975}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]

FirewallRules: [{EDE11DA5-E4A0-4F45-A372-8801B21FF682}] => (Allow) C:\Users\emill\AppData\Local\Temp\WF-7720\Network\EpsonNetSetup\ENEasyApp.exe => No File

FirewallRules: [{43A76ABA-702A-492F-BA6C-15C674C89BF3}] => (Allow) C:\Users\emill\AppData\Local\Temp\WF-7720\Network\EpsonNetSetup\ENEasyApp.exe => No File

FirewallRules: [{527C4DF8-4C56-4B3B-BE5F-8CE923EECAF4}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FirewallRules: [{A3330617-4CC6-4A55-B33F-1716F22B6DD0}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)

FirewallRules: [UDP Query User{A1A404D0-19A9-4819-8C45-3C0814E01AD1}C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe] => (Allow) C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe => No File

FirewallRules: [TCP Query User{DC434398-2799-4F05-9888-F1FDDABCF8F3}C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe] => (Allow) C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe => No File

FirewallRules: [{A78E0869-60F1-45FA-BB97-3B2AC3A318D6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => No File

FirewallRules: [{2E4382F4-7D12-48C3-AA1F-74C2FED21614}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe => No File

FirewallRules: [{1A113093-BA65-4C20-984C-2B2090255CD7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File

FirewallRules: [{40682E4A-83BA-4CE6-81DF-270E9FDD978A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File

FirewallRules: [{EB553CBF-B727-496A-A972-95A252F2F568}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File

FirewallRules: [{B95A9445-2342-4D10-A925-F8E919B75A7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File

FirewallRules: [{86193331-6275-425D-BBC6-EB0DF0981622}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe => No File

FirewallRules: [{E26014D0-14BB-4302-8DB4-0ED51EBBC1F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe => No File

FirewallRules: [{05471A8E-3F61-4AF1-984B-94865136DB3F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File

FirewallRules: [{423758BE-C98C-471E-A84D-0C967477C26D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File

FirewallRules: [{C156B0AF-A9B4-4E08-A7E1-0E337735DAFD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File

FirewallRules: [{3D3D17F9-8B25-43EB-839E-2E82D3A3F4DC}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Client for STB\wbs-agent\projects\viewit\wbs_agent.exe (Node.js Foundation -> Node.js)

FirewallRules: [{85C13056-D69D-46A6-8688-B5C8EF10834D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{08026B1A-CCE0-446C-A6C5-9D224EDBAD95}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{CA6ADBB3-2C2F-409E-B4A7-72BE2BB6E276}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{74E3504E-3561-4200-BECE-382470D5BFA9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{FF72DF7C-0F63-4D8D-8236-820C83ECEE56}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{72D036A3-90AB-4314-99A6-72A7EE4DA2ED}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{836C117B-A997-412B-ADF8-DE89E2F2FE7F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{30A1667F-4A31-45F5-90F0-8D078FFC23AD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

FirewallRules: [{E4E6441C-A1E9-4AE1-98EC-BAD7AD43E988}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{47B20616-517E-492D-A145-F27415AF5E20}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{4354DDEC-8457-4299-9C74-C83477EA4460}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{70A3ABD4-E73D-42E8-87FF-429533947F0F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

FirewallRules: [{B58089FE-36A7-482D-9995-8E74BD8FECC5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13530.20376.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{027C131E-4D38-4EF5-A668-DF670984D6B0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

FirewallRules: [{44B31112-E264-4D1D-9D72-267658ED9965}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe (Splashtop Inc. -> Splashtop Inc.)



==================== Restore Points =========================



03-01-2021 13:34:02 Scheduled Checkpoint

12-01-2021 13:31:04 Scheduled Checkpoint

15-01-2021 17:35:31 Installed Intel(R) Wireless Bluetooth(R)

19-01-2021 13:49:29 IPVanish



==================== Faulty Device Manager Devices ============



Name: HID-compliant touch screen

Description: HID-compliant touch screen

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.





==================== Event log errors: ========================



Application errors:

==================

Error: (01/22/2021 08:46:38 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: MILLS-AIO)

Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.



Error: (01/21/2021 04:42:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Local Hostname MILLS-AIO.local already in use; will try MILLS-AIO-2.local instead



Error: (01/21/2021 04:42:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 MILLS-AIO.local. AAAA FE80:0000:0000:0000:980E762:9892:268C



Error: (01/21/2021 04:42:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:980E762:9892:268C:5353 16 MILLS-AIO.local. AAAA 2600:1700:81DA:80B0:0000:0000:0000:0031



Error: (01/21/2021 04:42:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 MILLS-AIO.local. AAAA FE80:0000:0000:0000:980E762:9892:268C



Error: (01/21/2021 04:42:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:980E762:9892:268C:5353 16 MILLS-AIO.local. AAAA 2600:1700:81DA:80B0:0000:0000:0000:0031



Error: (01/21/2021 04:40:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 B.7.8.A.9.A.A.B.5.B.F.4.1.3.0.C.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR MILLS-AIO.local.



Error: (01/21/2021 04:40:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:C031:4FB5:BAA9:A87B:5353 19 B.7.8.A.9.A.A.B.5.B.F.4.1.3.0.C.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR MILLS-AIO-2.local.





System errors:

=============

Error: (01/22/2021 09:35:21 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\emill\AppData\Local\Temp\ehdrv.sys



Error: (01/22/2021 09:35:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

This driver has been blocked from loading



Error: (01/22/2021 09:35:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

This driver has been blocked from loading



Error: (01/22/2021 09:35:20 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\emill\AppData\Local\Temp\ehdrv.sys



Error: (01/22/2021 09:35:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

This driver has been blocked from loading



Error: (01/22/2021 09:35:20 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\emill\AppData\Local\Temp\ehdrv.sys



Error: (01/22/2021 09:35:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error:

This driver has been blocked from loading



Error: (01/22/2021 09:35:20 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\emill\AppData\Local\Temp\ehdrv.sys





CodeIntegrity:

===================================



Date: 2021-01-22 10:33:57.5940000Z

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Windows signing level requirements.



Date: 2021-01-22 10:33:57.5570000Z

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Windows signing level requirements.



Date: 2021-01-22 09:33:57.4950000Z

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Windows signing level requirements.



Date: 2021-01-22 08:45:37.9200000Z

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Microsoft signing level requirements.



Date: 2021-01-22 08:45:37.9130000Z

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Microsoft signing level requirements.



Date: 2021-01-22 08:45:37.9050000Z

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Microsoft signing level requirements.



Date: 2021-01-22 08:45:37.8970000Z

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Microsoft signing level requirements.



Date: 2021-01-22 08:45:37.8900000Z

Description:

Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Microsoft signing level requirements.



==================== Memory info ===========================



BIOS: American Megatrends Inc. ZN242GD.307 09/16/2019

Motherboard: ASUSTeK COMPUTER INC. ZN242GD

Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz

Percentage of memory in use: 27%

Total physical RAM: 32701.3 MB

Available physical RAM: 23592.94 MB

Total Virtual: 37565.3 MB

Available Virtual: 26533.83 MB



==================== Drives ================================



Drive c: (OS) (Fixed) (Total:418.02 GB) (Free:171.55 GB) NTFS

Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:562.52 GB) NTFS

Drive e: (DATA) (Fixed) (Total:4657.37 GB) (Free:2700.71 GB) NTFS



\\?\Volume{ff8c3ef7-3bdc-4cb8-8a52-87b9fb034ac9}\ (RECOVERY) (Fixed) (Total:0.79 GB) (Free:0.33 GB) NTFS

\\?\Volume{431c8437-9ad0-48ac-a414-69894ef2b051}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32



==================== MBR & Partition Table ====================



==========================================================

Disk: 2 (Protective MBR) (Size: 4657.5 GB) (Disk ID: 00000000)



Partition: GPT.



==================== End of Addition.txt =======================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Remove Selected.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8/10 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

 

[Emills83]

RogueKiller Anti-Malware V14.8.4.0 (x64) [Jan 13 2021] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64 bits
Started in : Normal mode
User : emill [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20210121_133540, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2021/01/23 11:01:41 (Duration : 00:07:41)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EDE11DA5-E4A0-4F45-A372-8801B21FF682} -- [%localappdata%\Temp\WF-7720\Network\EpsonNetSetup\ENEasyApp.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{43A76ABA-702A-492F-BA6C-15C674C89BF3} -- [%localappdata%\Temp\WF-7720\Network\EpsonNetSetup\ENEasyApp.exe] -> Deleted
[MalPE.99 (Potentially Malicious)] C-Value! v2.1.lnk -- %_emill_appdata%\Microsoft\Windows\Start Menu\Programs\C-Value! v2.0\C-Value! v2.1.lnk (lnk => C:\PROGRA~2\C-VALU~1\cvalue21.exe []) -> Deleted
[Tr.Dentrix (Malicious)] Dentrix -- %programfiles(x86)%\Dentrix -> Deleted
=> DTX_MAINInstall.log -- C:\PROGRA~2\Dentrix\Logs\DTX_MA~1.LOG -> Deleted
=> Logs -- C:\PROGRA~2\Dentrix\Logs -> Deleted

 

[Emills83]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/23/21
Scan Time: 11:04 AM
Log File: 1a4e73f0-5d9d-11eb-a4d0-0492263e6c00.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1146
Update Package Version: 1.0.36165
License: Trial

-System Information-
OS: Windows 10 (Build 19041.746)
CPU: x64
File System: NTFS
User: MILLS-AIO\emill

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 300478
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 1 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

[Emills83]

# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build: 01-20-2021
# Database: 2021-01-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-23-2021
# Duration: 00:00:25
# OS: Windows 10 Pro
# Scanned: 31956
# Detected: 17


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.ASUSDeviceActivation Folder C:\Program Files (x86)\ASUS\ASUS DEVICE ACTIVATION
Preinstalled.ASUSDeviceActivation Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}
Preinstalled.ASUSLiveUpdate Folder C:\Program Files (x86)\ASUS\ASUS LIVE UPDATE
Preinstalled.ASUSLiveUpdate Folder C:\ProgramData\ASUS\ASUS LIVE UPDATE
Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E5429D9-E81B-4022-B739-5396A964482C}
Preinstalled.ASUSLiveUpdate Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update Checker
Preinstalled.ASUSLiveUpdate Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}
Preinstalled.ASUSLiveUpdate Task C:\Windows\System32\Tasks\UPDATE CHECKER
Preinstalled.ASUSProductRegistration Folder C:\ProgramData\ASUS\APRP
Preinstalled.CyberLinkService Folder C:\Program Files\CYBERLINK\SHARED FILES\PLUGIN\NEWBLUE
Preinstalled.CyberLinkService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\NewBlue Art Effects for PDR10
Preinstalled.SamsungSmartSwitch File C:\Users\emill\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk
Preinstalled.SamsungSmartSwitch Folder C:\Program Files (x86)\SAMSUNG\SMART SWITCH PC
Preinstalled.SamsungSmartSwitch Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC
Preinstalled.SamsungSmartSwitch Folder C:\Users\emill\AppData\Roaming\SAMSUNG\SMART SWITCH PC
Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}
Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

[Emills83]

The file I mentioned originally...is that in fact a Keylogger or could it have been a false positive?

