Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very High Memory and CPU Usage


  • Please log in to reply
9 replies to this topic

#1 GOWRON

GOWRON

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 14 November 2017 - 11:14 AM

I suspect I’ve been infected with a Bitcoin miner. Memory usage is way higher than it should be, and over the past few days, CPU usage averages 20-25% with no tasks really calling on the CPU.

 

Here is the information about my system:

Operating System:  Windows 10 Pro, 64 bit

Processor:  Intel i7-5960X @ 3.00 GHz, not overclocked

Installed Memory:  32GB

 

Last night I restarted. When I ran Windows Task Manager first thing this morning, CPU usage was at 22% and memory usage was 85%. Malwarebytes and Windows Defender scans don’t turn up anything.

 

Any guidance would be greatly appreciated.



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:26 PM

Posted 14 November 2017 - 09:05 PM

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 GOWRON

GOWRON
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 15 November 2017 - 10:50 AM

Thanks for the reply, Broni. Below are the log files you requested.

 

Security Check

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 151  
 Java version 32-bit out of Date! 
 Adobe Flash Player 27.0.0.187  
 Mozilla Firefox (56.0) 
 Google Chrome (62.0.3202.94) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 Windows Defender MSASCuiL.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

 

 
__________
 
Farbar Service Scanner (FSS)
 

Farbar Service Scanner Version: 27-01-2016
Ran by David H. Brown (administrator) on 15-11-2017 at 10:45:16
Running from "D:\Downloaded Programs\Farbar Service Scanner (FSS)"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
__________
 
MiniToolBox
 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by David H. Brown (administrator) on 15-11-2017 at 10:24:07
Running from "D:\Downloaded Programs\MiniToolBox"
Microsoft Windows 10 Pro  (X64)
Model: All Series Manufacturer: ASUS
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
Intel® I211 Gigabit Network Connection = Local Area Connection (Connected)
TeamViewer VPN Adapter = Ethernet (Media disconnected)
Broadcom 802.11ac Network Adapter = Wireless Network Connection (Media disconnected)
Astrill SSL VPN Adapter = Ethernet 2 (Media disconnected)
Intel® Ethernet Connection (2) I218-V = Local Area Connection 2 (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global taskoffload=disabled
set interface interface="Local Area Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VMware Network Adapter VMnet1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VMware Network Adapter VMnet8" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wireless Network Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wireless Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="VMware Network Adapter VMnet1" address=192.168.118.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.30.1 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Katana
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : woh.rr.com
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Ethernet Connection (2) I218-V
   Physical Address. . . . . . . . . : 38-2C-4A-6E-DA-AF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : woh.rr.com
   Description . . . . . . . . . . . : Intel® I211 Gigabit Network Connection
   Physical Address. . . . . . . . . : 38-2C-4A-6E-DC-B3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.117(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, November 14, 2017 2:40:53 PM
   Lease Expires . . . . . . . . . . : Thursday, November 16, 2017 2:40:54 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Astrill SSL VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-52-5D-0C-63
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : The Broadcom 802.11 Network Adapter provides wireless local area networking.
   Physical Address. . . . . . . . . : 40-E2-30-85-C2-B2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 40-E2-30-85-C2-B2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 4:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 42-E2-30-85-C2-B2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter VMware Network Adapter VMnet1:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
   Physical Address. . . . . . . . . : 00-50-56-C0-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b4b2:2841:58f0:adcd%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.118.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 33574998
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-F4-96-96-38-2C-4A-6E-DC-B3
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter VMware Network Adapter VMnet8:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bd94:c823:65e:d118%16(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.30.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 268456022
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-F4-96-96-38-2C-4A-6E-DC-B3
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TeamViewer VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-32-90-FE-9E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth PAN HelpText
   Physical Address. . . . . . . . . : 40-E2-30-3C-2C-39
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2c6e:57f:3f57:fe8a(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2c6e:57f:3f57:fe8a%14(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 721420288
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-F4-96-96-38-2C-4A-6E-DC-B3
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  resolver1.opendns.com
Address:  208.67.222.222
 
Name:    google.com
Addresses:  2607:f8b0:4004:802::200e
  172.217.7.238
 
 
Pinging google.com [172.217.7.238] with 32 bytes of data:
Reply from 172.217.7.238: bytes=32 time=24ms TTL=53
Reply from 172.217.7.238: bytes=32 time=29ms TTL=53
 
Ping statistics for 172.217.7.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 29ms, Average = 26ms
Server:  resolver1.opendns.com
Address:  208.67.222.222
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::100d
  2001:4998:c:e33::53
  2001:4998:58:2201::73
  98.138.252.38
  98.139.180.180
  206.190.39.42
 
 
Pinging yahoo.com [206.190.39.42] with 32 bytes of data:
Reply from 206.190.39.42: bytes=32 time=97ms TTL=46
Reply from 206.190.39.42: bytes=32 time=93ms TTL=46
 
Ping statistics for 206.190.39.42:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 93ms, Maximum = 97ms, Average = 95ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...38 2c 4a 6e da af ......Intel® Ethernet Connection (2) I218-V
 15...38 2c 4a 6e dc b3 ......Intel® I211 Gigabit Network Connection
  4...00 ff 52 5d 0c 63 ......Astrill SSL VPN Adapter
 12...40 e2 30 85 c2 b2 ......The Broadcom 802.11 Network Adapter provides wireless local area networking.
  8...40 e2 30 85 c2 b2 ......Microsoft Hosted Network Virtual Adapter
  7...42 e2 30 85 c2 b2 ......Microsoft Wi-Fi Direct Virtual Adapter
  3...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 16...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  2...00 ff 32 90 fe 9e ......TeamViewer VPN Adapter
 11...40 e2 30 3c 2c 39 ......Bluetooth PAN HelpText
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.117     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.117    281
    192.168.1.117  255.255.255.255         On-link     192.168.1.117    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.117    281
     192.168.30.0    255.255.255.0         On-link      192.168.30.1    291
     192.168.30.1  255.255.255.255         On-link      192.168.30.1    291
   192.168.30.255  255.255.255.255         On-link      192.168.30.1    291
    192.168.118.0    255.255.255.0         On-link     192.168.118.1    291
    192.168.118.1  255.255.255.255         On-link     192.168.118.1    291
  192.168.118.255  255.255.255.255         On-link     192.168.118.1    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.118.1    291
        224.0.0.0        240.0.0.0         On-link      192.168.30.1    291
        224.0.0.0        240.0.0.0         On-link     192.168.1.117    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.118.1    291
  255.255.255.255  255.255.255.255         On-link      192.168.30.1    291
  255.255.255.255  255.255.255.255         On-link     192.168.1.117    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14    331 ::/0                     On-link
  1    331 ::1/128                  On-link
 14    331 2001::/32                On-link
 14    331 2001:0:4137:9e76:2c6e:57f:3f57:fe8a/128
                                    On-link
  3    291 fe80::/64                On-link
 16    291 fe80::/64                On-link
 14    331 fe80::/64                On-link
 14    331 fe80::2c6e:57f:3f57:fe8a/128
                                    On-link
  3    291 fe80::b4b2:2841:58f0:adcd/128
                                    On-link
 16    291 fe80::bd94:c823:65e:d118/128
                                    On-link
  1    331 ff00::/8                 On-link
  3    291 ff00::/8                 On-link
 16    291 ff00::/8                 On-link
 14    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/15/2017 10:00:06 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\SCSP Backups\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{B543E814-228D-48D2-88FE-F4651230A6E8}.txt
Start time: 11/15/2017 10:00:00 AM
Module: service
Code: 301
Message: Email notification sent to dhbrown@woh.rr.com
 
Error: (11/15/2017 10:00:06 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\SCSP Backups\D_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{4C4D01B4-79CB-408D-B2B5-15A44A77AC64}.txt
Start time: 11/15/2017 10:00:00 AM
Module: service
Code: 301
Message: Email notification sent to dhbrown@woh.rr.com
 
Error: (11/15/2017 10:00:06 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\SCSP Backups\C_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{3B442D50-6E54-4D11-B796-02C3FE46A882}.txt
Start time: 11/15/2017 10:00:00 AM
Module: service
Code: 301
Message: Email notification sent to dhbrown@woh.rr.com
 
Error: (11/15/2017 09:00:05 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\SCSP Backups\E_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{B543E814-228D-48D2-88FE-F4651230A6E8}.txt
Start time: 11/15/2017 9:00:00 AM
Module: service
Code: 301
Message: Email notification sent to dhbrown@woh.rr.com
 
Error: (11/15/2017 09:00:05 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\SCSP Backups\D_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{4C4D01B4-79CB-408D-B2B5-15A44A77AC64}.txt
Start time: 11/15/2017 9:00:00 AM
Module: service
Code: 301
Message: Email notification sent to dhbrown@woh.rr.com
 
Error: (11/15/2017 09:00:05 AM) (Source: ShadowProtectSvc) (User: NT AUTHORITY)
Description: Backup status: failed
Image file: G:\SCSP Backups\C_VOL
Log file: C:\Program Files (x86)\StorageCraft\ShadowProtect\Logs\{3B442D50-6E54-4D11-B796-02C3FE46A882}.txt
Start time: 11/15/2017 9:00:00 AM
Module: service
Code: 301
Message: Email notification sent to dhbrown@woh.rr.com
 
Error: (11/15/2017 08:01:54 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000028E32306100).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (11/15/2017 08:01:54 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000028E32305CA0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (11/15/2017 08:00:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000028E32305CA0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (11/15/2017 08:00:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000028E32305FC0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
 
System errors:
=============
Error: (11/15/2017 03:01:18 AM) (Source: stcvsm) (User: )
Description: Flush-and-hold state was released while snapping due to timeout on \Device\HarddiskVolume3, cancelling snapping
 
Error: (11/15/2017 03:01:18 AM) (Source: volsnap) (User: )
Description: The flush and hold writes operation on volume C: timed out while waiting for a release writes command.
 