 

[Broni]

According to Sophos the file in question can be a part of Spytech SpyAgent: https://www.sophos.com/en-us/threat...yware/Spytech SpyAgent/detailed-analysis.aspx

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[Emills83]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-01-2021
Ran by emill (administrator) on MILLS-AIO (ASUSTeK COMPUTER INC. Zen AIO 24 ZN242GD) (23-01-2021 21:04:42)
Running from C:\Users\emill\Desktop
Loaded Profiles: emill
Platform: Windows 10 Pro Version 20H2 19042.746 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsMonStartupTask64.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\ATKOSD2.exe
(ASUSTeK COMPUTER INC.) C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy\ATK Package\HControl.exe
(CyberLink -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\113.4.507\QtWebEngineProcess.exe <3>
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_31a8dbbf39dcdc3b\jhi_service.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) Software Development Products -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_49599d441c87af7f\Intel_PIE_Service.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2011.16.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CredentialEnrollmentManager.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.20.5.39\nsWscSvc.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNMON.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc. -> Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Security\Engine\22.20.5.39\NortonSecurity.exe <2>
(Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton Utilities Premium\x64\LBGovernor.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1076728 2020-03-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [752168 2019-03-25] (Acronis International GmbH -> )
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321112 2019-07-29] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [7992336 2021-01-13] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [665568 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [870368 2018-12-26] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5866032 2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4971688 2019-03-25] (Acronis International GmbH -> )
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [441448 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.) [File not signed]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [285544 2020-12-07] (IDSA Production signing key -> Intel)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\Run: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe [1938296 2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3375904 2020-06-04] (Valve -> Valve Corporation)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5491248 2020-12-07] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [346712 2020-07-27] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\Run: [SmartSwitchPDLR.exe] => C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPDLR.exe [1126568 2020-07-03] (Samsung Electronics CO., LTD. -> Samsung)
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\MountPoints2: {8a0c2418-1e0e-11eb-af40-94b86d73ee6a} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [39936 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65496 2020-10-22] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON PC-FAX Driver2 64Monitor: C:\Windows\system32\EFXLM16A.DLL [182784 2018-12-26] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON WF-7720 Series 64MonitorBE: C:\Windows\system32\E_YLMBSAE.DLL [182784 2016-08-01] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [File not signed]
HKLM\Software\...\Authentication\Credential Providers: [{97E1814E-5601-41c8-9971-10C319EF61CC}] -> C:\Windows\system32\SRCredentialProvider.dll [2020-09-30] (Splashtop Inc. -> Splashtop Inc.)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {161318E0-4292-4DD3-9DCF-3E9238B8EF00} - System32\Tasks\AutomaticCare => C:\Program Files\Norton Utilities Premium\nup.exe [630952 2020-08-10] (Symantec Corporation -> Symantec Corporation)
Task: {1B10284B-E522-4542-8960-098CD84EC8D1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {26FFE179-44FE-4B25-BBE7-958F564EF565} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe [117192 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {2CC8C2F1-F4A8-4568-B5D4-724F5ED3331E} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2162328 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {3F52CA62-A27A-406E-97ED-40017D902FDD} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {58277082-78DE-40C2-A862-4E71B7ADF4C0} - System32\Tasks\ActiveSync-NortonUtility => C:\Program Files\Norton Utilities Premium\activesync.exe [244904 2020-08-10] (Symantec Corporation -> Symantec Corporation)
Task: {652EE8E5-376D-49FF-835F-252E609F99EE} - System32\Tasks\TUDsDownloader => C:\Program Files\Norton Utilities Premium\activesync.exe [244904 2020-08-10] (Symantec Corporation -> Symantec Corporation)
Task: {668A2ACB-009D-444A-A70D-A29FD4CA7593} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.20.5.39\WSCStub.exe [644608 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {6E5429D9-E81B-4022-B739-5396A964482C} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [143160 2019-03-12] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {74A6D751-271F-428C-933B-9BC83D4BD562} - System32\Tasks\tmh => c:\program files (x86)\sysconfig\tmh.exe
Task: {7B202DD7-029E-48DE-90B8-E64400400FC4} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-09-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {7E1D7C48-31A8-4D38-8C42-78077265CCC2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-06] (Google LLC -> Google LLC)
Task: {7E508543-AF64-4D4C-8D55-142A069421A4} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe [117192 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {85D173BE-C6F6-4B09-A56D-FBDDB58C8F7F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {85D18C34-3CAA-44C1-A866-CD574892BCEB} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHotkeyExec64.exe [176064 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {8B8F8A2F-4798-437E-B797-7928C69CF8D5} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.3.102\DADUpdater.exe
Task: {8BC049FF-53B3-4741-84DF-11874EB71D2D} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [2776440 2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6089F6E-26CE-46E3-BBFC-3C1E1EFB28FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {B3A1B702-D115-4927-9A96-88B18DDF5C38} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {C28B89E8-06FC-4F07-A4A7-E56CFBEB02BE} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {C9D5B027-2C78-4446-8455-E2F07EA7AB2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-06] (Google LLC -> Google LLC)
Task: {CA4A75F1-FD12-435A-A83B-48CBC0DDC930} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {DC262750-BD38-425F-824B-72A0FF536866} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [3047944 2020-10-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {E757F4B6-F80E-45C2-AEBF-1561EA5BA570} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.5.39\SymErr.exe [117192 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {ED714A9E-724F-4342-A9C6-21456F37993B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-09-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {F385B0D2-0FFD-49A3-ACB2-D53B90845B82} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {FBC288B1-1095-42AF-86CA-0C4860DCF4EA} - System32\Tasks\Live Boost Process Governor => C:\Program Files\Norton Utilities Premium\x64\LBgovernor.exe [1061544 2020-08-10] (Symantec Corporation -> Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5c289324-cf82-4f8b-b3a2-26575291de1c}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{73e80b19-3a10-4ea5-b44b-227d4f5f7161}: [DhcpNameServer] 192.168.1.254

Edge:
=======
DownloadDir: C:\Users\emill\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001 -> hxxps://www.google.com/
Edge Notifications: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001 -> hxxps://my.dotloop.com; hxxps://bakerrfinancial.securefilepro.com
Edge Extension: (No Name) -> EdgeExtension_EbatesEbatesCashBack_qvn24pjydtpgr => C:\Program Files\WindowsApps\Ebates.EbatesCashBack_4.36.0.0_neutral__qvn24pjydtpgr [not found]
Edge Extension: (Honey) -> EdgeExtension_HoneyScienceCorporationHoney_cbe4c63gm1mzr => C:\Program Files\WindowsApps\HoneyScienceCorporation.Honey_11.4.2.0_neutral__cbe4c63gm1mzr [2019-09-12]
Edge Extension: (Keeper® Password Manager & Digital Vault) -> EdgeExtension_KeeperSecurityIncKeeperBrowserExtension_kejf07qmg0jnm => C:\Program Files\WindowsApps\KeeperSecurityInc.KeeperBrowserExtension_12.6.188.0_neutral__kejf07qmg0jnm [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\emill\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-23]
Edge DownloadDir: C:\Users\emill\Downloads
Edge Notifications: Default -> hxxps://bakerrfinancial.securefilepro.com; hxxps://c2.qbo.intuit.com; hxxps://calendar.google.com; hxxps://markets.businessinsider.com; hxxps://my.dotloop.com; hxxps://postmates.com; hxxps://www.ctoagent.com
Edge HomePage: Default -> hxxps://www.google.com/
Edge StartupUrls: Default -> "hxxps://www.google.com/"
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultNewTabURL: Default -> hxxps://duckduckgo.com/chrome_newtab
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (Honey) - C:\Users\emill\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2020-11-16]
Edge Extension: (Rakuten: Get Cash Back For Shopping) - C:\Users\emill\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmmlpenookphoknnpfilofakghemolmg [2020-12-13]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-07-31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [4383760 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1155344 2019-03-25] (Acronis International GmbH -> )
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6341824 2019-12-02] (Acronis International GmbH -> )
S3 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AsHidService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsHidSrv64.exe [173504 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 ASLDRService; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\AsLdrSrv64.exe [227776 2019-03-04] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-09-04] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2019-09-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44064 2021-01-13] (Dropbox, Inc -> Dropbox, Inc.)
S2 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326136 2020-02-19] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
R2 Epson PMAService A; C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe [113144 2017-03-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2017-03-10] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 FileSyncHelper; C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\FileSyncHelper.exe [2191224 2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1774784 2019-03-25] (Acronis International GmbH -> )
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.20.5.39\NortonSecurity.exe [344760 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.20.5.39\nsWscSvc.exe [1056096 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 OneDrive Updater Service; C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\OneDriveUpdaterService.exe [2556280 2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] (CyberLink -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-06-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-06-25] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [935352 2020-06-25] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7182560 2019-03-25] (Acronis International GmbH -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12757520 2020-12-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [7099408 2019-03-25] (Acronis International GmbH -> Acronis International GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 25102878; C:\WINDOWS\System32\drivers\28643525.sys [208216 2021-01-22] () [File not signed]
S3 47703769; C:\WINDOWS\System32\drivers\07645806.sys [208216 2021-01-22] () [File not signed]
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\atkwmiacpiio.inf_amd64_30ffacb41f78f352\atkwmiacpi64.sys [36368 2019-03-04] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.18.0.213\Definitions\BASHDefs\20210119.001\BHDrvx64.sys [1991536 2020-11-03] (Symantec Corporation -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\ccSetx64.sys [192248 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516960 2020-08-04] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [154464 2020-08-05] (Symantec Corporation -> Broadcom)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [667144 2019-12-02] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [390592 2019-12-02] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.18.0.213\Definitions\IPSDefs\20210122.061\IDSvia64.sys [1479536 2021-01-18] (Symantec Corporation -> Broadcom)
R0 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [134000 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SRTSP64.SYS [889704 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SRTSPX64.SYS [50920 2020-07-23] (Symantec Corporation -> Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166768 2020-06-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-06-25] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SYMEFASI64.SYS [1964384 2020-07-23] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\SymELAM.sys [25080 2020-07-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [99848 2019-09-04] (Symantec Corporation -> Symantec Corporation)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.18.0.213\SymPlatform\SymEvnt.sys [712368 2020-01-17] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\Ironx64.SYS [316488 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\symnets.sys [575328 2020-07-23] (Symantec Corporation -> Symantec Corporation)
R3 SymTAP; C:\WINDOWS\System32\drivers\SymTAP.sys [52104 2018-10-16] (Symantec Corporation -> The OpenVPN Project)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-09-12] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tib; C:\WINDOWS\system32\DRIVERS\tib.sys [885880 2019-12-02] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [171976 2019-12-02] (Acronis International GmbH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [693768 2019-12-02] (Acronis International GmbH -> Acronis International GmbH)
S3 USB28xxBGA; C:\WINDOWS\system32\DRIVERS\emBDA64.sys [641536 2008-04-03] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\WINDOWS\system32\DRIVERS\emOEM64.sys [74624 2008-04-07] (Microsoft Windows Hardware Compatibility Publisher -> eMPIA Technology, Inc.)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331976 2019-12-02] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [243472 2019-12-02] (ACRONIS INTERNATIONAL GMBH -> Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1614050.027\wpCtrlDrv.sys [1013792 2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