Error: (11/14/2017 02:41:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/14/2017 02:41:12 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/14/2017 02:40:58 PM) (Source: Service Control Manager) (User: )
Description: The MSI_LiveUpdate_Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/14/2017 02:40:54 PM) (Source: Service Control Manager) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Error: (11/14/2017 02:40:53 PM) (Source: Service Control Manager) (User: )
Description: The CldFlt service failed to start due to the following error: 
%%50 = The request is not supported.
 
 
Error: (11/14/2017 02:40:52 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.
 
Error: (11/14/2017 02:40:20 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted during detection.
 
Error: (11/14/2017 01:52:26 PM) (Source: DCOM) (User: Katana)
Description: Microsoft.Windows.Photos_2017.39091.16340.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2017-11-15 10:21:33.265
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-15 10:21:33.263
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-15 10:05:25.065
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-15 10:05:25.062
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-15 10:00:59.892
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-15 10:00:59.890
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-15 10:00:59.568
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-15 10:00:59.565
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-15 09:50:58.472
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-15 09:50:58.470
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.00.15.58233 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.15.58233 - ABBYY)
Ableton Live 9 Suite (HKLM\...\{B1584F8D-A87F-4859-B093-2C1C7F7BA444}) (Version: 9.0.0.0 - Ableton)
Adguard (HKLM-x32\...\{1ba1c838-bba2-49ed-8738-fd92b81204eb}) (Version: 6.2.433.2167 - Performix LLC)
Adguard (HKLM-x32\...\{685F6AB3-7C61-42D1-AE5B-3864E48D1035}) (Version: 6.2.433.2167 - Performix LLC) Hidden
Adobe Acrobat 8.1.0 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional) (Version: 8.1.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.68 - Hulubulu Software)
Agent Ransack x64 (HKLM\...\{FD8C1365-2229-4F37-A126-558DB2471CBE}) (Version: 7.0.828.1 - Mythicsoft Ltd)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.02 - ASUSTeK Computer Inc.)
AIDA64 Extreme v5.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.240 - Amazon)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
AO Help (HKLM-x32\...\{D25B5189-FD08-4985-BF86-A52457A7A0A5}) (Version: 1.2.23.231 - ASUS) Hidden
AO Help (HKLM-x32\...\InstallShield_{D25B5189-FD08-4985-BF86-A52457A7A0A5}) (Version: 1.2.23.231 - ASUS)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{55117E45-6881-FF5B-77B2-97FFCF64D2D8}) (Version: 10.1.10586.212 - Microsoft) Hidden
ASIO Bridge and Hi-Fi Cable (HKLM-x32\...\VB:ASIOBridge {17359A74-1236-5467}) (Version:  - VB-Audio Software)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.9.0001 - Asmedia Technology)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.35.1 - Asmedia Technology)
Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version:  - Astrill)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.4.1 - ASUSTeK Computer Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.911.151222 - )
BackgammonMasters Client (HKLM-x32\...\BackgammonMasters_is1) (Version:  - )
Bat To Exe Converter version 2.1.4 (HKLM\...\{60C29EC2-33E8-45EE-87E4-31FA3E35C539}_is1) (Version: 2.1.4 - Fatih Kodak)
BGroom (HKLM-x32\...\BGroom) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 7.35.317.1 - Broadcom Corporation)
Broken Shortcut Fixer (HKLM-x32\...\{F5EB26E8-0EF6-4AF0-9D43-D2B7E0D9D63C}) (Version: 1.2 - ConsumerSoft)
Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version:  - Sledgehammer Games)
Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version:  - Sledgehammer Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.34 - Piriform)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cinch Audio Recorder version 4.0.2 (HKLM-x32\...\{F145F781-A266-4A33-8F34-65561BF29B25}_is1) (Version: 4.0.2 - Cinch Solutions)
Citrix Online Launcher (HKLM-x32\...\{AFB80939-4486-49D8-A04E-2B05C0F2DE39}) (Version: 1.0.252 - Citrix)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CouchPotato (HKLM-x32\...\CouchPotato_is1) (Version: 2 - Your Mom)
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CrashPlan (HKLM\...\{82DD9B45-C8B7-4786-A733-4D76CA572AA6}) (Version: 4.8.3.15 - Code 42 Software)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.4.3 - Foolish IT LLC)
Custom UI Editor for Microsoft Office (HKLM-x32\...\{C644FAAE-42FD-4FEC-B170-AB40B128B9AF}) (Version: 3.14.1592 - Microsoft Corporation)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dexpot (HKCU\...\Dexpot) (Version: 1.6.14 - Dexpot GbR)
Direct Folders (HKLM-x32\...\DirectFoldersAppID_is1) (Version:  - Code Sector Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 38.4.27 - Dropbox, Inc.)
Dropbox Folder Sync addon (HKLM-x32\...\{E0B7CA7A-98B0-4EF1-87F5-FF6B02DC06A9}_is1) (Version: 2.7 - Sowrabh & Satyadeep)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
dupeGuru (HKLM\...\{C11DACBD-8863-4AA4-94AD-708602F6F7EF}) (Version: 3.9.1 - Hardcoded Software)
Duplicate Email Remover (HKLM-x32\...\{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}) (Version: 3.0.0 - MAPILab Ltd.)
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Equalify Pro (HKCU\...\Equalify Pro 1.2.6) (Version: 1.2.6 - Leonardsen Software)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
Evernote v. 6.7.5 (HKLM-x32\...\{65B334F4-9E45-11E7-A6A5-005056951CAD}) (Version: 6.7.5.5825 - Evernote Corp.)
eWallet 8.3.5 for Windows PC (desktop) (HKLM-x32\...\Ilium Software eWallet_is1) (Version: 8.3.5 - Ilium Software)
Excel Add-in (HKLM-x32\...\Hoadley Options Excel Add-in_is1) (Version:  - Peter Hoadley)
Excel Utilities 2.2 (HKLM-x32\...\Excel Utilities 2.2) (Version:  - )
Fast Duplicate File Finder 4.3.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 4.3.0.1 - MindGems, Inc.)
Fidelity Active Trader Pro® (HKCU\...\a36ba76f6187edff) (Version: 10.6.996.0 - Fidelity Investments)
Fidelity Active Trader Pro® (HKLM-x32\...\{EB32DBD0-0589-4A80-BF88-C4CD126DD1C7}) (Version: 10.3.1565.0 - Fidelity Investments) Hidden
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FlukeView Forms (HKLM-x32\...\{63702CB3-38D5-11D4-9A93-00C04F281EE2}) (Version:  - )
FlukeViewFormsVcRedist (HKLM-x32\...\{3709EF38-C2EF-4298-AB38-37F4B14D147E}) (Version: 9.0.21022 - Fluke)
Freeplane (HKLM\...\{D3941722-C4DD-4509-88C4-0E87F675A859}_is1) (Version: 1.5.20 - Open source)
Geeks3D FurMark 1.15.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.118 - SecureMix LLC)
GNU Backgammon (Version 1_05_000, 20150725) (HKLM-x32\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
GoAnywhere OpenPGP Studio (HKLM-x32\...\{FBFC9FAF-5FC8-4C55-AEDD-F0E584387AE5}) (Version: 1.0.1 - Linoma Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Photos Backup (HKCU\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 8.16.0.7881 (HKCU\...\GoToMeeting) (Version: 8.16.0.7881 - LogMeIn, Inc.)
HandBrake 0.10.3 (HKLM-x32\...\HandBrake) (Version: 0.10.3 - )
HDD Guardian 0.6.1 (HKLM-x32\...\{F67EF53C-11BF-4EC8-B025-EC85CABA50B5}) (Version:  - )
Hoadley Options Strategy Evaluation Tool  (HKLM-x32\...\{722D7EA0-68CD-4A6E-A18E-9F80D2D17430}) (Version: 1.0.121 - Hoadley Trading & Investment Tools)
Hoadley Options Strategy Evaluation Tool (HKLM-x32\...\Hoadley Options Strategy Evaluation Tool_is1) (Version:  - Peter Hoadley)
Hoadley Setup (HKLM-x32\...\{076F56A8-757D-442F-87F4-28AF0C8810E2}) (Version: 1.0.560 - Hoadley Trading & Investment Tools)
Hoadley Setup X64 (HKLM\...\{D4CEA714-2A25-45F5-A376-4977CDE51C27}) (Version: 1.0.1 - Hoadley Trading & Investment Tools)
iCloud (HKLM\...\{C510BB61-AE0B-4420-87AF-9CF646E86364}) (Version: 6.2.3.17 - Apple Inc.)
ImDisk Toolkit (HKLM\...\ImDiskApp) (Version: 20141026 - )
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: * - LTR Data)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.92.2 (HKLM-x32\...\Inkscape) (Version: 0.92.2 - Inkscape Project)
Intel® Chipset Device Software (HKLM-x32\...\{7237f6c4-bcae-41b5-8f4b-ec446f5c115f}) (Version: 10.1.2.8 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel® Network Connections 20.1.2019.0 (HKLM\...\PROSetDX) (Version: 20.1.2019.0 - Intel)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.10586.0 (HKLM-x32\...\{AEFFC56C-3A4B-4A40-BF77-4DC2496A4781}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Kits Configuration Installer (HKLM-x32\...\{EBC73D1A-BF2B-38E0-4E8E-77511F951ABC}) (Version: 10.1.10586.212 - Microsoft) Hidden
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Macrium Reflect Home Edition (HKLM\...\{81A918E0-7D77-455A-AF65-4F8AD5698FB3}) (Version: 7.0.2199 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 7.0 - Paramount Software (UK) Ltd.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Max 7 (64-bit) (HKLM\...\{23261731-0D66-4BDF-8221-D388AC2863FB}) (Version: 7.3.4 - Cycling '74)
Melodics version 1.0.4113.0 (HKLM\...\Melodics_is1) (Version: 1.0.4113.0 - )
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{BA62A9E2-7BB4-4D4A-8C5F-CC03C35491BD}) (Version: 4.6.00079 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{6C8591F8-C4FC-4A64-9E21-7F35F1D51D09}) (Version: 4.6.00079 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.8625.2121 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Development Tools (HKLM-x32\...\{E1A19E8F-EBA7-0CBD-F146-F71E2A55EA41}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
MSI Intel Extreme Tuning Utility (HKLM-x32\...\{56351c83-306c-4135-a570-2784d3025548}) (Version: 5.1.0.101 - Intel Corporation)
MSI Intel Extreme Tuning Utility (HKLM-x32\...\{B58B40C4-8803-45AD-A5D2-06594D76AF49}) (Version: 5.1.0.101 - Intel Corporation) Hidden
MSI Smart Utilities (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.10 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyGeniusClient (HKLM-x32\...\{B93565F0-C7E6-45B2-931B-61BF654B74E9}) (Version: 1.0.63.1 - DimWare S.r.l.) Hidden
MyGeniusClient (HKLM-x32\...\MyGeniusClient) (Version: 1.0.63.1 - MyGeniusClient)
MZ-Tools 8.0 - VBA (HKCU\...\{A831F45B-3864-4D2E-B586-3E7DCEB5EA66}_is1) (Version:  - MZTools Software)
Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.73 - DJI Interprises, LLC)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Permissions Time Machine Lite version 1.4.2.1 (HKLM-x32\...\{D78B4EF2-1766-44FB-95AE-A66B124ABF86}_is1) (Version: 1.4.2.1 - AMYD Projects)
Photo GPS Extract 5.5 (HKLM-x32\...\{752477D9-A82C-4A2C-9A81-C45E4BDE9FD7}) (Version: 5.5.0 - bvsystems.be)
Pianoteq Trial version 6.0.2 (HKLM\...\Pianoteq 6 APPID_is1) (Version: 6.0.2 - Modartt)
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
QGIS Wien 2.8.2 Wien (HKLM\...\QGIS Wien) (Version:  - QGIS Development Team)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.12.12 - Intuit)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
R for Windows 3.3.1 (HKLM\...\R for Windows 3.3.1_is1) (Version: 3.3.1 - R Core Team)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.00.830 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7848 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
RoboForm 8-4-3-3 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-4-3-3 - Siber Systems)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
SDK Debuggers (HKLM-x32\...\{026E12C2-B6A7-C9BD-EB0D-8EFC5BA3D03D}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Sennheiser 3D G4ME1 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}) (Version: 1.00.0004 - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
SiSoftware Sandra Lite 2015i (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2496}_is1) (Version: 21.12.2015.1 - SiSoftware)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{588591F5-74D7-4646-87C5-6A07E526F303}) (Version: 12.3.2 - TechSmith Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 1.0.65.320.gac7a8e02 - Spotify AB)
Stardock Fences 3 (HKLM-x32\...\Stardock Fences 3) (Version: 3.05 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.8.5 (HKLM\...\SteelSeries Engine 3) (Version: 3.8.5 - SteelSeries ApS)
StorageCraft Recovery Environment Builder (HKLM-x32\...\{E7D74BEE-DCEF-4D4A-A7DC-A8BF0AAE920A}) (Version: 1.1.6 - StorageCraft Technology Corporation) Hidden
StorageCraft Recovery Environment Builder (HKLM-x32\...\{fd1395b8-45df-4ce4-b3c3-db59416ab95c}) (Version: 1.1.6 - StorageCraft Technology Corporation)
StorageCraft ShadowProtect (HKLM-x32\...\ShadowProtect) (Version: 5.2.3.37285 - StorageCraft Technology Corporation (STC))
tastyworks (HKLM\...\{com.tastyworks.desktop}}_is1) (Version: 0.5.0 - tastyworks, inc)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
TM VBA-Inspector (HKLM-x32\...\{D40AB3EA-9F26-4D90-BB00-203552F511E3}) (Version: 1.45.58 - Team-Moeller.de)
TMPGEnc Video Mastering Works 5 Trial (HKLM-x32\...\{F476ED23-10A8-4CA6-92C2-8BB58C2FD784}) (Version: 5.5.2.107 - Pegasys Inc.)
TRENDnet Powerline Utility (HKLM-x32\...\{F50B55DD-1015-401C-95D0-58175473F174}) (Version: 6.0.1 - TRENDnet)
TRENDnet Powerline Utility (HKLM-x32\...\TRENDnet Powerline Utility) (Version: 6.0.0.0 - TRENDnet Corporation.)
TunerPro v5.00 (HKLM-x32\...\TunerPro_is1) (Version:  - )
Turbo LAN v10.09 (HKLM\...\Turbo LAN) (Version: 10.09 - cFos Software GmbH, Bonn)
Universal CRT Extension SDK (HKLM-x32\...\{315BBDA9-CE84-D465-59F8-B9C765D953AC}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{F4E7226B-6A1C-F4D6-1109-6E1CD5B3E633}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{2268A04F-5702-C969-FA06-D4EF52E5C8DA}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{463CE323-9AD6-9DD4-24C8-649032E5CF09}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{162CBC73-EDF0-EBB8-2782-F7ABF9CE5B76}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{AF5B9C51-F99A-59CC-70F5-214E9B535EE3}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{17515373-7495-4995-9089-B7D6DF455C38}) (Version: 2.6.0.0 - Microsoft Corporation)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-1 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Player (HKLM\...\{E452E727-86B8-4233-8CC3-41FD817AFAFF}) (Version: 7.0.0 - VMware, Inc.) Hidden
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.0.0 - VMware, Inc)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Wealth-Lab Pro 6.9 (64-bit) (HKLM\...\{943B7EE3-3720-4307-8F13-7305E9F1D730}) (Version: 6.9.1 - Fidelity Investments)
What's my computer doing 1.xx (HKLM-x32\...\{3F702F22-A623-4B6A-41BD-420700558223}_is1) (Version:  - ITSTH)
WhoCrashed 5.54 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
WinAppDeploy (HKLM-x32\...\{78FFF2DE-FA9A-2A05-374D-D8B8B16A79A3}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{75C39BA6-1D02-4BEA-844F-0EA6C4B7FA1B}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{5344751D-65BA-1995-1643-880B753C4F96}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{81EC5D95-C75A-327E-C42F-6EEFD36FCFF9}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{41616D0E-0BDB-664F-F982-48D730E339FF}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{DF6D11AE-A3BA-3316-C2F7-0F56BA5FDE90}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{FA7B691F-37D3-F76F-3AEC-78A7685E83DC}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{1A6370BB-F59E-80A9-C508-EFED1C29BF1A}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{0148377B-95A0-E3CD-CA6E-D5CA11E7DB7D}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{0072A9DC-6895-BACD-6F7D-600FC7B15A1B}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (HKLM-x32\...\{74B9E6F9-1793-4E90-22A1-A42254D04453}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (HKLM-x32\...\{1EE3550B-B5FB-B866-C153-1C609FBC1E89}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WPT Redistributables (HKLM-x32\...\{E2F5BEAC-556D-61E0-D92A-B28E22F6924A}) (Version: 10.1.10586.212 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{F490B5C5-AD01-DECE-F111-EBFDBC60AE3A}) (Version: 10.1.10586.212 - Microsoft) Hidden
WSCC 2.5.0.6 (HKLM-x32\...\WSCC_is1) (Version: 2.5.0.6 - KirySoft)
 
========================= Devices: ================================
 
Name: UMC404HD 192k DFU
Description: UMC404HD 192k DFU
Class Guid: 
Manufacturer: 
Service: 
Device ID: USB\VID_1397&PID_0509&MI_05\7&90C0F05&1&0005
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: UMC404HD 192k
Description: USB Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: (Generic USB Audio)
Service: usbaudio
Device ID: USB\VID_1397&PID_0509&MI_03\7&90C0F05&1&0003
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 61%
Total physical RAM: 24488.45 MB
Available physical RAM: 9491.19 MB
Total Virtual: 24688.45 MB
Available Virtual: 5281.85 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:428.15 GB) (Free:64.9 GB) NTFS
2 Drive d: (Samsung 850 512GB) (Fixed) (Total:429.12 GB) (Free:266.16 GB) NTFS
3 Drive e: () (Fixed) (Total:237.81 GB) (Free:50.88 GB) NTFS
5 Drive g: (WD Black 3TB Backup) (Fixed) (Total:2794.39 GB) (Free:255.38 GB) NTFS
7 Drive r: (RamDisk) (Fixed) (Total:2 GB) (Free:1.98 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\KATANA
 
Administrator            David H. Brown           DefaultAccount           
Guest                    
 
========================= Restore Points ==================================
 
14-11-2017 20:19:31 Windows Update
 
**** End of log ****
 
__________
 
Malwarebytes
 
Note:  This log is from Malwarebytes Premium 3.2.2 with RootKit detection enabled.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/15/17
Scan Time: 2:11 AM
Log File: 23e09354-c9d4-11e7-9271-382c4a6edcb3.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3259
License: Premium
 
-System Information-
OS: Windows 10 (Build 15063.674)
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 563231
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 11 min, 46 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
__________
 
RKill
 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/15/2017 10:37:52 AM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\David H. Brown\AppData\Local\Apps\2.0\DTENX2EB.O39\LRV2PQVV.2AR\fide...app_537d389b7f9068e8_000a.0006_f8864312a22f570b\ActiveTraderPro.exe (PID: 19244) [UP-HEUR]
 * C:\Users\David H. Brown\AppData\Local\Apps\2.0\DTENX2EB.O39\LRV2PQVV.2AR\fide...app_537d389b7f9068e8_000a.0006_f8864312a22f570b\CefSharp.BrowserSubprocess.exe (PID: 9076) [UP-HEUR]
 * C:\Users\David H. Brown\AppData\Local\Apps\2.0\DTENX2EB.O39\LRV2PQVV.2AR\fide...app_537d389b7f9068e8_000a.0006_f8864312a22f570b\CefSharp.BrowserSubprocess.exe (PID: 14668) [UP-HEUR]
 
3 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 11/15/2017 10:38:33 AM
Execution time: 0 hours(s), 0 minute(s), and 40 seconds(s)
 


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:26 PM

Posted 20 November 2017 - 09:14 PM

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.