[Emills83]

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-23 21:04 - 2021-01-23 21:05 - 000035205 _____ C:\Users\emill\Desktop\FRST.txt
2021-01-23 21:04 - 2021-01-23 21:04 - 002296832 _____ (Farbar) C:\Users\emill\Desktop\FRST64.exe
2021-01-23 21:04 - 2021-01-23 21:04 - 000000000 ____D C:\Users\emill\Desktop\FRST-OlderVersion
2021-01-23 12:00 - 2021-01-23 12:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2021-01-22 22:14 - 2021-01-22 22:14 - 000000000 ____D C:\Program Files\Common Files\AV
2021-01-22 21:26 - 2021-01-22 21:26 - 000000000 ____D C:\Users\emill\Documents\Custom Office Templates
2021-01-22 11:13 - 2021-01-22 11:13 - 000000000 ____D C:\Users\emill\AppData\Local\mbam
2021-01-22 11:04 - 2021-01-22 11:04 - 000208216 _____ C:\WINDOWS\system32\Drivers\07645806.sys
2021-01-22 11:03 - 2021-01-22 11:03 - 000208216 _____ C:\WINDOWS\system32\Drivers\28643525.sys
2021-01-22 10:40 - 2021-01-23 21:05 - 000000000 ____D C:\FRST
2021-01-22 09:33 - 2021-01-22 09:33 - 000000815 _____ C:\Users\emill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-01-22 09:33 - 2021-01-22 09:33 - 000000000 ____D C:\Users\emill\AppData\Local\ESET
2021-01-21 13:56 - 2021-01-21 13:56 - 000627601 _____ C:\Users\emill\Downloads\Credit_Invoice_Statement_20210121_025634PM.pdf
2021-01-21 13:55 - 2021-01-21 13:55 - 000056140 _____ C:\Users\emill\Downloads\Credit_Invoice_Statement_20210121_025551PM.pdf
2021-01-21 13:54 - 2021-01-21 13:54 - 000058872 _____ C:\Users\emill\Downloads\Credit_Invoice_Statement_20210121_025414PM.pdf
2021-01-21 13:52 - 2021-01-21 13:52 - 000058872 _____ C:\Users\emill\Downloads\Credit_Invoice_Statement_20210121_025209PM.pdf
2021-01-21 08:02 - 2021-01-21 08:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2021-01-20 08:18 - 2021-01-20 08:18 - 000000000 ____D C:\WINDOWS\system32\N360_BACKUP
2021-01-19 20:18 - 2021-01-19 20:21 - 000462547 _____ C:\Users\emill\Desktop\2020 Tax Organizer (MILLS EMERY).pdf
2021-01-19 20:16 - 2021-01-22 09:06 - 000712692 _____ C:\Users\emill\Desktop\2020 Tax Organizer (MILLS ERIC & MALORI).pdf
2021-01-19 19:55 - 2021-01-19 19:55 - 000139346 _____ C:\Users\emill\Downloads\MOHELAtaxinfo.pdf
2021-01-19 18:58 - 2021-01-19 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-01-19 18:04 - 2021-01-19 18:04 - 000919312 _____ C:\Users\emill\Downloads\2020 Tax Organizer (MILLS ERIC & MALORI).pdf
2021-01-19 18:04 - 2021-01-19 18:04 - 000558580 _____ C:\Users\emill\Downloads\2020 Tax Organizer (MILLS EMERY).pdf
2021-01-19 18:02 - 2021-01-19 18:02 - 000682610 _____ C:\Users\emill\Downloads\XXXX6662_2020_1099_01-17-2021.pdf
2021-01-19 13:49 - 2021-01-19 13:49 - 000000994 _____ C:\Users\Public\Desktop\IPVanish.lnk
2021-01-19 13:49 - 2021-01-19 13:49 - 000000994 _____ C:\ProgramData\Desktop\IPVanish.lnk
2021-01-19 13:49 - 2021-01-19 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IPVanish
2021-01-15 17:35 - 2021-01-15 17:35 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2021-01-14 11:00 - 2021-01-14 11:00 - 000078650 _____ C:\Users\emill\Downloads\XXXX6662-12_2020-edj-statement.pdf
2021-01-14 08:56 - 2021-01-14 08:56 - 000683285 _____ C:\Users\emill\Downloads\Loan Agreement, Note and Related Documents_197184.pdf
2021-01-14 08:56 - 2021-01-14 08:56 - 000012262 _____ C:\Users\emill\Downloads\3300039989.pdf
2021-01-14 08:38 - 2021-01-14 08:38 - 000591715 _____ C:\Users\emill\Downloads\CT Company Documents.pdf
2021-01-14 08:37 - 2021-01-14 08:37 - 001303976 _____ C:\Users\emill\Downloads\Mortgage - recorded.pdf
2021-01-14 08:37 - 2021-01-14 08:37 - 000688901 _____ C:\Users\emill\Downloads\Final Signed Closing Disclosure.pdf
2021-01-14 08:36 - 2021-01-14 08:36 - 000240386 _____ C:\Users\emill\Downloads\Final Signed Borrowers Statement.pdf
2021-01-14 08:36 - 2021-01-14 08:36 - 000147990 _____ C:\Users\emill\Downloads\Note.pdf
2021-01-14 08:36 - 2021-01-14 08:36 - 000051862 _____ C:\Users\emill\Downloads\Rescission Notice.pdf
2021-01-14 08:28 - 2021-01-14 08:28 - 000001676 _____ C:\Users\emill\Documents\Where are my files.lnk
2021-01-13 20:43 - 2021-01-13 20:43 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-01-13 20:43 - 2021-01-13 20:43 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-01-13 20:43 - 2021-01-13 20:43 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-01-13 20:43 - 2021-01-13 20:43 - 000044064 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-01-13 09:04 - 2021-01-13 09:04 - 000059344 _____ C:\Users\emill\Downloads\Credit_Invoice_Statement_20210113_100433AM.pdf
2021-01-12 21:29 - 2021-01-12 21:29 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-12 21:29 - 2021-01-12 21:29 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-12 21:29 - 2021-01-12 21:29 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-12 21:29 - 2021-01-12 21:29 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-12 21:29 - 2021-01-12 21:29 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-12 21:29 - 2021-01-12 21:29 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-12 21:29 - 2021-01-12 21:29 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-12 21:29 - 2021-01-12 21:29 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-12 21:29 - 2021-01-12 21:29 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-12 21:29 - 2021-01-12 21:29 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-12 21:29 - 2021-01-12 21:29 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-12 21:29 - 2021-01-12 21:29 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-12 21:29 - 2021-01-12 21:29 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-12 21:29 - 2021-01-12 21:29 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-12 21:29 - 2021-01-12 21:29 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-12 21:29 - 2021-01-12 21:29 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-12 21:29 - 2021-01-12 21:29 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-12 21:29 - 2021-01-12 21:29 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-12 21:29 - 2021-01-12 21:29 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-12 21:29 - 2021-01-12 21:29 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-12 21:29 - 2021-01-12 21:29 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-12 21:28 - 2021-01-12 21:28 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-12 21:28 - 2021-01-12 21:28 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-12 21:28 - 2021-01-12 21:28 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-12 21:28 - 2021-01-12 21:28 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-12 21:28 - 2021-01-12 21:28 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-12 21:28 - 2021-01-12 21:28 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-12 21:28 - 2021-01-12 21:28 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-12 21:28 - 2021-01-12 21:28 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-12 21:28 - 2021-01-12 21:28 - 000010894 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-01-12 21:27 - 2021-01-12 21:27 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-12 21:27 - 2021-01-12 21:27 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-12 21:27 - 2021-01-12 21:27 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-12 21:27 - 2021-01-12 21:27 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-12 21:27 - 2021-01-12 21:27 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-11 09:45 - 2021-01-11 09:45 - 000147728 _____ C:\Users\emill\Desktop\CFD - AR Breakdown - Dec 2020.pdf
2021-01-11 09:39 - 2021-01-11 09:39 - 000087599 _____ C:\Users\emill\Downloads\20210111093934_ffcra_paid_sick_and_family_leave_credit_report_e6b18ce4.pdf
2021-01-11 09:37 - 2021-01-11 09:37 - 000152596 _____ C:\Users\emill\Downloads\0DN442021011352EA344AC_payroll-distributed-summary_5cfabe0.pdf
2021-01-11 09:36 - 2021-01-11 09:36 - 000111221 _____ C:\Users\emill\Downloads\0DN442021011352EA344AC_cashrequirement_acac218.pdf
2021-01-10 20:45 - 2021-01-10 20:45 - 000081222 _____ C:\Users\emill\Downloads\20210110204514_direct_deposit_register_5f4e0fa7.pdf
2021-01-10 20:24 - 2021-01-10 20:32 - 000014227 _____ C:\Users\emill\Downloads\20210110202452_Advanced_Report_Writer_5968366f.xlsx
2021-01-10 20:23 - 2021-01-10 20:23 - 000031119 _____ C:\Users\emill\Downloads\20210110202336_Advanced_Report_Writer_47919d56.pdf
2021-01-10 20:17 - 2021-01-10 20:17 - 000061218 _____ C:\Users\emill\Downloads\20210110201723_Wage_And_Tax_Report_1a2715db.pdf
2021-01-10 20:13 - 2021-01-10 20:13 - 000091360 _____ C:\Users\emill\Downloads\20210110201308_Wage_And_Tax_Report_5ceb6f1e.pdf