-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


p22002970.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 GOWRON

GOWRON
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 22 November 2017 - 09:49 AM

TFC run, 604MB removed.

 

AdwCleaner

 

# AdwCleaner 7.0.4.0 - Logfile created on Fri Nov 17 20:03:25 2017
# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IconOverlayEx
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C1].txt - [1706 B] - [2015/10/28 20:18:22]
C:/AdwCleaner/AdwCleaner[C2].txt - [1847 B] - [2017/6/13 22:24:51]
C:/AdwCleaner/AdwCleaner[S1].txt - [1672 B] - [2015/10/28 20:12:29]
C:/AdwCleaner/AdwCleaner[S2].txt - [1310 B] - [2017/6/13 22:23:24]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########
 
__________
 
Sophos Virus Removal Tool
 
No threats found.
 
__________
 
So, is this just a memory leak somewhere?


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:26 PM

Posted 22 November 2017 - 08:39 PM

In Windows 10 memory usage really doesn't matter but CPU usage does.

 

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
NOTE. Windows Vista, 7, 8 and 10 users right click on procexp.exe, click "Run As Administrator".
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Paste the content into your next reply.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 GOWRON

GOWRON
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 27 November 2017 - 06:58 PM

ProcExp.txt

 

Process PID CPU Private Bytes Working Set Description Company Name Command Line
3DG4me.exe 19508 2,384 K 2,812 K 3DG4me1 MFC Application "C:\Windows\System\3DG4me.exe" 
aaHMSvc.exe 5036 5,872 K 2,148 K ASUSTeK Computer Inc. "C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe"
Ableton Live 9 Suite.exe 6692 0.42 891,224 K 366,072 K Ableton "C:\ProgramData\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe" 
acrotray.exe 3120 6,760 K 9,736 K AcroTray Adobe Systems Inc. "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe" 
Adguard.exe 19588 0.02 147,796 K 19,620 K AdGuard for Windows Performix LLC "C:\Program Files (x86)\Adguard\Adguard.exe" /nosplash
AdguardSvc.exe 4976 0.11 235,964 K 22,956 K AdGuard for Windows Performix LLC "C:\Program Files (x86)\Adguard\AdguardSvc.exe"
AGSService.exe 5072 < 0.01 5,068 K 9,268 K Adobe Genuine Software Integrity Service Adobe Systems, Incorporated "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
AiChargerPlus.exe 2944 1,804 K 2,776 K AiChargerPlus Application ASUSTek Computer Inc. "C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" 
AISuite3.exe 12796 < 0.01 111,340 K 9,012 K ASUSTeK Computer Inc. "C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe" -schedule
AppleMobileDeviceService.exe 47896 < 0.01 4,928 K 12,336 K MobileDeviceService Apple Inc. "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
ApplePhotoStreams.exe 45864 12,624 K 26,348 K iCloud Photo Stream Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" -Embedding
ApplicationFrameHost.exe 5596 5,188 K 10,452 K Application Frame Host Microsoft Corporation C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
APSDaemon.exe 20456 331,656 K 15,260 K Apple Push Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" -Embedding
armsvc.exe 4968 1,404 K 1,476 K Adobe Acrobat Update Service Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
AsSysCtrlService.exe 5020 1,412 K 1,180 K "C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe"
AsusFanControlService.exe 5044 4,000 K 1,784 K ASUS Motherboard Fan Control Service ASUSTeK Computer Inc. "C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.17\AsusFanControlService.exe"
AsusMiniBar.exe 18860 9,876 K 4,112 K "C:\Program Files (x86)\ASUS\AI Suite III\ASUSMiniBar.exe" -s
atkexComSvc.exe 5012 8,088 K 2,152 K "C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe"
audiodg.exe 11024 22,044 K 14,476 K Windows Audio Device Graph Isolation Microsoft Corporation C:\WINDOWS\system32\AUDIODG.EXE 0x7b0
BrmfRsmg.exe 5056 1,272 K 736 K Brother MFL Pro Resource Manager Brother Industries, Ltd. C:\WINDOWS\system32\BrmfRsmg.exe -service
BrmfRsmg.exe 5552 0.19 2,104 K 1,512 K Brother MFL Pro Resource Manager Brother Industries, Ltd. C:\WINDOWS\system32\BrmfRsmg.exe -process -overmain -load -open
BtwRSupportService.exe 5028 2,000 K 1,568 K Bluetooth Radio Management Support Broadcom Corporation. C:\WINDOWS\system32\BtwRSupportService.exe
CCleaner64.exe 20016 < 0.01 17,024 K 5,516 K CCleaner Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
cfosspeed.exe 19672 0.08 4,772 K 6,440 K cFosSpeed Window cFos Software GmbH "C:\Program Files\ASUS\Turbo LAN\cfosspeed.exe" 
chrome.exe 8156 0.26 288,360 K 170,988 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 
chrome.exe 2796 4,724 K 3,412 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\David H. Brown\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\David H. Brown\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\David H. Brown\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=62.0.3202.94 --initial-client-data=0x2e4,0x2f0,0x2f4,0x2e8,0x2f8,0x7ffb31f927e8,0x7ffb31f927a8,0x7ffb31f927b8
chrome.exe 8236 4,696 K 3,100 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=14500 --on-initialized-event-handle=928 --parent-handle=932 /prefetch:6
chrome.exe 23128 0.09 609,708 K 203,940 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1672,17694855829836704315,10948759857620447735,131072 --gpu-vendor-id=0x10de --gpu-device-id=0x13c0 --gpu-driver-vendor=NVIDIA --gpu-driver-version=23.21.13.8831 --gpu-driver-date=11-14-2017 --service-request-channel-token=52D379D12BDAD1B1EFCCEDA79FF7B7A1 --mojo-platform-channel-handle=1688 --ignored=" --type=renderer " /prefetch:2
chrome.exe 19636 58,172 K 16,136 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,17694855829836704315,10948759857620447735,131072 --service-pipe-token=851484B5AF4B40E6525ECEF640956C85 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=851484B5AF4B40E6525ECEF640956C85 --renderer-client-id=4 --mojo-platform-channel-handle=3340 /prefetch:1
chrome.exe 16356 30,844 K 9,632 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,17694855829836704315,10948759857620447735,131072 --service-pipe-token=AF0350D556C7FA986172116387992717 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=AF0350D556C7FA986172116387992717 --renderer-client-id=5 --mojo-platform-channel-handle=3364 /prefetch:1
chrome.exe 3692 < 0.01 78,668 K 31,680 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,17694855829836704315,10948759857620447735,131072 --service-pipe-token=A343F7F83A838D19A1F852FA7B6EBE82 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=A343F7F83A838D19A1F852FA7B6EBE82 --renderer-client-id=6 --mojo-platform-channel-handle=3380 /prefetch:1
chrome.exe 2572 0.03 303,692 K 158,476 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,17694855829836704315,10948759857620447735,131072 --service-pipe-token=212FD179DE4388E6B16638FD69DCB5EF --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=212FD179DE4388E6B16638FD69DCB5EF --renderer-client-id=11 --mojo-platform-channel-handle=6496 /prefetch:1
chrome.exe 24680 86,468 K 5,644 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,17694855829836704315,10948759857620447735,131072 --service-pipe-token=D8001613532CF9CCF1601E25B3FE3F65 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=D8001613532CF9CCF1601E25B3FE3F65 --renderer-client-id=76 --mojo-platform-channel-handle=11300 /prefetch:1
chrome.exe 30504 130,300 K 7,472 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,17694855829836704315,10948759857620447735,131072 --service-pipe-token=CD4258836052CFCAFDEEB3934609120C --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=CD4258836052CFCAFDEEB3934609120C --renderer-client-id=77 --mojo-platform-channel-handle=9320 /prefetch:1
chrome.exe 30224 < 0.01 137,608 K 66,884 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,17694855829836704315,10948759857620447735,131072 --service-pipe-token=893DB6D73C2B382020FA6DA8C6C57050 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=893DB6D73C2B382020FA6DA8C6C57050 --renderer-client-id=81 --mojo-platform-channel-handle=8680 /prefetch:1
chrome.exe 26940 < 0.01 81,016 K 54,112 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,17694855829836704315,10948759857620447735,131072 --service-pipe-token=AF020C95A1B34410C133EA5FA4959F18 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=AF020C95A1B34410C133EA5FA4959F18 --renderer-client-id=88 --mojo-platform-channel-handle=8228 /prefetch:1
chrome.exe 18252 69,020 K 26,372 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,17694855829836704315,10948759857620447735,131072 --service-pipe-token=16B884B00254F3AA77CC61122E2ABA5B --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=16B884B00254F3AA77CC61122E2ABA5B --renderer-client-id=92 --mojo-platform-channel-handle=10964 /prefetch:1
chrome.exe 39660 61,432 K 53,100 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,17694855829836704315,10948759857620447735,131072 --service-pipe-token=B3C6034F789B60F0A82EF69ED3420A5B --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=B3C6034F789B60F0A82EF69ED3420A5B --renderer-client-id=125 --mojo-platform-channel-handle=2404 /prefetch:1
chrome.exe 41356 0.20 100,028 K 123,416 K Google Chrome Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,17694855829836704315,10948759857620447735,131072 --service-pipe-token=4E8FA8236E11CFB95AB51F9AC0C64C7F --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-request-channel-token=4E8FA8236E11CFB95AB51F9AC0C64C7F --renderer-client-id=272 --mojo-platform-channel-handle=10244 /prefetch:1
ClassicStartMenu.exe 13248 3,460 K 2,392 K Classic Start Menu IvoSoft ClassicStartMenu.exe -startup
cmd.exe 17704 6,384 K 1,608 K Windows Command Processor Microsoft Corporation C:\WINDOWS\system32\cmd.exe /d /c "C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe" chrome-extension://pnlccmojcmeohlpggmfnbbiapkmbliob/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.bc0748d4c8a5887c > \\.\pipe\chrome.nativeMessaging.out.bc0748d4c8a5887c
conhost.exe 4372 1,336 K 1,368 K Console Window Host Microsoft Corporation \??\C:\WINDOWS\system32\conhost.exe 0x4
conhost.exe 7028 1,512 K 1,492 K Console Window Host Microsoft Corporation \??\C:\WINDOWS\system32\conhost.exe 0x4
conhost.exe 5696 1,488 K 1,392 K Console Window Host Microsoft Corporation \??\C:\WINDOWS\system32\conhost.exe 0x4
conhost.exe 19440 2,244 K 2,472 K Console Window Host Microsoft Corporation \??\C:\WINDOWS\system32\conhost.exe 0x4
conhost.exe 38348 1,300 K 5,788 K Console Window Host Microsoft Corporation \??\C:\WINDOWS\system32\conhost.exe 0x4
CrashPlanService.exe 5228 0.45 3,263,648 K 1,006,308 K CrashPlan backup engine which backs up your files! Code 42 Software "C:\Program Files\CrashPlan\CrashPlanService.exe"
CrashPlanTray.exe 5668 < 0.01 1,568 K 2,468 K Windows system tray interface to CrashPlan Code 42 Software, Inc. "C:\Program Files\CrashPlan\CrashPlanTray.exe" 
CryptoPreventMonSvc.exe 5064 17,756 K 5,052 K CryptoPreventMonSvc Foolish IT LLC "c:\program files (x86)\foolish it\cryptoprevent\cryptopreventmonsvc.exe"
CryptoPreventNotification.exe 21116 19,228 K 8,564 K CryptoPrevent Notification Module Foolish IT LLC "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventNotification.exe" 
csrss.exe 972 < 0.01 1,964 K 2,300 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
csrss.exe 740 0.11 3,560 K 2,824 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
dasHost.exe 2868 9,028 K 7,212 K Device Association Framework Provider Host Microsoft Corporation dashost.exe {80f093ca-64ac-4a12-b1f73c2386a7de83}
DbxSvc.exe 5104 2,576 K 1,628 K Dropbox Service Dropbox, Inc. C:\WINDOWS\system32\DbxSvc.exe
DexControl.exe 21752 < 0.01 2,072 K 2,036 K Dexpot Full-screen preview and Window catalog Dexpot GbR "C:\Program Files (x86)\Dexpot\plugins\DexControl.exe" 
dexpot.exe 13228 0.08 7,964 K 19,628 K Dexpot - Virtual desktops for Windows Dexpot GbR "C:\Program Files (x86)\Dexpot\dexpot.exe"
Dexpot64.exe 20068 0.02 1,416 K 1,640 K Dexpot64 Message Window Dexpot GbR "C:\Program Files (x86)\Dexpot\Dexpot64.exe" 
df.exe 14124 < 0.01 9,544 K 16,728 K Direct Folders Code Sector "C:\Program Files (x86)\Direct Folders\df.exe" 
df64.exe 16216 1,656 K 1,620 K Direct Folder Helper x64 Code Sector Inc. "C:\Program Files (x86)\Direct Folders\df64.exe"
DipAwayMode.exe 12552 16,416 K 3,800 K "C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe"
dllhost.exe 34044 0.09 2,740 K 10,856 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{53362C64-A296-4F2D-A2F8-FD984D08340B}
Dropbox.exe 5384 328,460 K 98,372 K Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
Dropbox.exe 5448 2,140 K 2,600 K Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:crashpad-handler --no-upload-gzip --no-rate-limit "--database=C:\Users\David H. Brown\AppData\Local\Dropbox\Crashpad" --metrics-dir=0 --url=https://d.dropbox.com/report_crashpad_minidump --https-pin=0x23,0xf2,0xed,0xff,0x3e,0xde,0x90,0x25,0x9a,0x9e,0x30,0xf4,0xa,0xf8,0xf9,0x12,0xa5,0xe5,0xb3,0x69,0x4e,0x69,0x38,0x44,0x3,0x41,0xf6,0x6,0xe,0x1,0x4f,0xfa --https-pin=0xaf,0xf9,0x88,0x90,0x6d,0xde,0x12,0x95,0x5d,0x9b,0xeb,0xbf,0x92,0x8f,0xdc,0xc3,0x1c,0xce,0x32,0x8d,0x5b,0x93,0x84,0xf2,0x1c,0x89,0x41,0xca,0x26,0xe2,0x3,0x91 --https-pin=0x5a,0x88,0x96,0x47,0x22,0xe,0x54,0xd6,0xbd,0x8a,0x16,0x81,0x72,0x24,0x52,0xb,0xb5,0xc7,0x8e,0x58,0x98,0x4b,0xd5,0x70,0x50,0x63,0x88,0xb9,0xde,0xf,0x7,0x5f --https-pin=0xfe,0xa2,0xb7,0xd6,0x45,0xfb,0xa7,0x3d,0x75,0x3c,0x1e,0xc9,0xa7,0x87,0xc,0x40,0xe1,0xf7,0xb0,0xc5,0x61,0xe9,0x27,0xb9,0x85,0xbf,0x71,0x18,0x66,0xe3,0x6f,0x22 --https-pin=0x76,0xee,0x85,0x90,0x37,0x4c,0x71,0x54,0x37,0xbb,0xca,0x6b,0xba,0x60,0x28,0xea,0xdd,0xe2,0xdc,0x6d,0xbb,0xb8,0xc3,0xf6,0x10,0xe8,0x51,0xf1,0x1d,0x1a,0xb7,0xf5 --https-pin=0x6d,0xbf,0xae,0x0,0xd3,0x7b,0x9c,0xd7,0x3f,0x8f,0xb4,0x7d,0xe6,0x59,0x17,0xaf,0x0,0xe0,0xdd,0xdf,0x42,0xdb,0xce,0xac,0x20,0xc1,0x7c,0x2,0x75,0xee,0x20,0x95 --https-pin=0x1e,0xa3,0xc5,0xe4,0x3e,0xd6,0x6c,0x2d,0xa2,0x98,0x3a,0x42,0xa4,0xa7,0x9b,0x1e,0x90,0x67,0x86,0xce,0x9f,0x1b,0x58,0x62,0x14,0x19,0xa0,0x4,0x63,0xa8,0x7d,0x38 --https-pin=0x87,0xaf,0x34,0xd6,0x6f,0xb3,0xf2,0xfd,0xf3,0x6e,0x9,0x11,0x1e,0x9a,0xba,0x2f,0x6f,0x44,0xb2,0x7,0xf3,0x86,0x3f,0x3d,0xb,0x54,0xb2,0x50,0x23,0x90,0x9a,0xa5 --https-pin=0xbc,0xfb,0x44,0xaa,0xb9,0xad,0x2,0x10,0x15,0x70,0x6b,0x41,0x21,0xea,0x76,0x1c,0x81,0xc9,0xe8,0x89,0x67,0x59,0xf,0x6f,0x94,0xae,0x74,0x4d,0xc8,0x8b,0x78,0xfb --https-pin=0xab,0x98,0x49,0x52,0x76,0xad,0xf1,0xec,0xaf,0xf2,0x8f,0x35,0xc5,0x30,0x48,0x78,0x1e,0x5c,0x17,0x18,0xda,0xb9,0xc8,0xe6,0x7a,0x50,0x4f,0x4f,0x6a,0x51,0x32,0x8f --https-pin=0x49,0x5,0x46,0x66,0x23,0xab,0x41,0x78,0xbe,0x92,0xac,0x5c,0xbd,0x65,0x84,0xf7,0xa1,0xe1,0x7f,0x27,0x65,0x2d,0x5a,0x85,0xaf,0x89,0x50,0x4e,0xa2,0x39,0xaa,0xaa --https-pin=0x56,0x32,0xd9,0x7b,0xfa,0x77,0x5b,0xf3,0xc9,0x9d,0xde,0xa5,0x2f,0xc2,0x55,0x34,0x10,0x86,0x40,0x16,0x72,0x9c,0x52,0xdd,0x65,0x24,0xc8,0xa9,0xc3,0xb4,0x48,0x9f --https-pin=0x2a,0x8f,0x2d,0x8a,0xf0,0xeb,0x12,0x38,0x98,0xf7,0x4c,0x86,0x6a,0xc3,0xfa,0x66,0x90,0x54,0xe2,0x3c,0x17,0xbc,0x7a,0x95,0xbd,0x2,0x34,0x19,0x2d,0xc6,0x35,0xd0 --https-pin=0x32,0xb6,0x4b,0x66,0x72,0x7a,0x20,0x63,0xe4,0x6,0x6f,0x3b,0x95,0x8c,0xb0,0xaa,0xee,0x57,0x6a,0x5e,0xce,0xfd,0x95,0x33,0x99,0xbb,0x88,0x74,0x73,0x1d,0x95,0x87 --https-pin=0xf5,0x3c,0x22,0x5,0x98,0x17,0xdd,0x96,0xf4,0x0,0x65,0x16,0x39,0xd2,0xf8,0x57,0xe2,0x10,0x70,0xa5,0x9a,0xbe,0xd9,0x7,0x94,0x0,0xd9,0xf6,0x95,0x50,0x69,0x0 --https-pin=0x67,0xdc,0x4f,0x32,0xfa,0x10,0xe7,0xd0,0x1a,0x79,0xa0,0x73,0xaa,0xc,0x9e,0x2,0x12,0xec,0x2f,0xfc,0x3d,0x77,0x9e,0xa,0xa7,0xf9,0xc0,0xf0,0xe1,0xc2,0xc8,0x93 --https-pin=0x19,0x6,0xc6,0x12,0x4d,0xbb,0x43,0x85,0x78,0xd0,0xe,0x6,0x6d,0x50,0x54,0xc6,0xc3,0x7f,0xf,0xa6,0x2,0x8c,0x5,0x54,0x5e,0x9,0x94,0xed,0xda,0xec,0x86,0x29 --https-pin=0x1d,0x75,0xd0,0x83,0x1b,0x9e,0x8,0x85,0x39,0x4d,0x32,0xc7,0xa1,0xbf,0xdb,0x3d,0xbc,0x1c,0x28,0xe2,0xb0,0xe8,0x39,0x1f,0xb1,0x35,0x98,0x1d,0xbc,0x5b,0xa9,0x36 --annotation=buildno=Dropbox-win-39.4.49 --annotation=client_session_id=68985b3e-2176-498f-abf1-8acfcf0faba6 --annotation=host_int_account1_boot=4527922090 --annotation=machine_id=349cfbc2-a4f5-4895-b23e-776c6299da52 --annotation=platform=win --annotation=platform_version=10 --initial-client-data=0x200,0x218,0x21c,0x214,0x220,0xf7d6dc0,0xf7d6dd0,0xf7d6de0
Dropbox.exe 5620 2,688 K 1,668 K Dropbox Dropbox, Inc. "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" -type:exit-monitor -session-token:68985b3e-2176-498f-abf1-8acfcf0faba6 -target-handle:532 -target-shutdown-event:544 "-target-command-line:\"C:\Program Files (x86)\Dropbox\Client\Dropbox.exe\" /systemstartup" -method:collectupload -handler-pipe:\\.\pipe\crashpad_5384_MGHDGUQZDEMIFPMN
DTSU2PAuSrv64.exe 5192 < 0.01 2,232 K 3,944 K DTS Audio Service DTS, Inc "C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe"
dwm.exe 1508 0.22 108,660 K 40,088 K Desktop Window Manager Microsoft Corporation "dwm.exe"
Eraser.exe 15620 46,480 K 20,456 K Eraser The Eraser Project "C:\Program Files\Eraser\Eraser.exe" --atRestart
Evernote.exe 1192 < 0.01 67,784 K 26,896 K Evernote Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 "C:\Program Files (x86)\Evernote\Evernote\Evernote.exe" /Hide 
EvernoteClipper.exe 3236 < 0.01 3,776 K 2,496 K Evernote Clipper Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 "C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe" 
EvernoteTray.exe 21416 < 0.01 3,748 K 3,580 K Evernote Tray Application Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 "C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe" 