2021-01-10 20:00 - 2021-01-10 20:00 - 000016972 _____ C:\Users\emill\Downloads\20210110200022_Employee_YTD_Balances_Report_13851eb6.pdf
2021-01-10 19:57 - 2021-01-10 19:57 - 000445313 _____ C:\Users\emill\Downloads\0DN4400000000MYARCHIVE_ Statement of Deposits And Filings 2020 Q1 FEIN 141981193_U.PDF
2021-01-10 19:44 - 2021-01-10 19:44 - 000022290 _____ C:\Users\emill\Downloads\20210110194353_Withholdings Reports_7ab11936.pdf
2021-01-10 19:34 - 2021-01-10 19:34 - 000016979 _____ C:\Users\emill\Downloads\20210110193437_Staff ER Payroll Report_4f1ed8d9.pdf
2021-01-10 19:30 - 2021-01-10 19:30 - 000013807 _____ C:\Users\emill\Downloads\20210110193032_Staff ER Payroll Report_fbfb9f40.pdf
2021-01-10 19:28 - 2021-01-10 19:28 - 000013925 _____ C:\Users\emill\Downloads\20210110192814_Staff ER Payroll Report_0d596503.pdf
2021-01-10 19:06 - 2021-01-10 19:06 - 000013989 _____ C:\Users\emill\Downloads\20210110190647_Withholdings Reports_d5687b1d.pdf
2021-01-10 19:05 - 2021-01-10 19:05 - 000014071 _____ C:\Users\emill\Downloads\20210110190522_Withholdings Reports_28e9abc7.pdf
2021-01-10 18:53 - 2021-01-10 18:53 - 000129643 _____ C:\Users\emill\Downloads\20210110185302_payroll_distributed_summary_report_15d33bea.pdf
2021-01-10 18:48 - 2021-01-10 18:48 - 000148127 _____ C:\Users\emill\Downloads\20210110184845_payroll_distributed_summary_report_88eb5d1f.pdf
2021-01-10 18:45 - 2021-01-10 18:45 - 000160242 _____ C:\Users\emill\Downloads\20210110184522_payroll_distributed_summary_report_20ced44a.pdf
2021-01-10 18:42 - 2021-01-10 18:42 - 000155005 _____ C:\Users\emill\Downloads\20210110184246_payroll_distributed_summary_report_e94e7b86.pdf
2021-01-10 18:40 - 2021-01-10 18:40 - 000159823 _____ C:\Users\emill\Downloads\20210110184034_payroll_distributed_summary_report_86f2f359.pdf
2021-01-10 18:38 - 2021-01-10 18:38 - 000153159 _____ C:\Users\emill\Downloads\20210110183840_payroll_distributed_summary_report_dff6c27d.pdf
2021-01-10 18:34 - 2021-01-10 18:34 - 000153767 _____ C:\Users\emill\Downloads\20210110183456_payroll_distributed_summary_report_7fc2f225.pdf
2021-01-10 18:30 - 2021-01-10 18:30 - 000153201 _____ C:\Users\emill\Downloads\20210110183019_payroll_distributed_summary_report_904f4f6b.pdf
2021-01-10 18:28 - 2021-01-10 18:28 - 000147650 _____ C:\Users\emill\Downloads\20210110182808_payroll_distributed_summary_report_5f8a7333.pdf
2021-01-10 18:14 - 2021-01-10 18:14 - 000152613 _____ C:\Users\emill\Downloads\20210110181443_payroll_distributed_summary_report_7abea949.pdf
2021-01-10 18:12 - 2021-01-10 18:12 - 000146705 _____ C:\Users\emill\Downloads\20210110181245_payroll_distributed_summary_report_799f1002.pdf
2021-01-10 18:07 - 2021-01-10 18:07 - 000159714 _____ C:\Users\emill\Downloads\20210110180752_payroll_distributed_summary_report_c8a731c4.pdf
2021-01-10 16:43 - 2021-01-10 16:43 - 000158577 _____ C:\Users\emill\Downloads\20210110164337_payroll_distributed_summary_report_19d73244.pdf
2021-01-10 16:38 - 2021-01-10 16:38 - 000154305 _____ C:\Users\emill\Downloads\20210110163804_payroll_distributed_summary_report_07409782.pdf
2021-01-10 16:38 - 2021-01-10 16:38 - 000128889 _____ C:\Users\emill\Downloads\20210110163815_payroll_distributed_summary_report_fc283282.pdf
2021-01-10 16:14 - 2021-01-10 16:14 - 000148372 _____ C:\Users\emill\Downloads\20210110161424_payroll_distributed_summary_report_f520ca52.pdf
2021-01-10 16:14 - 2021-01-10 16:14 - 000123138 _____ C:\Users\emill\Downloads\20210110161411_payroll_distributed_summary_report_c45d802d.pdf
2021-01-10 16:09 - 2021-01-10 16:09 - 000154991 _____ C:\Users\emill\Downloads\20210110160909_payroll_distributed_summary_report_fac13823.pdf
2021-01-10 16:09 - 2021-01-10 16:09 - 000128077 _____ C:\Users\emill\Downloads\20210110160920_payroll_distributed_summary_report_e8f06b87.pdf
2021-01-10 16:06 - 2021-01-10 16:06 - 000120472 _____ C:\Users\emill\Downloads\20210110160610_payroll_distributed_summary_report_038c8898.pdf
2021-01-10 16:03 - 2021-01-10 16:03 - 000153751 _____ C:\Users\emill\Downloads\20210110160311_payroll_distributed_summary_report_3e1c5cfd.pdf
2021-01-10 15:59 - 2021-01-10 15:59 - 000159011 _____ C:\Users\emill\Downloads\20210110155930_payroll_distributed_summary_report_842fc730.pdf
2021-01-10 15:56 - 2021-01-10 15:56 - 000127746 _____ C:\Users\emill\Downloads\20210110155625_payroll_distributed_summary_report_63249332.pdf
2021-01-10 15:43 - 2021-01-10 15:43 - 000147190 _____ C:\Users\emill\Downloads\20210110154321_payroll_distributed_summary_report_e24ffde7.pdf
2021-01-10 15:39 - 2021-01-10 15:39 - 000151210 _____ C:\Users\emill\Downloads\20210110153913_payroll_distributed_summary_report_f52c110f.pdf
2021-01-10 15:35 - 2021-01-10 15:35 - 000139865 _____ C:\Users\emill\Downloads\20210110153537_payroll_distributed_summary_report_7e278644.pdf
2021-01-10 15:30 - 2021-01-10 15:30 - 000146916 _____ C:\Users\emill\Downloads\20210110153049_payroll_distributed_summary_report_6873ace6.pdf
2021-01-10 15:20 - 2021-01-10 15:20 - 000151266 _____ C:\Users\emill\Downloads\20210110152049_payroll_distributed_summary_report_3595dda6.pdf
2021-01-10 15:14 - 2021-01-10 15:14 - 000158329 _____ C:\Users\emill\Downloads\20210110151447_payroll_distributed_summary_report_3b2e7854.pdf
2021-01-10 15:07 - 2021-01-10 15:07 - 000154339 _____ C:\Users\emill\Downloads\20210110150756_payroll_distributed_summary_report_ea4ab9c9.pdf
2021-01-10 14:51 - 2021-01-10 14:51 - 000151207 _____ C:\Users\emill\Downloads\20210110145127_payroll_distributed_summary_report_adcaa99e.pdf
2021-01-10 14:44 - 2021-01-10 14:44 - 000159517 _____ C:\Users\emill\Downloads\20210110144408_payroll_distributed_summary_report_e1b3a247.pdf
2021-01-10 14:38 - 2021-01-10 14:38 - 000238393 _____ C:\Users\emill\Downloads\0DN44 Cash Requirements Statement.pdf
2021-01-10 14:23 - 2021-01-10 14:23 - 000156640 _____ C:\Users\emill\Downloads\20210110142308_payroll_distributed_summary_report_e7fd23fb.pdf
2021-01-10 14:18 - 2021-01-10 14:18 - 000123945 _____ C:\Users\emill\Downloads\20210110141809_payroll_distributed_summary_report_2e452dbd.pdf
2021-01-10 13:25 - 2021-01-10 13:25 - 000134320 _____ C:\Users\emill\Downloads\20210110132514_payroll_distributed_summary_report_6dee1fd4.pdf
2021-01-10 13:22 - 2021-01-10 13:22 - 000128888 _____ C:\Users\emill\Downloads\20210110132211_payroll_distributed_summary_report_9914df55.pdf
2021-01-10 13:13 - 2021-01-10 13:13 - 000014924 _____ C:\Users\emill\Downloads\20210110131253_Withholdings Reports_fdbad243.pdf
2021-01-10 13:07 - 2021-01-10 13:07 - 000123546 _____ C:\Users\emill\Downloads\0DN4420201231B091AEC24_payroll-distributed-summary_1983bfd (2).pdf
2021-01-10 13:02 - 2021-01-10 13:02 - 000017001 _____ C:\Users\emill\Downloads\20210110130246_Advanced_Report_Writer_41cf8654.pdf
2021-01-10 12:59 - 2021-01-10 12:59 - 000181870 _____ C:\Users\emill\Downloads\20210110125941_Staff Payoll Report_3bdac4c2.pdf
2021-01-10 12:52 - 2021-01-10 12:52 - 000252461 _____ C:\Users\emill\Downloads\0DN4400000000MYARCHIVE_2020W2Report_U.PDF
2021-01-10 12:44 - 2021-01-10 12:44 - 000021407 _____ C:\Users\emill\Downloads\20210110124408_Withholdings Reports_3cb9af42.pdf
2021-01-10 12:43 - 2021-01-10 12:43 - 000022319 _____ C:\Users\emill\Downloads\20210110124304_Advanced_Report_Writer_318afde6.pdf
2021-01-10 12:42 - 2021-01-10 12:42 - 000021162 _____ C:\Users\emill\Downloads\20210110123325_Advanced_Report_Writer_4eb96128 (1).pdf
2021-01-10 12:42 - 2021-01-10 12:42 - 000020386 _____ C:\Users\emill\Downloads\20210110124208_Advanced_Report_Writer_115867f8.pdf
2021-01-10 12:33 - 2021-01-10 12:33 - 000021162 _____ C:\Users\emill\Downloads\20210110123325_Advanced_Report_Writer_4eb96128.pdf
2021-01-06 13:39 - 2021-01-06 13:39 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-06 13:39 - 2021-01-06 13:39 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-06 13:39 - 2021-01-06 13:39 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2021-01-06 13:39 - 2021-01-06 13:39 - 000002243 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2021-01-06 13:39 - 2021-01-06 13:39 - 000002243 _____ C:\ProgramData\Desktop\Google Earth Pro.lnk
2021-01-06 13:39 - 2021-01-06 13:39 - 000000000 ____D C:\Users\emill\AppData\LocalLow\Google
2021-01-06 13:39 - 2021-01-06 13:39 - 000000000 ____D C:\Program Files\Google
2021-01-05 12:57 - 2021-01-05 12:57 - 000252461 _____ C:\Users\emill\Downloads\0DN4400000000MYARCHIVE_2020W2ReportPreview_U (1).PDF
2021-01-05 12:55 - 2021-01-05 12:55 - 000252461 _____ C:\Users\emill\Downloads\0DN4400000000MYARCHIVE_2020W2ReportPreview_U.PDF
2021-01-05 10:41 - 2021-01-05 10:41 - 000097552 _____ C:\Users\emill\Downloads\11761400000053.pdf