eWallet.exe 22236 < 0.01 67,880 K 20,332 K eWallet Ilium Software, Inc. "C:\Program Files (x86)\Ilium Software\eWallet\eWallet.exe" 
EXCEL.EXE 11724 < 0.01 69,436 K 52,204 K Microsoft Excel Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
explorer.exe 31972 3.45 1,060,040 K 313,788 K Windows Explorer Microsoft Corporation "C:\Windows\explorer.exe" /LOADSAVEDWINDOWS
FNPLicensingService.exe 1736 2,892 K 2,132 K Activation Licensing Service Macrovision Europe Ltd. "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
fontdrvhost.exe 1252 19,176 K 6,644 K Usermode Font Driver Host Microsoft Corporation "fontdrvhost.exe"
fontdrvhost.exe 1260 6,776 K 1,360 K Usermode Font Driver Host Microsoft Corporation "fontdrvhost.exe"
GameScannerService.exe 4580 < 0.01 26,152 K 4,080 K GameScannerService "C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe"
gnubg.exe 12488 < 0.01 115,904 K 70,612 K "C:\Program Files (x86)\gnubg\gnubg.exe" 
GWCtlSrv.exe 5132 0.44 1,042,244 K 102,268 K GlassWire Control Service SecureMix LLC "D:\Downloaded Programs\GlassWire\Install\GlassWire\GWCtlSrv.exe"
GWIdlMon.exe 9448 0.04 12,888 K 4,484 K GlassWire Computer Idle Monitor SecureMix LLC "D:\Downloaded Programs\GlassWire\Install\GlassWire\GWIdlMon.exe" --cookie 4471060974603 --port 26887
ICCProxy.exe 18668 1,992 K 1,220 K Intel® Integrated Clock Controller Service - Intel® ICCS Intel Corporation "C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe"
iCloudDrive.exe 29028 15,268 K 24,056 K iCloud Drive Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" 
iCloudPhotos.exe 1172 7,804 K 20,976 K iCloud Photo Library Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe" reloadsettings
iCloudServices.exe 47832 < 0.01 42,928 K 49,076 K iCloud Services Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" -Embedding
imdsksvc.exe 5124 880 K 720 K ImDisk Virtual Disk Driver helper service Olof Lagerkvist C:\WINDOWS\system32\imdsksvc.exe
Interrupts n/a 0.50 0 K 0 K Hardware Interrupts and DPCs
iPodService.exe 42692 < 0.01 2,540 K 7,436 K iPod Service Apple Inc. "C:\Program Files\iPod\bin\iPodService.exe"
IpOverUsbSvc.exe 5112 8,288 K 2,388 K Windows IP Over USB PC Service Microsoft Corporation "C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe"
IPROSetMonitor.exe 5156 1,480 K 1,000 K Intel® PROSet Monitoring Service Intel Corporation C:\WINDOWS\system32\IProsetMonitor.exe
isa.exe 1740 10,372 K 3,148 K Intel® Security Assist Intel Corporation "C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe"
iTunesHelper.exe 48176 < 0.01 5,008 K 15,220 K iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
jhi_service.exe 5080 1,392 K 1,308 K Intel® Dynamic Application Loader Host Interface Intel Corporation "C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe"
jusched.exe 21784 3,568 K 7,200 K Java Update Scheduler Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 
Launchy.exe 1912 22,800 K 23,672 K "C:\Program Files (x86)\Launchy\Launchy.exe" 
LMS.exe 4452 3,092 K 1,732 K Intel® Local Management Service Intel Corporation "C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe"
lsass.exe 1164 < 0.01 17,752 K 13,072 K Local Security Authority Process Microsoft Corporation C:\WINDOWS\system32\lsass.exe
MacriumService.exe 5168 5,580 K 5,772 K Macrium Reflect Utility Service Paramount Software UK Ltd "C:\Program Files\Macrium\Common\MacriumService.exe"
MBAMService.exe 5200 4.23 432,536 K 171,648 K Malwarebytes Service Malwarebytes "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
mbamtray.exe 10708 < 0.01 17,120 K 10,772 K Malwarebytes Tray Application Malwarebytes "C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe" 
mDNSResponder.exe 2160 2,084 K 3,040 K Bonjour Service Apple Inc. "C:\Program Files\Bonjour\mDNSResponder.exe"
Memory Compression 6108 0.01 5,592 K 2,248,012 K
MountNotify.exe 21124 < 0.01 1,136 K 1,464 K MountNotify.exe signals File Explorer and other applications when drive letters have been assigned or unassigned.  MountNotify.exe is only needed in cases where StorageCraft's mounter is called from the context of an NT Service. StorageCraft Technology Corporation "C:\Program Files (x86)\StorageCraft\ShadowProtect\MountNotify.exe" 
mqsvc.exe 5252 9,932 K 5,948 K Message Queuing Service Microsoft Corporation C:\WINDOWS\system32\mqsvc.exe
MSASCuiL.exe 19108 2,400 K 3,736 K Windows Defender notification icon Microsoft Corporation "C:\Program Files\Windows Defender\MSASCuiL.exe" 
MsMpEng.exe 9200 1.30 219,816 K 219,976 K Antimalware Service Executable Microsoft Corporation "C:\Program Files\Windows Defender\MsMpEng.exe"
NetworkLicenseServer.exe 4904 < 0.01 9,392 K 2,008 K ABBYY network license server ABBYY "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service
newsbinpro64.exe 43848 2.20 298,112 K 291,964 K NewsbinPro Newsgroup Reader CMCEI "C:\Program Files\Newsbin\newsbinpro64.exe" 
NisSrv.exe 11384 13,752 K 8,036 K Microsoft Network Realtime Inspection Service Microsoft Corporation "C:\Program Files\Windows Defender\NisSrv.exe"
nvcontainer.exe 5300 0.01 10,320 K 7,508 K NVIDIA Container NVIDIA Corporation "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
nvcontainer.exe 10612 < 0.01 7,164 K 5,124 K NVIDIA Container NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%dSPUser.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\SPUser" -r -l 3 -p 30000 -c
nvcontainer.exe 11468 58,304 K 19,800 K NVIDIA Container NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -st "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
NVDisplay.Container.exe 5292 5,444 K 5,448 K NVIDIA Container NVIDIA Corporation "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
NVDisplay.Container.exe 7120 < 0.01 25,956 K 8,416 K NVIDIA Container NVIDIA Corporation "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
NVIDIA Share.exe 17052 99,608 K 20,792 K NVIDIA Share NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe"
NVIDIA Share.exe 17780 46,448 K 15,208 K NVIDIA Share NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=renderer --disable-gpu-compositing --no-sandbox --service-pipe-token=1E06A0C25EC9299386B8FCCDE1F0E9D5 --lang=en-US --lang=en-US --log-file="C:\Users\David H. Brown\AppData\Local\NVIDIA Corporation\NVIDIA Share\CefCache\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --disable-gpu-compositing --service-request-channel-token=1E06A0C25EC9299386B8FCCDE1F0E9D5 --renderer-client-id=2 --mojo-platform-channel-handle=1800 /prefetch:1
NVIDIA Web Helper.exe 16004 0.01 37,472 K 10,012 K NVIDIA Web Helper Service Node.js "C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
nvsphelper64.exe 16712 < 0.01 2,944 K 2,584 K NVIDIA ShadowPlay Helper NVIDIA Corporation "C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe"
NvTelemetryContainer.exe 5184 6,224 K 5,752 K NVIDIA Container NVIDIA Corporation "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
OfficeClickToRun.exe 5148 27,700 K 19,308 K Microsoft Office Click-to-Run (SxS) Microsoft Corporation "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
OSPPSVC.EXE 8212 3,596 K 7,168 K Microsoft Office Software Protection Platform Service Microsoft Corporation "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
OUTLOOK.EXE 7536 0.02 209,588 K 159,904 K Microsoft Outlook Microsoft Corporation "C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" 
PhotoshopElementsFileAgent.exe 22080 < 0.01 2,876 K 1,500 K Adobe Photoshop Elements 11.0 (component) Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe"
procexp64.exe 45364 0.53 78,436 K 120,396 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "R:\procexp64.exe" 
PushNoticeMonitor.exe 10616 7,700 K 3,452 K "C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe" 
PushNotify_PCCtrl.exe 15760 27,568 K 3,752 K PushNotify_PCCtrl "C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe" 
RAVBg64.exe 1152 6,884 K 4,108 K HD Audio Background Process Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DTSU2P
RazerIngameEngine.exe 5860 0.07 7,852 K 6,768 K RazerIngameEngine Razer, Inc. "C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe"
ReflectMonitor.exe 16032 0.02 5,012 K 4,900 K Macrium Reflect Disk Imaging and Backup Paramount Software UK Ltd "c:\program files\macrium\common\reflectmonitor.exe"
ReflectUI.exe 4276 4,004 K 3,792 K Macrium Reflect UI Watcher Paramount Software UK Ltd "c:\program files\macrium\common\reflectui.exe"
rf-chrome-nm-host.exe 19064 0.24 16,972 K 22,424 K rf-chrome-nm-host Siber Systems Inc. "C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe"  chrome-extension://pnlccmojcmeohlpggmfnbbiapkmbliob/ --parent-window=0 
robotaskbaricon.exe 19988 0.07 30,664 K 28,796 K RoboForm TaskBar Icon Siber Systems "C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe" 
RtkNGUI64.exe 15980 5,324 K 4,256 K Realtek HD Audio Manager Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