2021-01-05 10:30 - 2021-01-05 10:30 - 000058872 _____ C:\Users\emill\Downloads\Credit_Invoice_Statement_20210105_113011AM.pdf
2021-01-05 10:18 - 2021-01-05 10:18 - 000369389 _____ C:\Users\emill\Downloads\statement (1).pdf
2021-01-05 10:16 - 2021-01-05 10:16 - 000370299 _____ C:\Users\emill\Downloads\statement.pdf
2020-12-31 11:50 - 2021-01-11 09:40 - 000000000 ____D C:\Users\emill\Desktop\Paycom reports
2020-12-31 11:50 - 2020-12-31 11:54 - 000000000 ____D C:\Users\emill\Desktop\House Plans
2020-12-31 11:50 - 2020-12-31 11:50 - 000000000 ____D C:\Users\emill\Desktop\Reports for Blake
2020-12-31 11:50 - 2020-12-31 11:50 - 000000000 ____D C:\Users\emill\Desktop\Junior Football Season
2020-12-31 11:50 - 2020-12-31 11:50 - 000000000 ____D C:\Users\emill\Desktop\Fitness
2020-12-31 11:50 - 2020-12-27 10:50 - 000002434 _____ C:\Users\emill\Desktop\QuickBooks.lnk
2020-12-31 11:50 - 2020-12-14 11:54 - 000115267 _____ C:\Users\emill\Desktop\Eric Mills - Passport Renewal.pdf
2020-12-31 11:50 - 2020-11-27 10:22 - 000011417 _____ C:\Users\emill\Desktop\Building House - Money Required.xlsx
2020-12-31 11:50 - 2020-11-15 21:56 - 002668072 _____ C:\Users\emill\Desktop\AmaraChristmasStocking.pdf
2020-12-31 11:50 - 2020-11-15 20:40 - 007254759 _____ C:\Users\emill\Desktop\TheAlpineStocking.pdf
2020-12-31 11:50 - 2020-08-17 10:53 - 000311258 _____ C:\Users\emill\Desktop\giftcard.pdf
2020-12-31 11:50 - 2020-08-10 18:20 - 000001975 _____ C:\Users\emill\Desktop\Norton Utilities Premium.lnk
2020-12-31 11:50 - 2020-06-15 19:19 - 000002013 _____ C:\Users\emill\Desktop\CTOAgentONE.lnk
2020-12-31 11:50 - 2020-05-08 16:35 - 000010197 _____ C:\Users\emill\Desktop\Accounts.xlsx
2020-12-31 11:50 - 2019-09-10 12:30 - 000011876 _____ C:\Users\emill\Desktop\S4account.pdf
2020-12-31 09:38 - 2020-12-31 09:38 - 000604995 _____ C:\Users\emill\Downloads\0DN4400000000MYARCHIVE_ Statement of Deposits And Filings 2020 Q2 FEIN 141981193_U.PDF
2020-12-31 09:38 - 2020-12-31 09:38 - 000577672 _____ C:\Users\emill\Downloads\0DN4400000000MYARCHIVE_ Statement of Deposits And Filings 2020 Q3 FEIN 141981193_U.PDF
2020-12-31 08:56 - 2020-12-31 08:56 - 000110966 _____ C:\Users\emill\Downloads\0DN4420201231B091AEC24_cashrequirement_3924777 (1).pdf
2020-12-31 08:56 - 2020-12-31 08:56 - 000093823 _____ C:\Users\emill\Downloads\0DN4420201231B091AEC24_check-register_1caff6d.pdf
2020-12-31 08:56 - 2020-12-31 08:56 - 000080833 _____ C:\Users\emill\Downloads\0DN4420201231B091AEC24_direct-deposit-register_ce22acd.pdf
2020-12-31 08:55 - 2020-12-31 08:55 - 000123546 _____ C:\Users\emill\Downloads\0DN4420201231B091AEC24_payroll-distributed-summary_1983bfd.pdf
2020-12-31 08:55 - 2020-12-31 08:55 - 000110966 _____ C:\Users\emill\Downloads\0DN4420201231B091AEC24_cashrequirement_3924777.pdf
2020-12-29 08:39 - 2020-12-29 08:39 - 000091320 _____ C:\Users\emill\Downloads\20201229083945_ffcra_paid_sick_and_family_leave_credit_report_87a70713.pdf
2020-12-29 08:22 - 2020-12-29 08:22 - 000091122 _____ C:\Users\emill\Downloads\20201229082219_ffcra_paid_sick_and_family_leave_credit_report_2b595c67.pdf
2020-12-29 08:21 - 2020-12-29 08:21 - 000148136 _____ C:\Users\emill\Downloads\0DN44202012309EDD96FF3_payroll-distributed-summary_b6b3fd0.pdf
2020-12-29 08:21 - 2020-12-29 08:21 - 000111430 _____ C:\Users\emill\Downloads\0DN44202012309EDD96FF3_cashrequirement_51636a4.pdf
2020-12-27 10:39 - 2020-12-27 10:39 - 000002442 _____ C:\Users\emill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickBooks.lnk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-23 21:02 - 2020-08-24 12:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-23 20:31 - 2020-08-24 12:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360
2021-01-23 19:48 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-23 12:22 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-23 12:22 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-23 12:04 - 2020-01-15 17:04 - 000000000 ____D C:\Users\emill\AppData\Roaming\QuickBooks
2021-01-23 11:51 - 2019-09-07 08:41 - 000000000 ____D C:\Users\emill\AppData\Roaming\Keeper Password Manager
2021-01-23 11:41 - 2020-08-24 12:11 - 000842414 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-23 11:41 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-23 11:33 - 2020-08-24 12:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-23 11:33 - 2020-08-24 12:08 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-23 11:33 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-23 11:33 - 2019-12-07 03:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-01-23 11:33 - 2019-09-05 06:47 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-01-23 11:32 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-23 11:01 - 2019-11-08 09:24 - 000000000 ____D C:\Users\emill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C-Value! v2.0
2021-01-23 10:28 - 2020-01-08 16:01 - 000000000 ____D C:\Users\emill\AppData\Local\cache
2021-01-23 01:42 - 2020-01-17 16:13 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-22 21:48 - 2020-08-24 12:09 - 000000000 ____D C:\Users\emill
2021-01-22 21:43 - 2020-08-24 12:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2021-01-22 12:07 - 2020-08-24 12:10 - 000000000 ____D C:\WINDOWS\Minidump
2021-01-22 11:13 - 2020-02-06 14:55 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-22 10:26 - 2019-09-27 15:17 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2021-01-22 09:45 - 2019-10-17 08:27 - 000000000 ___HD C:\Program Files (x86)\sysconfig
2021-01-22 09:00 - 2019-10-01 16:12 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-01-22 09:00 - 2019-10-01 16:12 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2021-01-22 08:42 - 2019-09-04 14:39 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2021-01-22 08:42 - 2019-09-04 14:39 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2021-01-22 07:57 - 2020-08-24 12:18 - 000003998 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2021-01-22 07:57 - 2020-08-24 12:18 - 000003766 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2021-01-21 08:00 - 2019-09-04 14:20 - 000000000 ____D C:\Users\emill\AppData\Local\ElevatedDiagnostics
2021-01-21 07:56 - 2019-09-05 07:46 - 000000000 ____D C:\Users\emill\AppData\Local\D3DSCache
2021-01-20 09:53 - 2020-03-26 13:38 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log
2021-01-20 09:53 - 2020-03-26 13:38 - 000000000 ____D C:\ProgramData\Documents\NativeFus_Log
2021-01-20 09:32 - 2019-09-05 13:12 - 000000000 ____D C:\Users\emill\AppData\Local\IPVanish
2021-01-20 09:31 - 2019-12-07 03:03 - 000016384 _____ C:\WINDOWS\system32\config\ELAM
2021-01-19 18:58 - 2019-09-04 14:39 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-01-19 13:49 - 2019-09-05 09:05 - 000000000 ____D C:\Program Files\IPVanish VPN
2021-01-19 13:49 - 2018-10-17 11:03 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-19 13:09 - 2019-09-07 08:41 - 000000000 ____D C:\Users\emill\AppData\Local\keeperpasswordmanager
2021-01-17 23:06 - 2020-08-24 12:19 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-17 23:06 - 2020-08-24 12:19 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-15 17:35 - 2018-10-17 11:04 - 000000000 ____D C:\Program Files (x86)\Intel
2021-01-13 08:25 - 2019-09-05 09:01 - 000000000 ____D C:\Users\emill\AppData\LocalLow\Mozilla
2021-01-12 22:00 - 2020-08-24 12:08 - 000292152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-12 21:59 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-12 21:59 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-12 21:59 - 2019-12-07 03:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-12 21:59 - 2019-12-07 03:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-12 21:31 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-12 21:27 - 2020-08-24 12:10 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-12 21:16 - 2019-09-04 23:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-12 21:14 - 2019-09-04 23:14 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-11 17:01 - 2019-09-04 14:16 - 000000000 ____D C:\Users\emill\AppData\Local\PlaceholderTileLogoFolder
2021-01-07 14:13 - 2019-09-04 14:14 - 000000000 ____D C:\Users\emill\AppData\Local\Packages
2021-01-06 14:49 - 2020-08-24 12:18 - 000002672 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-01-06 14:48 - 2020-08-24 12:18 - 000003232 _____ C:\WINDOWS\system32\Tasks\Live Boost Process Governor
2021-01-06 13:39 - 2019-09-12 10:23 - 000000000 ____D C:\Program Files (x86)\Google
2021-01-05 21:29 - 2019-09-04 16:04 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-30 07:59 - 2019-09-04 14:14 - 000000000 ____D C:\ProgramData\Packages