rundll32.exe 20048 1,912 K 2,060 K Windows host process (Rundll32) Microsoft Corporation "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll",StartFences
RuntimeBroker.exe 14164 33,540 K 39,596 K Runtime Broker Microsoft Corporation C:\Windows\System32\RuntimeBroker.exe -Embedding
rzcefrenderprocess.exe 3544 72,892 K 1,984 K Razer Chromium Render Process Razer, Inc. "C:\Users\David H. Brown\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe" --type=gpu-process --channel="1380.0.513481924\1472072228" --no-sandbox --lang=en-US --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,20,45,55 --gpu-vendor-id=0x10de --gpu-device-id=0x13c0 --gpu-driver-vendor=NVIDIA --gpu-driver-version=23.21.13.8831 --lang=en-US /prefetch:822062411
RzStats.Manager.exe 1380 < 0.01 84,752 K 18,288 K RzStats.Manager "C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe" -sync_complete
RzSynapse.exe 21208 < 0.01 82,712 K 22,436 K Razer Synapse Razer Inc. "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" 
sbrun.exe 49116 0.37 92,276 K 92,148 K ShadowProtect CoreLogic StorageCraft Technology Corporation sbrun -mdn ( sbvol -fi \\?\STC_SnapShot_Volume_21_1 \\?\Volume{02fb89fb-5860-40f1-8fa8-88cc4565c89d} : sbcrypt -50 : sbfile -wd G:\SCSP%20Backups\D_VOL-b019.spf )
SearchFilterHost.exe 35828 1,340 K 6,396 K Microsoft Windows Search Filter Host Microsoft Corporation "C:\WINDOWS\system32\SearchFilterHost.exe" 0 704 708 716 8192 712 
SearchIndexer.exe 14788 0.04 98,516 K 81,888 K Microsoft Windows Search Indexer Microsoft Corporation C:\WINDOWS\system32\SearchIndexer.exe /Embedding
SearchProtocolHost.exe 37280 < 0.01 2,348 K 12,196 K Microsoft Windows Search Protocol Host Microsoft Corporation "C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe129_ Global\UsGthrCtrlFltPipeMssGthrPipe129 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
secd.exe 13852 5,032 K 2,192 K Apple Security Manager Apple, Inc. C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe -Embedding
secd.exe 45648 4,672 K 15,260 K Apple Security Manager Apple, Inc. C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe -Embedding
SecurityHealthService.exe 5140 4,784 K 5,584 K Windows Security Health Service Microsoft Corporation C:\WINDOWS\system32\SecurityHealthService.exe
services.exe 1156 < 0.01 8,076 K 7,572 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
sesvc.exe 4328 28,800 K 1,940 K ShadowExplorer www.shadowexplorer.com "C:\Program Files (x86)\ShadowExplorer\sesvc.exe"
SettingSyncHost.exe 17464 2,960 K 1,428 K Host Process for Setting Synchronization Microsoft Corporation C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
ShadowProtectSvc.exe 7484 6.14 33,596 K 20,852 K ShadowProtect Backup Agent StorageCraft Technology Corporation "C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe"
ShellExperienceHost.exe 21356 Suspended 50,752 K 53,668 K Windows Shell Experience Host Microsoft Corporation "C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
sihost.exe 10556 8,804 K 17,836 K Shell Infrastructure Host Microsoft Corporation sihost.exe
smartscreen.exe 38508 12,760 K 27,688 K SmartScreen Microsoft Corporation C:\Windows\System32\smartscreen.exe -Embedding
smss.exe 716 480 K 316 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
SMSvcHost.exe 7624 24,172 K 2,104 K SMSvcHost.exe Microsoft Corporation c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe
SMSvcHost.exe 3660 21,828 K 1,288 K SMSvcHost.exe Microsoft Corporation "c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe" -netmsmqactivator
Snagit32.exe 21316 57,836 K 38,760 K Snagit TechSmith Corporation "C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe" 
SnagitEditor.exe 5872 0.02 51,292 K 24,888 K Snagit Editor TechSmith Corporation "C:\Program Files (x86)\TechSmith\Snagit 12\snagiteditor.exe" /X
SnagPriv.exe 19724 1,896 K 1,588 K Snagit RPC Helper TechSmith Corporation "C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe" 
spd.exe 5484 0.20 8,312 K 8,476 K cFosSpeed Service cFos Software GmbH "C:\Program Files\ASUS\Turbo LAN\spd.exe" -service
Splice.exe 16596 0.03 38,836 K 31,832 K Splice Splice "C:\Users\David H. Brown\AppData\Local\splice\app-3.1.47646\Splice.exe" --squirrel-firstrun
Splice.exe 18444 45,940 K 8,848 K Splice Splice "C:\Users\David H. Brown\AppData\Local\splice\app-3.1.47646\Splice.exe" --type=gpu-process --no-sandbox --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,19,20,23,41,74 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x10de --gpu-device-id=0x13c0 --gpu-driver-vendor=NVIDIA --gpu-driver-version=23.21.13.8831 --gpu-driver-date=11-14-2017 --service-request-channel-token=03EF2DCEBE0FC4CEC11BD70277828A12 --mojo-platform-channel-handle=1632 /prefetch:2
Splice.Helper.exe 18880 0.03 93,944 K 27,312 K Splice Helper Splice, Inc. "C:\Users\David H. Brown\AppData\Local\splice\app-3.1.47646\Splice.Helper.exe" -port 57328 -pid 16596
spoolsv.exe 4432 < 0.01 11,760 K 9,716 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\System32\spoolsv.exe
SpotifyWebHelper.exe 20220 2,168 K 3,020 K SpotifyWebHelper Spotify Ltd "C:\Users\David H. Brown\AppData\Roaming\Spotify\SpotifyWebHelper.exe" 
SteelSeriesEngine3.exe 19728 < 0.01 24,280 K 23,120 K SteelSeries Engine 3 Core SteelSeries ApS "C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe" -dataPath="C:\ProgramData\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true
SuperRAIDSvc.exe 5176 23,724 K 2,492 K SuperRAIDSvc Micro-Star International "C:\MSI\Smart Utilities\SuperRAIDSvc.exe"
svchost.exe 1292 920 K 544 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
svchost.exe 1316 < 0.01 13,132 K 16,884 K Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe 1364 0.08 12,096 K 12,224 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k rpcss
svchost.exe 1416 2,864 K 3,512 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
svchost.exe 1700 1,520 K 1,384 K Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
svchost.exe 1752 1,928 K 2,520 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s lmhosts
svchost.exe 1760 2,572 K 3,408 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservice -s bthserv
svchost.exe 1856 2,592 K 5,180 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
svchost.exe 1864 1,912 K 4,188 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
svchost.exe 1872 2,128 K 1,992 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
svchost.exe 1892 8,380 K 9,904 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s Schedule
svchost.exe 1948 14,296 K 9,188 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
svchost.exe 964 3,356 K 5,336 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s UserManager
svchost.exe 1108 1,724 K 1,612 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
svchost.exe 1100 6,420 K 3,460 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservice -s nsi
svchost.exe 2100 2,620 K 3,764 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
svchost.exe 2224 4,700 K 6,392 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
svchost.exe 2276 2,280 K 2,316 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
svchost.exe 2336 2,136 K 4,468 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservice -s EventSystem
svchost.exe 2344 2,308 K 4,388 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s CscService
svchost.exe 2352 1,316 K 1,416 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s Themes
svchost.exe 2460 3,920 K 5,376 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservice -s netprofm
svchost.exe 2468 0.03 3,736 K 4,804 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k networkservice -s Dnscache
svchost.exe 2528 1,944 K 4,460 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s SENS
svchost.exe 2652 2,416 K 2,896 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
svchost.exe 2660 1,784 K 3,120 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservice -s FontCache
svchost.exe 2932 2,152 K 1,116 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservicenonetwork -s NcdAutoSetup
svchost.exe 2968 3,800 K 5,452 K Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
svchost.exe 3000 1,976 K 3,368 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
svchost.exe 3056 2,984 K 3,532 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s FDResPub
svchost.exe 3080 3,908 K 7,728 K Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
svchost.exe 3104 0.01 14,000 K 18,120 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
svchost.exe 3196 1,740 K 2,072 K Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
svchost.exe 3204 3,676 K 5,160 K Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
svchost.exe 3252 3,552 K 7,648 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k appmodel -s StateRepository