==================== Files in the root of some directories ========

2019-09-05 07:47 - 2019-09-05 07:47 - 000000410 _____ () C:\Users\emill\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

[Emills83]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-01-2021
Ran by emill (23-01-2021 21:07:25)
Running from C:\Users\emill\Desktop
Windows 10 Pro Version 20H2 19042.746 (X64) (2020-08-24 18:19:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3035062442-2361230617-2382509328-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3035062442-2361230617-2382509328-503 - Limited - Disabled)
emill (S-1-5-21-3035062442-2361230617-2382509328-1001 - Administrator - Enabled) => C:\Users\emill
Guest (S-1-5-21-3035062442-2361230617-2382509328-501 - Limited - Disabled)
malor (S-1-5-21-3035062442-2361230617-2382509328-1002 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3035062442-2361230617-2382509328-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton 360 (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton 360 (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image (HKLM-x32\...\{4FC35DD9-82DB-496D-AE43-43B7DE0A2CF8}) (Version: 23.5.17750 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{4FC35DD9-82DB-496D-AE43-43B7DE0A2CF8}Visible) (Version: 23.5.17750 - Acronis)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 32.0.0.125 - Adobe)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.0.0.354 - Adobe Systems Incorporated)
Adobe InDesign 2020 (HKLM-x32\...\IDSN_15_0) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\LRCC_3_0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0) (Version: 21.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0_7) (Version: 20.0.7 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.7.0 - ASUSTeK COMPUTER INC.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.8 - ASUSTeK COMPUTER INC.)
ASUS Sync Drivers (HKLM\...\{EC1454B0-F2A3-4665-A26C-E68F5B272D00}) (Version: 2.3.6748 - Screenovate Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CTOAgentONE (HKLM-x32\...\CTOAgentONE_is1) (Version: - PalmAgent Software)
C-Value! v2.1 (HKLM-x32\...\{786E56D3-26AA-4499-AB7F-6B59261768C6}_is1) (Version: 2.0 - Pine Grove Software, LLC)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2231 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2231 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4006 - CyberLink Corp.)
Documentation Manager (HKLM\...\{EC7D2299-EAEC-498A-947B-ADC4495AA6D6}) (Version: 22.20.0.6 - Intel Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 113.4.507 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.415.1 - Dropbox, Inc.) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.2 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{AB8BE3EA-01D3-44B7-8E77-A9601CBDEBDE}) (Version: 3.10.0085 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 2.56.00 - Seiko Epson Corporation)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - Seiko Epson Corporation)
Epson ReadyInk Agent (A) (HKLM-x32\...\{A9B4584F-A29E-4880-97E6-1744B4AF2AF8}) (Version: 1.0.2.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.)
Epson Software Updater (HKLM-x32\...\{28C66F35-69BF-4376-BC80-4D5F4808FF3C}) (Version: 4.6.1 - Seiko Epson Corporation)
EPSON WF-7720 Series Printer Uninstall (HKLM\...\EPSON WF-7720 Series) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
GlanceGuest version 4.8.1.7 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.8.1.7 - Glance Networks, Inc.)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
Intel Driver && Support Assistant (HKLM-x32\...\{513BFF20-438E-4C8B-9C41-DE06B47D3148}) (Version: 20.11.50.9 - Intel) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{44C40B2E-7285-4A9F-A9BC-DF433772AAEE}) (Version: 2.4.05929 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.4.10500.5526 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 16.8.3.1003 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1727.1 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{66129f84-d3f0-4884-ac54-369ae6fc2cf6}) (Version: 1.48.197.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000020-0220-1033-84C8-B8D95FA3C8C3}) (Version: 22.20.0.3 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{7972bdc2-99e9-4a54-b071-e7f08bdf056d}) (Version: 20.11.50.9 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86310f5b-bdb9-47b7-9ff9-d633944adc43}) (Version: 20.80.0.0u - Intel Corporation)
Intel® Software Installer (HKLM-x32\...\{76cc8e2a-8308-43d3-a3c3-423d2a1ca435}) (Version: 22.20.0.6 - Intel Corporation) Hidden
IPVanish (HKLM\...\{DF6274BF-A14B-4644-88A8-4407CB8E9907}) (Version: 3.6.5.0 - Mudhook Marketing, Inc) Hidden
IPVanish (HKLM-x32\...\{1568fda7-cb17-4769-bc1b-e21983b35aeb}) (Version: 3.6.5.0 - Mudhook Marketing, Inc)
Keeper Password Manager (HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\keeperpasswordmanager) (Version: 15.0.13 - Keeper Security, Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.20.5.39 - Symantec Corporation)
Norton Secure VPN (HKLM-x32\...\Norton Secure VPN) (Version: 2.7.0.630 - Symantec Corporation) Hidden
Norton Utilities Premium (HKLM\...\{36896A40-D958-486B-8A43-31A41E129FE2}) (Version: 17.0.5.701 - NortonLifeLock)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Graphics Driver 442.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 442.50 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
PowerDirector (HKLM\...\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}) (Version: 10.00.0000 - CyberLink Corp.) Hidden
QuickBooks 4.3.0 (HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\05fb5a8b-5c9d-57ac-a4b7-ecf271235d3f) (Version: 4.3.0 - Intuit Inc.)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 6.2.1.260 - Samsung Electronics)
Samsung NVM Express Driver (HKLM-x32\...\{351c8533-38f0-47f1-b380-a75f267986bd}) (Version: 3.2.0.1910 - Samsung Electronics)
Samsung NVM Express Driver 3.2.0.1910 (HKLM\...\{4F8B373B-04FB-4094-9B42-271D680CC47A}) (Version: 3.2.0.1910 - Samsung Electronics Co., Ltd) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.31.0 - Samsung Electronics Co., Ltd.)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM-x32\...\{8D6181F3-CACB-4B48-8B08-981F3A7F318B}) (Version: 13.0.0.99 - SAP)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.20072.4 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.2.20072.4 - Samsung Electronics Co., Ltd.)
Splashtop Business (HKLM-x32\...\{6A4CA92E-2579-4C4D-9C8B-44735449C64E}) (Version: 3.4.2.0 - Splashtop Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.17 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.4.2.2 - Splashtop Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.13.6 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
VUDU To Go (HKLM-x32\...\{779C62CE-D787-C2F7-BB7E-52D9A9231F02}) (Version: 2.3.4 - Vudu) Hidden
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 2.3.4 - Vudu)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.10.0 - ASUSTeK COMPUTER INC.)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\ZoomUMX) (Version: 5.4.3 (58891.1115) - Zoom Video Communications, Inc.)

Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-06-02] (Adobe Systems Incorporated)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-09-05] (Adobe Systems Incorporated)
Amazon -> C:\Program Files\WindowsApps\Amazon.com.Amazon_2018.519.2815.0_x64__343d40qqvtj1t [2020-02-19] (Amazon.com)
ASUS Keyboard Hotkeys -> C:\Program Files\WindowsApps\B9ECED6F.ASUSKeyboardHotkeys_1.0.12.0_x86__qmba6cd70vzyy [2019-09-19] (ASUSTeK COMPUTER INC.) [Startup Task]
Honey -> C:\Program Files\WindowsApps\HoneyScienceCorporation.Honey_11.4.2.0_neutral__cbe4c63gm1mzr [2019-09-12] (Honey Science Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.1.778.0_x64__v10z8vjag6ke6 [2020-12-30] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-11-19] (Apple Inc.) [Startup Task]
Keeper® for Microsoft Edge - Password Manager & Digital Vault -> C:\Program Files\WindowsApps\KeeperSecurityInc.KeeperBrowserExtension_14.4.0.0_neutral__kejf07qmg0jnm [2020-08-27] (Keeper Security Inc)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1102.0_x64__8wekyb3d8bbwe [2021-01-14] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.13530.20376.0_x86__8wekyb3d8bbwe [2021-01-16] (Microsoft Corporation)
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_2.3.11.0_x64__qmba6cd70vzyy [2021-01-21] (ASUSTeK COMPUTER INC.)
MyASUS-Service Center -> C:\Program Files\WindowsApps\b9eced6f.myasus_3.3.11.0_x86__qmba6cd70vzyy [2019-09-04] (ASUSTeK COMPUTER INC.) [Startup Task]
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.11.0_x64__8wekyb3d8bbwe [2020-07-23] (Microsoft Corporation)
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2021-01-06] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-09-12] (Microsoft Corporation)
Rakuten: Get Cash Back For Shopping -> C:\Program Files\WindowsApps\Ebates.EbatesCashBack_4.46.1.0_neutral__qvn24pjydtpgr [2020-12-15] (Rakuten)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2020-06-13] (Realtek Semiconductor Corp)
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.13.154.0_x64__43tkc6nmykmb6 [2021-01-21] (Ookla)
Splendid -> C:\Program Files\WindowsApps\B9ECED6F.Splendid_1.0.15.0_x64__qmba6cd70vzyy [2019-11-18] (ASUSTeK COMPUTER INC.) [Startup Task]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-09-04] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}0
CustomCLSID: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001_Classes\CLSID\{04271989-C4D2-9306-C568-CFC45B2639B1} -> [OneDrive - Contemporary Family Dentistry] => D:\OneDrive - Contemporary Family Dentistry [2020-12-29 14:17]
CustomCLSID: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-F767E44CF7DF} -> [Creative Cloud Files] => C:\Users\emill\Creative Cloud Files [2019-09-05 07:51]
CustomCLSID: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
CustomCLSID: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => D:\Dropbox [2019-09-04 14:42]
CustomCLSID: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2019-03-25] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2019-03-25] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2019-03-25] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2019-03-25] (Acronis International GmbH -> )
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-07-30] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.5.39\NavShExt.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.5.39\NavShExt.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files (x86)\Microsoft OneDrive\20.201.1005.0009\amd64\FileSyncShell64.dll [2020-12-02] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-02-24] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-07-30] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.20.5.39\buShell.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.20.5.39\NavShExt.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

 

[Emills83]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-12-07 11:31 - 2020-12-07 11:31 - 000126464 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Intel\Driver and Support Assistant\DSASsdInterop.dll
2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2016-09-14 13:31 - 2016-09-14 13:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [File not signed] C:\WINDOWS\System32\enppmon.dll
2020-06-16 16:28 - 2020-06-16 16:28 - 001918464 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2019-03-25 20:30 - 2019-03-25 20:30 - 025338368 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icudt54.dll
2019-03-25 20:30 - 2019-03-25 20:30 - 002056704 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuin54.dll
2019-03-25 20:30 - 2019-03-25 20:30 - 001425408 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Acronis\TrueImageHome\icuuc54.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\emill\.DS_Store:AFP_AfpInfo [122]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25102878.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\47703769.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\25102878.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\47703769.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3035062442-2361230617-2382509328-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.20.5.39\coIEPlg.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-07-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-07-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.20.5.39\coIEPlg.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-07-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-07-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.20.5.39\coIEPlg.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-07-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.20.5.39\coIEPlg.dll [2020-07-23] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-07-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-11 17:38 - 2018-04-11 17:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile\;C:\Program Files (x86)\Common Files\Acronis\VirtualFile64\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\emill\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\malori-mills-twin-newborn-session-yukon-mustang-photographer-edmond-okc-photography-family-photography014.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NvTelemetryContainer => 2
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\StartupApproved\Run: => "SurfEasy"
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-3035062442-2361230617-2382509328-1001\...\StartupApproved\Run: => "SmartSwitchPDLR.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9506F0C8-DBB1-409C-9FE8-D431FFEF72EC}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{99839E74-FD0B-4DB9-A289-B71344F3DD07}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{8047376D-5D7D-4A36-81E8-274402B8C49D}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{0B2C19DE-5CD7-4543-8AB3-F86CB61E2F4A}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) Software Development Products -> )
FirewallRules: [{AEFAF8AF-635B-49D5-B091-BD06A2F83689}] => (Allow) LPort=6600
FirewallRules: [{82382CDA-A608-4553-B5FB-991ED60817AC}] => (Allow) LPort=6600
FirewallRules: [{6F65B22B-7FCC-40BC-A32F-F8C76E09C563}] => (Allow) C:\Users\emill\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{10A93505-044F-46B6-9481-9F36F6013673}] => (Allow) C:\Users\emill\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FCD19B54-54C1-40DA-BAED-A2F7C4478A68}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D01FF524-F5C7-4A79-97AC-6D8A4D8776D6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{94A4401A-A04A-4E6C-9F3E-14DD078BB57F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{A838E8C0-B94A-4A42-AF87-B3FBDABFA235}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{FEB9913F-E280-4571-BCF4-5C981DBD3C58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX12.exe (Stardock Entertainment, Inc. -> Stardock Entertainment / Oxide Games)
FirewallRules: [{BA179F24-FB07-43E4-A82D-39E736C2265A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX12.exe (Stardock Entertainment, Inc. -> Stardock Entertainment / Oxide Games)
FirewallRules: [{6E1E3E89-7EF7-4A44-9ECD-0CB734EAD61C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX11.exe (Stardock Entertainment, Inc. -> Stardock Entertainment / Oxide Games)
FirewallRules: [{38D49939-499E-4CA1-A647-149F8DFF24B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ashes of the Singularity\Ashes_DX11.exe (Stardock Entertainment, Inc. -> Stardock Entertainment / Oxide Games)
FirewallRules: [{F1F32FA2-80D7-4B86-A0B0-991F13A5C4E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe (Valve -> )
FirewallRules: [{898160B4-4353-4798-8751-EBE6F45812A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe (Valve -> )
FirewallRules: [{AAEAEDA4-3E23-4EA3-BA2B-EACFC9751199}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1BBD978D-A009-4647-B217-0439B40A8B7E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A05F0810-8EC3-42F4-97DC-E9D7DCF6B19B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{84B7E1BD-458A-41EA-9A0E-FF8351D6BCB6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B03CA9D6-4B81-48C4-A93F-A3E0307686AB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{452DC9A3-6FA1-434D-9725-964FB58A7BC6}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE (CyberLink -> CyberLink Corp.)
FirewallRules: [{5F8E2A2B-C708-4C14-824A-71C6D017EC98}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AB57B80B-7E6E-46D0-BE27-7F5C7AF207EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FC97148C-FA0F-444F-9D54-6BDE43CD9ED3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F514C281-F073-4B36-B034-8D6A2D6DBF32}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{03F968FA-62D3-4C73-B21E-D8FE4B9DCCEA}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{D17F885E-C6DE-44A5-ADB1-005A83B7F9E0}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Home\report_sender.exe (Acronis International GmbH -> )
FirewallRules: [{98131B93-D89B-4C9C-B540-141BD8388DAD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\LicenseActivator.exe (Acronis International GmbH -> )
FirewallRules: [{DEFFF6D3-D0B0-4492-9271-5BBFD936BFD2}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\ga_service.exe (Acronis International GmbH -> )
FirewallRules: [{8F80FE7A-BED6-463E-8DFE-2943C31E732C}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe (Acronis International GmbH -> )
FirewallRules: [{2C386951-D922-451F-ADA2-3E60F5110F1C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{388D4B8D-400F-4796-8402-F3DD3C90ABED}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe (Acronis International GmbH -> )
FirewallRules: [{720F7AD5-7063-4F58-9A49-7348527FCF3B}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe (Acronis International GmbH -> )
FirewallRules: [{E42786FA-E4CB-4601-926E-53E34080A116}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe (Acronis International GmbH -> )
FirewallRules: [{A8545685-69EB-4925-B352-398F4D87A7D5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe (Acronis International GmbH -> )
FirewallRules: [{50C8E477-41AB-424F-9698-5454DDC60832}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe (Acronis International GmbH -> )
FirewallRules: [{E711EDB1-1AF6-4984-9CB8-B7B65746A72B}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis International GmbH -> )
FirewallRules: [{29B8FCA3-D814-44F5-8BE6-D52C6A5FD1C9}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe (Acronis International GmbH -> )
FirewallRules: [{06C9C9EE-1BFE-44E6-B9D3-060932F4D5DA}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Acronis International GmbH -> Acronis International GmbH)
FirewallRules: [{5132DF42-05E9-46C5-A40F-464E79906BDB}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis International GmbH -> )
FirewallRules: [{54F84402-BD28-4C9F-844E-2C4F08FF1133}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{FAE80FE1-90CD-4511-A1C1-B745799B510E}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{2E25E6D4-79A1-4930-8048-7B09101F9DB4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7199A7A3-1EDF-4B55-A8BF-794D463CD046}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{52EC7549-A687-4338-A2B5-19E221CD9033}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DB7477AA-F46B-41D6-9D59-EE2321A8D6CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{71C6CB2A-5406-4F48-A5FC-A7FAB1C54ECD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{4F809925-D08B-4C2A-A10D-E0231949165C}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{DE785BDF-2A04-4E06-BB16-E67C3A5C90FC}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{5FF1F69E-3509-4F12-9788-7B10C109B975}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe (Seiko Epson Corporation) [File not signed]
FirewallRules: [{527C4DF8-4C56-4B3B-BE5F-8CE923EECAF4}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{A3330617-4CC6-4A55-B33F-1716F22B6DD0}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{A1A404D0-19A9-4819-8C45-3C0814E01AD1}C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe] => (Allow) C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe => No File
FirewallRules: [TCP Query User{DC434398-2799-4F05-9888-F1FDDABCF8F3}C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe] => (Allow) C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe => No File
FirewallRules: [{A78E0869-60F1-45FA-BB97-3B2AC3A318D6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => No File
FirewallRules: [{2E4382F4-7D12-48C3-AA1F-74C2FED21614}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe => No File
FirewallRules: [{1A113093-BA65-4C20-984C-2B2090255CD7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File
FirewallRules: [{40682E4A-83BA-4CE6-81DF-270E9FDD978A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File
FirewallRules: [{EB553CBF-B727-496A-A972-95A252F2F568}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File
FirewallRules: [{B95A9445-2342-4D10-A925-F8E919B75A7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File
FirewallRules: [{86193331-6275-425D-BBC6-EB0DF0981622}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe => No File
FirewallRules: [{E26014D0-14BB-4302-8DB4-0ED51EBBC1F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe => No File
FirewallRules: [{05471A8E-3F61-4AF1-984B-94865136DB3F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{423758BE-C98C-471E-A84D-0C967477C26D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{C156B0AF-A9B4-4E08-A7E1-0E337735DAFD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{3D3D17F9-8B25-43EB-839E-2E82D3A3F4DC}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Client for STB\wbs-agent\projects\viewit\wbs_agent.exe (Node.js Foundation -> Node.js)
FirewallRules: [{85C13056-D69D-46A6-8688-B5C8EF10834D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{08026B1A-CCE0-446C-A6C5-9D224EDBAD95}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CA6ADBB3-2C2F-409E-B4A7-72BE2BB6E276}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{74E3504E-3561-4200-BECE-382470D5BFA9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FF72DF7C-0F63-4D8D-8236-820C83ECEE56}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{72D036A3-90AB-4314-99A6-72A7EE4DA2ED}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{836C117B-A997-412B-ADF8-DE89E2F2FE7F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{30A1667F-4A31-45F5-90F0-8D078FFC23AD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E4E6441C-A1E9-4AE1-98EC-BAD7AD43E988}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{47B20616-517E-492D-A145-F27415AF5E20}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4354DDEC-8457-4299-9C74-C83477EA4460}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{70A3ABD4-E73D-42E8-87FF-429533947F0F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B58089FE-36A7-482D-9995-8E74BD8FECC5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13530.20376.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{027C131E-4D38-4EF5-A668-DF670984D6B0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{DC6CCAE3-6A90-4A6D-8239-F2296B6C6E07}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe (Splashtop Inc. -> Splashtop Inc.)

==================== Restore Points =========================

12-01-2021 13:31:04 Scheduled Checkpoint
15-01-2021 17:35:31 Installed Intel(R) Wireless Bluetooth(R)
19-01-2021 13:49:29 IPVanish

==================== Faulty Device Manager Devices ============

Name: HID-compliant touch screen
Description: HID-compliant touch screen
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/23/2021 11:38:46 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: MILLS-AIO)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (01/23/2021 11:34:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 19 C.8.6.2.2.9.8.9.2.6.7.D.E.0.8.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR MILLS-AIO-2.local.

Error: (01/23/2021 11:34:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.184:5353 17 C.8.6.2.2.9.8.9.2.6.7.D.E.0.8.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR MILLS-AIO.local.

Error: (01/23/2021 11:34:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 19 1.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.B.0.8.A.D.1.8.0.0.7.1.0.0.6.2.ip6.arpa. PTR MILLS-AIO-2.local.

Error: (01/23/2021 11:34:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.184:5353 17 1.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.B.0.8.A.D.1.8.0.0.7.1.0.0.6.2.ip6.arpa. PTR MILLS-AIO.local.

Error: (01/23/2021 11:34:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 19 184.1.168.192.in-addr.arpa. PTR MILLS-AIO-2.local.

Error: (01/23/2021 11:34:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.184:5353 17 184.1.168.192.in-addr.arpa. PTR MILLS-AIO.local.

Error: (01/23/2021 11:33:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname MILLS-AIO.local already in use; will try MILLS-AIO-2.local instead


System errors:
=============
Error: (01/23/2021 11:35:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error:
{Volume Shadow Copy Service}
The system is now ready for hibernation.

Error: (01/22/2021 09:50:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error:
{Volume Shadow Copy Service}
The system is now ready for hibernation.

Error: (01/22/2021 11:07:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error:
{Volume Shadow Copy Service}
The system is now ready for hibernation.

Error: (01/22/2021 11:05:19 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff806a068c808, 0x0000000000000000, 0xfffff8065f06f1e8, 0x0000000000000002). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 8e8222dc-a99c-4ae5-8eb0-1dd7a8edd59b.

Error: (01/22/2021 11:05:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:04:22 AM on ‎1/‎22/‎2021 was unexpected.

Error: (01/22/2021 09:35:21 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\emill\AppData\Local\Temp\ehdrv.sys

Error: (01/22/2021 09:35:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (01/22/2021 09:35:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading


CodeIntegrity:
===================================

Date: 2021-01-23 11:36:53.4950000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-23 11:36:53.4870000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-23 11:36:53.4790000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-23 11:36:53.4720000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-23 11:36:53.4640000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-23 11:36:53.4560000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-23 11:36:53.4470000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-23 11:36:53.4390000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\Norton Security\Engine\22.20.5.39\symamsi.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. ZN242GD.307 09/16/2019
Motherboard: ASUSTeK COMPUTER INC. ZN242GD
Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 20%
Total physical RAM: 32701.3 MB
Available physical RAM: 25867.54 MB
Total Virtual: 37565.3 MB
Available Virtual: 29434.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:418.02 GB) (Free:173.74 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:562.53 GB) NTFS
Drive e: (DATA) (Fixed) (Total:4657.37 GB) (Free:2700.71 GB) NTFS

\\?\Volume{ff8c3ef7-3bdc-4cb8-8a52-87b9fb034ac9}\ (RECOVERY) (Fixed) (Total:0.79 GB) (Free:0.33 GB) NTFS
\\?\Volume{431c8437-9ad0-48ac-a414-69894ef2b051}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 2 (Protective MBR) (Size: 4657.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Emills83]

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-01-2021
Ran by emill (24-01-2021 07:09:07) Run:1
Running from C:\Users\emill\Desktop
Loaded Profiles: emill
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
2019-09-05 07:47 - 2019-09-05 07:47 - 000000410 _____ () C:\Users\emill\AppData\Local\oobelibMkey.log
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
AlternateDataStreams: C:\Users\emill\.DS_Store:AFP_AfpInfo [122]
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FirewallRules: [{6F65B22B-7FCC-40BC-A32F-F8C76E09C563}] => (Allow) C:\Users\emill\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [UDP Query User{A1A404D0-19A9-4819-8C45-3C0814E01AD1}C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe] => (Allow) C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe => No File
FirewallRules: [TCP Query User{DC434398-2799-4F05-9888-F1FDDABCF8F3}C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe] => (Allow) C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe => No File
FirewallRules: [{A78E0869-60F1-45FA-BB97-3B2AC3A318D6}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe => No File
FirewallRules: [{2E4382F4-7D12-48C3-AA1F-74C2FED21614}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16010.9126.2116.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe => No File
FirewallRules: [{1A113093-BA65-4C20-984C-2B2090255CD7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File
FirewallRules: [{40682E4A-83BA-4CE6-81DF-270E9FDD978A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File
FirewallRules: [{EB553CBF-B727-496A-A972-95A252F2F568}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File
FirewallRules: [{B95A9445-2342-4D10-A925-F8E919B75A7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe => No File
FirewallRules: [{86193331-6275-425D-BBC6-EB0DF0981622}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe => No File
FirewallRules: [{E26014D0-14BB-4302-8DB4-0ED51EBBC1F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe => No File
FirewallRules: [{05471A8E-3F61-4AF1-984B-94865136DB3F}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{423758BE-C98C-471E-A84D-0C967477C26D}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{C156B0AF-A9B4-4E08-A7E1-0E337735DAFD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File


*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
C:\Users\emill\AppData\Local\oobelibMkey.log => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
C:\Users\emill\.DS_Store => ":AFP_AfpInfo" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Filter\application/x-mfe-ipt => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F65B22B-7FCC-40BC-A32F-F8C76E09C563}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A1A404D0-19A9-4819-8C45-3C0814E01AD1}C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DC434398-2799-4F05-9888-F1FDDABCF8F3}C:\program files (x86)\norton secure vpn\client\norton secure vpn.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A78E0869-60F1-45FA-BB97-3B2AC3A318D6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E4382F4-7D12-48C3-AA1F-74C2FED21614}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1A113093-BA65-4C20-984C-2B2090255CD7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40682E4A-83BA-4CE6-81DF-270E9FDD978A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB553CBF-B727-496A-A972-95A252F2F568}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B95A9445-2342-4D10-A925-F8E919B75A7B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{86193331-6275-425D-BBC6-EB0DF0981622}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E26014D0-14BB-4302-8DB4-0ED51EBBC1F6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05471A8E-3F61-4AF1-984B-94865136DB3F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{423758BE-C98C-471E-A84D-0C967477C26D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C156B0AF-A9B4-4E08-A7E1-0E337735DAFD}" => removed successfully


The system needed a reboot.

==== End of Fixlog 07:09:07 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[Emills83]

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
Windows Defender
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[Emills83]

Farbar Service Scanner Version: 23-12-2020
Ran by emill (administrator) on 24-01-2021 at 15:17:26
Running from "C:\Users\emill\Desktop"
Microsoft Windows 10 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Windows Security:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv: "%systemroot%\system32\svchost.exe -k netsvcs -p".
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[Emills83]

Sophos found no threats

 

[Broni]

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
[COLOR=#ff0000][B]This is a very crucial step so make sure you don't skip it.[/B][/COLOR]
Download [IMG]http://www.imgdumper.nl/uploads6/51a5ce45267c1/51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) and AdwCleaner weekly (you need to redownload these tools since they were removed by DelFix).

7. (optional) If you want to keep all your programs up to date, download and install FileHippo App Manager.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

8. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

9. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

10. Please, let me know, how your computer is doing.