svchost.exe 3316 < 0.01 11,936 K 10,844 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservicenonetwork
svchost.exe 3324 9,780 K 9,152 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc
svchost.exe 3404 2,304 K 5,436 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s HomeGroupProvider
svchost.exe 3536 3,460 K 4,484 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
svchost.exe 3808 3,592 K 3,452 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
svchost.exe 4228 5,308 K 4,756 K Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
svchost.exe 4316 3,368 K 8,368 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
svchost.exe 4544 2,024 K 2,808 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
svchost.exe 5004 5,736 K 5,044 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k apphost -s AppHostSvc
svchost.exe 5088 9,280 K 13,456 K Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k utcsvc
svchost.exe 5096 19,428 K 19,572 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
svchost.exe 3696 5,180 K 5,848 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
svchost.exe 2192 5,140 K 2,300 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k iissvcs
svchost.exe 5212 0.02 5,572 K 8,676 K Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
svchost.exe 5220 2,724 K 5,336 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
svchost.exe 5236 5,776 K 11,032 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
svchost.exe 5588 3,084 K 4,028 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
svchost.exe 6284 1,588 K 2,808 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
svchost.exe 8336 1,768 K 2,540 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s Browser
svchost.exe 10196 3,804 K 7,708 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s WpnService
svchost.exe 10204 1,372 K 1,844 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
svchost.exe 10220 3,904 K 7,684 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
svchost.exe 10576 4,672 K 9,512 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
svchost.exe 11604 7,804 K 20,532 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
svchost.exe 11832 3,368 K 8,964 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
svchost.exe 13208 6,344 K 9,388 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservice -s CDPSvc
svchost.exe 14264 2,532 K 4,152 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
svchost.exe 15344 4,092 K 10,872 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservice -s LicenseManager
svchost.exe 21492 2,596 K 4,256 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
svchost.exe 13380 2,816 K 1,824 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k unistacksvcgroup
svchost.exe 17884 2,312 K 4,284 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
svchost.exe 15580 2,320 K 1,744 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s Netman
svchost.exe 8144 1,500 K 292 K Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k SDRSVC
svchost.exe 5728 4,060 K 8,264 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
svchost.exe 39140 10,092 K 2,248 K Host Process for Windows Services Microsoft Corporation c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DsSvc
svchost.exe 45876 4,548 K 14,772 K Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -s wlidsvc
svchost.exe 43372 2,664 K 6,292 K Host Process for Windows Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost
svchost.exe 17548 1,700 K 6,892 K Host Process for Windows Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs -s gpsvc
System 4 6.93 136 K 24 K
System Idle Process 0 69.99 52 K 8 K
taskhostw.exe 12276 9,588 K 15,860 K Host Process for Windows Tasks Microsoft Corporation taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
taskhostw.exe 22324 6,292 K 16,292 K Host Process for Windows Tasks Microsoft Corporation taskhostw.exe
TeamViewer.exe 12228 < 0.01 18,524 K 14,508 K TeamViewer 9 TeamViewer GmbH "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
TeamViewer_Service.exe 5416 < 0.01 8,508 K 6,728 K TeamViewer 9 TeamViewer GmbH "C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
TscHelp.exe 20516 1,500 K 1,904 K TechSmith HTML Help Helper TechSmith Corporation "C:\Program Files (x86)\TechSmith\Snagit 12\TSCHelp.exe" 
tv_w32.exe 13116 < 0.01 1,444 K 1,472 K TeamViewer 9 TeamViewer GmbH "C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks  --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log  
tv_x64.exe 13144 < 0.01 1,560 K 1,144 K TeamViewer 9 TeamViewer GmbH "C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks  --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log  
UMCAudioCplApp.exe 21304 2,068 K 2,680 K USB Audio Class Driver Control Panel "C:\Program Files\BEHRINGER\UMC_Audio_Driver\UMCAudioCplApp.exe" -hide
unsecapp.exe 20024 2,112 K 3,576 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
UploaderService.exe 10212 2,592 K 4,144 K TechSmith Uploader Service TechSmith Corporation "C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe" /service
vds.exe 5408 1,456 K 1,104 K Virtual Disk Service Microsoft Corporation C:\WINDOWS\System32\vds.exe
VeraCrypt.exe 16724 < 0.01 7,844 K 8,688 K VeraCrypt IDRIX "C:\Program Files\VeraCrypt\VeraCrypt.exe" 
vmnat.exe 4612 < 0.01 1,872 K 1,584 K VMware NAT Service VMware, Inc. C:\WINDOWS\SYSWOW64\VMNAT.EXE
vmnetdhcp.exe 9064 < 0.01 7,532 K 1,348 K VMware VMnet DHCP service VMware, Inc. C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
vmware-authd.exe 10188 0.05 6,404 K 4,540 K VMware Authorization Service VMware, Inc. "C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe"
vmware-usbarbitrator64.exe 10232 0.01 351,700 K 5,872 K VMware USB Arbitration Service VMware, Inc. "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
vsnapvss.exe 10368 1,436 K 3,008 K StorageCraft Volume Snapshot VSS Provider StorageCraft Technology Corporation "C:\Program Files (x86)\StorageCraft\ShadowProtect\vsnapvss.exe"
WhatsMyComputerDoing.exe 20888 0.10 3,260 K 4,832 K WhatsMyComputerDoing "C:\Program Files (x86)\What's my computer doing\WhatsMyComputerDoing.exe" /FromAutostart
wininit.exe 524 2,548 K 1,400 K Windows Start-Up Application Microsoft Corporation wininit.exe
winlogon.exe 1036 4,272 K 4,908 K Windows Logon Application Microsoft Corporation winlogon.exe
wlanext.exe 4332 2,280 K 2,064 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation C:\WINDOWS\system32\WLANExt.exe 2061816531552
WmiPrvSE.exe 4152 0.38 19,812 K 15,448 K WMI Provider Host Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
WmiPrvSE.exe 1940 4,168 K 8,268 K WMI Provider Host Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
WUDFHost.exe 2056 2,188 K 5,596 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-11cf0583-657c-4a97-9f41-f806bb6d35da -SystemEventPortName:HostProcess-d3891b73-62b7-4adc-958b-ba675467831e -IoCancelEventPortName:HostProcess-ab7dcd8c-c3f6-4f7b-8d5e-43de593af18a -NonStateChangingEventPortName:HostProcess-6fc8cb76-5b2f-4834-a630-78052db6c54a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:de303ca0-3a5a-42e7-9414-3d81c0a5cf93 -DeviceGroupId:WudfDefaultDevicePool
WUDFHost.exe 2496 2,404 K 3,416 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-611f3f06-8451-4658-8d0e-d5f148774098 -SystemEventPortName:HostProcess-45543f8d-ac7f-4c3c-a477-2e83db3962f5 -IoCancelEventPortName:HostProcess-cd228405-6bed-4317-82b7-8860f0c72db4 -NonStateChangingEventPortName:HostProcess-be9edd6f-b330-44c4-bd90-d9608a7f1494 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4211e851-d669-4068-8d9c-e6e732489e99 -DeviceGroupId:WpdFsGroup
XtuService.exe 18540 44,884 K 3,360 K XtuService Intel® Corporation "C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe"


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:26 PM

Posted 04 January 2018 - 09:29 PM

Do you still need help?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 GOWRON

GOWRON
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 05 January 2018 - 10:48 AM

No, things seem to have returned to normal. I'm now looking for rootkits once a week, so we'll see if that turns up anything. Thanks for checking in, and thanks to bleepingcomputer for the help.



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:26 PM

Posted 05 January 2018 - 11:14 AM

You're welcome..You can use this if needed.


a6csRll.pngMalwarebytes Anti-Rootkit Beta
  • Download Malwarebytes Anti-Rootkit Beta and extract it to your desktop (MBAR will be launched shortly after the extraction);
    HTCF1SV.png
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
    UJCQPAS.png
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
    v4lJKL5.png
  • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Copy/paste the content of that log in your next reply;

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users